From c12f9d80d343650b0ca75c6c84d29a4571c54fde Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Wed, 23 Jul 2025 18:44:43 -0400 Subject: [PATCH 01/29] add: initial support for supporting separately bucketed certificates --- manifests/certificates/mountpoint.pp | 46 ++++++++++++ manifests/dashboard.pp | 30 +++++--- manifests/filebeat_oss.pp | 21 +++--- manifests/indexer.pp | 33 +++++---- manifests/repo.pp | 104 +++++++++++++-------------- manifests/reports.pp | 5 +- metadata.json | 10 ++- 7 files changed, 158 insertions(+), 91 deletions(-) create mode 100644 manifests/certificates/mountpoint.pp diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp new file mode 100644 index 00000000..33bc9d74 --- /dev/null +++ b/manifests/certificates/mountpoint.pp @@ -0,0 +1,46 @@ +# @summary Creates a puppet file mountpoint for generated certificates +# on the Puppet server. If you have separate CAs and compilers, you'll +# need to implement syncing of some sort (a network share, rsync, etc) +# and include this class on all compilers as well as the CA. +# Potential improvements: +# - Restrict access to the mountpoint with entries in auth.conf +class wazuh::certificates::mountpoint ( + Stdlib::Absolutepath $filebucket_path = $wazuh::certificates::filebucket_path, + Stdlib::Absolutepath $fileserver_conf = $wazuh::certificates::fileserver_conf, + Boolean $manage_fileserver_conf = true, + Boolean $manage_bucket_dir = true, + String $bucket_name = $wazuh::certificates::bucket_name, + String $owner = 'puppet', + String $group = 'puppet', +) { + $_dirs = $manage_bucket_dir ? { + true => [ + $filebucket_path, + "${filebucket_path}/${bucket_name}", + ], + default => ["${filebucket_path}/${bucket_name}"], + } + file { $_dirs: + ensure => directory, + owner => $owner, + group => $group, + mode => '0750', + } + + if $manage_fileserver_conf { + file { $fileserver_conf: + ensure => file, + owner => $owner, + group => $group, + mode => '0640', + } + } + + ini_setting { 'wazuh certificates mountpoint': + ensure => present, + path => "${filebucket_path}/${bucket_name}/wazuh_certificates.ini", + section => $bucket_name, + setting => 'path', + value => "${filebucket_path}/${bucket_name}", + } +} diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index 286ca942..f0e05494 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -1,5 +1,7 @@ # Copyright (C) 2015, Wazuh Inc. # Setup for Wazuh Dashboard +# @param cert_filebucket_path Prefix for the certificate files, allowing for legacy and new filebucket +# usage. class wazuh::dashboard ( $dashboard_package = 'wazuh-dashboard', $dashboard_service = 'wazuh-dashboard', @@ -30,9 +32,14 @@ 'password' => 'wazuh-wui', }, ], + String $cert_filebucket_path = 'puppet:///modules/archive', + Variant[Hash, Array] $certfiles = [ + 'dashboard.pem', + 'dashboard-key.pem', + 'root-ca.pem', + ], ) { - # assign version according to the package manager case $facts['os']['family'] { 'Debian': { @@ -61,20 +68,21 @@ group => $dashboard_filegroup, mode => '0500', } - - [ - 'dashboard.pem', - 'dashboard-key.pem', - 'root-ca.pem', - ].each |String $certfile| { - file { "${dashboard_path_certs}/${certfile}": + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { + { "${certfile}" => $certfile } + } + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${dashboard_path_certs}/${certfile_target}": ensure => file, owner => $dashboard_fileuser, group => $dashboard_filegroup, mode => '0400', replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile}", + source => "${cert_filebucket_path}/${certfile_source}", } } @@ -87,7 +95,7 @@ notify => Service['wazuh-dashboard'], } - file { [ '/usr/share/wazuh-dashboard/data/wazuh/', '/usr/share/wazuh-dashboard/data/wazuh/config' ]: + file { ['/usr/share/wazuh-dashboard/data/wazuh/', '/usr/share/wazuh-dashboard/data/wazuh/config']: ensure => 'directory', group => $dashboard_filegroup, mode => '0755', diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 54bf42dd..6fd19309 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -12,6 +12,8 @@ $filebeat_oss_elastic_password = 'admin', $filebeat_oss_version = '7.10.2', $wazuh_app_version = '5.0.0_7.10.2', + String $module_baseurl = 'packages.wazuh.com', + String $module_version = '5.x', $wazuh_extensions_version = 'v5.0.0', $wazuh_filebeat_module = 'wazuh-filebeat-0.4.tar.gz', $wazuh_node_name = 'master', @@ -19,8 +21,13 @@ $filebeat_fileuser = 'root', $filebeat_filegroup = 'root', $filebeat_path_certs = '/etc/filebeat/certs', + String $cert_filebucket_path = 'puppet:///modules/archive', + Hash $certfiles = { + "manager-${wazuh_node_name}.pem" => 'filebeat.pem', + "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', + 'root-ca.pem' => 'root-ca.pem', + }, ) { - package { 'filebeat': ensure => $filebeat_oss_version, name => $filebeat_oss_package, @@ -58,7 +65,7 @@ archive { "/tmp/${$wazuh_filebeat_module}": ensure => present, - source => "https://packages.wazuh.com/5.x/filebeat/${$wazuh_filebeat_module}", + source => "https://${module_baseurl}/${module_version}/filebeat/${$wazuh_filebeat_module}", extract => true, extract_path => '/usr/share/filebeat/module', creates => '/usr/share/filebeat/module/wazuh', @@ -86,20 +93,14 @@ mode => '0500', } - $_certfiles = { - "manager-${wazuh_node_name}.pem" => 'filebeat.pem', - "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', - 'root-ca.pem' => 'root-ca.pem', - } - $_certfiles.each |String $certfile_source, String $certfile_target| { + $certfiles.each |String $certfile_source, String $certfile_target| { file { "${filebeat_path_certs}/${certfile_target}": ensure => file, owner => $filebeat_fileuser, group => $filebeat_filegroup, mode => '0400', replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile_source}", + source => "${cert_filebucket_path}/${certfile_source}", } } diff --git a/manifests/indexer.pp b/manifests/indexer.pp index ab939951..1f4edf28 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -22,12 +22,19 @@ $indexer_port = '9200', $indexer_discovery_hosts = [], # Empty array for single-node configuration $indexer_initial_cluster_manager_nodes = ['node-1'], - $indexer_cluster_CN = ['node-1'], + $indexer_cluster_cn = ['node-1'], + String $cert_filebucket_path = 'puppet:///modules/archive', + Variant[Hash, Array] $certfiles = [ + "indexer-${indexer_node_name}.pem", + "indexer-${indexer_node_name}-key.pem", + 'root-ca.pem', + 'admin.pem', + 'admin-key.pem', + ], # JVM options $jvm_options_memory = '1g', ) { - # assign version according to the package manager case $facts['os']['family'] { 'Debian': { @@ -57,26 +64,24 @@ mode => '0500', } - [ - "indexer-$indexer_node_name.pem", - "indexer-$indexer_node_name-key.pem", - 'root-ca.pem', - 'admin.pem', - 'admin-key.pem', - ].each |String $certfile| { - file { "${indexer_path_certs}/${certfile}": + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { + { "${certfile}" => $certfile } + } + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${indexer_path_certs}/${certfile_target}": ensure => file, owner => $indexer_fileuser, group => $indexer_filegroup, mode => '0400', replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile}", + source => "${cert_filebucket_path}/${certfile_source}", } } - - file { 'configuration file': path => '/etc/wazuh-indexer/opensearch.yml', content => template('wazuh/wazuh_indexer_yml.erb'), diff --git a/manifests/repo.pp b/manifests/repo.pp index 632a7f98..044f877e 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,32 +1,33 @@ # Copyright (C) 2015, Wazuh Inc. # Wazuh repository installation class wazuh::repo ( + String $repo_baseurl = 'packages.wazuh.com', + String $repo_version = '5.x', ) { - - case $::osfamily { + case $facts['os']['family'] { 'Debian' : { - $wazuh_repo_url = 'https://packages.wazuh.com/5.x/apt' + $wazuh_repo_url = "https://${repo_baseurl}/${repo_version}/apt" $repo_release = 'stable' - if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi|groovy)/ + if $facts['os']['distro']['codename'] =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi|groovy)/ and ! defined(Package['apt-transport-https']) and ! defined(Package['gnupg']) { - ensure_packages(['apt-transport-https', 'gnupg'], {'ensure' => 'present'}) + ensure_packages(['apt-transport-https', 'gnupg'], { 'ensure' => 'present' }) } exec { 'import-wazuh-key': - path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], - command => 'curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring /usr/share/keyrings/wazuh.gpg --import', + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/'], + command => "curl -s https://${repo_baseurl}/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring /usr/share/keyrings/wazuh.gpg --import", unless => 'gpg --no-default-keyring --keyring /usr/share/keyrings/wazuh.gpg --list-keys | grep -q 29111145', } # Ensure permissions on the keyring file { '/usr/share/keyrings/wazuh.gpg': - ensure => file, - owner => 'root', - group => 'root', - mode => '0644', + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', require => Exec['import-wazuh-key'], } - case $::lsbdistcodename { + case $facts['os']['distro']['codename'] { /(jessie|wheezy|stretch|buster|bullseye|bookworm|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy)/: { apt::source { 'wazuh': ensure => present, @@ -38,19 +39,19 @@ 'src' => false, 'deb' => true, }, - require => File['/usr/share/keyrings/wazuh.gpg'], + require => File['/usr/share/keyrings/wazuh.gpg'], } # Manage the APT source list file content using concat concat { '/etc/apt/sources.list.d/wazuh.list': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', } concat::fragment { 'wazuh-source': target => '/etc/apt/sources.list.d/wazuh.list', - content => "deb [signed-by=/usr/share/keyrings/wazuh.gpg] $wazuh_repo_url $repo_release main\n", + content => "deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${wazuh_repo_url} ${repo_release} main\n", order => '01', require => File['/usr/share/keyrings/wazuh.gpg'], before => Exec['apt-update'], @@ -60,49 +61,48 @@ } # Define an exec resource to run 'apt-get update' exec { 'apt-update': - command => 'apt-get update', + command => 'apt-get update', refreshonly => true, - path => ['/bin', '/usr/bin'], + path => ['/bin', '/usr/bin'], } } 'Linux', 'RedHat', 'Suse' : { - case $::os[name] { - /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky|SLES)$/: { - - if ( $::operatingsystemrelease =~ /^5.*/ ) { - $baseurl = 'https://packages.wazuh.com/5.x/yum/5/' - $gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH' - } else { - $baseurl = 'https://packages.wazuh.com/5.x/yum/' - $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - } + case $facts['os'][name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky|SLES)$/: { + if ( $facts['os']['release']['full'] =~ /^5.*/ ) { + $baseurl = "${repo_baseurl}/${repo_version}/yum/5/" + $gpgkey = "http://${repo_baseurl}/key/GPG-KEY-WAZUH" + } else { + $baseurl = "https://${repo_baseurl}/${repo_version}/yum/" + $gpgkey = "https://${repo_baseurl}/key/GPG-KEY-WAZUH" } - default: { fail('This ossec module has not been tested on your distribution.') } } - # Set up OSSEC repo - case $::os[name] { - /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux)$/: { - yumrepo { 'wazuh': - descr => 'WAZUH OSSEC Repository - www.wazuh.com', - enabled => true, - gpgcheck => 1, - gpgkey => $gpgkey, - baseurl => $baseurl - } + default: { fail('This ossec module has not been tested on your distribution.') } + } + # Set up OSSEC repo + case $facts['os'][name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux)$/: { + yumrepo { 'wazuh': + descr => 'WAZUH OSSEC Repository - www.wazuh.com', + enabled => true, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, } - /^(SLES)$/: { - zypprepo { 'wazuh': - ensure => present, - name => 'WAZUH OSSEC Repository - www.wazuh.com', - enabled => 1, - gpgcheck => 0, - repo_gpgcheck => 0, - pkg_gpgcheck => 0, - gpgkey => $gpgkey, - baseurl => $baseurl - } + } + /^(SLES)$/: { + zypprepo { 'wazuh': + ensure => present, + name => 'WAZUH OSSEC Repository - www.wazuh.com', + enabled => 1, + gpgcheck => 0, + repo_gpgcheck => 0, + pkg_gpgcheck => 0, + gpgkey => $gpgkey, + baseurl => $baseurl, } } + } } } } diff --git a/manifests/reports.pp b/manifests/reports.pp index c3591c1c..20c6ee6d 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. #Define for a Reports section -define wazuh::reports( +define wazuh::reports ( Optional[String] $r_group = undef, Optional[String] $r_category = undef, Optional[Integer] $r_rule = undef, @@ -12,12 +12,11 @@ $r_email_to = '', Optional[Enum['yes', 'no']] $r_showlogs = undef, ) { - require wazuh::params_manager concat::fragment { $name: target => 'manager_ossec.conf', order => 70, - content => template('wazuh/fragments/_reports.erb') + content => template('wazuh/fragments/_reports.erb'), } } diff --git a/metadata.json b/metadata.json index 2bef84b6..ce6404d4 100755 --- a/metadata.json +++ b/metadata.json @@ -34,6 +34,14 @@ }, { "name": "puppet/archive" + }, + { + "name": "puppet/openssl", + "version_requirement": ">= 4.1.0 < 5.0.0" + }, + { + "name": "puppetlabs/inifile", + "version_requirement": ">=6.1.0 < 7.0.0" } ], "operatingsystem_support": [ @@ -116,4 +124,4 @@ "pdk-version": "1.14.1", "template-url": "pdk-default#1.10.0", "template-ref": "1.10.0-0-gbba9ac3" -} +} \ No newline at end of file From ceb00f182e4b9d4dcd5442a7743ace9016be7cc2 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Wed, 23 Jul 2025 18:47:41 -0400 Subject: [PATCH 02/29] change: make filebeat_oss `$certfiles` behavior consistent with the rest --- manifests/filebeat_oss.pp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 6fd19309..680fe5fc 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -22,7 +22,7 @@ $filebeat_filegroup = 'root', $filebeat_path_certs = '/etc/filebeat/certs', String $cert_filebucket_path = 'puppet:///modules/archive', - Hash $certfiles = { + Variant[Hash, Array] $certfiles = { "manager-${wazuh_node_name}.pem" => 'filebeat.pem', "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', 'root-ca.pem' => 'root-ca.pem', @@ -93,7 +93,14 @@ mode => '0500', } - $certfiles.each |String $certfile_source, String $certfile_target| { + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { + { "${certfile}" => $certfile } + } + } + $_certfiles.each |String $certfile_source, String $certfile_target| { file { "${filebeat_path_certs}/${certfile_target}": ensure => file, owner => $filebeat_fileuser, From 14251d10629142faeb692fb3851ba58474de4eaf Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 25 Jul 2025 11:59:24 -0400 Subject: [PATCH 03/29] add: initial support for the exported resource workflow in indexer --- manifests/indexer.pp | 77 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 62 insertions(+), 15 deletions(-) diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 1f4edf28..fffd9638 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -23,7 +23,7 @@ $indexer_discovery_hosts = [], # Empty array for single-node configuration $indexer_initial_cluster_manager_nodes = ['node-1'], $indexer_cluster_cn = ['node-1'], - String $cert_filebucket_path = 'puppet:///modules/archive', + String $cert_source_basepath = 'puppet:///modules/archive', Variant[Hash, Array] $certfiles = [ "indexer-${indexer_node_name}.pem", "indexer-${indexer_node_name}-key.pem", @@ -31,6 +31,10 @@ 'admin.pem', 'admin-key.pem', ], + Boolean $generate_certs = false, + Array[Regexp[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], + Boolean $use_puppet_ca = false, + Boolean $use_puppet_certs = false, # JVM options $jvm_options_memory = '1g', @@ -64,24 +68,67 @@ mode => '0500', } - if $certfiles =~ Hash { - $_certfiles = $certfiles - } else { - $_certfiles = $certfiles.map |String $certfile| { - { "${certfile}" => $certfile } + if $use_puppet_certs or $generate_certs { + file { "${indexer_path_certs}/root-ca.pem": + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + source => "${settings::ssldir}/certs/ca.pem", } } - $_certfiles.each |String $certfile_source, String $certfile_target| { - file { "${indexer_path_certs}/${certfile_target}": - ensure => file, - owner => $indexer_fileuser, - group => $indexer_filegroup, - mode => '0400', - replace => true, - source => "${cert_filebucket_path}/${certfile_source}", + if $use_puppet_certs { + file { "${indexer_path_certs}/indexer.pem": + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + source => "${settings::ssldir}/indexer-${facts['networking']['fqdn']}.pem", + } + } + if $generate_certs { + $certs_to_generate.each |String $cert| { + $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" + @@openssl::certificate::x509 { $_certname: + ensure => present, + altnames => [$facts['networking']['ip']], + extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + commonname => $facts['networking']['fqdn'], + } + File { + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + replace => true, + } + file { + "${indexer_path_certs}/${cert}.pem": + source => "${cert_source_basepath}/${_certname}.crt"; + "${indexer_path_certs}/${cert}-key.pem": + source => "${cert_source_basepath}/${_certname}.key"; + } + } + } else { + # Old certificate workflow, with support for arbitrary source path + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { + { "${certfile}" => $certfile } + } + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${indexer_path_certs}/${certfile_target}": + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + replace => true, + source => "${cert_source_basepath}/${certfile_source}", + } } } - file { 'configuration file': path => '/etc/wazuh-indexer/opensearch.yml', content => template('wazuh/wazuh_indexer_yml.erb'), From 85e5a27978ea6438bdc1a03037ee682b8bcbc953 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 25 Jul 2025 14:45:30 -0400 Subject: [PATCH 04/29] add: initial support for the exported resource workflow in certificates --- manifests/certificates.pp | 96 +++++++++++++++++++++++++-------------- 1 file changed, 62 insertions(+), 34 deletions(-) diff --git a/manifests/certificates.pp b/manifests/certificates.pp index 7f074a05..2e2e312d 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -1,46 +1,74 @@ # Copyright (C) 2015, Wazuh Inc. -# Wazuh repository installation +# @summary Wazuh certificate generation +# If using legacy workflow, this generates all certificates using the +# `wazuh-certs-tool.sh` script and dumps them into Puppet server's code directory. +# (This is less than ideal.) +# If `$use_legacy_workflow` is false, it will use the openssl module and the Puppet CA +# to generate certificates. class wazuh::certificates ( - $wazuh_repository = 'packages.wazuh.com', - $wazuh_version = '5.0', + Boolean $use_legacy_workflow = true, + String $puppet_code_path = '/etc/puppetlabs/code/environments/production/modules/archive/files', + String $wazuh_repository = 'packages.wazuh.com', + String $wazuh_version = '5.0', $indexer_certs = [], $manager_certs = [], $manager_master_certs = [], $manager_worker_certs = [], - $dashboard_certs = [] + $dashboard_certs = [], + Stdlib::Absolutepath $ca_cert_path = $settings::cacert, + Stdlib::Absolutepath $ca_key_path = $settings::cakey, + String $bucket_name = 'wazuh', + Stdlib::Absolutepath $filebucket_path = "${settings::confdir}/filebucket", + Stdlib::Absolutepath $fileserver_conf = "${settings::confdir}/fileserver.conf", ) { - file { 'Configure Wazuh Certificates config.yml': - owner => 'root', - path => '/tmp/config.yml', - group => 'root', - mode => '0640', - content => template('wazuh/wazuh_config_yml.erb'), - } + if $use_legacy_workflow { + file { 'Configure Wazuh Certificates config.yml': + owner => 'root', + path => '/tmp/config.yml', + group => 'root', + mode => '0640', + content => template('wazuh/wazuh_config_yml.erb'), + } - file { '/tmp/wazuh-certs-tool.sh': - ensure => file, - source => "https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh", - owner => 'root', - group => 'root', - mode => '0740', - } + file { '/tmp/wazuh-certs-tool.sh': + ensure => file, + source => "https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh", + owner => 'root', + group => 'root', + mode => '0740', + } - exec { 'Create Wazuh Certificates': - path => '/usr/bin:/bin', - command => 'bash /tmp/wazuh-certs-tool.sh --all', - creates => '/tmp/wazuh-certificates', - require => [ - File['/tmp/wazuh-certs-tool.sh'], - File['/tmp/config.yml'], - ], + exec { 'Create Wazuh Certificates': + path => '/usr/bin:/bin', + command => 'bash /tmp/wazuh-certs-tool.sh --all', + creates => '/tmp/wazuh-certificates', + require => [ + File['/tmp/wazuh-certs-tool.sh'], + File['/tmp/config.yml'], + ], + } + file { 'Copy all certificates into module': + ensure => 'directory', + source => '/tmp/wazuh-certificates/', + recurse => 'remote', + path => $puppet_code_path, + owner => 'root', + group => 'root', + mode => '0755', + } } - file { 'Copy all certificates into module': - ensure => 'directory', - source => '/tmp/wazuh-certificates/', - recurse => 'remote', - path => '/etc/puppetlabs/code/environments/production/modules/archive/files/', - owner => 'root', - group => 'root', - mode => '0755', + else { + contain wazuh::certificates::mountpoint + Openssl_certificate_x509 <<| tag == 'wazuh' |>> { + ensure => present, + country => 'US', + locality => 'California', + organization => 'Wazuh', + unit => 'Wazuh', + extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + base_dir => "${filebucket_path}/${bucket_name}", + ca => $ca_cert_path, + cakey => $ca_key_path, + } } } From 702daab4089ded22eb9039aa7e2b1e7bd58da31e Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 25 Jul 2025 15:15:46 -0400 Subject: [PATCH 05/29] fix: critical formatting preventing proper catalog evaluation --- manifests/agent.pp | 99 +++-- manifests/manager.pp | 731 ++++++++++++++++++------------------ manifests/params_manager.pp | 145 ++++--- 3 files changed, 469 insertions(+), 506 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index b1ba6c94..a02b96f8 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -91,7 +91,6 @@ $wazuh_delay_after_enrollment = $wazuh::params_agent::wazuh_delay_after_enrollment, $wazuh_enrollment_use_source_ip = $wazuh::params_agent::wazuh_enrollment_use_source_ip, - # Rootcheck $ossec_rootcheck_disabled = $wazuh::params_agent::ossec_rootcheck_disabled, $ossec_rootcheck_check_files = $wazuh::params_agent::ossec_rootcheck_check_files, @@ -109,7 +108,6 @@ $ossec_rootcheck_skip_nfs = $wazuh::params_agent::ossec_rootcheck_skip_nfs, $ossec_rootcheck_system_audit = $wazuh::params_agent::ossec_rootcheck_system_audit, - # rootcheck windows $ossec_rootcheck_windows_disabled = $wazuh::params_agent::ossec_rootcheck_windows_disabled, $ossec_rootcheck_windows_windows_apps = $wazuh::params_agent::ossec_rootcheck_windows_windows_apps, @@ -260,7 +258,6 @@ } } - if $manage_client_keys == 'yes' { if $wazuh_register_endpoint == undef { fail('The $wazuh_register_endpoint parameter is needed in order to register the Agent.') @@ -268,7 +265,7 @@ } # Package installation - case $::kernel { + case $facts['kernel'] { 'Linux': { package { $agent_package_name: ensure => "${agent_package_version}-${agent_package_revision}", # lint:ignore:security_package_pinned_version @@ -284,12 +281,12 @@ group => 'Administrators', mode => '0774', source => "${agent_msi_download_location}/wazuh-agent-${agent_package_version}-${agent_package_revision}.msi", - source_permissions => ignore + source_permissions => ignore, } # We dont need to pin the package version on Windows since we install if from the right MSI. -> package { $agent_package_name: - ensure => "${agent_package_version}", + ensure => $agent_package_version, provider => 'windows', source => "${download_path}\\wazuh-agent-${agent_package_version}-${agent_package_revision}.msi", install_options => [ @@ -302,46 +299,45 @@ default: { fail('OS not supported') } } - case $::kernel { - 'Linux': { - ## ossec.conf generation concats - case $::operatingsystem { - 'RedHat', 'OracleLinux', 'Suse':{ - $apply_template_os = 'rhel' - if ( $::operatingsystemrelease =~ /^9.*/ ){ - $rhel_version = '9' - }elsif ( $::operatingsystemrelease =~ /^8.*/ ){ - $rhel_version = '8' - }elsif ( $::operatingsystemrelease =~ /^7.*/ ){ - $rhel_version = '7' - }elsif ( $::operatingsystemrelease =~ /^6.*/ ){ - $rhel_version = '6' - }elsif ( $::operatingsystemrelease =~ /^5.*/ ){ - $rhel_version = '5' - }else{ - fail('This ossec module has not been tested on your distribution') - } - }'Debian', 'debian', 'Ubuntu', 'ubuntu':{ - $apply_template_os = 'debian' - if ( $::lsbdistcodename == 'wheezy') or ($::lsbdistcodename == 'jessie'){ - $debian_additional_templates = 'yes' + case $facts['kernel'] { + 'Linux': { + ## ossec.conf generation concats + case $facts['os']['name'] { + 'RedHat', 'OracleLinux', 'Suse': { + $apply_template_os = 'rhel' + if ( $facts['os']['release']['full'] =~ /^9.*/ ) { + $rhel_version = '9' + } elsif ( $facts['os']['release']['full'] =~ /^8.*/ ) { + $rhel_version = '8' + } elsif ( $facts['os']['release']['full'] =~ /^7.*/ ) { + $rhel_version = '7' + } elsif ( $facts['os']['release']['full'] =~ /^6.*/ ) { + $rhel_version = '6' + } elsif ( $facts['os']['release']['full'] =~ /^5.*/ ) { + $rhel_version = '5' + } else { + fail('This ossec module has not been tested on your distribution') + } + } 'Debian', 'debian', 'Ubuntu', 'ubuntu': { + $apply_template_os = 'debian' + if ( $facts['os']['distro']['codename'] == 'wheezy') or ($facts['os']['distro']['codename'] == 'jessie') { + $debian_additional_templates = 'yes' + } + } 'Amazon': { + $apply_template_os = 'amazon' + } 'CentOS','Centos','centos','AlmaLinux','Rocky':{ + $apply_template_os = 'centos' + } 'SLES': { + $apply_template_os = 'suse' } - }'Amazon':{ - $apply_template_os = 'amazon' - }'CentOS','Centos','centos','AlmaLinux','Rocky':{ - $apply_template_os = 'centos' - }'SLES':{ - $apply_template_os = 'suse' + default: { fail('OS not supported') } } - default: { fail('OS not supported') } - } - }'windows': { + } 'windows': { $apply_template_os = 'windows' } default: { fail('OS not supported') } } - concat { 'agent_ossec.conf': path => $wazuh::params_agent::config_file, owner => $wazuh::params_agent::config_owner, @@ -355,7 +351,7 @@ concat::fragment { 'ossec.conf_header': target => 'agent_ossec.conf', - order => 00, + order => 0, before => Service[$agent_service_name], content => "\n"; 'ossec.conf_agent': @@ -448,19 +444,19 @@ } if ($configure_active_response == true) { wazuh::activeresponse { 'active-response configuration': - active_response_disabled => $ossec_active_response_disabled, - active_response_linux_ca_store => $ossec_active_response_linux_ca_store, - active_response_ca_verification => $ossec_active_response_ca_verification, - active_response_repeated_offenders => $ossec_active_response_repeated_offenders, + active_response_disabled => $ossec_active_response_disabled, + active_response_linux_ca_store => $ossec_active_response_linux_ca_store, + active_response_ca_verification => $ossec_active_response_ca_verification, + active_response_repeated_offenders => $ossec_active_response_repeated_offenders, order_arg => 40, before_arg => Service[$agent_service_name], - target_arg => 'agent_ossec.conf' + target_arg => 'agent_ossec.conf', } } - if ($configure_labels == true){ + if ($configure_labels == true) { concat::fragment { - 'ossec.conf_labels': + 'ossec.conf_labels': target => 'agent_ossec.conf', order => 45, before => Service[$agent_service_name], @@ -504,9 +500,9 @@ $agent_auth_option_address = '' } - case $::kernel { + case $facts['kernel'] { 'Linux': { - file { $::wazuh::params_agent::keys_file: + file { $wazuh::params_agent::keys_file: owner => $wazuh::params_agent::keys_owner, group => $wazuh::params_agent::keys_group, mode => $wazuh::params_agent::keys_mode, @@ -567,7 +563,7 @@ exec { 'agent-auth-linux': path => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'], command => $agent_auth_command, - unless => "egrep -q '.' ${::wazuh::params_agent::keys_file}", + unless => "egrep -q '.' ${wazuh::params_agent::keys_file}", require => Concat['agent_ossec.conf'], before => Service[$agent_service_name], notify => Service[$agent_service_name], @@ -625,7 +621,7 @@ # SELinux # Requires selinux module specified in metadata.json - if ($::osfamily == 'RedHat' and $selinux == true) { + if ($facts['os']['family'] == 'RedHat' and $selinux == true) { selinux::module { 'ossec-logrotate': ensure => 'present', source_te => 'puppet:///modules/wazuh/ossec-logrotate.te', @@ -656,5 +652,4 @@ require => Package[$wazuh::params_agent::agent_package_name], } } - } diff --git a/manifests/manager.pp b/manifests/manager.pp index 33c8d5be..7ba2fd42 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -2,304 +2,295 @@ # Main ossec server config class wazuh::manager ( - # Installation - - $server_package_version = $wazuh::params_manager::server_package_version, - $manage_firewall = $wazuh::params_manager::manage_firewall, - - - ### Ossec.conf blocks - - ## Global - - $ossec_logall = $wazuh::params_manager::ossec_logall, - $ossec_logall_json = $wazuh::params_manager::ossec_logall_json, - $ossec_emailnotification = $wazuh::params_manager::ossec_emailnotification, - $ossec_emailto = $wazuh::params_manager::ossec_emailto, - $ossec_smtp_server = $wazuh::params_manager::ossec_smtp_server, - $ossec_emailfrom = $wazuh::params_manager::ossec_emailfrom, - $ossec_email_maxperhour = $wazuh::params_manager::ossec_email_maxperhour, - $ossec_email_log_source = $wazuh::params_manager::ossec_email_log_source, - $ossec_email_idsname = $wazuh::params_manager::ossec_email_idsname, - $ossec_white_list = $wazuh::params_manager::ossec_white_list, - $ossec_alert_level = $wazuh::params_manager::ossec_alert_level, - $ossec_email_alert_level = $wazuh::params_manager::ossec_email_alert_level, - $ossec_remote_connection = $wazuh::params_manager::ossec_remote_connection, - $ossec_remote_port = $wazuh::params_manager::ossec_remote_port, - $ossec_remote_protocol = $wazuh::params_manager::ossec_remote_protocol, - $ossec_remote_local_ip = $wazuh::params_manager::ossec_remote_local_ip, - $ossec_remote_allowed_ips = $wazuh::params_manager::ossec_remote_allowed_ips, - $ossec_remote_queue_size = $wazuh::params_manager::ossec_remote_queue_size, - - # ossec.conf generation parameters - - $configure_rootcheck = $wazuh::params_manager::configure_rootcheck, - $configure_wodle_openscap = $wazuh::params_manager::configure_wodle_openscap, - $configure_wodle_cis_cat = $wazuh::params_manager::configure_wodle_cis_cat, - $configure_wodle_osquery = $wazuh::params_manager::configure_wodle_osquery, - $configure_wodle_syscollector = $wazuh::params_manager::configure_wodle_syscollector, - $configure_wodle_docker_listener = $wazuh::params_manager::configure_wodle_docker_listener, - $configure_vulnerability_detection = $wazuh::params_manager::configure_vulnerability_detection, - $configure_vulnerability_indexer = $wazuh::params_manager::configure_vulnerability_indexer, - $configure_sca = $wazuh::params_manager::configure_sca, - $configure_syscheck = $wazuh::params_manager::configure_syscheck, - $configure_command = $wazuh::params_manager::configure_command, - $configure_localfile = $wazuh::params_manager::configure_localfile, - $configure_ruleset = $wazuh::params_manager::configure_ruleset, - $configure_auth = $wazuh::params_manager::configure_auth, - $configure_cluster = $wazuh::params_manager::configure_cluster, - $configure_active_response = $wazuh::params_manager::configure_active_response, - - # ossec.conf templates paths - $ossec_manager_template = $wazuh::params_manager::ossec_manager_template, - $ossec_rootcheck_template = $wazuh::params_manager::ossec_rootcheck_template, - $ossec_wodle_openscap_template = $wazuh::params_manager::ossec_wodle_openscap_template, - $ossec_wodle_cis_cat_template = $wazuh::params_manager::ossec_wodle_cis_cat_template, - $ossec_wodle_osquery_template = $wazuh::params_manager::ossec_wodle_osquery_template, - $ossec_wodle_syscollector_template = $wazuh::params_manager::ossec_wodle_syscollector_template, - $ossec_wodle_docker_listener_template = $wazuh::params_manager::ossec_wodle_docker_listener_template, - $ossec_vulnerability_detection_template = $wazuh::params_manager::ossec_vulnerability_detection_template, - $ossec_vulnerability_indexer_template = $wazuh::params_manager::ossec_vulnerability_indexer_template, - $ossec_sca_template = $wazuh::params_manager::ossec_sca_template, - $ossec_syscheck_template = $wazuh::params_manager::ossec_syscheck_template, - $ossec_default_commands_template = $wazuh::params_manager::ossec_default_commands_template, - $ossec_localfile_template = $wazuh::params_manager::ossec_localfile_template, - $ossec_ruleset_template = $wazuh::params_manager::ossec_ruleset_template, - $ossec_auth_template = $wazuh::params_manager::ossec_auth_template, - $ossec_cluster_template = $wazuh::params_manager::ossec_cluster_template, - $ossec_active_response_template = $wazuh::params_manager::ossec_active_response_template, - $ossec_syslog_output_template = $wazuh::params_manager::ossec_syslog_output_template, - - # active-response - $ossec_active_response_command = $wazuh::params_manager::active_response_command, - $ossec_active_response_location = $wazuh::params_manager::active_response_location, - $ossec_active_response_level = $wazuh::params_manager::active_response_level, - $ossec_active_response_agent_id = $wazuh::params_manager::active_response_agent_id, - $ossec_active_response_rules_id = $wazuh::params_manager::active_response_rules_id, - $ossec_active_response_timeout = $wazuh::params_manager::active_response_timeout, - $ossec_active_response_repeated_offenders = $wazuh::params_manager::active_response_repeated_offenders, - - - ## Rootcheck - - $ossec_rootcheck_disabled = $wazuh::params_manager::ossec_rootcheck_disabled, - $ossec_rootcheck_check_files = $wazuh::params_manager::ossec_rootcheck_check_files, - $ossec_rootcheck_check_trojans = $wazuh::params_manager::ossec_rootcheck_check_trojans, - $ossec_rootcheck_check_dev = $wazuh::params_manager::ossec_rootcheck_check_dev, - $ossec_rootcheck_check_sys = $wazuh::params_manager::ossec_rootcheck_check_sys, - $ossec_rootcheck_check_pids = $wazuh::params_manager::ossec_rootcheck_check_pids, - $ossec_rootcheck_check_ports = $wazuh::params_manager::ossec_rootcheck_check_ports, - $ossec_rootcheck_check_if = $wazuh::params_manager::ossec_rootcheck_check_if, - $ossec_rootcheck_frequency = $wazuh::params_manager::ossec_rootcheck_frequency, - $ossec_rootcheck_ignore_list = $wazuh::params_manager::ossec_rootcheck_ignore_list, - $ossec_rootcheck_ignore_sregex_list = $wazuh::params_manager::ossec_rootcheck_ignore_sregex_list, - $ossec_rootcheck_rootkit_files = $wazuh::params_manager::ossec_rootcheck_rootkit_files, - $ossec_rootcheck_rootkit_trojans = $wazuh::params_manager::ossec_rootcheck_rootkit_trojans, - $ossec_rootcheck_skip_nfs = $wazuh::params_manager::ossec_rootcheck_skip_nfs, - $ossec_rootcheck_system_audit = $wazuh::params_manager::ossec_rootcheck_system_audit, - - # SCA - - ## Amazon - $sca_amazon_enabled = $wazuh::params_manager::sca_amazon_enabled, - $sca_amazon_scan_on_start = $wazuh::params_manager::sca_amazon_scan_on_start, - $sca_amazon_interval = $wazuh::params_manager::sca_amazon_interval, - $sca_amazon_skip_nfs = $wazuh::params_manager::sca_amazon_skip_nfs, - $sca_amazon_policies = $wazuh::params_manager::sca_amazon_policies, - - ## RHEL - $sca_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled, - $sca_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start, - $sca_rhel_interval = $wazuh::params_manager::sca_rhel_interval, - $sca_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs, - $sca_rhel_policies = $wazuh::params_manager::sca_rhel_policies, - - ## - $sca_else_enabled = $wazuh::params_manager::sca_else_enabled, - $sca_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start, - $sca_else_interval = $wazuh::params_manager::sca_else_interval, - $sca_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs, - $sca_else_policies = $wazuh::params_manager::sca_else_policies, - - - ## Wodles - - #openscap - $wodle_openscap_disabled = $wazuh::params_manager::wodle_openscap_disabled, - $wodle_openscap_timeout = $wazuh::params_manager::wodle_openscap_timeout, - $wodle_openscap_interval = $wazuh::params_manager::wodle_openscap_interval, - $wodle_openscap_scan_on_start = $wazuh::params_manager::wodle_openscap_scan_on_start, - - #cis-cat - $wodle_ciscat_disabled = $wazuh::params_manager::wodle_ciscat_disabled, - $wodle_ciscat_timeout = $wazuh::params_manager::wodle_ciscat_timeout, - $wodle_ciscat_interval = $wazuh::params_manager::wodle_ciscat_interval, - $wodle_ciscat_scan_on_start = $wazuh::params_manager::wodle_ciscat_scan_on_start, - $wodle_ciscat_java_path = $wazuh::params_manager::wodle_ciscat_java_path, - $wodle_ciscat_ciscat_path = $wazuh::params_manager::wodle_ciscat_ciscat_path, - - #osquery - $wodle_osquery_disabled = $wazuh::params_manager::wodle_osquery_disabled, - $wodle_osquery_run_daemon = $wazuh::params_manager::wodle_osquery_run_daemon, - $wodle_osquery_log_path = $wazuh::params_manager::wodle_osquery_log_path, - $wodle_osquery_config_path = $wazuh::params_manager::wodle_osquery_config_path, - $wodle_osquery_add_labels = $wazuh::params_manager::wodle_osquery_add_labels, - - #syscollector - $wodle_syscollector_disabled = $wazuh::params_manager::wodle_syscollector_disabled, - $wodle_syscollector_interval = $wazuh::params_manager::wodle_syscollector_interval, - $wodle_syscollector_scan_on_start = $wazuh::params_manager::wodle_syscollector_scan_on_start, - $wodle_syscollector_hardware = $wazuh::params_manager::wodle_syscollector_hardware, - $wodle_syscollector_os = $wazuh::params_manager::wodle_syscollector_os, - $wodle_syscollector_network = $wazuh::params_manager::wodle_syscollector_network, - $wodle_syscollector_packages = $wazuh::params_manager::wodle_syscollector_packages, - $wodle_syscollector_ports = $wazuh::params_manager::wodle_syscollector_ports, - $wodle_syscollector_processes = $wazuh::params_manager::wodle_syscollector_processes, - - #docker-listener - $wodle_docker_listener_disabled = $wazuh::params_manager::wodle_docker_listener_disabled, - - #vulnerability-detection - $vulnerability_detection_enabled = $wazuh::params_manager::vulnerability_detection_enabled, - $vulnerability_detection_index_status = $wazuh::params_manager::vulnerability_detection_index_status, - $vulnerability_detection_feed_update_interval = $wazuh::params_manager::vulnerability_detection_feed_update_interval, - - #vulnerability-indexer - $vulnerability_indexer_enabled = $wazuh::params_manager::vulnerability_indexer_enabled, - $vulnerability_indexer_hosts_host = $wazuh::params_manager::vulnerability_indexer_hosts_host, - $vulnerability_indexer_hosts_port = $wazuh::params_manager::vulnerability_indexer_hosts_port, - $vulnerability_indexer_username = $wazuh::params_manager::vulnerability_indexer_username, - $vulnerability_indexer_password = $wazuh::params_manager::vulnerability_indexer_password, - $vulnerability_indexer_ssl_ca = $wazuh::params_manager::vulnerability_indexer_ssl_ca, - $vulnerability_indexer_ssl_certificate = $wazuh::params_manager::vulnerability_indexer_ssl_certificate, - $vulnerability_indexer_ssl_key = $wazuh::params_manager::vulnerability_indexer_ssl_key, - - # syslog - $syslog_output = $wazuh::params_manager::syslog_output, - $syslog_output_level = $wazuh::params_manager::syslog_output_level, - $syslog_output_port = $wazuh::params_manager::syslog_output_port, - $syslog_output_server = $wazuh::params_manager::syslog_output_server, - $syslog_output_format = $wazuh::params_manager::syslog_output_format, - - # Authd configuration - $ossec_auth_disabled = $wazuh::params_manager::ossec_auth_disabled, - $ossec_auth_port = $wazuh::params_manager::ossec_auth_port, - $ossec_auth_use_source_ip = $wazuh::params_manager::ossec_auth_use_source_ip, - $ossec_auth_force_enabled = $wazuh::params_manager::ossec_auth_force_enabled, - $ossec_auth_force_key_mismatch = $wazuh::params_manager::ossec_auth_force_key_mismatch, - $ossec_auth_force_disc_time = $wazuh::params_manager::ossec_auth_force_disc_time, - $ossec_auth_force_after_reg_time = $wazuh::params_manager::ossec_auth_force_after_reg_time, - $ossec_auth_purgue = $wazuh::params_manager::ossec_auth_purgue, - $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password, - $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents, - $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers, - $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host, - $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert, - $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key, - $ossec_auth_ssl_auto_negotiate = $wazuh::params_manager::ossec_auth_ssl_auto_negotiate, - - - # syscheck - $ossec_syscheck_disabled = $wazuh::params_manager::ossec_syscheck_disabled, - $ossec_syscheck_frequency = $wazuh::params_manager::ossec_syscheck_frequency, - $ossec_syscheck_scan_on_start = $wazuh::params_manager::ossec_syscheck_scan_on_start, - $ossec_syscheck_auto_ignore = $wazuh::params_manager::ossec_syscheck_auto_ignore, - $ossec_syscheck_directories_1 = $wazuh::params_manager::ossec_syscheck_directories_1, - $ossec_syscheck_directories_2 = $wazuh::params_manager::ossec_syscheck_directories_2, - $ossec_syscheck_whodata_directories_1 = $wazuh::params_manager::ossec_syscheck_whodata_directories_1, - $ossec_syscheck_realtime_directories_1 = $wazuh::params_manager::ossec_syscheck_realtime_directories_1, - $ossec_syscheck_whodata_directories_2 = $wazuh::params_manager::ossec_syscheck_whodata_directories_2, - $ossec_syscheck_realtime_directories_2 = $wazuh::params_manager::ossec_syscheck_realtime_directories_2, - $ossec_syscheck_ignore_list = $wazuh::params_manager::ossec_syscheck_ignore_list, - - $ossec_syscheck_ignore_type_1 = $wazuh::params_manager::ossec_syscheck_ignore_type_1, - $ossec_syscheck_ignore_type_2 = $wazuh::params_manager::ossec_syscheck_ignore_type_2, - $ossec_syscheck_process_priority = $wazuh::params_manager::ossec_syscheck_process_priority, - $ossec_syscheck_synchronization_enabled = $wazuh::params_manager::ossec_syscheck_synchronization_enabled, - $ossec_syscheck_synchronization_interval = $wazuh::params_manager::ossec_syscheck_synchronization_interval, - $ossec_syscheck_synchronization_max_eps = $wazuh::params_manager::ossec_syscheck_synchronization_max_eps, - $ossec_syscheck_synchronization_max_interval = $wazuh::params_manager::ossec_syscheck_synchronization_max_interval, - - $ossec_syscheck_nodiff = $wazuh::params_manager::ossec_syscheck_nodiff, - $ossec_syscheck_skip_nfs = $wazuh::params_manager::ossec_syscheck_skip_nfs, - - # Cluster - - $ossec_cluster_name = $wazuh::params_manager::ossec_cluster_name, - $ossec_cluster_node_name = $wazuh::params_manager::ossec_cluster_node_name, - $ossec_cluster_node_type = $wazuh::params_manager::ossec_cluster_node_type, - $ossec_cluster_key = $wazuh::params_manager::ossec_cluster_key, - $ossec_cluster_port = $wazuh::params_manager::ossec_cluster_port, - $ossec_cluster_bind_addr = $wazuh::params_manager::ossec_cluster_bind_addr, - $ossec_cluster_nodes = $wazuh::params_manager::ossec_cluster_nodes, - $ossec_cluster_hidden = $wazuh::params_manager::ossec_cluster_hidden, - $ossec_cluster_disabled = $wazuh::params_manager::ossec_cluster_disabled, - - #----- End of ossec.conf parameters ------- - - $ossec_cluster_enable_firewall = $wazuh::params_manager::ossec_cluster_enable_firewall, - - $ossec_prefilter = $wazuh::params_manager::ossec_prefilter, - $ossec_integratord_enabled = $wazuh::params_manager::ossec_integratord_enabled, - - $manage_client_keys = $wazuh::params_manager::manage_client_keys, - $agent_auth_password = $wazuh::params_manager::agent_auth_password, - $ar_repeated_offenders = $wazuh::params_manager::ar_repeated_offenders, - - $local_decoder_template = $wazuh::params_manager::local_decoder_template, - $decoder_exclude = $wazuh::params_manager::decoder_exclude, - $local_rules_template = $wazuh::params_manager::local_rules_template, - $rule_exclude = $wazuh::params_manager::rule_exclude, - $shared_agent_template = $wazuh::params_manager::shared_agent_template, - - $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, - $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, - $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, - - $ossec_local_files = $::wazuh::params_manager::default_local_files, - - # API - - - $wazuh_api_host = $wazuh::params_manager::wazuh_api_host, - - $wazuh_api_port = $wazuh::params_manager::wazuh_api_port, - $wazuh_api_file = $wazuh::params_manager::wazuh_api_file, - - $wazuh_api_https_enabled = $wazuh::params_manager::wazuh_api_https_enabled, - $wazuh_api_https_key = $wazuh::params_manager::wazuh_api_https_key, - - $wazuh_api_https_cert = $wazuh::params_manager::wazuh_api_https_cert, - $wazuh_api_https_use_ca = $wazuh::params_manager::wazuh_api_https_use_ca, - $wazuh_api_https_ca = $wazuh::params_manager::wazuh_api_https_ca, - $wazuh_api_logs_level = $wazuh::params_manager::wazuh_api_logs_level, - $wazuh_api_logs_format = $wazuh::params_manager::wazuh_api_logs_format, - $wazuh_api_ssl_ciphers = $wazuh::params_manager::wazuh_api_ssl_ciphers, - $wazuh_api_ssl_protocol = $wazuh::params_manager::wazuh_api_ssl_protocol, - - $wazuh_api_cors_enabled = $wazuh::params_manager::wazuh_api_cors_enabled, - $wazuh_api_cors_source_route = $wazuh::params_manager::wazuh_api_cors_source_route, - $wazuh_api_cors_expose_headers = $wazuh::params_manager::wazuh_api_cors_expose_headers, - - - $wazuh_api_cors_allow_credentials = $::wazuh::params_manager::wazuh_api_cors_allow_credentials, - - $wazuh_api_access_max_login_attempts = $::wazuh::params_manager::wazuh_api_access_max_login_attempts, - $wazuh_api_access_block_time = $::wazuh::params_manager::wazuh_api_access_block_time, - $wazuh_api_access_max_request_per_minute = $::wazuh::params_manager::wazuh_api_access_max_request_per_minute, - $wazuh_api_drop_privileges = $::wazuh::params_manager::wazuh_api_drop_privileges, - $wazuh_api_experimental_features = $::wazuh::params_manager::wazuh_api_experimental_features, - - $remote_commands_localfile = $::wazuh::params_manager::remote_commands_localfile, - $remote_commands_localfile_exceptions = $::wazuh::params_manager::remote_commands_localfile_exceptions, - $remote_commands_wodle = $::wazuh::params_manager::remote_commands_wodle, - $remote_commands_wodle_exceptions = $::wazuh::params_manager::remote_commands_wodle_exceptions, - $limits_eps = $::wazuh::params_manager::limits_eps, - - $wazuh_api_template = $::wazuh::params_manager::wazuh_api_template, - - - + # Installation + + $server_package_version = $wazuh::params_manager::server_package_version, + $manage_firewall = $wazuh::params_manager::manage_firewall, + + ### Ossec.conf blocks + + ## Global + + $ossec_logall = $wazuh::params_manager::ossec_logall, + $ossec_logall_json = $wazuh::params_manager::ossec_logall_json, + $ossec_emailnotification = $wazuh::params_manager::ossec_emailnotification, + $ossec_emailto = $wazuh::params_manager::ossec_emailto, + $ossec_smtp_server = $wazuh::params_manager::ossec_smtp_server, + $ossec_emailfrom = $wazuh::params_manager::ossec_emailfrom, + $ossec_email_maxperhour = $wazuh::params_manager::ossec_email_maxperhour, + $ossec_email_log_source = $wazuh::params_manager::ossec_email_log_source, + $ossec_email_idsname = $wazuh::params_manager::ossec_email_idsname, + $ossec_white_list = $wazuh::params_manager::ossec_white_list, + $ossec_alert_level = $wazuh::params_manager::ossec_alert_level, + $ossec_email_alert_level = $wazuh::params_manager::ossec_email_alert_level, + $ossec_remote_connection = $wazuh::params_manager::ossec_remote_connection, + $ossec_remote_port = $wazuh::params_manager::ossec_remote_port, + $ossec_remote_protocol = $wazuh::params_manager::ossec_remote_protocol, + $ossec_remote_local_ip = $wazuh::params_manager::ossec_remote_local_ip, + $ossec_remote_allowed_ips = $wazuh::params_manager::ossec_remote_allowed_ips, + $ossec_remote_queue_size = $wazuh::params_manager::ossec_remote_queue_size, + + # ossec.conf generation parameters + + $configure_rootcheck = $wazuh::params_manager::configure_rootcheck, + $configure_wodle_openscap = $wazuh::params_manager::configure_wodle_openscap, + $configure_wodle_cis_cat = $wazuh::params_manager::configure_wodle_cis_cat, + $configure_wodle_osquery = $wazuh::params_manager::configure_wodle_osquery, + $configure_wodle_syscollector = $wazuh::params_manager::configure_wodle_syscollector, + $configure_wodle_docker_listener = $wazuh::params_manager::configure_wodle_docker_listener, + $configure_vulnerability_detection = $wazuh::params_manager::configure_vulnerability_detection, + $configure_vulnerability_indexer = $wazuh::params_manager::configure_vulnerability_indexer, + $configure_sca = $wazuh::params_manager::configure_sca, + $configure_syscheck = $wazuh::params_manager::configure_syscheck, + $configure_command = $wazuh::params_manager::configure_command, + $configure_localfile = $wazuh::params_manager::configure_localfile, + $configure_ruleset = $wazuh::params_manager::configure_ruleset, + $configure_auth = $wazuh::params_manager::configure_auth, + $configure_cluster = $wazuh::params_manager::configure_cluster, + $configure_active_response = $wazuh::params_manager::configure_active_response, + + # ossec.conf templates paths + $ossec_manager_template = $wazuh::params_manager::ossec_manager_template, + $ossec_rootcheck_template = $wazuh::params_manager::ossec_rootcheck_template, + $ossec_wodle_openscap_template = $wazuh::params_manager::ossec_wodle_openscap_template, + $ossec_wodle_cis_cat_template = $wazuh::params_manager::ossec_wodle_cis_cat_template, + $ossec_wodle_osquery_template = $wazuh::params_manager::ossec_wodle_osquery_template, + $ossec_wodle_syscollector_template = $wazuh::params_manager::ossec_wodle_syscollector_template, + $ossec_wodle_docker_listener_template = $wazuh::params_manager::ossec_wodle_docker_listener_template, + $ossec_vulnerability_detection_template = $wazuh::params_manager::ossec_vulnerability_detection_template, + $ossec_vulnerability_indexer_template = $wazuh::params_manager::ossec_vulnerability_indexer_template, + $ossec_sca_template = $wazuh::params_manager::ossec_sca_template, + $ossec_syscheck_template = $wazuh::params_manager::ossec_syscheck_template, + $ossec_default_commands_template = $wazuh::params_manager::ossec_default_commands_template, + $ossec_localfile_template = $wazuh::params_manager::ossec_localfile_template, + $ossec_ruleset_template = $wazuh::params_manager::ossec_ruleset_template, + $ossec_auth_template = $wazuh::params_manager::ossec_auth_template, + $ossec_cluster_template = $wazuh::params_manager::ossec_cluster_template, + $ossec_active_response_template = $wazuh::params_manager::ossec_active_response_template, + $ossec_syslog_output_template = $wazuh::params_manager::ossec_syslog_output_template, + + # active-response + $ossec_active_response_command = $wazuh::params_manager::active_response_command, + $ossec_active_response_location = $wazuh::params_manager::active_response_location, + $ossec_active_response_level = $wazuh::params_manager::active_response_level, + $ossec_active_response_agent_id = $wazuh::params_manager::active_response_agent_id, + $ossec_active_response_rules_id = $wazuh::params_manager::active_response_rules_id, + $ossec_active_response_timeout = $wazuh::params_manager::active_response_timeout, + $ossec_active_response_repeated_offenders = $wazuh::params_manager::active_response_repeated_offenders, + + ## Rootcheck + + $ossec_rootcheck_disabled = $wazuh::params_manager::ossec_rootcheck_disabled, + $ossec_rootcheck_check_files = $wazuh::params_manager::ossec_rootcheck_check_files, + $ossec_rootcheck_check_trojans = $wazuh::params_manager::ossec_rootcheck_check_trojans, + $ossec_rootcheck_check_dev = $wazuh::params_manager::ossec_rootcheck_check_dev, + $ossec_rootcheck_check_sys = $wazuh::params_manager::ossec_rootcheck_check_sys, + $ossec_rootcheck_check_pids = $wazuh::params_manager::ossec_rootcheck_check_pids, + $ossec_rootcheck_check_ports = $wazuh::params_manager::ossec_rootcheck_check_ports, + $ossec_rootcheck_check_if = $wazuh::params_manager::ossec_rootcheck_check_if, + $ossec_rootcheck_frequency = $wazuh::params_manager::ossec_rootcheck_frequency, + $ossec_rootcheck_ignore_list = $wazuh::params_manager::ossec_rootcheck_ignore_list, + $ossec_rootcheck_ignore_sregex_list = $wazuh::params_manager::ossec_rootcheck_ignore_sregex_list, + $ossec_rootcheck_rootkit_files = $wazuh::params_manager::ossec_rootcheck_rootkit_files, + $ossec_rootcheck_rootkit_trojans = $wazuh::params_manager::ossec_rootcheck_rootkit_trojans, + $ossec_rootcheck_skip_nfs = $wazuh::params_manager::ossec_rootcheck_skip_nfs, + $ossec_rootcheck_system_audit = $wazuh::params_manager::ossec_rootcheck_system_audit, + + # SCA + + ## Amazon + $sca_amazon_enabled = $wazuh::params_manager::sca_amazon_enabled, + $sca_amazon_scan_on_start = $wazuh::params_manager::sca_amazon_scan_on_start, + $sca_amazon_interval = $wazuh::params_manager::sca_amazon_interval, + $sca_amazon_skip_nfs = $wazuh::params_manager::sca_amazon_skip_nfs, + $sca_amazon_policies = $wazuh::params_manager::sca_amazon_policies, + + ## RHEL + $sca_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled, + $sca_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start, + $sca_rhel_interval = $wazuh::params_manager::sca_rhel_interval, + $sca_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs, + $sca_rhel_policies = $wazuh::params_manager::sca_rhel_policies, + + ## + $sca_else_enabled = $wazuh::params_manager::sca_else_enabled, + $sca_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start, + $sca_else_interval = $wazuh::params_manager::sca_else_interval, + $sca_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs, + $sca_else_policies = $wazuh::params_manager::sca_else_policies, + + ## Wodles + + #openscap + $wodle_openscap_disabled = $wazuh::params_manager::wodle_openscap_disabled, + $wodle_openscap_timeout = $wazuh::params_manager::wodle_openscap_timeout, + $wodle_openscap_interval = $wazuh::params_manager::wodle_openscap_interval, + $wodle_openscap_scan_on_start = $wazuh::params_manager::wodle_openscap_scan_on_start, + + #cis-cat + $wodle_ciscat_disabled = $wazuh::params_manager::wodle_ciscat_disabled, + $wodle_ciscat_timeout = $wazuh::params_manager::wodle_ciscat_timeout, + $wodle_ciscat_interval = $wazuh::params_manager::wodle_ciscat_interval, + $wodle_ciscat_scan_on_start = $wazuh::params_manager::wodle_ciscat_scan_on_start, + $wodle_ciscat_java_path = $wazuh::params_manager::wodle_ciscat_java_path, + $wodle_ciscat_ciscat_path = $wazuh::params_manager::wodle_ciscat_ciscat_path, + + #osquery + $wodle_osquery_disabled = $wazuh::params_manager::wodle_osquery_disabled, + $wodle_osquery_run_daemon = $wazuh::params_manager::wodle_osquery_run_daemon, + $wodle_osquery_log_path = $wazuh::params_manager::wodle_osquery_log_path, + $wodle_osquery_config_path = $wazuh::params_manager::wodle_osquery_config_path, + $wodle_osquery_add_labels = $wazuh::params_manager::wodle_osquery_add_labels, + + #syscollector + $wodle_syscollector_disabled = $wazuh::params_manager::wodle_syscollector_disabled, + $wodle_syscollector_interval = $wazuh::params_manager::wodle_syscollector_interval, + $wodle_syscollector_scan_on_start = $wazuh::params_manager::wodle_syscollector_scan_on_start, + $wodle_syscollector_hardware = $wazuh::params_manager::wodle_syscollector_hardware, + $wodle_syscollector_os = $wazuh::params_manager::wodle_syscollector_os, + $wodle_syscollector_network = $wazuh::params_manager::wodle_syscollector_network, + $wodle_syscollector_packages = $wazuh::params_manager::wodle_syscollector_packages, + $wodle_syscollector_ports = $wazuh::params_manager::wodle_syscollector_ports, + $wodle_syscollector_processes = $wazuh::params_manager::wodle_syscollector_processes, + + #docker-listener + $wodle_docker_listener_disabled = $wazuh::params_manager::wodle_docker_listener_disabled, + + #vulnerability-detection + $vulnerability_detection_enabled = $wazuh::params_manager::vulnerability_detection_enabled, + $vulnerability_detection_index_status = $wazuh::params_manager::vulnerability_detection_index_status, + $vulnerability_detection_feed_update_interval = $wazuh::params_manager::vulnerability_detection_feed_update_interval, + + #vulnerability-indexer + $vulnerability_indexer_enabled = $wazuh::params_manager::vulnerability_indexer_enabled, + $vulnerability_indexer_hosts_host = $wazuh::params_manager::vulnerability_indexer_hosts_host, + $vulnerability_indexer_hosts_port = $wazuh::params_manager::vulnerability_indexer_hosts_port, + $vulnerability_indexer_username = $wazuh::params_manager::vulnerability_indexer_username, + $vulnerability_indexer_password = $wazuh::params_manager::vulnerability_indexer_password, + $vulnerability_indexer_ssl_ca = $wazuh::params_manager::vulnerability_indexer_ssl_ca, + $vulnerability_indexer_ssl_certificate = $wazuh::params_manager::vulnerability_indexer_ssl_certificate, + $vulnerability_indexer_ssl_key = $wazuh::params_manager::vulnerability_indexer_ssl_key, + + # syslog + $syslog_output = $wazuh::params_manager::syslog_output, + $syslog_output_level = $wazuh::params_manager::syslog_output_level, + $syslog_output_port = $wazuh::params_manager::syslog_output_port, + $syslog_output_server = $wazuh::params_manager::syslog_output_server, + $syslog_output_format = $wazuh::params_manager::syslog_output_format, + + # Authd configuration + $ossec_auth_disabled = $wazuh::params_manager::ossec_auth_disabled, + $ossec_auth_port = $wazuh::params_manager::ossec_auth_port, + $ossec_auth_use_source_ip = $wazuh::params_manager::ossec_auth_use_source_ip, + $ossec_auth_force_enabled = $wazuh::params_manager::ossec_auth_force_enabled, + $ossec_auth_force_key_mismatch = $wazuh::params_manager::ossec_auth_force_key_mismatch, + $ossec_auth_force_disc_time = $wazuh::params_manager::ossec_auth_force_disc_time, + $ossec_auth_force_after_reg_time = $wazuh::params_manager::ossec_auth_force_after_reg_time, + $ossec_auth_purgue = $wazuh::params_manager::ossec_auth_purgue, + $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password, + $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents, + $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers, + $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host, + $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert, + $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key, + $ossec_auth_ssl_auto_negotiate = $wazuh::params_manager::ossec_auth_ssl_auto_negotiate, + + # syscheck + $ossec_syscheck_disabled = $wazuh::params_manager::ossec_syscheck_disabled, + $ossec_syscheck_frequency = $wazuh::params_manager::ossec_syscheck_frequency, + $ossec_syscheck_scan_on_start = $wazuh::params_manager::ossec_syscheck_scan_on_start, + $ossec_syscheck_auto_ignore = $wazuh::params_manager::ossec_syscheck_auto_ignore, + $ossec_syscheck_directories_1 = $wazuh::params_manager::ossec_syscheck_directories_1, + $ossec_syscheck_directories_2 = $wazuh::params_manager::ossec_syscheck_directories_2, + $ossec_syscheck_whodata_directories_1 = $wazuh::params_manager::ossec_syscheck_whodata_directories_1, + $ossec_syscheck_realtime_directories_1 = $wazuh::params_manager::ossec_syscheck_realtime_directories_1, + $ossec_syscheck_whodata_directories_2 = $wazuh::params_manager::ossec_syscheck_whodata_directories_2, + $ossec_syscheck_realtime_directories_2 = $wazuh::params_manager::ossec_syscheck_realtime_directories_2, + $ossec_syscheck_ignore_list = $wazuh::params_manager::ossec_syscheck_ignore_list, + + $ossec_syscheck_ignore_type_1 = $wazuh::params_manager::ossec_syscheck_ignore_type_1, + $ossec_syscheck_ignore_type_2 = $wazuh::params_manager::ossec_syscheck_ignore_type_2, + $ossec_syscheck_process_priority = $wazuh::params_manager::ossec_syscheck_process_priority, + $ossec_syscheck_synchronization_enabled = $wazuh::params_manager::ossec_syscheck_synchronization_enabled, + $ossec_syscheck_synchronization_interval = $wazuh::params_manager::ossec_syscheck_synchronization_interval, + $ossec_syscheck_synchronization_max_eps = $wazuh::params_manager::ossec_syscheck_synchronization_max_eps, + $ossec_syscheck_synchronization_max_interval = $wazuh::params_manager::ossec_syscheck_synchronization_max_interval, + + $ossec_syscheck_nodiff = $wazuh::params_manager::ossec_syscheck_nodiff, + $ossec_syscheck_skip_nfs = $wazuh::params_manager::ossec_syscheck_skip_nfs, + + # Cluster + + $ossec_cluster_name = $wazuh::params_manager::ossec_cluster_name, + $ossec_cluster_node_name = $wazuh::params_manager::ossec_cluster_node_name, + $ossec_cluster_node_type = $wazuh::params_manager::ossec_cluster_node_type, + $ossec_cluster_key = $wazuh::params_manager::ossec_cluster_key, + $ossec_cluster_port = $wazuh::params_manager::ossec_cluster_port, + $ossec_cluster_bind_addr = $wazuh::params_manager::ossec_cluster_bind_addr, + $ossec_cluster_nodes = $wazuh::params_manager::ossec_cluster_nodes, + $ossec_cluster_hidden = $wazuh::params_manager::ossec_cluster_hidden, + $ossec_cluster_disabled = $wazuh::params_manager::ossec_cluster_disabled, + + #----- End of ossec.conf parameters ------- + + $ossec_cluster_enable_firewall = $wazuh::params_manager::ossec_cluster_enable_firewall, + + $ossec_prefilter = $wazuh::params_manager::ossec_prefilter, + $ossec_integratord_enabled = $wazuh::params_manager::ossec_integratord_enabled, + + $manage_client_keys = $wazuh::params_manager::manage_client_keys, + $agent_auth_password = $wazuh::params_manager::agent_auth_password, + $ar_repeated_offenders = $wazuh::params_manager::ar_repeated_offenders, + + $local_decoder_template = $wazuh::params_manager::local_decoder_template, + $decoder_exclude = $wazuh::params_manager::decoder_exclude, + $local_rules_template = $wazuh::params_manager::local_rules_template, + $rule_exclude = $wazuh::params_manager::rule_exclude, + $shared_agent_template = $wazuh::params_manager::shared_agent_template, + + $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, + $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, + $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, + + $ossec_local_files = $wazuh::params_manager::default_local_files, + + # API + + $wazuh_api_host = $wazuh::params_manager::wazuh_api_host, + + $wazuh_api_port = $wazuh::params_manager::wazuh_api_port, + $wazuh_api_file = $wazuh::params_manager::wazuh_api_file, + + $wazuh_api_https_enabled = $wazuh::params_manager::wazuh_api_https_enabled, + $wazuh_api_https_key = $wazuh::params_manager::wazuh_api_https_key, + + $wazuh_api_https_cert = $wazuh::params_manager::wazuh_api_https_cert, + $wazuh_api_https_use_ca = $wazuh::params_manager::wazuh_api_https_use_ca, + $wazuh_api_https_ca = $wazuh::params_manager::wazuh_api_https_ca, + $wazuh_api_logs_level = $wazuh::params_manager::wazuh_api_logs_level, + $wazuh_api_logs_format = $wazuh::params_manager::wazuh_api_logs_format, + $wazuh_api_ssl_ciphers = $wazuh::params_manager::wazuh_api_ssl_ciphers, + $wazuh_api_ssl_protocol = $wazuh::params_manager::wazuh_api_ssl_protocol, + + $wazuh_api_cors_enabled = $wazuh::params_manager::wazuh_api_cors_enabled, + $wazuh_api_cors_source_route = $wazuh::params_manager::wazuh_api_cors_source_route, + $wazuh_api_cors_expose_headers = $wazuh::params_manager::wazuh_api_cors_expose_headers, + + $wazuh_api_cors_allow_credentials = $wazuh::params_manager::wazuh_api_cors_allow_credentials, + + $wazuh_api_access_max_login_attempts = $wazuh::params_manager::wazuh_api_access_max_login_attempts, + $wazuh_api_access_block_time = $wazuh::params_manager::wazuh_api_access_block_time, + $wazuh_api_access_max_request_per_minute = $wazuh::params_manager::wazuh_api_access_max_request_per_minute, + $wazuh_api_drop_privileges = $wazuh::params_manager::wazuh_api_drop_privileges, + $wazuh_api_experimental_features = $wazuh::params_manager::wazuh_api_experimental_features, + + $remote_commands_localfile = $wazuh::params_manager::remote_commands_localfile, + $remote_commands_localfile_exceptions = $wazuh::params_manager::remote_commands_localfile_exceptions, + $remote_commands_wodle = $wazuh::params_manager::remote_commands_wodle, + $remote_commands_wodle_exceptions = $wazuh::params_manager::remote_commands_wodle_exceptions, + $limits_eps = $wazuh::params_manager::limits_eps, + + $wazuh_api_template = $wazuh::params_manager::wazuh_api_template, ) inherits wazuh::params_manager { validate_legacy( @@ -311,21 +302,19 @@ ## Determine which kernel and family puppet is running on. Will be used on _localfile, _rootcheck, _syscheck & _sca - if ($::kernel == 'windows') { + if ($facts['kernel'] == 'windows') { $kernel = 'Linux' - - }else{ + } else { $kernel = 'Linux' - if ($::osfamily == 'Debian'){ + if ($facts['os']['family'] == 'Debian') { $os_family = 'debian' - }else{ + } else { $os_family = 'centos' } } - if ( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' ) { - case $::operatingsystem { + case $facts['os']['name'] { 'Debian', 'debian', 'Ubuntu', 'ubuntu': { package { 'Installing Auditd...': name => 'auditd', @@ -333,7 +322,7 @@ } default: { package { 'Installing Audit...': - name => 'audit' + name => 'audit', } } } @@ -355,7 +344,7 @@ validate_legacy(Array, 'validate_array', $ossec_emailto) } - if $::osfamily == 'windows' { + if $facts['os']['family'] == 'windows' { fail('The ossec module does not yet support installing the OSSEC HIDS server on Windows') } @@ -404,37 +393,35 @@ ## Declaring variables for localfile and wodles generation - case $::operatingsystem{ + case $facts['os']['name'] { 'RedHat', 'OracleLinux':{ $apply_template_os = 'rhel' - if ( $::operatingsystemrelease =~ /^9.*/ ){ + if ( $facts['os']['release']['full'] =~ /^9.*/ ) { $rhel_version = '9' - }elsif ( $::operatingsystemrelease =~ /^8.*/ ){ + } elsif ( $facts['os']['release']['full'] =~ /^8.*/ ) { $rhel_version = '8' - }elsif ( $::operatingsystemrelease =~ /^7.*/ ){ + } elsif ( $facts['os']['release']['full'] =~ /^7.*/ ) { $rhel_version = '7' - }elsif ( $::operatingsystemrelease =~ /^6.*/ ){ + } elsif ( $facts['os']['release']['full'] =~ /^6.*/ ) { $rhel_version = '6' - }elsif ( $::operatingsystemrelease =~ /^5.*/ ){ + } elsif ( $facts['os']['release']['full'] =~ /^5.*/ ) { $rhel_version = '5' - }else{ + } else { fail('This ossec module has not been tested on your distribution') } - }'Debian', 'debian', 'Ubuntu', 'ubuntu':{ + } 'Debian', 'debian', 'Ubuntu', 'ubuntu':{ $apply_template_os = 'debian' - if ( $::lsbdistcodename == 'wheezy') or ($::lsbdistcodename == 'jessie'){ + if ( $facts['os']['distro']['codename'] == 'wheezy') or ($facts['os']['distro']['codename'] == 'jessie') { $debian_additional_templates = 'yes' } - }'Amazon':{ + } 'Amazon':{ $apply_template_os = 'amazon' - }'CentOS','Centos','centos':{ + } 'CentOS','Centos','centos':{ $apply_template_os = 'centos' } default: { fail('This ossec module has not been tested on your distribution') } } - - concat { 'manager_ossec.conf': path => $wazuh::params_manager::config_file, owner => $wazuh::params_manager::config_owner, @@ -446,15 +433,15 @@ concat::fragment { 'ossec.conf_header': target => 'manager_ossec.conf', - order => 00, + order => '00', content => "\n"; 'ossec.conf_main': target => 'manager_ossec.conf', - order => 01, + order => '01', content => template($ossec_manager_template); } - if ($syslog_output == true){ + if ($syslog_output == true) { concat::fragment { 'ossec.conf_syslog_output': target => 'manager_ossec.conf', @@ -462,16 +449,16 @@ } } - if($configure_rootcheck == true){ + if($configure_rootcheck == true) { concat::fragment { - 'ossec.conf_rootcheck': - order => 10, - target => 'manager_ossec.conf', - content => template($ossec_rootcheck_template); - } + 'ossec.conf_rootcheck': + order => 10, + target => 'manager_ossec.conf', + content => template($ossec_rootcheck_template); + } } - if ($configure_wodle_openscap == true){ + if ($configure_wodle_openscap == true) { concat::fragment { 'ossec.conf_wodle_openscap': order => 15, @@ -479,7 +466,7 @@ content => template($ossec_wodle_openscap_template); } } - if ($configure_wodle_cis_cat == true){ + if ($configure_wodle_cis_cat == true) { concat::fragment { 'ossec.conf_wodle_ciscat': order => 20, @@ -487,7 +474,7 @@ content => template($ossec_wodle_cis_cat_template); } } - if ($configure_wodle_osquery== true){ + if ($configure_wodle_osquery== true) { concat::fragment { 'ossec.conf_wodle_osquery': order => 25, @@ -495,7 +482,7 @@ content => template($ossec_wodle_osquery_template); } } - if ($configure_wodle_syscollector == true){ + if ($configure_wodle_syscollector == true) { concat::fragment { 'ossec.conf_wodle_syscollector': order => 30, @@ -503,7 +490,7 @@ content => template($ossec_wodle_syscollector_template); } } - if ($configure_wodle_docker_listener == true){ + if ($configure_wodle_docker_listener == true) { concat::fragment { 'ossec.conf_wodle_docker_listener': order => 30, @@ -511,15 +498,15 @@ content => template($ossec_wodle_docker_listener_template); } } - if ($configure_sca == true){ + if ($configure_sca == true) { concat::fragment { 'ossec.conf_sca': order => 40, target => 'manager_ossec.conf', content => template($ossec_sca_template); - } + } } - if($configure_vulnerability_detection == true){ + if($configure_vulnerability_detection == true) { concat::fragment { 'ossec.conf_vulnerability_detection': order => 45, @@ -527,7 +514,7 @@ content => template($ossec_vulnerability_detection_template); } } - if($configure_vulnerability_detection == true) or ($configure_vulnerability_indexer == true){ + if($configure_vulnerability_detection == true) or ($configure_vulnerability_indexer == true) { concat::fragment { 'ossec.conf_vulnerability_indexer': order => 49, @@ -535,7 +522,7 @@ content => template($ossec_vulnerability_indexer_template); } } - if($configure_syscheck == true){ + if($configure_syscheck == true) { concat::fragment { 'ossec.conf_syscheck': order => 55, @@ -543,15 +530,15 @@ content => template($ossec_syscheck_template); } } - if ($configure_command == true){ + if ($configure_command == true) { concat::fragment { - 'ossec.conf_command': - order => 60, - target => 'manager_ossec.conf', - content => template($ossec_default_commands_template); - } + 'ossec.conf_command': + order => 60, + target => 'manager_ossec.conf', + content => template($ossec_default_commands_template); + } } - if ($configure_localfile == true){ + if ($configure_localfile == true) { concat::fragment { 'ossec.conf_localfile': order => 65, @@ -559,31 +546,31 @@ content => template($ossec_localfile_template); } } - if($configure_ruleset == true){ + if($configure_ruleset == true) { concat::fragment { - 'ossec.conf_ruleset': - order => 75, - target => 'manager_ossec.conf', - content => template($ossec_ruleset_template); - } + 'ossec.conf_ruleset': + order => 75, + target => 'manager_ossec.conf', + content => template($ossec_ruleset_template); + } } - if ($configure_auth == true){ + if ($configure_auth == true) { concat::fragment { - 'ossec.conf_auth': - order => 80, - target => 'manager_ossec.conf', - content => template($ossec_auth_template); - } + 'ossec.conf_auth': + order => 80, + target => 'manager_ossec.conf', + content => template($ossec_auth_template); + } } - if ($configure_cluster == true){ + if ($configure_cluster == true) { concat::fragment { - 'ossec.conf_cluster': - order => 85, - target => 'manager_ossec.conf', - content => template($ossec_cluster_template); - } + 'ossec.conf_cluster': + order => 85, + target => 'manager_ossec.conf', + content => template($ossec_cluster_template); + } } - if ($configure_active_response == true){ + if ($configure_active_response == true) { wazuh::activeresponse { 'active-response configuration': active_response_command => $ossec_active_response_command, active_response_location => $ossec_active_response_location, @@ -592,7 +579,7 @@ active_response_rules_id => $ossec_active_response_rules_id, active_response_timeout => $ossec_active_response_timeout, active_response_repeated_offenders => $ossec_active_response_repeated_offenders, - order_arg => 90 + order_arg => 90, } } concat::fragment { @@ -628,7 +615,6 @@ # https://documentation.wazuh.com/current/user-manual/registering/use-registration-service.html#verify-manager-via-ssl if $wazuh_manager_verify_manager_ssl { - if ($wazuh_manager_server_crt != undef) and ($wazuh_manager_server_key != undef) { validate_legacy( String, 'validate_string', $wazuh_manager_server_crt, $wazuh_manager_server_key @@ -664,10 +650,10 @@ state => [ 'NEW', 'RELATED', - 'ESTABLISHED'], + 'ESTABLISHED'], } } - if $ossec_cluster_enable_firewall == 'yes'{ + if $ossec_cluster_enable_firewall == 'yes' { include firewall firewall { '1516 wazuh-manager': dport => $ossec_cluster_port, @@ -676,7 +662,7 @@ state => [ 'NEW', 'RELATED', - 'ESTABLISHED'], + 'ESTABLISHED'], } } @@ -684,7 +670,7 @@ exec { 'Ensure wazuh-fim rule is added to auditctl': command => '/sbin/auditctl -l', unless => '/sbin/auditctl -l | grep wazuh_fim', - tries => 2 + tries => 2, } } @@ -694,7 +680,6 @@ mode => '0640', content => template('wazuh/wazuh_api_yml.erb'), require => Package[$wazuh::params_manager::server_package], - notify => Service[$wazuh::params_manager::server_service] + notify => Service[$wazuh::params_manager::server_service], } - } diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 1202731d..b4d7c833 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,15 +1,14 @@ # Copyright (C) 2015, Wazuh Inc. # Paramas file class wazuh::params_manager { - case $::kernel { + case $facts['kernel'] { 'Linux': { - - # Installation + # Installation $server_package_version = '5.0.0' $manage_firewall = false - ### Ossec.conf blocks + ### Ossec.conf blocks ## Global $ossec_logall = 'no' @@ -31,7 +30,7 @@ $ossec_remote_allowed_ips = undef $ossec_remote_queue_size = 131072 - # ossec.conf generation parameters + # ossec.conf generation parameters $configure_rootcheck = true $configure_wodle_openscap = true @@ -50,8 +49,7 @@ $configure_cluster = true $configure_active_response = false - - # ossec.conf templates paths + # ossec.conf templates paths $ossec_manager_template = 'wazuh/wazuh_manager.conf.erb' $ossec_rootcheck_template = 'wazuh/fragments/_rootcheck.erb' $ossec_wodle_openscap_template = 'wazuh/fragments/_wodle_openscap.erb' @@ -112,7 +110,6 @@ $sca_else_skip_nfs = 'yes' $sca_else_policies = [] - ## Wodles #openscap @@ -199,7 +196,6 @@ $ossec_auth_ssl_manager_key = '/var/ossec/etc/sslmanager.key' $ossec_auth_ssl_auto_negotiate = 'no' - # syscheck $ossec_syscheck_disabled = 'no' @@ -213,21 +209,21 @@ $ossec_syscheck_whodata_directories_2 = 'no' $ossec_syscheck_realtime_directories_2 = 'no' $ossec_syscheck_ignore_list = ['/etc/mtab', - '/etc/hosts.deny', - '/etc/mail/statistics', - '/etc/random-seed', - '/etc/random.seed', - '/etc/adjtime', - '/etc/httpd/logs', - '/etc/utmpx', - '/etc/wtmpx', - '/etc/cups/certs', - '/etc/dumpdates', - '/etc/svc/volatile', - '/sys/kernel/security', - '/sys/kernel/debug', - '/dev/core', - ] + '/etc/hosts.deny', + '/etc/mail/statistics', + '/etc/random-seed', + '/etc/random.seed', + '/etc/adjtime', + '/etc/httpd/logs', + '/etc/utmpx', + '/etc/wtmpx', + '/etc/cups/certs', + '/etc/dumpdates', + '/etc/svc/volatile', + '/sys/kernel/security', + '/sys/kernel/debug', + '/dev/core', + ] $ossec_syscheck_ignore_type_1 = '^/proc' $ossec_syscheck_ignore_type_2 = '.log$|.swp$' @@ -244,7 +240,7 @@ $ossec_ruleset_decoder_dir = 'ruleset/decoders' $ossec_ruleset_rule_dir = 'ruleset/rules' $ossec_ruleset_rule_exclude = '0215-policy_rules.xml' - $ossec_ruleset_list = [ 'etc/lists/audit-keys', + $ossec_ruleset_list = ['etc/lists/audit-keys', 'etc/lists/amazon/aws-eventnames', 'etc/lists/security-eventchannel', 'etc/lists/malicious-ioc/malicious-ip', @@ -269,13 +265,11 @@ $ossec_cluster_enable_firewall = 'no' - #----- End of ossec.conf parameters ------- $ossec_prefilter = false $ossec_integratord_enabled = false - $manage_client_keys = 'yes' $agent_auth_password = undef $ar_repeated_offenders = '' @@ -290,7 +284,6 @@ $wazuh_manager_server_crt = undef $wazuh_manager_server_key = undef - ## Wazuh config folders and modes $config_file = '/var/ossec/etc/ossec.conf' @@ -305,7 +298,6 @@ $keys_owner = 'root' $keys_group = 'wazuh' - $authd_pass_file = '/var/ossec/etc/authd.pass' $validate_cmd_conf = '/var/ossec/bin/verify-agent-conf -f %' @@ -365,10 +357,8 @@ # Wazuh API template path $wazuh_api_template = 'wazuh/wazuh_api_yml.erb' - - case $::osfamily { + case $facts['os']['family'] { 'Debian': { - $agent_service = 'wazuh-agent' $agent_package = 'wazuh-agent' $service_has_status = false @@ -379,9 +369,9 @@ { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog' }, { 'location' => '/var/log/kern.log', 'log_format' => 'syslog' }, { 'location' => '/var/log/auth.log', 'log_format' => 'syslog' }, - { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog'}, + { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog' }, ] - case $::lsbdistcodename { + case $facts['os']['distro']['codename'] { 'xenial': { $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' @@ -390,8 +380,8 @@ 'type' => 'xccdf', profiles => ['xccdf_org.ssgproject.content_profile_common'], },'cve-ubuntu-xenial-oval.xml' => { - 'type' => 'oval' - } + 'type' => 'oval', + }, } } 'jessie': { @@ -404,36 +394,31 @@ }, 'cve-debian-8-oval.xml' => { 'type' => 'oval', - } + }, } } - /^(wheezy|stretch|buster|bullseye|bookworm|sid|precise|trusty|vivid|wily|xenial|bionic|focal|groovy|jammy)$/: { + default: { $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $wodle_openscap_content = undef } - default: { - fail("Module ${module_name} is not supported on ${::operatingsystem}") - } } - } 'RedHat': { - $agent_service = 'wazuh-agent' $agent_package = 'wazuh-agent' $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $service_has_status = true - $default_local_files =[ - { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit'}, - { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog'}, - { 'location' => '/var/log/messages', 'log_format' => 'syslog'}, - { 'location' => '/var/log/secure' , 'log_format' => 'syslog'}, - { 'location' => '/var/log/maillog' , 'log_format' => 'syslog'}, + $default_local_files = [ + { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit' }, + { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog' }, + { 'location' => '/var/log/messages', 'log_format' => 'syslog' }, + { 'location' => '/var/log/secure' , 'log_format' => 'syslog' }, + { 'location' => '/var/log/maillog' , 'log_format' => 'syslog' }, ] - case $::operatingsystem { + case $facts['os']['name'] { 'Amazon': { $ossec_service_provider = 'systemd' $api_service_provider = 'systemd' @@ -444,69 +429,69 @@ $wodle_openscap_content = undef } 'CentOS': { - if ( $::operatingsystemrelease =~ /^6.*/ ) { + if ( $facts['os']['release']['full'] =~ /^6.*/ ) { $ossec_service_provider = 'redhat' $api_service_provider = 'redhat' $wodle_openscap_content = { 'ssg-centos-6-ds.xml' => { 'type' => 'xccdf', - profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',] - } + profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',], + }, } } - if ( $::operatingsystemrelease =~ /^7.*/ ) { + if ( $facts['os']['release']['full'] =~ /^7.*/ ) { $ossec_service_provider = 'systemd' $api_service_provider = 'systemd' $wodle_openscap_content = { 'ssg-centos-7-ds.xml' => { 'type' => 'xccdf', - profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',] - } + profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',], + }, } } } /^(RedHat|OracleLinux)$/: { - if ( $::operatingsystemrelease =~ /^6.*/ ) { + if ( $facts['os']['release']['full'] =~ /^6.*/ ) { $ossec_service_provider = 'redhat' $api_service_provider = 'redhat' $wodle_openscap_content = { 'ssg-rhel-6-ds.xml' => { 'type' => 'xccdf', - profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',] + profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',], }, 'cve-redhat-6-ds.xml' => { 'type' => 'xccdf', - } + }, } } - if ( $::operatingsystemrelease =~ /^7.*/ ) { + if ( $facts['os']['release']['full'] =~ /^7.*/ ) { $ossec_service_provider = 'systemd' $api_service_provider = 'systemd' $wodle_openscap_content = { 'ssg-rhel-7-ds.xml' => { 'type' => 'xccdf', - profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',] + profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',], }, 'cve-redhat-7-ds.xml' => { 'type' => 'xccdf', - } + }, } } } 'Fedora': { - if ( $::operatingsystemrelease =~ /^(23|24|25).*/ ) { + if ( $facts['os']['release']['full'] =~ /^(23|24|25).*/ ) { $ossec_service_provider = 'redhat' $api_service_provider = 'redhat' $wodle_openscap_content = { 'ssg-fedora-ds.xml' => { 'type' => 'xccdf', - profiles => ['xccdf_org.ssgproject.content_profile_standard', 'xccdf_org.ssgproject.content_profile_common',] + profiles => ['xccdf_org.ssgproject.content_profile_standard', 'xccdf_org.ssgproject.content_profile_common',], }, } } } 'AlmaLinux': { - if ( $::operatingsystemrelease =~ /^8.*/ ) { + if ( $facts['os']['release']['full'] =~ /^8.*/ ) { $ossec_service_provider = 'redhat' $api_service_provider = 'redhat' } @@ -515,23 +500,22 @@ } } 'Suse': { - $agent_service = 'wazuh-agent' $agent_package = 'wazuh-agent' $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $service_has_status = true - $default_local_files =[ - { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit'}, - { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog'}, - { 'location' => '/var/log/messages', 'log_format' => 'syslog'}, - { 'location' => '/var/log/secure' , 'log_format' => 'syslog'}, - { 'location' => '/var/log/maillog' , 'log_format' => 'syslog'}, + $default_local_files = [ + { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit' }, + { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog' }, + { 'location' => '/var/log/messages', 'log_format' => 'syslog' }, + { 'location' => '/var/log/secure' , 'log_format' => 'syslog' }, + { 'location' => '/var/log/maillog' , 'log_format' => 'syslog' }, ] - case $::operatingsystem { + case $facts['os']['name'] { 'SLES': { - if ( $::operatingsystemrelease =~ /^(12|15).*/ ) { + if ( $facts['os']['release']['full'] =~ /^(12|15).*/ ) { $ossec_service_provider = 'redhat' $api_service_provider = 'redhat' } @@ -566,15 +550,14 @@ # TODO $validate_cmd_conf = undef # Pushed by shared agent config now - $default_local_files = [ - {'location' => 'Security' , 'log_format' => 'eventchannel', + $default_local_files = [ + { 'location' => 'Security' , 'log_format' => 'eventchannel', 'query' => 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658\ - and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID!= 4703 and EventID != 4907]'}, - {'location' => 'System' , 'log_format' => 'eventlog' }, - {'location' => 'active-response\active-responses.log' , 'log_format' => 'syslog' }, + and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID!= 4703 and EventID != 4907]' }, + { 'location' => 'System' , 'log_format' => 'eventlog' }, + { 'location' => 'active-response\active-responses.log' , 'log_format' => 'syslog' }, ] - } - default: { fail('This ossec module has not been tested on your distribution') } + default: { fail('This ossec module has not been tested on your distribution') } } } From 9d43dff67368d26599ac383fd165e04b3ef35f66 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 1 Aug 2025 17:35:18 -0400 Subject: [PATCH 06/29] fix: resource collector for openssl certs --- manifests/certificates.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/certificates.pp b/manifests/certificates.pp index 2e2e312d..65d39df2 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -59,7 +59,7 @@ } else { contain wazuh::certificates::mountpoint - Openssl_certificate_x509 <<| tag == 'wazuh' |>> { + Openssl::Certificate::X509 <<| tag == 'wazuh' |>> { ensure => present, country => 'US', locality => 'California', From bf4f21d94a7bac0751683ac09be778ef48148bfc Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Wed, 6 Aug 2025 12:18:47 -0400 Subject: [PATCH 07/29] fix: properly map certificate arrays to hash --- .fixtures.yml | 12 ++++++++++++ manifests/certificates/mountpoint.pp | 6 ++++++ manifests/dashboard.pp | 4 +--- manifests/filebeat_oss.pp | 4 +--- manifests/indexer.pp | 21 +++++++++++++-------- templates/wazuh_indexer_yml.erb | 2 +- 6 files changed, 34 insertions(+), 15 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index bbe132e5..d22661a4 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -4,3 +4,15 @@ fixtures: stdlib: repo: "puppetlabs/stdlib" ref: "5.0.0" + inifile: + repo: "puppetlabs/inifile" + ref: "6.1.1" + concat: + repo: "puppetlabs/concat" + ref: "7.0.0" + apt: + repo: "puppetlabs/apt" + ref: "8.0.0" + openssl: + repo: "puppet/openssl" + ref: "4.2.0" diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index 33bc9d74..fd353d90 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -36,11 +36,17 @@ } } + $_tonotify = defined(Service['puppetserver']) ? { + true => Service['puppetserver'], + default => undef, + } + ini_setting { 'wazuh certificates mountpoint': ensure => present, path => "${filebucket_path}/${bucket_name}/wazuh_certificates.ini", section => $bucket_name, setting => 'path', value => "${filebucket_path}/${bucket_name}", + notify => $_tonotify, } } diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index f0e05494..ac64a8fb 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -71,9 +71,7 @@ if $certfiles =~ Hash { $_certfiles = $certfiles } else { - $_certfiles = $certfiles.map |String $certfile| { - { "${certfile}" => $certfile } - } + $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) } $_certfiles.each |String $certfile_source, String $certfile_target| { file { "${dashboard_path_certs}/${certfile_target}": diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 680fe5fc..e3975eaf 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -96,9 +96,7 @@ if $certfiles =~ Hash { $_certfiles = $certfiles } else { - $_certfiles = $certfiles.map |String $certfile| { - { "${certfile}" => $certfile } - } + $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) } $_certfiles.each |String $certfile_source, String $certfile_target| { file { "${filebeat_path_certs}/${certfile_target}": diff --git a/manifests/indexer.pp b/manifests/indexer.pp index fffd9638..82b60cee 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -32,7 +32,7 @@ 'admin-key.pem', ], Boolean $generate_certs = false, - Array[Regexp[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], + Array[Pattern[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], Boolean $use_puppet_ca = false, Boolean $use_puppet_certs = false, @@ -95,7 +95,7 @@ extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], commonname => $facts['networking']['fqdn'], } - File { + $_attrs = { ensure => file, owner => $indexer_fileuser, group => $indexer_filegroup, @@ -104,9 +104,12 @@ } file { "${indexer_path_certs}/${cert}.pem": - source => "${cert_source_basepath}/${_certname}.crt"; + source => "${cert_source_basepath}/${_certname}.crt", + * => $_attrs; + "${indexer_path_certs}/${cert}-key.pem": - source => "${cert_source_basepath}/${_certname}.key"; + source => "${cert_source_basepath}/${_certname}.key", + * => $_attrs; } } } else { @@ -114,9 +117,7 @@ if $certfiles =~ Hash { $_certfiles = $certfiles } else { - $_certfiles = $certfiles.map |String $certfile| { - { "${certfile}" => $certfile } - } + $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) } $_certfiles.each |String $certfile_source, String $certfile_target| { file { "${indexer_path_certs}/${certfile_target}": @@ -191,10 +192,14 @@ } if $full_indexer_reinstall { + $_before = defined(Exec['Initialize the Opensearch security index in Wazuh indexer']) ? { + true => Exec['Initialize the Opensearch security index in Wazuh indexer'], + default => undef, + } file { $indexer_security_init_lockfile: ensure => absent, require => Package['wazuh-indexer'], - before => Exec['Initialize the Opensearch security index in Wazuh indexer'], + before => $_before, } } } diff --git a/templates/wazuh_indexer_yml.erb b/templates/wazuh_indexer_yml.erb index 7db01141..d89d66c7 100644 --- a/templates/wazuh_indexer_yml.erb +++ b/templates/wazuh_indexer_yml.erb @@ -28,7 +28,7 @@ plugins.security.authcz.admin_dn: plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: -<% @indexer_cluster_CN.each do |cn| -%> +<% @indexer_cluster_cn.each do |cn| -%> - "CN=indexer-<%= cn %>,OU=Wazuh,O=Wazuh,L=California,C=US" <% end -%> plugins.security.restapi.roles_enabled: From ce54bcd2bdc9e7caea3af8e0ee855cde7825f3d0 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Wed, 6 Aug 2025 12:26:09 -0400 Subject: [PATCH 08/29] update: include vendor path in gitignore for voxpupuli testing --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d9052c2b..4b0ddcdc 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ .yardoc .yardwarns *.iml +.vendor/ /.bundle/ /.idea/ /.vagrant/ From eed7a2d5dc63960d26942b458dc2e16912a19427 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 00:58:00 -0400 Subject: [PATCH 09/29] add: flags to certificates to allow use of mountpoint on compilers with inherited params --- manifests/certificates.pp | 23 +++++++++++++---------- manifests/certificates/mountpoint.pp | 1 + 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/manifests/certificates.pp b/manifests/certificates.pp index 65d39df2..f9d16d27 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -15,6 +15,7 @@ $manager_master_certs = [], $manager_worker_certs = [], $dashboard_certs = [], + Boolean $manage_certs = true, Stdlib::Absolutepath $ca_cert_path = $settings::cacert, Stdlib::Absolutepath $ca_key_path = $settings::cakey, String $bucket_name = 'wazuh', @@ -59,16 +60,18 @@ } else { contain wazuh::certificates::mountpoint - Openssl::Certificate::X509 <<| tag == 'wazuh' |>> { - ensure => present, - country => 'US', - locality => 'California', - organization => 'Wazuh', - unit => 'Wazuh', - extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], - base_dir => "${filebucket_path}/${bucket_name}", - ca => $ca_cert_path, - cakey => $ca_key_path, + if $manage_certs { + Openssl::Certificate::X509 <<| tag == 'wazuh' |>> { + ensure => present, + country => 'US', + locality => 'California', + organization => 'Wazuh', + unit => 'Wazuh', + extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + base_dir => "${filebucket_path}/${bucket_name}", + ca => $ca_cert_path, + cakey => $ca_key_path, + } } } } diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index fd353d90..fecd8b92 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -13,6 +13,7 @@ String $owner = 'puppet', String $group = 'puppet', ) { + assert_private() $_dirs = $manage_bucket_dir ? { true => [ $filebucket_path, From ca42f4b77c340be2023a483d6c31625f22650865 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 13:01:48 -0400 Subject: [PATCH 10/29] fix: path for filebucket conf --- manifests/certificates/mountpoint.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index fecd8b92..c5de64cb 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -44,7 +44,7 @@ ini_setting { 'wazuh certificates mountpoint': ensure => present, - path => "${filebucket_path}/${bucket_name}/wazuh_certificates.ini", + path => $fileserver_conf, section => $bucket_name, setting => 'path', value => "${filebucket_path}/${bucket_name}", From 9ca37eb432df790497c9383e1b23969c285ebaf5 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 15:03:16 -0400 Subject: [PATCH 11/29] add: defined type wrapper for openssl::certificate::x509 to allow for key conversion to pkcs8 format for opensearch, fix: repo notify --- manifests/certificate.pp | 101 ++++++++++++++++++++++++++++++++++++++ manifests/certificates.pp | 2 +- manifests/indexer.pp | 25 +++++----- manifests/repo.pp | 12 +++-- 4 files changed, 123 insertions(+), 17 deletions(-) create mode 100644 manifests/certificate.pp diff --git a/manifests/certificate.pp b/manifests/certificate.pp new file mode 100644 index 00000000..788f700b --- /dev/null +++ b/manifests/certificate.pp @@ -0,0 +1,101 @@ +# @summary Wraps openssl::certificate::x509 to additionally convert to pkcs8 key (necessary for OpenSearch admin) +# +# @param export_pkcs8 +# Whether to export the private key in PKCS8 format, necessary for OpenSearch admin +# @param pkcs8_extension +# The file extension for the PKCS8 key +# @param algo +# The encryption algorithm to use for the PKCS8 key, for use in Java +# +define wazuh::certificate ( + # All necessary params for openssl::certificate::x509 + Enum['present', 'absent'] $ensure = present, + Optional[String] $country = undef, + Optional[String] $organization = undef, + Optional[String] $unit = undef, + Optional[String] $state = undef, + Optional[String] $commonname = undef, + Optional[String] $locality = undef, + Array $altnames = [], + Array $extkeyusage = [], + Optional[String] $email = undef, + Integer $days = 365, + Stdlib::Absolutepath $base_dir = '/etc/ssl/certs', + Stdlib::Absolutepath $cnf_dir = $base_dir, + Stdlib::Absolutepath $crt_dir = $base_dir, + Stdlib::Absolutepath $csr_dir = $base_dir, + Stdlib::Absolutepath $key_dir = $base_dir, + Stdlib::Absolutepath $cnf = "${cnf_dir}/${name}.cnf", + Stdlib::Absolutepath $crt = "${crt_dir}/${name}.crt", + Stdlib::Absolutepath $csr = "${csr_dir}/${name}.csr", + Stdlib::Absolutepath $key = "${key_dir}/${name}.key", + Integer $key_size = 3072, + Variant[String, Integer] $owner = 'root', + Variant[String, Integer] $group = 'root', + Variant[String, Integer] $key_owner = $owner, + Variant[String, Integer] $key_group = $group, + Stdlib::Filemode $key_mode = '0600', + Optional[String] $password = undef, + Boolean $force = true, + Boolean $encrypted = true, + Optional[Stdlib::Absolutepath] $ca = undef, + Optional[Stdlib::Absolutepath] $cakey = undef, + Optional[Variant[Sensitive[String[1]], String[1]]] $cakey_password = undef, + # Params specific to this module + Boolean $export_pkcs8 = false, + String $pkcs8_extension = 'pk8', + String $algo = 'PBE-SHA1-3DES', + +) { + openssl::certificate::x509 { $name: + ensure => $ensure, + country => $country, + organization => $organization, + unit => $unit, + state => $state, + commonname => $commonname, + locality => $locality, + altnames => $altnames, + extkeyusage => $extkeyusage, + email => $email, + days => $days, + base_dir => $base_dir, + cnf_dir => $cnf_dir, + crt_dir => $crt_dir, + csr_dir => $csr_dir, + key_dir => $key_dir, + cnf => $cnf, + crt => $crt, + csr => $csr, + key => $key, + key_size => $key_size, + owner => $owner, + group => $group, + key_owner => $key_owner, + key_group => $key_group, + key_mode => $key_mode, + password => $password, + force => $force, + encrypted => $encrypted, + ca => $ca, + cakey => $cakey, + cakey_password => $cakey_password, + } + if $export_pkcs8 { + $_cmd = [ + 'openssl', 'pkcs8', '-topk8', + '-inform', 'PEM', + '-outform', 'PEM', + '-in', $key, + '-out', "${key}.${pkcs8_extension}", + '-v1', $algo, + '-nocrypt', + ] + exec { "export ${name} key to pkcs8": + command => $_cmd, + path => $facts['path'], + subscribe => OpenSSL::Certificate::X509[$name], + refreshonly => true, + } + } +} diff --git a/manifests/certificates.pp b/manifests/certificates.pp index f9d16d27..e9df9bc4 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -61,7 +61,7 @@ else { contain wazuh::certificates::mountpoint if $manage_certs { - Openssl::Certificate::X509 <<| tag == 'wazuh' |>> { + Wazuh::Certificate <<| tag == 'wazuh' |>> { ensure => present, country => 'US', locality => 'California', diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 82b60cee..92c6b30b 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -1,5 +1,7 @@ # Copyright (C) 2015, Wazuh Inc. -# Setup for Wazuh Indexer +# @summary Setup for Wazuh Indexer +# @param indexer_hostname_validation +# Whether OpenSearch requires the host to match the certificate CN class wazuh::indexer ( # opensearch.yml configuration $indexer_network_host = '0.0.0.0', @@ -21,8 +23,9 @@ $indexer_ip = 'localhost', $indexer_port = '9200', $indexer_discovery_hosts = [], # Empty array for single-node configuration - $indexer_initial_cluster_manager_nodes = ['node-1'], - $indexer_cluster_cn = ['node-1'], + $indexer_initial_cluster_manager_nodes = [$indexer_node_name], + $indexer_cluster_cn = ["indexer-${indexer_node_name}"], + Boolean $indexer_hostname_validation = false, String $cert_source_basepath = 'puppet:///modules/archive', Variant[Hash, Array] $certfiles = [ "indexer-${indexer_node_name}.pem", @@ -33,7 +36,6 @@ ], Boolean $generate_certs = false, Array[Pattern[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], - Boolean $use_puppet_ca = false, Boolean $use_puppet_certs = false, # JVM options @@ -83,17 +85,18 @@ owner => $indexer_fileuser, group => $indexer_filegroup, mode => '0400', - source => "${settings::ssldir}/indexer-${facts['networking']['fqdn']}.pem", + source => "${settings::ssldir}/certs/${facts['networking']['fqdn']}.pem", } } if $generate_certs { $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" - @@openssl::certificate::x509 { $_certname: - ensure => present, - altnames => [$facts['networking']['ip']], - extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], - commonname => $facts['networking']['fqdn'], + @@wazuh::certificate { $_certname: + ensure => present, + altnames => [$facts['networking']['ip']], + extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + commonname => $facts['networking']['fqdn'], + export_pkcs8 => true, } $_attrs = { ensure => file, @@ -108,7 +111,7 @@ * => $_attrs; "${indexer_path_certs}/${cert}-key.pem": - source => "${cert_source_basepath}/${_certname}.key", + source => "${cert_source_basepath}/${_certname}.key.pk8", * => $_attrs; } } diff --git a/manifests/repo.pp b/manifests/repo.pp index 044f877e..b9f9c96f 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -54,16 +54,18 @@ content => "deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${wazuh_repo_url} ${repo_release} main\n", order => '01', require => File['/usr/share/keyrings/wazuh.gpg'], - before => Exec['apt-update'], + notify => Exec['apt-update'], } } default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } } # Define an exec resource to run 'apt-get update' - exec { 'apt-update': - command => 'apt-get update', - refreshonly => true, - path => ['/bin', '/usr/bin'], + if !defined(Exec['apt-update']) { + exec { 'apt-update': + command => 'apt-get update', + refreshonly => true, + path => ['/bin', '/usr/bin'], + } } } 'Linux', 'RedHat', 'Suse' : { From d3c9406d22d8d3c152e643b0615cc8057349949a Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 16:11:35 -0400 Subject: [PATCH 12/29] update: use new keyUsage param for certificates --- manifests/certificate.pp | 1 + manifests/certificates.pp | 2 +- manifests/indexer.pp | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/certificate.pp b/manifests/certificate.pp index 788f700b..e3869e2a 100644 --- a/manifests/certificate.pp +++ b/manifests/certificate.pp @@ -56,6 +56,7 @@ commonname => $commonname, locality => $locality, altnames => $altnames, + keyusage => $keyusage, extkeyusage => $extkeyusage, email => $email, days => $days, diff --git a/manifests/certificates.pp b/manifests/certificates.pp index e9df9bc4..17b416c2 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -67,7 +67,7 @@ locality => 'California', organization => 'Wazuh', unit => 'Wazuh', - extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], base_dir => "${filebucket_path}/${bucket_name}", ca => $ca_cert_path, cakey => $ca_key_path, diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 92c6b30b..1f40f5e3 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -94,7 +94,7 @@ @@wazuh::certificate { $_certname: ensure => present, altnames => [$facts['networking']['ip']], - extkeyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], commonname => $facts['networking']['fqdn'], export_pkcs8 => true, } From 044385f0f797a7f36c3f30f29ffbd0a8f772f1f3 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 16:20:17 -0400 Subject: [PATCH 13/29] fix: added the missing `keyusage` param, updated the indexer template to match updated cn param --- manifests/certificate.pp | 1 + templates/wazuh_indexer_yml.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/certificate.pp b/manifests/certificate.pp index e3869e2a..76ff58ac 100644 --- a/manifests/certificate.pp +++ b/manifests/certificate.pp @@ -17,6 +17,7 @@ Optional[String] $commonname = undef, Optional[String] $locality = undef, Array $altnames = [], + Array $keyusage = [], Array $extkeyusage = [], Optional[String] $email = undef, Integer $days = 365, diff --git a/templates/wazuh_indexer_yml.erb b/templates/wazuh_indexer_yml.erb index d89d66c7..c3a02eae 100644 --- a/templates/wazuh_indexer_yml.erb +++ b/templates/wazuh_indexer_yml.erb @@ -29,7 +29,7 @@ plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: <% @indexer_cluster_cn.each do |cn| -%> -- "CN=indexer-<%= cn %>,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=<%= cn %>,OU=Wazuh,O=Wazuh,L=California,C=US" <% end -%> plugins.security.restapi.roles_enabled: - "all_access" From 6ac4e1cbd1b27a077534097bbffbe89e1c248fb9 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 16:38:22 -0400 Subject: [PATCH 14/29] change: enforce indent width for puppet fileserver ini setting --- manifests/certificates/mountpoint.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index c5de64cb..39596dd6 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -43,11 +43,12 @@ } ini_setting { 'wazuh certificates mountpoint': - ensure => present, - path => $fileserver_conf, - section => $bucket_name, - setting => 'path', - value => "${filebucket_path}/${bucket_name}", - notify => $_tonotify, + ensure => present, + path => $fileserver_conf, + section => $bucket_name, + setting => 'path', + value => "${filebucket_path}/${bucket_name}", + indent_width => 2, + notify => $_tonotify, } } From 1025b195ce9a9338e34de665027f1d0d76be14ed Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 16:39:49 -0400 Subject: [PATCH 15/29] change: certificate mountpoint - use indent width of 4 --- manifests/certificates/mountpoint.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index 39596dd6..de04a573 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -48,7 +48,7 @@ section => $bucket_name, setting => 'path', value => "${filebucket_path}/${bucket_name}", - indent_width => 2, + indent_width => 4, notify => $_tonotify, } } From 47a9ef33ce54482a463cec15ba5bc5d82f9ada81 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 16:55:47 -0400 Subject: [PATCH 16/29] add: relationship between generated certs and indexer service --- manifests/indexer.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 1f40f5e3..7d1b1d7e 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -104,6 +104,7 @@ group => $indexer_filegroup, mode => '0400', replace => true, + before => Service['wazuh-indexer'], } file { "${indexer_path_certs}/${cert}.pem": From 8d66d744ccb2b3a674dd71d6b08696ff0d5de94d Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Thu, 7 Aug 2025 17:24:02 -0400 Subject: [PATCH 17/29] fix: use ` ` as a separator rather than ` = ` for ini setting --- manifests/certificates/mountpoint.pp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/manifests/certificates/mountpoint.pp b/manifests/certificates/mountpoint.pp index de04a573..92e5c221 100644 --- a/manifests/certificates/mountpoint.pp +++ b/manifests/certificates/mountpoint.pp @@ -43,12 +43,13 @@ } ini_setting { 'wazuh certificates mountpoint': - ensure => present, - path => $fileserver_conf, - section => $bucket_name, - setting => 'path', - value => "${filebucket_path}/${bucket_name}", - indent_width => 4, - notify => $_tonotify, + ensure => present, + path => $fileserver_conf, + section => $bucket_name, + setting => 'path', + value => "${filebucket_path}/${bucket_name}", + indent_width => 4, + key_val_separator => ' ', + notify => $_tonotify, } } From e6fd8114bbdb7d41430d3ac7d1f669d1f87a5e47 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 13:06:54 -0400 Subject: [PATCH 18/29] add: custom admin cert CN; change: fixed certificate names on disk - catalog is unique to node anyhow; remove: unused parameters --- manifests/indexer.pp | 37 ++++++++++++++++++++++++--------- templates/wazuh_indexer_yml.erb | 16 +++++++------- 2 files changed, 35 insertions(+), 18 deletions(-) diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 7d1b1d7e..653aa6a5 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -2,11 +2,18 @@ # @summary Setup for Wazuh Indexer # @param indexer_hostname_validation # Whether OpenSearch requires the host to match the certificate CN +# @param generate_certs +# Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +# They will be generated using the node FQDN as the common name and IP as the alternative name. +# @param $certs_to_generate +# Array of certificate names to generate when `generate_certs` is true. On a single-node setup, this should be `['indexer', 'admin']`. +# @param $admin_cn +# The common name for the admin certificate, defaults to the indexer node name. class wazuh::indexer ( # opensearch.yml configuration $indexer_network_host = '0.0.0.0', $indexer_cluster_name = 'wazuh-cluster', - $indexer_node_name = 'node-1', + $indexer_node_name = $facts['networking']['fqdn'], $indexer_node_max_local_storage_nodes = '1', $indexer_service = 'wazuh-indexer', $indexer_package = 'wazuh-indexer', @@ -20,23 +27,22 @@ $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock', $full_indexer_reinstall = false, # Change to true when whant a full reinstall of Wazuh indexer - $indexer_ip = 'localhost', - $indexer_port = '9200', $indexer_discovery_hosts = [], # Empty array for single-node configuration $indexer_initial_cluster_manager_nodes = [$indexer_node_name], $indexer_cluster_cn = ["indexer-${indexer_node_name}"], Boolean $indexer_hostname_validation = false, String $cert_source_basepath = 'puppet:///modules/archive', - Variant[Hash, Array] $certfiles = [ - "indexer-${indexer_node_name}.pem", - "indexer-${indexer_node_name}-key.pem", - 'root-ca.pem', - 'admin.pem', - 'admin-key.pem', - ], + Variant[Hash, Array] $certfiles = { + "indexer-${indexer_node_name}.pem" => 'indexer.pem', + "indexer-${indexer_node_name}-key.pem" => 'indexer-key.pem', + 'root-ca.pem' => 'root-ca.pem', + 'admin.pem' => 'admin.pem', + 'admin-key.pem' => 'admin-key.pem', + }, Boolean $generate_certs = false, Array[Pattern[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], Boolean $use_puppet_certs = false, + String $admin_cn = 'admin', # JVM options $jvm_options_memory = '1g', @@ -89,6 +95,15 @@ } } if $generate_certs { + # If we're generating certs, the CN will always be the node name (which should be FQDN) + $_indexer_cluster_cn = [$indexer_node_name] + if $admin_cn == 'admin' { + # Presumably we're a single-node setup, so use the indexer node name as the admin CN + $_admin_cn = $indexer_node_name + } else { + # We might be a multi-node setup, so use the provided admin CN + $_admin_cn = $admin_cn + } $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" @@wazuh::certificate { $_certname: @@ -118,6 +133,8 @@ } } else { # Old certificate workflow, with support for arbitrary source path + $_indexer_cluster_cn = $indexer_cluster_cn + $_admin_cn = $admin_cn if $certfiles =~ Hash { $_certfiles = $certfiles } else { diff --git a/templates/wazuh_indexer_yml.erb b/templates/wazuh_indexer_yml.erb index c3a02eae..0ed4624e 100644 --- a/templates/wazuh_indexer_yml.erb +++ b/templates/wazuh_indexer_yml.erb @@ -14,21 +14,21 @@ discovery.seed_hosts: node.max_local_storage_nodes: "<%= @indexer_node_max_local_storage_nodes %>" path.data: "<%= @indexer_path_data %>" path.logs: "<%= @indexer_path_logs %>" -plugins.security.ssl.http.pemcert_filepath: <%= @indexer_path_certs %>/indexer-<%= @indexer_node_name %>.pem -plugins.security.ssl.http.pemkey_filepath: <%= @indexer_path_certs %>/indexer-<%= @indexer_node_name %>-key.pem +plugins.security.ssl.http.pemcert_filepath: <%= @indexer_path_certs %>/indexer.pem +plugins.security.ssl.http.pemkey_filepath: <%= @indexer_path_certs %>/indexer-key.pem plugins.security.ssl.http.pemtrustedcas_filepath: <%= @indexer_path_certs %>/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: <%= @indexer_path_certs %>/indexer-<%= @indexer_node_name %>.pem -plugins.security.ssl.transport.pemkey_filepath: <%= @indexer_path_certs %>/indexer-<%= @indexer_node_name %>-key.pem +plugins.security.ssl.transport.pemcert_filepath: <%= @indexer_path_certs %>/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: <%= @indexer_path_certs %>/indexer-key.pem plugins.security.ssl.transport.pemtrustedcas_filepath: <%= @indexer_path_certs %>/root-ca.pem plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false +plugins.security.ssl.transport.enforce_hostname_verification: <%= @indexer_hostname_validation %> +plugins.security.ssl.transport.resolve_hostname: <%= @indexer_hostname_validation %> plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=<%= @_admin_cn %>,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: -<% @indexer_cluster_cn.each do |cn| -%> +<% @_indexer_cluster_cn.each do |cn| -%> - "CN=<%= cn %>,OU=Wazuh,O=Wazuh,L=California,C=US" <% end -%> plugins.security.restapi.roles_enabled: From 82c64e684dc022bd7cfac7affd0b20c0d2b3a4d9 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 13:40:54 -0400 Subject: [PATCH 19/29] update: various adjustments to new cert workflow for filebeat --- manifests/filebeat_oss.pp | 66 ++++++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 14 deletions(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index e3975eaf..597d6984 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -21,12 +21,14 @@ $filebeat_fileuser = 'root', $filebeat_filegroup = 'root', $filebeat_path_certs = '/etc/filebeat/certs', - String $cert_filebucket_path = 'puppet:///modules/archive', + String $cert_source_basepath = 'puppet:///modules/archive', Variant[Hash, Array] $certfiles = { "manager-${wazuh_node_name}.pem" => 'filebeat.pem', "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', 'root-ca.pem' => 'root-ca.pem', }, + Boolean $generate_certs = false, + Array[String] $certs_to_generate = ['filebeat'], ) { package { 'filebeat': ensure => $filebeat_oss_version, @@ -93,22 +95,58 @@ mode => '0500', } - if $certfiles =~ Hash { - $_certfiles = $certfiles + if $generate_certs { + file { "${filebeat_path_certs}/root-ca.pem": + ensure => file, + owner => $filebeat_fileuser, + group => $filebeat_filegroup, + mode => '0400', + source => "${settings::ssldir}/certs/ca.pem", + } + $certs_to_generate.each |String $cert| { + $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" + @@wazuh::certificate { $_certname: + ensure => present, + altnames => [$facts['networking']['ip']], + keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + commonname => $facts['networking']['fqdn'], + export_pkcs8 => false, + } + $_attrs = { + ensure => file, + owner => $filebeat_fileuser, + group => $filebeat_filegroup, + mode => '0400', + replace => true, + before => Service['wazuh-indexer'], + } + file { + "${filebeat_path_certs}/${cert}.pem": + source => "${cert_source_basepath}/${_certname}.crt", + * => $_attrs; + + "${filebeat_path_certs}/${cert}-key.pem": + source => "${cert_source_basepath}/${_certname}.key", + * => $_attrs; + } + } } else { - $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) - } - $_certfiles.each |String $certfile_source, String $certfile_target| { - file { "${filebeat_path_certs}/${certfile_target}": - ensure => file, - owner => $filebeat_fileuser, - group => $filebeat_filegroup, - mode => '0400', - replace => true, - source => "${cert_filebucket_path}/${certfile_source}", + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${filebeat_path_certs}/${certfile_target}": + ensure => file, + owner => $filebeat_fileuser, + group => $filebeat_filegroup, + mode => '0400', + replace => true, + source => "${cert_source_basepath}/${certfile_source}", + } } } - service { 'filebeat': ensure => running, enable => true, From 1424778dccf06a63f888d3b57f74c6d0d23def8b Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 13:45:50 -0400 Subject: [PATCH 20/29] remove: obsolete $wazuh_app_version variable from filebeat_oss class --- manifests/filebeat_oss.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 597d6984..11f982e3 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -11,7 +11,6 @@ $filebeat_oss_elastic_user = 'admin', $filebeat_oss_elastic_password = 'admin', $filebeat_oss_version = '7.10.2', - $wazuh_app_version = '5.0.0_7.10.2', String $module_baseurl = 'packages.wazuh.com', String $module_version = '5.x', $wazuh_extensions_version = 'v5.0.0', From 1db2f799faf27e96772076fceda9fd0e52762ed2 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 13:48:39 -0400 Subject: [PATCH 21/29] fix: update service dependency for filebeat and remove unused puppet certs parameter from indexer --- manifests/filebeat_oss.pp | 2 +- manifests/indexer.pp | 26 +++++++------------------- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 11f982e3..0a6b5bcf 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -117,7 +117,7 @@ group => $filebeat_filegroup, mode => '0400', replace => true, - before => Service['wazuh-indexer'], + before => Service['filebeat'], } file { "${filebeat_path_certs}/${cert}.pem": diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 653aa6a5..5b8f19b8 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -41,7 +41,6 @@ }, Boolean $generate_certs = false, Array[Pattern[/(?:indexer(.*)|admin)/]] $certs_to_generate = ['indexer', 'admin'], - Boolean $use_puppet_certs = false, String $admin_cn = 'admin', # JVM options @@ -76,24 +75,6 @@ mode => '0500', } - if $use_puppet_certs or $generate_certs { - file { "${indexer_path_certs}/root-ca.pem": - ensure => file, - owner => $indexer_fileuser, - group => $indexer_filegroup, - mode => '0400', - source => "${settings::ssldir}/certs/ca.pem", - } - } - if $use_puppet_certs { - file { "${indexer_path_certs}/indexer.pem": - ensure => file, - owner => $indexer_fileuser, - group => $indexer_filegroup, - mode => '0400', - source => "${settings::ssldir}/certs/${facts['networking']['fqdn']}.pem", - } - } if $generate_certs { # If we're generating certs, the CN will always be the node name (which should be FQDN) $_indexer_cluster_cn = [$indexer_node_name] @@ -104,6 +85,13 @@ # We might be a multi-node setup, so use the provided admin CN $_admin_cn = $admin_cn } + file { "${indexer_path_certs}/root-ca.pem": + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + source => "${settings::ssldir}/certs/ca.pem", + } $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" @@wazuh::certificate { $_certname: From 4fd05238f050852296efe7d9bb6a9f766a222157 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 14:44:02 -0400 Subject: [PATCH 22/29] change: certificate ownership as `puppet` in new workflow --- manifests/certificate.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/certificate.pp b/manifests/certificate.pp index 76ff58ac..08f6e628 100644 --- a/manifests/certificate.pp +++ b/manifests/certificate.pp @@ -31,8 +31,8 @@ Stdlib::Absolutepath $csr = "${csr_dir}/${name}.csr", Stdlib::Absolutepath $key = "${key_dir}/${name}.key", Integer $key_size = 3072, - Variant[String, Integer] $owner = 'root', - Variant[String, Integer] $group = 'root', + Variant[String, Integer] $owner = 'puppet', + Variant[String, Integer] $group = 'puppet', Variant[String, Integer] $key_owner = $owner, Variant[String, Integer] $key_group = $group, Stdlib::Filemode $key_mode = '0600', @@ -95,6 +95,7 @@ ] exec { "export ${name} key to pkcs8": command => $_cmd, + user => $owner, path => $facts['path'], subscribe => OpenSSL::Certificate::X509[$name], refreshonly => true, From 90e847d2ee1a52712ee08824dad3441b6ee929ba Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 15:36:36 -0400 Subject: [PATCH 23/29] add: cert generation workflow support to dashboard --- manifests/dashboard.pp | 67 +++++++++++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 14 deletions(-) diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index ac64a8fb..9e1dbe1a 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -32,12 +32,14 @@ 'password' => 'wazuh-wui', }, ], - String $cert_filebucket_path = 'puppet:///modules/archive', + String $cert_source_basepath = 'puppet:///modules/archive', Variant[Hash, Array] $certfiles = [ 'dashboard.pem', 'dashboard-key.pem', 'root-ca.pem', ], + Boolean $generate_certs = false, + Array[String] $certs_to_generate = ['dashboard'], ) { # assign version according to the package manager @@ -68,22 +70,59 @@ group => $dashboard_filegroup, mode => '0500', } - if $certfiles =~ Hash { - $_certfiles = $certfiles + if $generate_certs { + file { "${dashboard_path_certs}/root-ca.pem": + ensure => file, + owner => $dashboard_fileuser, + group => $dashboard_filegroup, + mode => '0400', + source => "${settings::ssldir}/certs/ca.pem", + } + $certs_to_generate.each |String $cert| { + $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" + @@wazuh::certificate { $_certname: + ensure => present, + altnames => [$facts['networking']['ip']], + keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], + commonname => $facts['networking']['fqdn'], + export_pkcs8 => false, + } + $_attrs = { + ensure => file, + owner => $dashboard_fileuser, + group => $dashboard_filegroup, + mode => '0400', + replace => true, + before => Service['wazuh-dashboard'], + } + file { + "${dashboard_path_certs}/${cert}.pem": + source => "${cert_source_basepath}/${_certname}.crt", + * => $_attrs; + + "${dashboard_path_certs}/${cert}-key.pem": + source => "${cert_source_basepath}/${_certname}.key", + * => $_attrs; + } + } } else { - $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) - } - $_certfiles.each |String $certfile_source, String $certfile_target| { - file { "${dashboard_path_certs}/${certfile_target}": - ensure => file, - owner => $dashboard_fileuser, - group => $dashboard_filegroup, - mode => '0400', - replace => true, - source => "${cert_filebucket_path}/${certfile_source}", + if $certfiles =~ Hash { + $_certfiles = $certfiles + } else { + $_certfiles = $certfiles.map |String $certfile| { [$certfile, $certfile] }.convert_to(Hash) + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${dashboard_path_certs}/${certfile_target}": + ensure => file, + owner => $dashboard_fileuser, + group => $dashboard_filegroup, + mode => '0400', + replace => true, + source => "${cert_source_basepath}/${certfile_source}", + notify => Service['wazuh-dashboard'], + } } } - file { '/etc/wazuh-dashboard/opensearch_dashboards.yml': content => template('wazuh/wazuh_dashboard_yml.erb'), group => $dashboard_filegroup, From 7df59dbadc68ffdb33871a08e9288b462a91903f Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 16:40:45 -0400 Subject: [PATCH 24/29] add: REFERENCE.md, and `@summary` tags to make it more readable --- REFERENCE.md | 5442 +++++++++++++++++++ manifests/activeresponse.pp | 6 +- manifests/addlog.pp | 5 +- manifests/agent.pp | 3 +- manifests/audit.pp | 15 +- manifests/certificates.pp | 7 +- manifests/{ => certificates}/certificate.pp | 2 +- manifests/command.pp | 4 +- manifests/dashboard.pp | 13 +- manifests/email_alert.pp | 4 +- manifests/filebeat_oss.pp | 11 +- manifests/indexer.pp | 8 +- manifests/init.pp | 4 +- manifests/integration.pp | 7 +- manifests/manager.pp | 2 +- manifests/params_agent.pp | 72 +- manifests/params_manager.pp | 2 +- manifests/repo.pp | 2 +- manifests/reports.pp | 2 +- manifests/securityadmin.pp | 2 +- 20 files changed, 5530 insertions(+), 83 deletions(-) create mode 100644 REFERENCE.md rename manifests/{ => certificates}/certificate.pp (98%) diff --git a/REFERENCE.md b/REFERENCE.md new file mode 100644 index 00000000..2dd8b7ef --- /dev/null +++ b/REFERENCE.md @@ -0,0 +1,5442 @@ +# Reference + + + +## Table of Contents + +### Classes + +* [`wazuh`](#wazuh): Blank container class +* [`wazuh::agent`](#wazuh--agent): Puppet class that installs and manages the Wazuh agent +* [`wazuh::audit`](#wazuh--audit): Define an ossec command +* [`wazuh::certificates`](#wazuh--certificates) +* [`wazuh::certificates::mountpoint`](#wazuh--certificates--mountpoint): Creates a puppet file mountpoint for generated certificates +* [`wazuh::dashboard`](#wazuh--dashboard): Setup for Wazuh Dashboard +* [`wazuh::filebeat_oss`](#wazuh--filebeat_oss): Setup for Filebeat_oss +* [`wazuh::indexer`](#wazuh--indexer): Setup for Wazuh Indexer +* [`wazuh::manager`](#wazuh--manager): Main ossec server config +* [`wazuh::params_agent`](#wazuh--params_agent): Wazuh-Agent configuration parameters +* [`wazuh::params_manager`](#wazuh--params_manager): Paramas file +* [`wazuh::repo`](#wazuh--repo): Wazuh repository installation +* [`wazuh::securityadmin`](#wazuh--securityadmin): Wazuh repository installation + +### Defined types + +* [`wazuh::activeresponse`](#wazuh--activeresponse): Define for a specific ossec active-response +* [`wazuh::addlog`](#wazuh--addlog): Define a log-file to add to ossec +* [`wazuh::certificates::certificate`](#wazuh--certificates--certificate): Wraps openssl::certificate::x509 to additionally convert to pkcs8 key (necessary for OpenSearch admin) +* [`wazuh::command`](#wazuh--command): Define an ossec command +* [`wazuh::email_alert`](#wazuh--email_alert): Define an email alert +* [`wazuh::integration`](#wazuh--integration): Define for a specific ossec integration +* [`wazuh::reports`](#wazuh--reports): Define for a Reports section + +## Classes + +### `wazuh` + +Copyright (C) 2015, Wazuh Inc. + +### `wazuh::agent` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::agent` class: + +* [`agent_package_version`](#-wazuh--agent--agent_package_version) +* [`agent_package_revision`](#-wazuh--agent--agent_package_revision) +* [`agent_package_name`](#-wazuh--agent--agent_package_name) +* [`agent_service_name`](#-wazuh--agent--agent_service_name) +* [`agent_service_ensure`](#-wazuh--agent--agent_service_ensure) +* [`agent_msi_download_location`](#-wazuh--agent--agent_msi_download_location) +* [`manage_client_keys`](#-wazuh--agent--manage_client_keys) +* [`agent_name`](#-wazuh--agent--agent_name) +* [`agent_group`](#-wazuh--agent--agent_group) +* [`agent_address`](#-wazuh--agent--agent_address) +* [`wazuh_agent_cert`](#-wazuh--agent--wazuh_agent_cert) +* [`wazuh_agent_key`](#-wazuh--agent--wazuh_agent_key) +* [`wazuh_agent_cert_path`](#-wazuh--agent--wazuh_agent_cert_path) +* [`wazuh_agent_key_path`](#-wazuh--agent--wazuh_agent_key_path) +* [`agent_auth_password`](#-wazuh--agent--agent_auth_password) +* [`wazuh_manager_root_ca_pem`](#-wazuh--agent--wazuh_manager_root_ca_pem) +* [`wazuh_manager_root_ca_pem_path`](#-wazuh--agent--wazuh_manager_root_ca_pem_path) +* [`configure_rootcheck`](#-wazuh--agent--configure_rootcheck) +* [`configure_wodle_openscap`](#-wazuh--agent--configure_wodle_openscap) +* [`configure_wodle_cis_cat`](#-wazuh--agent--configure_wodle_cis_cat) +* [`configure_wodle_osquery`](#-wazuh--agent--configure_wodle_osquery) +* [`configure_wodle_syscollector`](#-wazuh--agent--configure_wodle_syscollector) +* [`configure_wodle_docker_listener`](#-wazuh--agent--configure_wodle_docker_listener) +* [`configure_sca`](#-wazuh--agent--configure_sca) +* [`configure_syscheck`](#-wazuh--agent--configure_syscheck) +* [`configure_localfile`](#-wazuh--agent--configure_localfile) +* [`configure_active_response`](#-wazuh--agent--configure_active_response) +* [`configure_labels`](#-wazuh--agent--configure_labels) +* [`ossec_conf_template`](#-wazuh--agent--ossec_conf_template) +* [`ossec_rootcheck_template`](#-wazuh--agent--ossec_rootcheck_template) +* [`ossec_wodle_openscap_template`](#-wazuh--agent--ossec_wodle_openscap_template) +* [`ossec_wodle_cis_cat_template`](#-wazuh--agent--ossec_wodle_cis_cat_template) +* [`ossec_wodle_osquery_template`](#-wazuh--agent--ossec_wodle_osquery_template) +* [`ossec_wodle_syscollector_template`](#-wazuh--agent--ossec_wodle_syscollector_template) +* [`ossec_wodle_docker_listener_template`](#-wazuh--agent--ossec_wodle_docker_listener_template) +* [`ossec_sca_template`](#-wazuh--agent--ossec_sca_template) +* [`ossec_syscheck_template`](#-wazuh--agent--ossec_syscheck_template) +* [`ossec_localfile_template`](#-wazuh--agent--ossec_localfile_template) +* [`ossec_auth`](#-wazuh--agent--ossec_auth) +* [`ossec_cluster`](#-wazuh--agent--ossec_cluster) +* [`ossec_active_response_template`](#-wazuh--agent--ossec_active_response_template) +* [`ossec_labels_template`](#-wazuh--agent--ossec_labels_template) +* [`wazuh_register_endpoint`](#-wazuh--agent--wazuh_register_endpoint) +* [`wazuh_reporting_endpoint`](#-wazuh--agent--wazuh_reporting_endpoint) +* [`ossec_port`](#-wazuh--agent--ossec_port) +* [`ossec_protocol`](#-wazuh--agent--ossec_protocol) +* [`wazuh_max_retries`](#-wazuh--agent--wazuh_max_retries) +* [`wazuh_retry_interval`](#-wazuh--agent--wazuh_retry_interval) +* [`ossec_config_ubuntu_profiles`](#-wazuh--agent--ossec_config_ubuntu_profiles) +* [`ossec_config_centos_profiles`](#-wazuh--agent--ossec_config_centos_profiles) +* [`ossec_notify_time`](#-wazuh--agent--ossec_notify_time) +* [`ossec_time_reconnect`](#-wazuh--agent--ossec_time_reconnect) +* [`ossec_auto_restart`](#-wazuh--agent--ossec_auto_restart) +* [`ossec_crypto_method`](#-wazuh--agent--ossec_crypto_method) +* [`client_buffer_disabled`](#-wazuh--agent--client_buffer_disabled) +* [`client_buffer_queue_size`](#-wazuh--agent--client_buffer_queue_size) +* [`client_buffer_events_per_second`](#-wazuh--agent--client_buffer_events_per_second) +* [`wazuh_enrollment_enabled`](#-wazuh--agent--wazuh_enrollment_enabled) +* [`wazuh_enrollment_manager_address`](#-wazuh--agent--wazuh_enrollment_manager_address) +* [`wazuh_enrollment_port`](#-wazuh--agent--wazuh_enrollment_port) +* [`wazuh_enrollment_agent_name`](#-wazuh--agent--wazuh_enrollment_agent_name) +* [`wazuh_enrollment_groups`](#-wazuh--agent--wazuh_enrollment_groups) +* [`wazuh_enrollment_agent_address`](#-wazuh--agent--wazuh_enrollment_agent_address) +* [`wazuh_enrollment_ssl_cipher`](#-wazuh--agent--wazuh_enrollment_ssl_cipher) +* [`wazuh_enrollment_server_ca_path`](#-wazuh--agent--wazuh_enrollment_server_ca_path) +* [`wazuh_enrollment_agent_cert_path`](#-wazuh--agent--wazuh_enrollment_agent_cert_path) +* [`wazuh_enrollment_agent_key_path`](#-wazuh--agent--wazuh_enrollment_agent_key_path) +* [`wazuh_enrollment_auth_pass`](#-wazuh--agent--wazuh_enrollment_auth_pass) +* [`wazuh_enrollment_auth_pass_path`](#-wazuh--agent--wazuh_enrollment_auth_pass_path) +* [`wazuh_enrollment_auto_method`](#-wazuh--agent--wazuh_enrollment_auto_method) +* [`wazuh_delay_after_enrollment`](#-wazuh--agent--wazuh_delay_after_enrollment) +* [`wazuh_enrollment_use_source_ip`](#-wazuh--agent--wazuh_enrollment_use_source_ip) +* [`ossec_rootcheck_disabled`](#-wazuh--agent--ossec_rootcheck_disabled) +* [`ossec_rootcheck_check_files`](#-wazuh--agent--ossec_rootcheck_check_files) +* [`ossec_rootcheck_check_trojans`](#-wazuh--agent--ossec_rootcheck_check_trojans) +* [`ossec_rootcheck_check_dev`](#-wazuh--agent--ossec_rootcheck_check_dev) +* [`ossec_rootcheck_check_sys`](#-wazuh--agent--ossec_rootcheck_check_sys) +* [`ossec_rootcheck_check_pids`](#-wazuh--agent--ossec_rootcheck_check_pids) +* [`ossec_rootcheck_check_ports`](#-wazuh--agent--ossec_rootcheck_check_ports) +* [`ossec_rootcheck_check_if`](#-wazuh--agent--ossec_rootcheck_check_if) +* [`ossec_rootcheck_frequency`](#-wazuh--agent--ossec_rootcheck_frequency) +* [`ossec_rootcheck_ignore_list`](#-wazuh--agent--ossec_rootcheck_ignore_list) +* [`ossec_rootcheck_ignore_sregex_list`](#-wazuh--agent--ossec_rootcheck_ignore_sregex_list) +* [`ossec_rootcheck_rootkit_files`](#-wazuh--agent--ossec_rootcheck_rootkit_files) +* [`ossec_rootcheck_rootkit_trojans`](#-wazuh--agent--ossec_rootcheck_rootkit_trojans) +* [`ossec_rootcheck_skip_nfs`](#-wazuh--agent--ossec_rootcheck_skip_nfs) +* [`ossec_rootcheck_system_audit`](#-wazuh--agent--ossec_rootcheck_system_audit) +* [`ossec_rootcheck_windows_disabled`](#-wazuh--agent--ossec_rootcheck_windows_disabled) +* [`ossec_rootcheck_windows_windows_apps`](#-wazuh--agent--ossec_rootcheck_windows_windows_apps) +* [`ossec_rootcheck_windows_windows_malware`](#-wazuh--agent--ossec_rootcheck_windows_windows_malware) +* [`sca_amazon_enabled`](#-wazuh--agent--sca_amazon_enabled) +* [`sca_amazon_scan_on_start`](#-wazuh--agent--sca_amazon_scan_on_start) +* [`sca_amazon_interval`](#-wazuh--agent--sca_amazon_interval) +* [`sca_amazon_skip_nfs`](#-wazuh--agent--sca_amazon_skip_nfs) +* [`sca_amazon_policies`](#-wazuh--agent--sca_amazon_policies) +* [`sca_rhel_enabled`](#-wazuh--agent--sca_rhel_enabled) +* [`sca_rhel_scan_on_start`](#-wazuh--agent--sca_rhel_scan_on_start) +* [`sca_rhel_interval`](#-wazuh--agent--sca_rhel_interval) +* [`sca_rhel_skip_nfs`](#-wazuh--agent--sca_rhel_skip_nfs) +* [`sca_rhel_policies`](#-wazuh--agent--sca_rhel_policies) +* [`sca_else_enabled`](#-wazuh--agent--sca_else_enabled) +* [`sca_else_scan_on_start`](#-wazuh--agent--sca_else_scan_on_start) +* [`sca_else_interval`](#-wazuh--agent--sca_else_interval) +* [`sca_else_skip_nfs`](#-wazuh--agent--sca_else_skip_nfs) +* [`sca_else_policies`](#-wazuh--agent--sca_else_policies) +* [`sca_windows_enabled`](#-wazuh--agent--sca_windows_enabled) +* [`sca_windows_scan_on_start`](#-wazuh--agent--sca_windows_scan_on_start) +* [`sca_windows_interval`](#-wazuh--agent--sca_windows_interval) +* [`sca_windows_skip_nfs`](#-wazuh--agent--sca_windows_skip_nfs) +* [`sca_windows_policies`](#-wazuh--agent--sca_windows_policies) +* [`wodle_openscap_disabled`](#-wazuh--agent--wodle_openscap_disabled) +* [`wodle_openscap_timeout`](#-wazuh--agent--wodle_openscap_timeout) +* [`wodle_openscap_interval`](#-wazuh--agent--wodle_openscap_interval) +* [`wodle_openscap_scan_on_start`](#-wazuh--agent--wodle_openscap_scan_on_start) +* [`wodle_ciscat_disabled`](#-wazuh--agent--wodle_ciscat_disabled) +* [`wodle_ciscat_timeout`](#-wazuh--agent--wodle_ciscat_timeout) +* [`wodle_ciscat_interval`](#-wazuh--agent--wodle_ciscat_interval) +* [`wodle_ciscat_scan_on_start`](#-wazuh--agent--wodle_ciscat_scan_on_start) +* [`wodle_ciscat_java_path`](#-wazuh--agent--wodle_ciscat_java_path) +* [`wodle_ciscat_ciscat_path`](#-wazuh--agent--wodle_ciscat_ciscat_path) +* [`wodle_osquery_disabled`](#-wazuh--agent--wodle_osquery_disabled) +* [`wodle_osquery_run_daemon`](#-wazuh--agent--wodle_osquery_run_daemon) +* [`wodle_osquery_bin_path`](#-wazuh--agent--wodle_osquery_bin_path) +* [`wodle_osquery_log_path`](#-wazuh--agent--wodle_osquery_log_path) +* [`wodle_osquery_config_path`](#-wazuh--agent--wodle_osquery_config_path) +* [`wodle_osquery_add_labels`](#-wazuh--agent--wodle_osquery_add_labels) +* [`wodle_syscollector_disabled`](#-wazuh--agent--wodle_syscollector_disabled) +* [`wodle_syscollector_interval`](#-wazuh--agent--wodle_syscollector_interval) +* [`wodle_syscollector_scan_on_start`](#-wazuh--agent--wodle_syscollector_scan_on_start) +* [`wodle_syscollector_hardware`](#-wazuh--agent--wodle_syscollector_hardware) +* [`wodle_syscollector_os`](#-wazuh--agent--wodle_syscollector_os) +* [`wodle_syscollector_network`](#-wazuh--agent--wodle_syscollector_network) +* [`wodle_syscollector_packages`](#-wazuh--agent--wodle_syscollector_packages) +* [`wodle_syscollector_ports`](#-wazuh--agent--wodle_syscollector_ports) +* [`wodle_syscollector_processes`](#-wazuh--agent--wodle_syscollector_processes) +* [`wodle_syscollector_hotfixes`](#-wazuh--agent--wodle_syscollector_hotfixes) +* [`wodle_docker_listener_disabled`](#-wazuh--agent--wodle_docker_listener_disabled) +* [`ossec_local_files`](#-wazuh--agent--ossec_local_files) +* [`ossec_syscheck_disabled`](#-wazuh--agent--ossec_syscheck_disabled) +* [`ossec_syscheck_frequency`](#-wazuh--agent--ossec_syscheck_frequency) +* [`ossec_syscheck_scan_on_start`](#-wazuh--agent--ossec_syscheck_scan_on_start) +* [`ossec_syscheck_auto_ignore`](#-wazuh--agent--ossec_syscheck_auto_ignore) +* [`ossec_syscheck_directories_1`](#-wazuh--agent--ossec_syscheck_directories_1) +* [`ossec_syscheck_directories_2`](#-wazuh--agent--ossec_syscheck_directories_2) +* [`ossec_syscheck_report_changes_directories_1`](#-wazuh--agent--ossec_syscheck_report_changes_directories_1) +* [`ossec_syscheck_whodata_directories_1`](#-wazuh--agent--ossec_syscheck_whodata_directories_1) +* [`ossec_syscheck_realtime_directories_1`](#-wazuh--agent--ossec_syscheck_realtime_directories_1) +* [`ossec_syscheck_report_changes_directories_2`](#-wazuh--agent--ossec_syscheck_report_changes_directories_2) +* [`ossec_syscheck_whodata_directories_2`](#-wazuh--agent--ossec_syscheck_whodata_directories_2) +* [`ossec_syscheck_realtime_directories_2`](#-wazuh--agent--ossec_syscheck_realtime_directories_2) +* [`ossec_syscheck_ignore_list`](#-wazuh--agent--ossec_syscheck_ignore_list) +* [`ossec_syscheck_ignore_type_1`](#-wazuh--agent--ossec_syscheck_ignore_type_1) +* [`ossec_syscheck_ignore_type_2`](#-wazuh--agent--ossec_syscheck_ignore_type_2) +* [`ossec_syscheck_max_eps`](#-wazuh--agent--ossec_syscheck_max_eps) +* [`ossec_syscheck_process_priority`](#-wazuh--agent--ossec_syscheck_process_priority) +* [`ossec_syscheck_synchronization_enabled`](#-wazuh--agent--ossec_syscheck_synchronization_enabled) +* [`ossec_syscheck_synchronization_interval`](#-wazuh--agent--ossec_syscheck_synchronization_interval) +* [`ossec_syscheck_synchronization_max_eps`](#-wazuh--agent--ossec_syscheck_synchronization_max_eps) +* [`ossec_syscheck_synchronization_max_interval`](#-wazuh--agent--ossec_syscheck_synchronization_max_interval) +* [`ossec_syscheck_nodiff`](#-wazuh--agent--ossec_syscheck_nodiff) +* [`ossec_syscheck_skip_nfs`](#-wazuh--agent--ossec_syscheck_skip_nfs) +* [`ossec_syscheck_windows_audit_interval`](#-wazuh--agent--ossec_syscheck_windows_audit_interval) +* [`audit_manage_rules`](#-wazuh--agent--audit_manage_rules) +* [`audit_buffer_bytes`](#-wazuh--agent--audit_buffer_bytes) +* [`audit_backlog_wait_time`](#-wazuh--agent--audit_backlog_wait_time) +* [`audit_rules`](#-wazuh--agent--audit_rules) +* [`ossec_active_response_disabled`](#-wazuh--agent--ossec_active_response_disabled) +* [`ossec_active_response_linux_ca_store`](#-wazuh--agent--ossec_active_response_linux_ca_store) +* [`ossec_active_response_ca_verification`](#-wazuh--agent--ossec_active_response_ca_verification) +* [`ossec_active_response_repeated_offenders`](#-wazuh--agent--ossec_active_response_repeated_offenders) +* [`ossec_labels`](#-wazuh--agent--ossec_labels) +* [`selinux`](#-wazuh--agent--selinux) +* [`manage_firewall`](#-wazuh--agent--manage_firewall) +* [`download_path`](#-wazuh--agent--download_path) +* [`logging_log_format`](#-wazuh--agent--logging_log_format) + +##### `agent_package_version` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_package_version` + +##### `agent_package_revision` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_package_revision` + +##### `agent_package_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_package_name` + +##### `agent_service_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_service_name` + +##### `agent_service_ensure` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_service_ensure` + +##### `agent_msi_download_location` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_msi_download_location` + +##### `manage_client_keys` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::manage_client_keys` + +##### `agent_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_name` + +##### `agent_group` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_group` + +##### `agent_address` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_address` + +##### `wazuh_agent_cert` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_agent_cert` + +##### `wazuh_agent_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_agent_key` + +##### `wazuh_agent_cert_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_agent_cert_path` + +##### `wazuh_agent_key_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_agent_key_path` + +##### `agent_auth_password` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::agent_auth_password` + +##### `wazuh_manager_root_ca_pem` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_manager_root_ca_pem` + +##### `wazuh_manager_root_ca_pem_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_manager_root_ca_pem_path` + +##### `configure_rootcheck` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_rootcheck` + +##### `configure_wodle_openscap` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_wodle_openscap` + +##### `configure_wodle_cis_cat` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_wodle_cis_cat` + +##### `configure_wodle_osquery` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_wodle_osquery` + +##### `configure_wodle_syscollector` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_wodle_syscollector` + +##### `configure_wodle_docker_listener` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_wodle_docker_listener` + +##### `configure_sca` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_sca` + +##### `configure_syscheck` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_syscheck` + +##### `configure_localfile` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_localfile` + +##### `configure_active_response` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_active_response` + +##### `configure_labels` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::configure_labels` + +##### `ossec_conf_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_conf_template` + +##### `ossec_rootcheck_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_template` + +##### `ossec_wodle_openscap_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_wodle_openscap_template` + +##### `ossec_wodle_cis_cat_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_wodle_cis_cat_template` + +##### `ossec_wodle_osquery_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_wodle_osquery_template` + +##### `ossec_wodle_syscollector_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_wodle_syscollector_template` + +##### `ossec_wodle_docker_listener_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_wodle_docker_listener_template` + +##### `ossec_sca_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_sca_template` + +##### `ossec_syscheck_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_template` + +##### `ossec_localfile_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_localfile_template` + +##### `ossec_auth` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_auth` + +##### `ossec_cluster` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_cluster` + +##### `ossec_active_response_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_active_response_template` + +##### `ossec_labels_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_labels_template` + +##### `wazuh_register_endpoint` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_register_endpoint` + +##### `wazuh_reporting_endpoint` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_reporting_endpoint` + +##### `ossec_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_port` + +##### `ossec_protocol` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_protocol` + +##### `wazuh_max_retries` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_max_retries` + +##### `wazuh_retry_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_retry_interval` + +##### `ossec_config_ubuntu_profiles` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_config_ubuntu_profiles` + +##### `ossec_config_centos_profiles` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_config_centos_profiles` + +##### `ossec_notify_time` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_notify_time` + +##### `ossec_time_reconnect` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_time_reconnect` + +##### `ossec_auto_restart` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_auto_restart` + +##### `ossec_crypto_method` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_crypto_method` + +##### `client_buffer_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::client_buffer_disabled` + +##### `client_buffer_queue_size` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::client_buffer_queue_size` + +##### `client_buffer_events_per_second` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::client_buffer_events_per_second` + +##### `wazuh_enrollment_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_enabled` + +##### `wazuh_enrollment_manager_address` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_manager_address` + +##### `wazuh_enrollment_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_port` + +##### `wazuh_enrollment_agent_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_agent_name` + +##### `wazuh_enrollment_groups` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_groups` + +##### `wazuh_enrollment_agent_address` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_agent_address` + +##### `wazuh_enrollment_ssl_cipher` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_ssl_cipher` + +##### `wazuh_enrollment_server_ca_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_server_ca_path` + +##### `wazuh_enrollment_agent_cert_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_agent_cert_path` + +##### `wazuh_enrollment_agent_key_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_agent_key_path` + +##### `wazuh_enrollment_auth_pass` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_auth_pass` + +##### `wazuh_enrollment_auth_pass_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_auth_pass_path` + +##### `wazuh_enrollment_auto_method` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_auto_method` + +##### `wazuh_delay_after_enrollment` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_delay_after_enrollment` + +##### `wazuh_enrollment_use_source_ip` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wazuh_enrollment_use_source_ip` + +##### `ossec_rootcheck_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_disabled` + +##### `ossec_rootcheck_check_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_files` + +##### `ossec_rootcheck_check_trojans` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_trojans` + +##### `ossec_rootcheck_check_dev` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_dev` + +##### `ossec_rootcheck_check_sys` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_sys` + +##### `ossec_rootcheck_check_pids` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_pids` + +##### `ossec_rootcheck_check_ports` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_ports` + +##### `ossec_rootcheck_check_if` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_check_if` + +##### `ossec_rootcheck_frequency` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_frequency` + +##### `ossec_rootcheck_ignore_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_ignore_list` + +##### `ossec_rootcheck_ignore_sregex_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_ignore_sregex_list` + +##### `ossec_rootcheck_rootkit_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_rootkit_files` + +##### `ossec_rootcheck_rootkit_trojans` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_rootkit_trojans` + +##### `ossec_rootcheck_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_skip_nfs` + +##### `ossec_rootcheck_system_audit` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_system_audit` + +##### `ossec_rootcheck_windows_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_windows_disabled` + +##### `ossec_rootcheck_windows_windows_apps` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_windows_windows_apps` + +##### `ossec_rootcheck_windows_windows_malware` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_rootcheck_windows_windows_malware` + +##### `sca_amazon_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_amazon_enabled` + +##### `sca_amazon_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_amazon_scan_on_start` + +##### `sca_amazon_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_amazon_interval` + +##### `sca_amazon_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_amazon_skip_nfs` + +##### `sca_amazon_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_amazon_policies` + +##### `sca_rhel_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_rhel_enabled` + +##### `sca_rhel_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_rhel_scan_on_start` + +##### `sca_rhel_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_rhel_interval` + +##### `sca_rhel_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_rhel_skip_nfs` + +##### `sca_rhel_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_rhel_policies` + +##### `sca_else_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_else_enabled` + +##### `sca_else_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_else_scan_on_start` + +##### `sca_else_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_else_interval` + +##### `sca_else_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_else_skip_nfs` + +##### `sca_else_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_else_policies` + +##### `sca_windows_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_windows_enabled` + +##### `sca_windows_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_windows_scan_on_start` + +##### `sca_windows_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_windows_interval` + +##### `sca_windows_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_windows_skip_nfs` + +##### `sca_windows_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::sca_windows_policies` + +##### `wodle_openscap_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_openscap_disabled` + +##### `wodle_openscap_timeout` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_openscap_timeout` + +##### `wodle_openscap_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_openscap_interval` + +##### `wodle_openscap_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_openscap_scan_on_start` + +##### `wodle_ciscat_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_disabled` + +##### `wodle_ciscat_timeout` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_timeout` + +##### `wodle_ciscat_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_interval` + +##### `wodle_ciscat_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_scan_on_start` + +##### `wodle_ciscat_java_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_java_path` + +##### `wodle_ciscat_ciscat_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_ciscat_ciscat_path` + +##### `wodle_osquery_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_disabled` + +##### `wodle_osquery_run_daemon` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_run_daemon` + +##### `wodle_osquery_bin_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_bin_path` + +##### `wodle_osquery_log_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_log_path` + +##### `wodle_osquery_config_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_config_path` + +##### `wodle_osquery_add_labels` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_osquery_add_labels` + +##### `wodle_syscollector_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_disabled` + +##### `wodle_syscollector_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_interval` + +##### `wodle_syscollector_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_scan_on_start` + +##### `wodle_syscollector_hardware` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_hardware` + +##### `wodle_syscollector_os` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_os` + +##### `wodle_syscollector_network` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_network` + +##### `wodle_syscollector_packages` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_packages` + +##### `wodle_syscollector_ports` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_ports` + +##### `wodle_syscollector_processes` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_processes` + +##### `wodle_syscollector_hotfixes` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_syscollector_hotfixes` + +##### `wodle_docker_listener_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::wodle_docker_listener_disabled` + +##### `ossec_local_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::default_local_files` + +##### `ossec_syscheck_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_disabled` + +##### `ossec_syscheck_frequency` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_frequency` + +##### `ossec_syscheck_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_scan_on_start` + +##### `ossec_syscheck_auto_ignore` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_auto_ignore` + +##### `ossec_syscheck_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_directories_1` + +##### `ossec_syscheck_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_directories_2` + +##### `ossec_syscheck_report_changes_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_report_changes_directories_1` + +##### `ossec_syscheck_whodata_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_whodata_directories_1` + +##### `ossec_syscheck_realtime_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_realtime_directories_1` + +##### `ossec_syscheck_report_changes_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_report_changes_directories_2` + +##### `ossec_syscheck_whodata_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_whodata_directories_2` + +##### `ossec_syscheck_realtime_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_realtime_directories_2` + +##### `ossec_syscheck_ignore_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_ignore_list` + +##### `ossec_syscheck_ignore_type_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_ignore_type_1` + +##### `ossec_syscheck_ignore_type_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_ignore_type_2` + +##### `ossec_syscheck_max_eps` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_max_eps` + +##### `ossec_syscheck_process_priority` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_process_priority` + +##### `ossec_syscheck_synchronization_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_synchronization_enabled` + +##### `ossec_syscheck_synchronization_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_synchronization_interval` + +##### `ossec_syscheck_synchronization_max_eps` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_synchronization_max_eps` + +##### `ossec_syscheck_synchronization_max_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_synchronization_max_interval` + +##### `ossec_syscheck_nodiff` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_nodiff` + +##### `ossec_syscheck_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_syscheck_skip_nfs` + +##### `ossec_syscheck_windows_audit_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::windows_audit_interval` + +##### `audit_manage_rules` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::audit_manage_rules` + +##### `audit_buffer_bytes` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::audit_buffer_bytes` + +##### `audit_backlog_wait_time` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::audit_backlog_wait_time` + +##### `audit_rules` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::audit_rules` + +##### `ossec_active_response_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::active_response_disabled` + +##### `ossec_active_response_linux_ca_store` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::active_response_linux_ca_store` + +##### `ossec_active_response_ca_verification` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::active_response_ca_verification` + +##### `ossec_active_response_repeated_offenders` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::active_response_repeated_offenders` + +##### `ossec_labels` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::ossec_labels` + +##### `selinux` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::selinux` + +##### `manage_firewall` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::manage_firewall` + +##### `download_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::download_path` + +##### `logging_log_format` + +Data type: `Any` + + + +Default value: `$wazuh::params_agent::logging_log_format` + +### `wazuh::audit` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::audit` class: + +* [`audit_manage_rules`](#-wazuh--audit--audit_manage_rules) +* [`audit_buffer_bytes`](#-wazuh--audit--audit_buffer_bytes) +* [`audit_backlog_wait_time`](#-wazuh--audit--audit_backlog_wait_time) +* [`audit_rules`](#-wazuh--audit--audit_rules) +* [`audit_package_title`](#-wazuh--audit--audit_package_title) + +##### `audit_manage_rules` + +Data type: `Any` + + + +Default value: `false` + +##### `audit_buffer_bytes` + +Data type: `Any` + + + +Default value: `'8192'` + +##### `audit_backlog_wait_time` + +Data type: `Any` + + + +Default value: `'0'` + +##### `audit_rules` + +Data type: `Any` + + + +Default value: `[]` + +##### `audit_package_title` + +Data type: `Any` + + + +Default value: `'Installing Audit..'` + +### `wazuh::certificates` + +The wazuh::certificates class. + +#### Parameters + +The following parameters are available in the `wazuh::certificates` class: + +* [`use_legacy_workflow`](#-wazuh--certificates--use_legacy_workflow) +* [`puppet_code_path`](#-wazuh--certificates--puppet_code_path) +* [`wazuh_repository`](#-wazuh--certificates--wazuh_repository) +* [`wazuh_version`](#-wazuh--certificates--wazuh_version) +* [`indexer_certs`](#-wazuh--certificates--indexer_certs) +* [`manager_certs`](#-wazuh--certificates--manager_certs) +* [`manager_master_certs`](#-wazuh--certificates--manager_master_certs) +* [`manager_worker_certs`](#-wazuh--certificates--manager_worker_certs) +* [`dashboard_certs`](#-wazuh--certificates--dashboard_certs) +* [`manage_certs`](#-wazuh--certificates--manage_certs) +* [`ca_cert_path`](#-wazuh--certificates--ca_cert_path) +* [`ca_key_path`](#-wazuh--certificates--ca_key_path) +* [`bucket_name`](#-wazuh--certificates--bucket_name) +* [`filebucket_path`](#-wazuh--certificates--filebucket_path) +* [`fileserver_conf`](#-wazuh--certificates--fileserver_conf) + +##### `use_legacy_workflow` + +Data type: `Boolean` + + + +Default value: `true` + +##### `puppet_code_path` + +Data type: `String` + + + +Default value: `"/etc/puppetlabs/code/environments/${server_facts['environment']}/modules/archive/files"` + +##### `wazuh_repository` + +Data type: `String` + + + +Default value: `'packages.wazuh.com'` + +##### `wazuh_version` + +Data type: `String` + + + +Default value: `'5.0'` + +##### `indexer_certs` + +Data type: `Any` + + + +Default value: `[]` + +##### `manager_certs` + +Data type: `Any` + + + +Default value: `[]` + +##### `manager_master_certs` + +Data type: `Any` + + + +Default value: `[]` + +##### `manager_worker_certs` + +Data type: `Any` + + + +Default value: `[]` + +##### `dashboard_certs` + +Data type: `Any` + + + +Default value: `[]` + +##### `manage_certs` + +Data type: `Boolean` + + + +Default value: `true` + +##### `ca_cert_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$settings::cacert` + +##### `ca_key_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$settings::cakey` + +##### `bucket_name` + +Data type: `String` + + + +Default value: `'wazuh'` + +##### `filebucket_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${settings::confdir}/filebucket"` + +##### `fileserver_conf` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${settings::confdir}/fileserver.conf"` + +### `wazuh::certificates::mountpoint` + +on the Puppet server. If you have separate CAs and compilers, you'll +need to implement syncing of some sort (a network share, rsync, etc) +and include this class on all compilers as well as the CA. +Potential improvements: +- Restrict access to the mountpoint with entries in auth.conf + +#### Parameters + +The following parameters are available in the `wazuh::certificates::mountpoint` class: + +* [`filebucket_path`](#-wazuh--certificates--mountpoint--filebucket_path) +* [`fileserver_conf`](#-wazuh--certificates--mountpoint--fileserver_conf) +* [`manage_fileserver_conf`](#-wazuh--certificates--mountpoint--manage_fileserver_conf) +* [`manage_bucket_dir`](#-wazuh--certificates--mountpoint--manage_bucket_dir) +* [`bucket_name`](#-wazuh--certificates--mountpoint--bucket_name) +* [`owner`](#-wazuh--certificates--mountpoint--owner) +* [`group`](#-wazuh--certificates--mountpoint--group) + +##### `filebucket_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$wazuh::certificates::filebucket_path` + +##### `fileserver_conf` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$wazuh::certificates::fileserver_conf` + +##### `manage_fileserver_conf` + +Data type: `Boolean` + + + +Default value: `true` + +##### `manage_bucket_dir` + +Data type: `Boolean` + + + +Default value: `true` + +##### `bucket_name` + +Data type: `String` + + + +Default value: `$wazuh::certificates::bucket_name` + +##### `owner` + +Data type: `String` + + + +Default value: `'puppet'` + +##### `group` + +Data type: `String` + + + +Default value: `'puppet'` + +### `wazuh::dashboard` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::dashboard` class: + +* [`cert_source_basepath`](#-wazuh--dashboard--cert_source_basepath) +* [`generate_certs`](#-wazuh--dashboard--generate_certs) +* [`certs_to_generate`](#-wazuh--dashboard--certs_to_generate) +* [`dashboard_package`](#-wazuh--dashboard--dashboard_package) +* [`dashboard_service`](#-wazuh--dashboard--dashboard_service) +* [`dashboard_version`](#-wazuh--dashboard--dashboard_version) +* [`indexer_server_ip`](#-wazuh--dashboard--indexer_server_ip) +* [`indexer_server_port`](#-wazuh--dashboard--indexer_server_port) +* [`manager_api_host`](#-wazuh--dashboard--manager_api_host) +* [`dashboard_path_certs`](#-wazuh--dashboard--dashboard_path_certs) +* [`dashboard_fileuser`](#-wazuh--dashboard--dashboard_fileuser) +* [`dashboard_filegroup`](#-wazuh--dashboard--dashboard_filegroup) +* [`dashboard_server_port`](#-wazuh--dashboard--dashboard_server_port) +* [`dashboard_server_host`](#-wazuh--dashboard--dashboard_server_host) +* [`dashboard_server_hosts`](#-wazuh--dashboard--dashboard_server_hosts) +* [`use_keystore`](#-wazuh--dashboard--use_keystore) +* [`dashboard_user`](#-wazuh--dashboard--dashboard_user) +* [`dashboard_password`](#-wazuh--dashboard--dashboard_password) +* [`dashboard_wazuh_api_credentials`](#-wazuh--dashboard--dashboard_wazuh_api_credentials) +* [`certfiles`](#-wazuh--dashboard--certfiles) + +##### `cert_source_basepath` + +Data type: `String` + +Prefix for the certificate file source, allowing for legacy and new filebucket workflows. + +Default value: `'puppet:///modules/archive'` + +##### `generate_certs` + +Data type: `Boolean` + +Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +They will be generated using the node FQDN as the common name and IP as the alternative name. + +Default value: `false` + +##### `certs_to_generate` + +Data type: `Array[String]` + +Array of certificate names to generate when `generate_certs` is true. + +Default value: `['dashboard']` + +##### `dashboard_package` + +Data type: `Any` + + + +Default value: `'wazuh-dashboard'` + +##### `dashboard_service` + +Data type: `Any` + + + +Default value: `'wazuh-dashboard'` + +##### `dashboard_version` + +Data type: `Any` + + + +Default value: `'5.0.0'` + +##### `indexer_server_ip` + +Data type: `Any` + + + +Default value: `'localhost'` + +##### `indexer_server_port` + +Data type: `Any` + + + +Default value: `'9200'` + +##### `manager_api_host` + +Data type: `Any` + + + +Default value: `'127.0.0.1'` + +##### `dashboard_path_certs` + +Data type: `Any` + + + +Default value: `'/etc/wazuh-dashboard/certs'` + +##### `dashboard_fileuser` + +Data type: `Any` + + + +Default value: `'wazuh-dashboard'` + +##### `dashboard_filegroup` + +Data type: `Any` + + + +Default value: `'wazuh-dashboard'` + +##### `dashboard_server_port` + +Data type: `Any` + + + +Default value: `'443'` + +##### `dashboard_server_host` + +Data type: `Any` + + + +Default value: `'0.0.0.0'` + +##### `dashboard_server_hosts` + +Data type: `Any` + + + +Default value: `"https://${indexer_server_ip}:${indexer_server_port}"` + +##### `use_keystore` + +Data type: `Any` + + + +Default value: `true` + +##### `dashboard_user` + +Data type: `Any` + + + +Default value: `'kibanaserver'` + +##### `dashboard_password` + +Data type: `Any` + + + +Default value: `'kibanaserver'` + +##### `dashboard_wazuh_api_credentials` + +Data type: `Any` + + + +Default value: + +```puppet +[ + { + 'id' => 'default', + 'url' => "https://${manager_api_host}", + 'port' => '55000', + 'user' => 'wazuh-wui', + 'password' => 'wazuh-wui', + }, + ] +``` + +##### `certfiles` + +Data type: `Variant[Hash, Array]` + + + +Default value: + +```puppet +[ + 'dashboard.pem', + 'dashboard-key.pem', + 'root-ca.pem', + ] +``` + +### `wazuh::filebeat_oss` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::filebeat_oss` class: + +* [`cert_source_basepath`](#-wazuh--filebeat_oss--cert_source_basepath) +* [`generate_certs`](#-wazuh--filebeat_oss--generate_certs) +* [`certs_to_generate`](#-wazuh--filebeat_oss--certs_to_generate) +* [`filebeat_oss_indexer_ip`](#-wazuh--filebeat_oss--filebeat_oss_indexer_ip) +* [`filebeat_oss_indexer_port`](#-wazuh--filebeat_oss--filebeat_oss_indexer_port) +* [`indexer_server_ip`](#-wazuh--filebeat_oss--indexer_server_ip) +* [`filebeat_oss_archives`](#-wazuh--filebeat_oss--filebeat_oss_archives) +* [`filebeat_oss_package`](#-wazuh--filebeat_oss--filebeat_oss_package) +* [`filebeat_oss_service`](#-wazuh--filebeat_oss--filebeat_oss_service) +* [`filebeat_oss_elastic_user`](#-wazuh--filebeat_oss--filebeat_oss_elastic_user) +* [`filebeat_oss_elastic_password`](#-wazuh--filebeat_oss--filebeat_oss_elastic_password) +* [`filebeat_oss_version`](#-wazuh--filebeat_oss--filebeat_oss_version) +* [`module_baseurl`](#-wazuh--filebeat_oss--module_baseurl) +* [`module_version`](#-wazuh--filebeat_oss--module_version) +* [`wazuh_extensions_version`](#-wazuh--filebeat_oss--wazuh_extensions_version) +* [`wazuh_filebeat_module`](#-wazuh--filebeat_oss--wazuh_filebeat_module) +* [`wazuh_node_name`](#-wazuh--filebeat_oss--wazuh_node_name) +* [`filebeat_fileuser`](#-wazuh--filebeat_oss--filebeat_fileuser) +* [`filebeat_filegroup`](#-wazuh--filebeat_oss--filebeat_filegroup) +* [`filebeat_path_certs`](#-wazuh--filebeat_oss--filebeat_path_certs) +* [`certfiles`](#-wazuh--filebeat_oss--certfiles) + +##### `cert_source_basepath` + +Data type: `String` + +Prefix for the certificate file source, allowing for legacy and new filebucket workflows. + +Default value: `'puppet:///modules/archive'` + +##### `generate_certs` + +Data type: `Boolean` + +Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +They will be generated using the node FQDN as the common name and IP as the alternative name. + +Default value: `false` + +##### `certs_to_generate` + +Data type: `Array[String]` + +Array of certificate names to generate when `generate_certs` is true. + +Default value: `['filebeat']` + +##### `filebeat_oss_indexer_ip` + +Data type: `Any` + + + +Default value: `'127.0.0.1'` + +##### `filebeat_oss_indexer_port` + +Data type: `Any` + + + +Default value: `'9200'` + +##### `indexer_server_ip` + +Data type: `Any` + + + +Default value: `"\"${filebeat_oss_indexer_ip}:${filebeat_oss_indexer_port}\""` + +##### `filebeat_oss_archives` + +Data type: `Any` + + + +Default value: `false` + +##### `filebeat_oss_package` + +Data type: `Any` + + + +Default value: `'filebeat'` + +##### `filebeat_oss_service` + +Data type: `Any` + + + +Default value: `'filebeat'` + +##### `filebeat_oss_elastic_user` + +Data type: `Any` + + + +Default value: `'admin'` + +##### `filebeat_oss_elastic_password` + +Data type: `Any` + + + +Default value: `'admin'` + +##### `filebeat_oss_version` + +Data type: `Any` + + + +Default value: `'7.10.2'` + +##### `module_baseurl` + +Data type: `String` + + + +Default value: `'packages.wazuh.com'` + +##### `module_version` + +Data type: `String` + + + +Default value: `'5.x'` + +##### `wazuh_extensions_version` + +Data type: `Any` + + + +Default value: `'v5.0.0'` + +##### `wazuh_filebeat_module` + +Data type: `Any` + + + +Default value: `'wazuh-filebeat-0.4.tar.gz'` + +##### `wazuh_node_name` + +Data type: `Any` + + + +Default value: `'master'` + +##### `filebeat_fileuser` + +Data type: `Any` + + + +Default value: `'root'` + +##### `filebeat_filegroup` + +Data type: `Any` + + + +Default value: `'root'` + +##### `filebeat_path_certs` + +Data type: `Any` + + + +Default value: `'/etc/filebeat/certs'` + +##### `certfiles` + +Data type: `Variant[Hash, Array]` + + + +Default value: + +```puppet +{ + "manager-${wazuh_node_name}.pem" => 'filebeat.pem', + "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', + 'root-ca.pem' => 'root-ca.pem', + } +``` + +### `wazuh::indexer` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::indexer` class: + +* [`indexer_hostname_validation`](#-wazuh--indexer--indexer_hostname_validation) +* [`cert_source_basepath`](#-wazuh--indexer--cert_source_basepath) +* [`generate_certs`](#-wazuh--indexer--generate_certs) +* [`certs_to_generate`](#-wazuh--indexer--certs_to_generate) +* [`admin_cn`](#-wazuh--indexer--admin_cn) +* [`indexer_network_host`](#-wazuh--indexer--indexer_network_host) +* [`indexer_cluster_name`](#-wazuh--indexer--indexer_cluster_name) +* [`indexer_node_name`](#-wazuh--indexer--indexer_node_name) +* [`indexer_node_max_local_storage_nodes`](#-wazuh--indexer--indexer_node_max_local_storage_nodes) +* [`indexer_service`](#-wazuh--indexer--indexer_service) +* [`indexer_package`](#-wazuh--indexer--indexer_package) +* [`indexer_version`](#-wazuh--indexer--indexer_version) +* [`indexer_fileuser`](#-wazuh--indexer--indexer_fileuser) +* [`indexer_filegroup`](#-wazuh--indexer--indexer_filegroup) +* [`indexer_path_data`](#-wazuh--indexer--indexer_path_data) +* [`indexer_path_logs`](#-wazuh--indexer--indexer_path_logs) +* [`indexer_path_certs`](#-wazuh--indexer--indexer_path_certs) +* [`indexer_security_init_lockfile`](#-wazuh--indexer--indexer_security_init_lockfile) +* [`full_indexer_reinstall`](#-wazuh--indexer--full_indexer_reinstall) +* [`indexer_discovery_hosts`](#-wazuh--indexer--indexer_discovery_hosts) +* [`indexer_initial_cluster_manager_nodes`](#-wazuh--indexer--indexer_initial_cluster_manager_nodes) +* [`indexer_cluster_cn`](#-wazuh--indexer--indexer_cluster_cn) +* [`certfiles`](#-wazuh--indexer--certfiles) +* [`jvm_options_memory`](#-wazuh--indexer--jvm_options_memory) + +##### `indexer_hostname_validation` + +Data type: `Boolean` + +Whether OpenSearch requires the host to match the certificate CN + +Default value: `false` + +##### `cert_source_basepath` + +Data type: `String` + +Prefix for the certificate file source, allowing for legacy and new filebucket workflows. + +Default value: `'puppet:///modules/archive'` + +##### `generate_certs` + +Data type: `Boolean` + +Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +They will be generated using the node FQDN as the common name and IP as the alternative name. + +Default value: `false` + +##### `certs_to_generate` + +Data type: `Array[Pattern[/(?:indexer(.*)|admin)/]]` + +Array of certificate names to generate when `generate_certs` is true. On a single-node setup, this should be `['indexer', 'admin']`. + +Default value: `['indexer', 'admin']` + +##### `admin_cn` + +Data type: `String` + +The common name for the admin certificate, defaults to the indexer node name. + +Default value: `'admin'` + +##### `indexer_network_host` + +Data type: `Any` + + + +Default value: `'0.0.0.0'` + +##### `indexer_cluster_name` + +Data type: `Any` + + + +Default value: `'wazuh-cluster'` + +##### `indexer_node_name` + +Data type: `Any` + + + +Default value: `$facts['networking']['fqdn']` + +##### `indexer_node_max_local_storage_nodes` + +Data type: `Any` + + + +Default value: `'1'` + +##### `indexer_service` + +Data type: `Any` + + + +Default value: `'wazuh-indexer'` + +##### `indexer_package` + +Data type: `Any` + + + +Default value: `'wazuh-indexer'` + +##### `indexer_version` + +Data type: `Any` + + + +Default value: `'5.0.0'` + +##### `indexer_fileuser` + +Data type: `Any` + + + +Default value: `'wazuh-indexer'` + +##### `indexer_filegroup` + +Data type: `Any` + + + +Default value: `'wazuh-indexer'` + +##### `indexer_path_data` + +Data type: `Any` + + + +Default value: `'/var/lib/wazuh-indexer'` + +##### `indexer_path_logs` + +Data type: `Any` + + + +Default value: `'/var/log/wazuh-indexer'` + +##### `indexer_path_certs` + +Data type: `Any` + + + +Default value: `'/etc/wazuh-indexer/certs'` + +##### `indexer_security_init_lockfile` + +Data type: `Any` + + + +Default value: `'/var/tmp/indexer-security-init.lock'` + +##### `full_indexer_reinstall` + +Data type: `Any` + + + +Default value: `false` + +##### `indexer_discovery_hosts` + +Data type: `Any` + + + +Default value: `[]` + +##### `indexer_initial_cluster_manager_nodes` + +Data type: `Any` + + + +Default value: `[$indexer_node_name]` + +##### `indexer_cluster_cn` + +Data type: `Any` + + + +Default value: `["indexer-${indexer_node_name}"]` + +##### `certfiles` + +Data type: `Variant[Hash, Array]` + + + +Default value: + +```puppet +{ + "indexer-${indexer_node_name}.pem" => 'indexer.pem', + "indexer-${indexer_node_name}-key.pem" => 'indexer-key.pem', + 'root-ca.pem' => 'root-ca.pem', + 'admin.pem' => 'admin.pem', + 'admin-key.pem' => 'admin-key.pem', + } +``` + +##### `jvm_options_memory` + +Data type: `Any` + + + +Default value: `'1g'` + +### `wazuh::manager` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::manager` class: + +* [`server_package_version`](#-wazuh--manager--server_package_version) +* [`manage_firewall`](#-wazuh--manager--manage_firewall) +* [`ossec_logall`](#-wazuh--manager--ossec_logall) +* [`ossec_logall_json`](#-wazuh--manager--ossec_logall_json) +* [`ossec_emailnotification`](#-wazuh--manager--ossec_emailnotification) +* [`ossec_emailto`](#-wazuh--manager--ossec_emailto) +* [`ossec_smtp_server`](#-wazuh--manager--ossec_smtp_server) +* [`ossec_emailfrom`](#-wazuh--manager--ossec_emailfrom) +* [`ossec_email_maxperhour`](#-wazuh--manager--ossec_email_maxperhour) +* [`ossec_email_log_source`](#-wazuh--manager--ossec_email_log_source) +* [`ossec_email_idsname`](#-wazuh--manager--ossec_email_idsname) +* [`ossec_white_list`](#-wazuh--manager--ossec_white_list) +* [`ossec_alert_level`](#-wazuh--manager--ossec_alert_level) +* [`ossec_email_alert_level`](#-wazuh--manager--ossec_email_alert_level) +* [`ossec_remote_connection`](#-wazuh--manager--ossec_remote_connection) +* [`ossec_remote_port`](#-wazuh--manager--ossec_remote_port) +* [`ossec_remote_protocol`](#-wazuh--manager--ossec_remote_protocol) +* [`ossec_remote_local_ip`](#-wazuh--manager--ossec_remote_local_ip) +* [`ossec_remote_allowed_ips`](#-wazuh--manager--ossec_remote_allowed_ips) +* [`ossec_remote_queue_size`](#-wazuh--manager--ossec_remote_queue_size) +* [`configure_rootcheck`](#-wazuh--manager--configure_rootcheck) +* [`configure_wodle_openscap`](#-wazuh--manager--configure_wodle_openscap) +* [`configure_wodle_cis_cat`](#-wazuh--manager--configure_wodle_cis_cat) +* [`configure_wodle_osquery`](#-wazuh--manager--configure_wodle_osquery) +* [`configure_wodle_syscollector`](#-wazuh--manager--configure_wodle_syscollector) +* [`configure_wodle_docker_listener`](#-wazuh--manager--configure_wodle_docker_listener) +* [`configure_vulnerability_detection`](#-wazuh--manager--configure_vulnerability_detection) +* [`configure_vulnerability_indexer`](#-wazuh--manager--configure_vulnerability_indexer) +* [`configure_sca`](#-wazuh--manager--configure_sca) +* [`configure_syscheck`](#-wazuh--manager--configure_syscheck) +* [`configure_command`](#-wazuh--manager--configure_command) +* [`configure_localfile`](#-wazuh--manager--configure_localfile) +* [`configure_ruleset`](#-wazuh--manager--configure_ruleset) +* [`configure_auth`](#-wazuh--manager--configure_auth) +* [`configure_cluster`](#-wazuh--manager--configure_cluster) +* [`configure_active_response`](#-wazuh--manager--configure_active_response) +* [`ossec_manager_template`](#-wazuh--manager--ossec_manager_template) +* [`ossec_rootcheck_template`](#-wazuh--manager--ossec_rootcheck_template) +* [`ossec_wodle_openscap_template`](#-wazuh--manager--ossec_wodle_openscap_template) +* [`ossec_wodle_cis_cat_template`](#-wazuh--manager--ossec_wodle_cis_cat_template) +* [`ossec_wodle_osquery_template`](#-wazuh--manager--ossec_wodle_osquery_template) +* [`ossec_wodle_syscollector_template`](#-wazuh--manager--ossec_wodle_syscollector_template) +* [`ossec_wodle_docker_listener_template`](#-wazuh--manager--ossec_wodle_docker_listener_template) +* [`ossec_vulnerability_detection_template`](#-wazuh--manager--ossec_vulnerability_detection_template) +* [`ossec_vulnerability_indexer_template`](#-wazuh--manager--ossec_vulnerability_indexer_template) +* [`ossec_sca_template`](#-wazuh--manager--ossec_sca_template) +* [`ossec_syscheck_template`](#-wazuh--manager--ossec_syscheck_template) +* [`ossec_default_commands_template`](#-wazuh--manager--ossec_default_commands_template) +* [`ossec_localfile_template`](#-wazuh--manager--ossec_localfile_template) +* [`ossec_ruleset_template`](#-wazuh--manager--ossec_ruleset_template) +* [`ossec_auth_template`](#-wazuh--manager--ossec_auth_template) +* [`ossec_cluster_template`](#-wazuh--manager--ossec_cluster_template) +* [`ossec_active_response_template`](#-wazuh--manager--ossec_active_response_template) +* [`ossec_syslog_output_template`](#-wazuh--manager--ossec_syslog_output_template) +* [`ossec_active_response_command`](#-wazuh--manager--ossec_active_response_command) +* [`ossec_active_response_location`](#-wazuh--manager--ossec_active_response_location) +* [`ossec_active_response_level`](#-wazuh--manager--ossec_active_response_level) +* [`ossec_active_response_agent_id`](#-wazuh--manager--ossec_active_response_agent_id) +* [`ossec_active_response_rules_id`](#-wazuh--manager--ossec_active_response_rules_id) +* [`ossec_active_response_timeout`](#-wazuh--manager--ossec_active_response_timeout) +* [`ossec_active_response_repeated_offenders`](#-wazuh--manager--ossec_active_response_repeated_offenders) +* [`ossec_rootcheck_disabled`](#-wazuh--manager--ossec_rootcheck_disabled) +* [`ossec_rootcheck_check_files`](#-wazuh--manager--ossec_rootcheck_check_files) +* [`ossec_rootcheck_check_trojans`](#-wazuh--manager--ossec_rootcheck_check_trojans) +* [`ossec_rootcheck_check_dev`](#-wazuh--manager--ossec_rootcheck_check_dev) +* [`ossec_rootcheck_check_sys`](#-wazuh--manager--ossec_rootcheck_check_sys) +* [`ossec_rootcheck_check_pids`](#-wazuh--manager--ossec_rootcheck_check_pids) +* [`ossec_rootcheck_check_ports`](#-wazuh--manager--ossec_rootcheck_check_ports) +* [`ossec_rootcheck_check_if`](#-wazuh--manager--ossec_rootcheck_check_if) +* [`ossec_rootcheck_frequency`](#-wazuh--manager--ossec_rootcheck_frequency) +* [`ossec_rootcheck_ignore_list`](#-wazuh--manager--ossec_rootcheck_ignore_list) +* [`ossec_rootcheck_ignore_sregex_list`](#-wazuh--manager--ossec_rootcheck_ignore_sregex_list) +* [`ossec_rootcheck_rootkit_files`](#-wazuh--manager--ossec_rootcheck_rootkit_files) +* [`ossec_rootcheck_rootkit_trojans`](#-wazuh--manager--ossec_rootcheck_rootkit_trojans) +* [`ossec_rootcheck_skip_nfs`](#-wazuh--manager--ossec_rootcheck_skip_nfs) +* [`ossec_rootcheck_system_audit`](#-wazuh--manager--ossec_rootcheck_system_audit) +* [`sca_amazon_enabled`](#-wazuh--manager--sca_amazon_enabled) +* [`sca_amazon_scan_on_start`](#-wazuh--manager--sca_amazon_scan_on_start) +* [`sca_amazon_interval`](#-wazuh--manager--sca_amazon_interval) +* [`sca_amazon_skip_nfs`](#-wazuh--manager--sca_amazon_skip_nfs) +* [`sca_amazon_policies`](#-wazuh--manager--sca_amazon_policies) +* [`sca_rhel_enabled`](#-wazuh--manager--sca_rhel_enabled) +* [`sca_rhel_scan_on_start`](#-wazuh--manager--sca_rhel_scan_on_start) +* [`sca_rhel_interval`](#-wazuh--manager--sca_rhel_interval) +* [`sca_rhel_skip_nfs`](#-wazuh--manager--sca_rhel_skip_nfs) +* [`sca_rhel_policies`](#-wazuh--manager--sca_rhel_policies) +* [`sca_else_enabled`](#-wazuh--manager--sca_else_enabled) +* [`sca_else_scan_on_start`](#-wazuh--manager--sca_else_scan_on_start) +* [`sca_else_interval`](#-wazuh--manager--sca_else_interval) +* [`sca_else_skip_nfs`](#-wazuh--manager--sca_else_skip_nfs) +* [`sca_else_policies`](#-wazuh--manager--sca_else_policies) +* [`wodle_openscap_disabled`](#-wazuh--manager--wodle_openscap_disabled) +* [`wodle_openscap_timeout`](#-wazuh--manager--wodle_openscap_timeout) +* [`wodle_openscap_interval`](#-wazuh--manager--wodle_openscap_interval) +* [`wodle_openscap_scan_on_start`](#-wazuh--manager--wodle_openscap_scan_on_start) +* [`wodle_ciscat_disabled`](#-wazuh--manager--wodle_ciscat_disabled) +* [`wodle_ciscat_timeout`](#-wazuh--manager--wodle_ciscat_timeout) +* [`wodle_ciscat_interval`](#-wazuh--manager--wodle_ciscat_interval) +* [`wodle_ciscat_scan_on_start`](#-wazuh--manager--wodle_ciscat_scan_on_start) +* [`wodle_ciscat_java_path`](#-wazuh--manager--wodle_ciscat_java_path) +* [`wodle_ciscat_ciscat_path`](#-wazuh--manager--wodle_ciscat_ciscat_path) +* [`wodle_osquery_disabled`](#-wazuh--manager--wodle_osquery_disabled) +* [`wodle_osquery_run_daemon`](#-wazuh--manager--wodle_osquery_run_daemon) +* [`wodle_osquery_log_path`](#-wazuh--manager--wodle_osquery_log_path) +* [`wodle_osquery_config_path`](#-wazuh--manager--wodle_osquery_config_path) +* [`wodle_osquery_add_labels`](#-wazuh--manager--wodle_osquery_add_labels) +* [`wodle_syscollector_disabled`](#-wazuh--manager--wodle_syscollector_disabled) +* [`wodle_syscollector_interval`](#-wazuh--manager--wodle_syscollector_interval) +* [`wodle_syscollector_scan_on_start`](#-wazuh--manager--wodle_syscollector_scan_on_start) +* [`wodle_syscollector_hardware`](#-wazuh--manager--wodle_syscollector_hardware) +* [`wodle_syscollector_os`](#-wazuh--manager--wodle_syscollector_os) +* [`wodle_syscollector_network`](#-wazuh--manager--wodle_syscollector_network) +* [`wodle_syscollector_packages`](#-wazuh--manager--wodle_syscollector_packages) +* [`wodle_syscollector_ports`](#-wazuh--manager--wodle_syscollector_ports) +* [`wodle_syscollector_processes`](#-wazuh--manager--wodle_syscollector_processes) +* [`wodle_docker_listener_disabled`](#-wazuh--manager--wodle_docker_listener_disabled) +* [`vulnerability_detection_enabled`](#-wazuh--manager--vulnerability_detection_enabled) +* [`vulnerability_detection_index_status`](#-wazuh--manager--vulnerability_detection_index_status) +* [`vulnerability_detection_feed_update_interval`](#-wazuh--manager--vulnerability_detection_feed_update_interval) +* [`vulnerability_indexer_enabled`](#-wazuh--manager--vulnerability_indexer_enabled) +* [`vulnerability_indexer_hosts_host`](#-wazuh--manager--vulnerability_indexer_hosts_host) +* [`vulnerability_indexer_hosts_port`](#-wazuh--manager--vulnerability_indexer_hosts_port) +* [`vulnerability_indexer_username`](#-wazuh--manager--vulnerability_indexer_username) +* [`vulnerability_indexer_password`](#-wazuh--manager--vulnerability_indexer_password) +* [`vulnerability_indexer_ssl_ca`](#-wazuh--manager--vulnerability_indexer_ssl_ca) +* [`vulnerability_indexer_ssl_certificate`](#-wazuh--manager--vulnerability_indexer_ssl_certificate) +* [`vulnerability_indexer_ssl_key`](#-wazuh--manager--vulnerability_indexer_ssl_key) +* [`syslog_output`](#-wazuh--manager--syslog_output) +* [`syslog_output_level`](#-wazuh--manager--syslog_output_level) +* [`syslog_output_port`](#-wazuh--manager--syslog_output_port) +* [`syslog_output_server`](#-wazuh--manager--syslog_output_server) +* [`syslog_output_format`](#-wazuh--manager--syslog_output_format) +* [`ossec_auth_disabled`](#-wazuh--manager--ossec_auth_disabled) +* [`ossec_auth_port`](#-wazuh--manager--ossec_auth_port) +* [`ossec_auth_use_source_ip`](#-wazuh--manager--ossec_auth_use_source_ip) +* [`ossec_auth_force_enabled`](#-wazuh--manager--ossec_auth_force_enabled) +* [`ossec_auth_force_key_mismatch`](#-wazuh--manager--ossec_auth_force_key_mismatch) +* [`ossec_auth_force_disc_time`](#-wazuh--manager--ossec_auth_force_disc_time) +* [`ossec_auth_force_after_reg_time`](#-wazuh--manager--ossec_auth_force_after_reg_time) +* [`ossec_auth_purgue`](#-wazuh--manager--ossec_auth_purgue) +* [`ossec_auth_use_password`](#-wazuh--manager--ossec_auth_use_password) +* [`ossec_auth_limit_maxagents`](#-wazuh--manager--ossec_auth_limit_maxagents) +* [`ossec_auth_ciphers`](#-wazuh--manager--ossec_auth_ciphers) +* [`ossec_auth_ssl_verify_host`](#-wazuh--manager--ossec_auth_ssl_verify_host) +* [`ossec_auth_ssl_manager_cert`](#-wazuh--manager--ossec_auth_ssl_manager_cert) +* [`ossec_auth_ssl_manager_key`](#-wazuh--manager--ossec_auth_ssl_manager_key) +* [`ossec_auth_ssl_auto_negotiate`](#-wazuh--manager--ossec_auth_ssl_auto_negotiate) +* [`ossec_syscheck_disabled`](#-wazuh--manager--ossec_syscheck_disabled) +* [`ossec_syscheck_frequency`](#-wazuh--manager--ossec_syscheck_frequency) +* [`ossec_syscheck_scan_on_start`](#-wazuh--manager--ossec_syscheck_scan_on_start) +* [`ossec_syscheck_auto_ignore`](#-wazuh--manager--ossec_syscheck_auto_ignore) +* [`ossec_syscheck_directories_1`](#-wazuh--manager--ossec_syscheck_directories_1) +* [`ossec_syscheck_directories_2`](#-wazuh--manager--ossec_syscheck_directories_2) +* [`ossec_syscheck_whodata_directories_1`](#-wazuh--manager--ossec_syscheck_whodata_directories_1) +* [`ossec_syscheck_realtime_directories_1`](#-wazuh--manager--ossec_syscheck_realtime_directories_1) +* [`ossec_syscheck_whodata_directories_2`](#-wazuh--manager--ossec_syscheck_whodata_directories_2) +* [`ossec_syscheck_realtime_directories_2`](#-wazuh--manager--ossec_syscheck_realtime_directories_2) +* [`ossec_syscheck_ignore_list`](#-wazuh--manager--ossec_syscheck_ignore_list) +* [`ossec_syscheck_ignore_type_1`](#-wazuh--manager--ossec_syscheck_ignore_type_1) +* [`ossec_syscheck_ignore_type_2`](#-wazuh--manager--ossec_syscheck_ignore_type_2) +* [`ossec_syscheck_process_priority`](#-wazuh--manager--ossec_syscheck_process_priority) +* [`ossec_syscheck_synchronization_enabled`](#-wazuh--manager--ossec_syscheck_synchronization_enabled) +* [`ossec_syscheck_synchronization_interval`](#-wazuh--manager--ossec_syscheck_synchronization_interval) +* [`ossec_syscheck_synchronization_max_eps`](#-wazuh--manager--ossec_syscheck_synchronization_max_eps) +* [`ossec_syscheck_synchronization_max_interval`](#-wazuh--manager--ossec_syscheck_synchronization_max_interval) +* [`ossec_syscheck_nodiff`](#-wazuh--manager--ossec_syscheck_nodiff) +* [`ossec_syscheck_skip_nfs`](#-wazuh--manager--ossec_syscheck_skip_nfs) +* [`ossec_cluster_name`](#-wazuh--manager--ossec_cluster_name) +* [`ossec_cluster_node_name`](#-wazuh--manager--ossec_cluster_node_name) +* [`ossec_cluster_node_type`](#-wazuh--manager--ossec_cluster_node_type) +* [`ossec_cluster_key`](#-wazuh--manager--ossec_cluster_key) +* [`ossec_cluster_port`](#-wazuh--manager--ossec_cluster_port) +* [`ossec_cluster_bind_addr`](#-wazuh--manager--ossec_cluster_bind_addr) +* [`ossec_cluster_nodes`](#-wazuh--manager--ossec_cluster_nodes) +* [`ossec_cluster_hidden`](#-wazuh--manager--ossec_cluster_hidden) +* [`ossec_cluster_disabled`](#-wazuh--manager--ossec_cluster_disabled) +* [`ossec_cluster_enable_firewall`](#-wazuh--manager--ossec_cluster_enable_firewall) +* [`ossec_prefilter`](#-wazuh--manager--ossec_prefilter) +* [`ossec_integratord_enabled`](#-wazuh--manager--ossec_integratord_enabled) +* [`manage_client_keys`](#-wazuh--manager--manage_client_keys) +* [`agent_auth_password`](#-wazuh--manager--agent_auth_password) +* [`ar_repeated_offenders`](#-wazuh--manager--ar_repeated_offenders) +* [`local_decoder_template`](#-wazuh--manager--local_decoder_template) +* [`decoder_exclude`](#-wazuh--manager--decoder_exclude) +* [`local_rules_template`](#-wazuh--manager--local_rules_template) +* [`rule_exclude`](#-wazuh--manager--rule_exclude) +* [`shared_agent_template`](#-wazuh--manager--shared_agent_template) +* [`wazuh_manager_verify_manager_ssl`](#-wazuh--manager--wazuh_manager_verify_manager_ssl) +* [`wazuh_manager_server_crt`](#-wazuh--manager--wazuh_manager_server_crt) +* [`wazuh_manager_server_key`](#-wazuh--manager--wazuh_manager_server_key) +* [`ossec_local_files`](#-wazuh--manager--ossec_local_files) +* [`wazuh_api_host`](#-wazuh--manager--wazuh_api_host) +* [`wazuh_api_port`](#-wazuh--manager--wazuh_api_port) +* [`wazuh_api_file`](#-wazuh--manager--wazuh_api_file) +* [`wazuh_api_https_enabled`](#-wazuh--manager--wazuh_api_https_enabled) +* [`wazuh_api_https_key`](#-wazuh--manager--wazuh_api_https_key) +* [`wazuh_api_https_cert`](#-wazuh--manager--wazuh_api_https_cert) +* [`wazuh_api_https_use_ca`](#-wazuh--manager--wazuh_api_https_use_ca) +* [`wazuh_api_https_ca`](#-wazuh--manager--wazuh_api_https_ca) +* [`wazuh_api_logs_level`](#-wazuh--manager--wazuh_api_logs_level) +* [`wazuh_api_logs_format`](#-wazuh--manager--wazuh_api_logs_format) +* [`wazuh_api_ssl_ciphers`](#-wazuh--manager--wazuh_api_ssl_ciphers) +* [`wazuh_api_ssl_protocol`](#-wazuh--manager--wazuh_api_ssl_protocol) +* [`wazuh_api_cors_enabled`](#-wazuh--manager--wazuh_api_cors_enabled) +* [`wazuh_api_cors_source_route`](#-wazuh--manager--wazuh_api_cors_source_route) +* [`wazuh_api_cors_expose_headers`](#-wazuh--manager--wazuh_api_cors_expose_headers) +* [`wazuh_api_cors_allow_credentials`](#-wazuh--manager--wazuh_api_cors_allow_credentials) +* [`wazuh_api_access_max_login_attempts`](#-wazuh--manager--wazuh_api_access_max_login_attempts) +* [`wazuh_api_access_block_time`](#-wazuh--manager--wazuh_api_access_block_time) +* [`wazuh_api_access_max_request_per_minute`](#-wazuh--manager--wazuh_api_access_max_request_per_minute) +* [`wazuh_api_drop_privileges`](#-wazuh--manager--wazuh_api_drop_privileges) +* [`wazuh_api_experimental_features`](#-wazuh--manager--wazuh_api_experimental_features) +* [`remote_commands_localfile`](#-wazuh--manager--remote_commands_localfile) +* [`remote_commands_localfile_exceptions`](#-wazuh--manager--remote_commands_localfile_exceptions) +* [`remote_commands_wodle`](#-wazuh--manager--remote_commands_wodle) +* [`remote_commands_wodle_exceptions`](#-wazuh--manager--remote_commands_wodle_exceptions) +* [`limits_eps`](#-wazuh--manager--limits_eps) +* [`wazuh_api_template`](#-wazuh--manager--wazuh_api_template) + +##### `server_package_version` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::server_package_version` + +##### `manage_firewall` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::manage_firewall` + +##### `ossec_logall` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_logall` + +##### `ossec_logall_json` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_logall_json` + +##### `ossec_emailnotification` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_emailnotification` + +##### `ossec_emailto` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_emailto` + +##### `ossec_smtp_server` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_smtp_server` + +##### `ossec_emailfrom` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_emailfrom` + +##### `ossec_email_maxperhour` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_email_maxperhour` + +##### `ossec_email_log_source` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_email_log_source` + +##### `ossec_email_idsname` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_email_idsname` + +##### `ossec_white_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_white_list` + +##### `ossec_alert_level` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_alert_level` + +##### `ossec_email_alert_level` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_email_alert_level` + +##### `ossec_remote_connection` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_connection` + +##### `ossec_remote_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_port` + +##### `ossec_remote_protocol` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_protocol` + +##### `ossec_remote_local_ip` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_local_ip` + +##### `ossec_remote_allowed_ips` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_allowed_ips` + +##### `ossec_remote_queue_size` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_remote_queue_size` + +##### `configure_rootcheck` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_rootcheck` + +##### `configure_wodle_openscap` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_wodle_openscap` + +##### `configure_wodle_cis_cat` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_wodle_cis_cat` + +##### `configure_wodle_osquery` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_wodle_osquery` + +##### `configure_wodle_syscollector` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_wodle_syscollector` + +##### `configure_wodle_docker_listener` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_wodle_docker_listener` + +##### `configure_vulnerability_detection` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_vulnerability_detection` + +##### `configure_vulnerability_indexer` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_vulnerability_indexer` + +##### `configure_sca` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_sca` + +##### `configure_syscheck` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_syscheck` + +##### `configure_command` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_command` + +##### `configure_localfile` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_localfile` + +##### `configure_ruleset` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_ruleset` + +##### `configure_auth` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_auth` + +##### `configure_cluster` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_cluster` + +##### `configure_active_response` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::configure_active_response` + +##### `ossec_manager_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_manager_template` + +##### `ossec_rootcheck_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_template` + +##### `ossec_wodle_openscap_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_wodle_openscap_template` + +##### `ossec_wodle_cis_cat_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_wodle_cis_cat_template` + +##### `ossec_wodle_osquery_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_wodle_osquery_template` + +##### `ossec_wodle_syscollector_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_wodle_syscollector_template` + +##### `ossec_wodle_docker_listener_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_wodle_docker_listener_template` + +##### `ossec_vulnerability_detection_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_vulnerability_detection_template` + +##### `ossec_vulnerability_indexer_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_vulnerability_indexer_template` + +##### `ossec_sca_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_sca_template` + +##### `ossec_syscheck_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_template` + +##### `ossec_default_commands_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_default_commands_template` + +##### `ossec_localfile_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_localfile_template` + +##### `ossec_ruleset_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_ruleset_template` + +##### `ossec_auth_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_template` + +##### `ossec_cluster_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_template` + +##### `ossec_active_response_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_active_response_template` + +##### `ossec_syslog_output_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syslog_output_template` + +##### `ossec_active_response_command` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_command` + +##### `ossec_active_response_location` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_location` + +##### `ossec_active_response_level` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_level` + +##### `ossec_active_response_agent_id` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_agent_id` + +##### `ossec_active_response_rules_id` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_rules_id` + +##### `ossec_active_response_timeout` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_timeout` + +##### `ossec_active_response_repeated_offenders` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::active_response_repeated_offenders` + +##### `ossec_rootcheck_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_disabled` + +##### `ossec_rootcheck_check_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_files` + +##### `ossec_rootcheck_check_trojans` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_trojans` + +##### `ossec_rootcheck_check_dev` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_dev` + +##### `ossec_rootcheck_check_sys` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_sys` + +##### `ossec_rootcheck_check_pids` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_pids` + +##### `ossec_rootcheck_check_ports` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_ports` + +##### `ossec_rootcheck_check_if` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_check_if` + +##### `ossec_rootcheck_frequency` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_frequency` + +##### `ossec_rootcheck_ignore_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_ignore_list` + +##### `ossec_rootcheck_ignore_sregex_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_ignore_sregex_list` + +##### `ossec_rootcheck_rootkit_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_rootkit_files` + +##### `ossec_rootcheck_rootkit_trojans` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_rootkit_trojans` + +##### `ossec_rootcheck_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_skip_nfs` + +##### `ossec_rootcheck_system_audit` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_rootcheck_system_audit` + +##### `sca_amazon_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_amazon_enabled` + +##### `sca_amazon_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_amazon_scan_on_start` + +##### `sca_amazon_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_amazon_interval` + +##### `sca_amazon_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_amazon_skip_nfs` + +##### `sca_amazon_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_amazon_policies` + +##### `sca_rhel_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_rhel_enabled` + +##### `sca_rhel_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_rhel_scan_on_start` + +##### `sca_rhel_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_rhel_interval` + +##### `sca_rhel_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_rhel_skip_nfs` + +##### `sca_rhel_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_rhel_policies` + +##### `sca_else_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_else_enabled` + +##### `sca_else_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_else_scan_on_start` + +##### `sca_else_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_else_interval` + +##### `sca_else_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_else_skip_nfs` + +##### `sca_else_policies` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::sca_else_policies` + +##### `wodle_openscap_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_openscap_disabled` + +##### `wodle_openscap_timeout` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_openscap_timeout` + +##### `wodle_openscap_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_openscap_interval` + +##### `wodle_openscap_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_openscap_scan_on_start` + +##### `wodle_ciscat_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_disabled` + +##### `wodle_ciscat_timeout` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_timeout` + +##### `wodle_ciscat_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_interval` + +##### `wodle_ciscat_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_scan_on_start` + +##### `wodle_ciscat_java_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_java_path` + +##### `wodle_ciscat_ciscat_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_ciscat_ciscat_path` + +##### `wodle_osquery_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_osquery_disabled` + +##### `wodle_osquery_run_daemon` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_osquery_run_daemon` + +##### `wodle_osquery_log_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_osquery_log_path` + +##### `wodle_osquery_config_path` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_osquery_config_path` + +##### `wodle_osquery_add_labels` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_osquery_add_labels` + +##### `wodle_syscollector_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_disabled` + +##### `wodle_syscollector_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_interval` + +##### `wodle_syscollector_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_scan_on_start` + +##### `wodle_syscollector_hardware` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_hardware` + +##### `wodle_syscollector_os` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_os` + +##### `wodle_syscollector_network` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_network` + +##### `wodle_syscollector_packages` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_packages` + +##### `wodle_syscollector_ports` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_ports` + +##### `wodle_syscollector_processes` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_syscollector_processes` + +##### `wodle_docker_listener_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wodle_docker_listener_disabled` + +##### `vulnerability_detection_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_detection_enabled` + +##### `vulnerability_detection_index_status` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_detection_index_status` + +##### `vulnerability_detection_feed_update_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_detection_feed_update_interval` + +##### `vulnerability_indexer_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_enabled` + +##### `vulnerability_indexer_hosts_host` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_hosts_host` + +##### `vulnerability_indexer_hosts_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_hosts_port` + +##### `vulnerability_indexer_username` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_username` + +##### `vulnerability_indexer_password` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_password` + +##### `vulnerability_indexer_ssl_ca` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_ssl_ca` + +##### `vulnerability_indexer_ssl_certificate` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_ssl_certificate` + +##### `vulnerability_indexer_ssl_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::vulnerability_indexer_ssl_key` + +##### `syslog_output` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::syslog_output` + +##### `syslog_output_level` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::syslog_output_level` + +##### `syslog_output_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::syslog_output_port` + +##### `syslog_output_server` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::syslog_output_server` + +##### `syslog_output_format` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::syslog_output_format` + +##### `ossec_auth_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_disabled` + +##### `ossec_auth_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_port` + +##### `ossec_auth_use_source_ip` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_use_source_ip` + +##### `ossec_auth_force_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_force_enabled` + +##### `ossec_auth_force_key_mismatch` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_force_key_mismatch` + +##### `ossec_auth_force_disc_time` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_force_disc_time` + +##### `ossec_auth_force_after_reg_time` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_force_after_reg_time` + +##### `ossec_auth_purgue` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_purgue` + +##### `ossec_auth_use_password` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_use_password` + +##### `ossec_auth_limit_maxagents` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_limit_maxagents` + +##### `ossec_auth_ciphers` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_ciphers` + +##### `ossec_auth_ssl_verify_host` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_ssl_verify_host` + +##### `ossec_auth_ssl_manager_cert` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_ssl_manager_cert` + +##### `ossec_auth_ssl_manager_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_ssl_manager_key` + +##### `ossec_auth_ssl_auto_negotiate` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_auth_ssl_auto_negotiate` + +##### `ossec_syscheck_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_disabled` + +##### `ossec_syscheck_frequency` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_frequency` + +##### `ossec_syscheck_scan_on_start` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_scan_on_start` + +##### `ossec_syscheck_auto_ignore` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_auto_ignore` + +##### `ossec_syscheck_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_directories_1` + +##### `ossec_syscheck_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_directories_2` + +##### `ossec_syscheck_whodata_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_whodata_directories_1` + +##### `ossec_syscheck_realtime_directories_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_realtime_directories_1` + +##### `ossec_syscheck_whodata_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_whodata_directories_2` + +##### `ossec_syscheck_realtime_directories_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_realtime_directories_2` + +##### `ossec_syscheck_ignore_list` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_ignore_list` + +##### `ossec_syscheck_ignore_type_1` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_ignore_type_1` + +##### `ossec_syscheck_ignore_type_2` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_ignore_type_2` + +##### `ossec_syscheck_process_priority` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_process_priority` + +##### `ossec_syscheck_synchronization_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_synchronization_enabled` + +##### `ossec_syscheck_synchronization_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_synchronization_interval` + +##### `ossec_syscheck_synchronization_max_eps` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_synchronization_max_eps` + +##### `ossec_syscheck_synchronization_max_interval` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_synchronization_max_interval` + +##### `ossec_syscheck_nodiff` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_nodiff` + +##### `ossec_syscheck_skip_nfs` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_syscheck_skip_nfs` + +##### `ossec_cluster_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_name` + +##### `ossec_cluster_node_name` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_node_name` + +##### `ossec_cluster_node_type` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_node_type` + +##### `ossec_cluster_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_key` + +##### `ossec_cluster_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_port` + +##### `ossec_cluster_bind_addr` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_bind_addr` + +##### `ossec_cluster_nodes` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_nodes` + +##### `ossec_cluster_hidden` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_hidden` + +##### `ossec_cluster_disabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_disabled` + +##### `ossec_cluster_enable_firewall` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_cluster_enable_firewall` + +##### `ossec_prefilter` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_prefilter` + +##### `ossec_integratord_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ossec_integratord_enabled` + +##### `manage_client_keys` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::manage_client_keys` + +##### `agent_auth_password` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::agent_auth_password` + +##### `ar_repeated_offenders` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::ar_repeated_offenders` + +##### `local_decoder_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::local_decoder_template` + +##### `decoder_exclude` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::decoder_exclude` + +##### `local_rules_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::local_rules_template` + +##### `rule_exclude` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::rule_exclude` + +##### `shared_agent_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::shared_agent_template` + +##### `wazuh_manager_verify_manager_ssl` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_manager_verify_manager_ssl` + +##### `wazuh_manager_server_crt` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_manager_server_crt` + +##### `wazuh_manager_server_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_manager_server_key` + +##### `ossec_local_files` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::default_local_files` + +##### `wazuh_api_host` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_host` + +##### `wazuh_api_port` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_port` + +##### `wazuh_api_file` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_file` + +##### `wazuh_api_https_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_https_enabled` + +##### `wazuh_api_https_key` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_https_key` + +##### `wazuh_api_https_cert` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_https_cert` + +##### `wazuh_api_https_use_ca` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_https_use_ca` + +##### `wazuh_api_https_ca` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_https_ca` + +##### `wazuh_api_logs_level` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_logs_level` + +##### `wazuh_api_logs_format` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_logs_format` + +##### `wazuh_api_ssl_ciphers` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_ssl_ciphers` + +##### `wazuh_api_ssl_protocol` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_ssl_protocol` + +##### `wazuh_api_cors_enabled` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_cors_enabled` + +##### `wazuh_api_cors_source_route` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_cors_source_route` + +##### `wazuh_api_cors_expose_headers` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_cors_expose_headers` + +##### `wazuh_api_cors_allow_credentials` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_cors_allow_credentials` + +##### `wazuh_api_access_max_login_attempts` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_access_max_login_attempts` + +##### `wazuh_api_access_block_time` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_access_block_time` + +##### `wazuh_api_access_max_request_per_minute` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_access_max_request_per_minute` + +##### `wazuh_api_drop_privileges` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_drop_privileges` + +##### `wazuh_api_experimental_features` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_experimental_features` + +##### `remote_commands_localfile` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::remote_commands_localfile` + +##### `remote_commands_localfile_exceptions` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::remote_commands_localfile_exceptions` + +##### `remote_commands_wodle` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::remote_commands_wodle` + +##### `remote_commands_wodle_exceptions` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::remote_commands_wodle_exceptions` + +##### `limits_eps` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::limits_eps` + +##### `wazuh_api_template` + +Data type: `Any` + + + +Default value: `$wazuh::params_manager::wazuh_api_template` + +### `wazuh::params_agent` + +Copyright (C) 2015, Wazuh Inc. + +### `wazuh::params_manager` + +Copyright (C) 2015, Wazuh Inc. + +### `wazuh::repo` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::repo` class: + +* [`repo_baseurl`](#-wazuh--repo--repo_baseurl) +* [`repo_version`](#-wazuh--repo--repo_version) + +##### `repo_baseurl` + +Data type: `String` + + + +Default value: `'packages.wazuh.com'` + +##### `repo_version` + +Data type: `String` + + + +Default value: `'5.x'` + +### `wazuh::securityadmin` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::securityadmin` class: + +* [`indexer_security_init_lockfile`](#-wazuh--securityadmin--indexer_security_init_lockfile) +* [`indexer_network_host`](#-wazuh--securityadmin--indexer_network_host) + +##### `indexer_security_init_lockfile` + +Data type: `Any` + + + +Default value: `'/var/tmp/indexer-security-init.lock'` + +##### `indexer_network_host` + +Data type: `Any` + + + +Default value: `'127.0.0.1'` + +## Defined types + +### `wazuh::activeresponse` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::activeresponse` defined type: + +* [`active_response_name`](#-wazuh--activeresponse--active_response_name) +* [`active_response_disabled`](#-wazuh--activeresponse--active_response_disabled) +* [`active_response_linux_ca_store`](#-wazuh--activeresponse--active_response_linux_ca_store) +* [`active_response_ca_verification`](#-wazuh--activeresponse--active_response_ca_verification) +* [`active_response_command`](#-wazuh--activeresponse--active_response_command) +* [`active_response_location`](#-wazuh--activeresponse--active_response_location) +* [`active_response_level`](#-wazuh--activeresponse--active_response_level) +* [`active_response_agent_id`](#-wazuh--activeresponse--active_response_agent_id) +* [`active_response_rules_id`](#-wazuh--activeresponse--active_response_rules_id) +* [`active_response_timeout`](#-wazuh--activeresponse--active_response_timeout) +* [`active_response_repeated_offenders`](#-wazuh--activeresponse--active_response_repeated_offenders) +* [`target_arg`](#-wazuh--activeresponse--target_arg) +* [`order_arg`](#-wazuh--activeresponse--order_arg) +* [`before_arg`](#-wazuh--activeresponse--before_arg) +* [`content_arg`](#-wazuh--activeresponse--content_arg) + +##### `active_response_name` + +Data type: `Any` + + + +Default value: `'Rendering active-response template'` + +##### `active_response_disabled` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_linux_ca_store` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_ca_verification` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_command` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_location` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_level` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_agent_id` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_rules_id` + +Data type: `Any` + + + +Default value: `[]` + +##### `active_response_timeout` + +Data type: `Any` + + + +Default value: `undef` + +##### `active_response_repeated_offenders` + +Data type: `Any` + + + +Default value: `[]` + +##### `target_arg` + +Data type: `Any` + + + +Default value: `'manager_ossec.conf'` + +##### `order_arg` + +Data type: `Any` + + + +Default value: `80` + +##### `before_arg` + +Data type: `Any` + + + +Default value: `undef` + +##### `content_arg` + +Data type: `Any` + + + +Default value: `'wazuh/fragments/_activeresponse.erb'` + +### `wazuh::addlog` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::addlog` defined type: + +* [`logfile`](#-wazuh--addlog--logfile) +* [`logtype`](#-wazuh--addlog--logtype) +* [`logcommand`](#-wazuh--addlog--logcommand) +* [`commandalias`](#-wazuh--addlog--commandalias) +* [`frequency`](#-wazuh--addlog--frequency) +* [`target_arg`](#-wazuh--addlog--target_arg) + +##### `logfile` + +Data type: `Any` + + + +Default value: `undef` + +##### `logtype` + +Data type: `Any` + + + +Default value: `'syslog'` + +##### `logcommand` + +Data type: `Any` + + + +Default value: `undef` + +##### `commandalias` + +Data type: `Any` + + + +Default value: `undef` + +##### `frequency` + +Data type: `Any` + + + +Default value: `undef` + +##### `target_arg` + +Data type: `Any` + + + +Default value: `'manager_ossec.conf'` + +### `wazuh::certificates::certificate` + +Wraps openssl::certificate::x509 to additionally convert to pkcs8 key (necessary for OpenSearch admin) + +#### Parameters + +The following parameters are available in the `wazuh::certificates::certificate` defined type: + +* [`export_pkcs8`](#-wazuh--certificates--certificate--export_pkcs8) +* [`pkcs8_extension`](#-wazuh--certificates--certificate--pkcs8_extension) +* [`algo`](#-wazuh--certificates--certificate--algo) +* [`ensure`](#-wazuh--certificates--certificate--ensure) +* [`country`](#-wazuh--certificates--certificate--country) +* [`organization`](#-wazuh--certificates--certificate--organization) +* [`unit`](#-wazuh--certificates--certificate--unit) +* [`state`](#-wazuh--certificates--certificate--state) +* [`commonname`](#-wazuh--certificates--certificate--commonname) +* [`locality`](#-wazuh--certificates--certificate--locality) +* [`altnames`](#-wazuh--certificates--certificate--altnames) +* [`keyusage`](#-wazuh--certificates--certificate--keyusage) +* [`extkeyusage`](#-wazuh--certificates--certificate--extkeyusage) +* [`email`](#-wazuh--certificates--certificate--email) +* [`days`](#-wazuh--certificates--certificate--days) +* [`base_dir`](#-wazuh--certificates--certificate--base_dir) +* [`cnf_dir`](#-wazuh--certificates--certificate--cnf_dir) +* [`crt_dir`](#-wazuh--certificates--certificate--crt_dir) +* [`csr_dir`](#-wazuh--certificates--certificate--csr_dir) +* [`key_dir`](#-wazuh--certificates--certificate--key_dir) +* [`cnf`](#-wazuh--certificates--certificate--cnf) +* [`crt`](#-wazuh--certificates--certificate--crt) +* [`csr`](#-wazuh--certificates--certificate--csr) +* [`key`](#-wazuh--certificates--certificate--key) +* [`key_size`](#-wazuh--certificates--certificate--key_size) +* [`owner`](#-wazuh--certificates--certificate--owner) +* [`group`](#-wazuh--certificates--certificate--group) +* [`key_owner`](#-wazuh--certificates--certificate--key_owner) +* [`key_group`](#-wazuh--certificates--certificate--key_group) +* [`key_mode`](#-wazuh--certificates--certificate--key_mode) +* [`password`](#-wazuh--certificates--certificate--password) +* [`force`](#-wazuh--certificates--certificate--force) +* [`encrypted`](#-wazuh--certificates--certificate--encrypted) +* [`ca`](#-wazuh--certificates--certificate--ca) +* [`cakey`](#-wazuh--certificates--certificate--cakey) +* [`cakey_password`](#-wazuh--certificates--certificate--cakey_password) + +##### `export_pkcs8` + +Data type: `Boolean` + +Whether to export the private key in PKCS8 format, necessary for OpenSearch admin + +Default value: `false` + +##### `pkcs8_extension` + +Data type: `String` + +The file extension for the PKCS8 key + +Default value: `'pk8'` + +##### `algo` + +Data type: `String` + +The encryption algorithm to use for the PKCS8 key, for use in Java + +Default value: `'PBE-SHA1-3DES'` + +##### `ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `present` + +##### `country` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `organization` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `unit` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `state` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `commonname` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `locality` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `altnames` + +Data type: `Array` + + + +Default value: `[]` + +##### `keyusage` + +Data type: `Array` + + + +Default value: `[]` + +##### `extkeyusage` + +Data type: `Array` + + + +Default value: `[]` + +##### `email` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `days` + +Data type: `Integer` + + + +Default value: `365` + +##### `base_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `'/etc/ssl/certs'` + +##### `cnf_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$base_dir` + +##### `crt_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$base_dir` + +##### `csr_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$base_dir` + +##### `key_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$base_dir` + +##### `cnf` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${cnf_dir}/${name}.cnf"` + +##### `crt` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${crt_dir}/${name}.crt"` + +##### `csr` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${csr_dir}/${name}.csr"` + +##### `key` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"${key_dir}/${name}.key"` + +##### `key_size` + +Data type: `Integer` + + + +Default value: `3072` + +##### `owner` + +Data type: `Variant[String, Integer]` + + + +Default value: `'puppet'` + +##### `group` + +Data type: `Variant[String, Integer]` + + + +Default value: `'puppet'` + +##### `key_owner` + +Data type: `Variant[String, Integer]` + + + +Default value: `$owner` + +##### `key_group` + +Data type: `Variant[String, Integer]` + + + +Default value: `$group` + +##### `key_mode` + +Data type: `Stdlib::Filemode` + + + +Default value: `'0600'` + +##### `password` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `force` + +Data type: `Boolean` + + + +Default value: `true` + +##### `encrypted` + +Data type: `Boolean` + + + +Default value: `true` + +##### `ca` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `undef` + +##### `cakey` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `undef` + +##### `cakey_password` + +Data type: `Optional[Variant[Sensitive[String[1]], String[1]]]` + + + +Default value: `undef` + +### `wazuh::command` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::command` defined type: + +* [`command_name`](#-wazuh--command--command_name) +* [`command_executable`](#-wazuh--command--command_executable) +* [`command_expect`](#-wazuh--command--command_expect) +* [`timeout_allowed`](#-wazuh--command--timeout_allowed) +* [`target_arg`](#-wazuh--command--target_arg) + +##### `command_name` + +Data type: `Any` + + + +##### `command_executable` + +Data type: `Any` + + + +##### `command_expect` + +Data type: `Any` + + + +Default value: `'srcip'` + +##### `timeout_allowed` + +Data type: `Any` + + + +Default value: `true` + +##### `target_arg` + +Data type: `Any` + + + +Default value: `'manager_ossec.conf'` + +### `wazuh::email_alert` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::email_alert` defined type: + +* [`alert_email`](#-wazuh--email_alert--alert_email) +* [`alert_group`](#-wazuh--email_alert--alert_group) +* [`target_arg`](#-wazuh--email_alert--target_arg) +* [`level`](#-wazuh--email_alert--level) +* [`event_location`](#-wazuh--email_alert--event_location) +* [`format`](#-wazuh--email_alert--format) +* [`rule_id`](#-wazuh--email_alert--rule_id) +* [`do_not_delay`](#-wazuh--email_alert--do_not_delay) +* [`do_not_group`](#-wazuh--email_alert--do_not_group) + +##### `alert_email` + +Data type: `Any` + + + +##### `alert_group` + +Data type: `Any` + + + +Default value: `false` + +##### `target_arg` + +Data type: `Any` + + + +Default value: `'manager_ossec.conf'` + +##### `level` + +Data type: `Any` + + + +Default value: `false` + +##### `event_location` + +Data type: `Any` + + + +Default value: `false` + +##### `format` + +Data type: `Any` + + + +Default value: `false` + +##### `rule_id` + +Data type: `Any` + + + +Default value: `false` + +##### `do_not_delay` + +Data type: `Any` + + + +Default value: `false` + +##### `do_not_group` + +Data type: `Any` + + + +Default value: `false` + +### `wazuh::integration` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::integration` defined type: + +* [`hook_url`](#-wazuh--integration--hook_url) +* [`api_key`](#-wazuh--integration--api_key) +* [`in_rule_id`](#-wazuh--integration--in_rule_id) +* [`in_level`](#-wazuh--integration--in_level) +* [`in_group`](#-wazuh--integration--in_group) +* [`in_location`](#-wazuh--integration--in_location) +* [`in_format`](#-wazuh--integration--in_format) +* [`in_max_log`](#-wazuh--integration--in_max_log) + +##### `hook_url` + +Data type: `Any` + + + +Default value: `''` + +##### `api_key` + +Data type: `Any` + + + +Default value: `''` + +##### `in_rule_id` + +Data type: `Any` + + + +Default value: `''` + +##### `in_level` + +Data type: `Any` + + + +Default value: `7` + +##### `in_group` + +Data type: `Any` + + + +Default value: `''` + +##### `in_location` + +Data type: `Any` + + + +Default value: `''` + +##### `in_format` + +Data type: `Any` + + + +Default value: `''` + +##### `in_max_log` + +Data type: `Any` + + + +Default value: `''` + +### `wazuh::reports` + +Copyright (C) 2015, Wazuh Inc. + +#### Parameters + +The following parameters are available in the `wazuh::reports` defined type: + +* [`r_group`](#-wazuh--reports--r_group) +* [`r_category`](#-wazuh--reports--r_category) +* [`r_rule`](#-wazuh--reports--r_rule) +* [`r_level`](#-wazuh--reports--r_level) +* [`r_location`](#-wazuh--reports--r_location) +* [`r_srcip`](#-wazuh--reports--r_srcip) +* [`r_user`](#-wazuh--reports--r_user) +* [`r_title`](#-wazuh--reports--r_title) +* [`r_email_to`](#-wazuh--reports--r_email_to) +* [`r_showlogs`](#-wazuh--reports--r_showlogs) + +##### `r_group` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `r_category` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `r_rule` + +Data type: `Optional[Integer]` + + + +Default value: `undef` + +##### `r_level` + +Data type: `Optional[Integer[1,16]]` + + + +Default value: `undef` + +##### `r_location` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `r_srcip` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `r_user` + +Data type: `Optional[String]` + + + +Default value: `undef` + +##### `r_title` + +Data type: `String` + + + +Default value: `''` + +##### `r_email_to` + +Data type: `Any` + + + +Default value: `''` + +##### `r_showlogs` + +Data type: `Optional[Enum['yes', 'no']]` + + + +Default value: `undef` + diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index ba03cfc3..aa8a61d4 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. -#Define for a specific ossec active-response -define wazuh::activeresponse( +# @summary Define for a specific ossec active-response +define wazuh::activeresponse ( $active_response_name = 'Rendering active-response template', $active_response_disabled = undef, $active_response_linux_ca_store = undef, @@ -21,6 +21,6 @@ target => $target_arg, order => $order_arg, before => $before_arg, - content => template($content_arg) + content => template($content_arg), } } diff --git a/manifests/addlog.pp b/manifests/addlog.pp index c68936ca..6c92ebd2 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. -#Define a log-file to add to ossec -define wazuh::addlog( +# @summary Define a log-file to add to ossec +define wazuh::addlog ( $logfile = undef, $logtype = 'syslog', $logcommand = undef, @@ -15,5 +15,4 @@ content => template('wazuh/fragments/_localfile_generation.erb'), order => 21, } - } diff --git a/manifests/agent.pp b/manifests/agent.pp index a02b96f8..3c642ac4 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -1,6 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. - -# Puppet class that installs and manages the Wazuh agent +# @summary Puppet class that installs and manages the Wazuh agent class wazuh::agent ( # Versioning and package names diff --git a/manifests/audit.pp b/manifests/audit.pp index fa5f5e77..30ef296e 100644 --- a/manifests/audit.pp +++ b/manifests/audit.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Define an ossec command +# @summary Define an ossec command class wazuh::audit ( $audit_manage_rules = false, $audit_buffer_bytes = '8192', @@ -7,10 +7,9 @@ $audit_rules = [], $audit_package_title = 'Installing Audit..', ) { - - case $::kernel { + case $facts['kernel'] { 'Linux': { - case $::operatingsystem { + case $facts['os']['name'] { 'Debian', 'debian', 'Ubuntu', 'ubuntu': { package { $audit_package_title: name => 'auditd', @@ -18,7 +17,7 @@ } default: { package { $audit_package_title: - name => 'audit' + name => 'audit', } } } @@ -31,7 +30,7 @@ if $audit_manage_rules == true { file { '/etc/audit/rules.d/audit.rules': - ensure => present, + ensure => file, require => Service['auditd'], } @@ -39,13 +38,13 @@ file_line { "Append rule ${rule} to /etc/audit/rules.d/audit.rules": path => '/etc/audit/rules.d/audit.rules', line => $rule, - require => File['/etc/audit/rules.d/audit.rules'] + require => File['/etc/audit/rules.d/audit.rules'], } } } } default: { - fail("Module Audit not supported on ${::operatingsystem}") + fail("Module Audit not supported on ${facts['os']['name']}") } } } diff --git a/manifests/certificates.pp b/manifests/certificates.pp index 17b416c2..1b27f7f0 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -5,9 +5,12 @@ # (This is less than ideal.) # If `$use_legacy_workflow` is false, it will use the openssl module and the Puppet CA # to generate certificates. +# @param use_legacy_workflow +# If true, use the legacy workflow to generate certificates. Use Puppet CA otherwise. + class wazuh::certificates ( Boolean $use_legacy_workflow = true, - String $puppet_code_path = '/etc/puppetlabs/code/environments/production/modules/archive/files', + String $puppet_code_path = "/etc/puppetlabs/code/environments/${server_facts['environment']}/modules/archive/files", String $wazuh_repository = 'packages.wazuh.com', String $wazuh_version = '5.0', $indexer_certs = [], @@ -61,7 +64,7 @@ else { contain wazuh::certificates::mountpoint if $manage_certs { - Wazuh::Certificate <<| tag == 'wazuh' |>> { + Wazuh::Certificates::Certificate <<| tag == 'wazuh' |>> { ensure => present, country => 'US', locality => 'California', diff --git a/manifests/certificate.pp b/manifests/certificates/certificate.pp similarity index 98% rename from manifests/certificate.pp rename to manifests/certificates/certificate.pp index 08f6e628..30755e3a 100644 --- a/manifests/certificate.pp +++ b/manifests/certificates/certificate.pp @@ -7,7 +7,7 @@ # @param algo # The encryption algorithm to use for the PKCS8 key, for use in Java # -define wazuh::certificate ( +define wazuh::certificates::certificate ( # All necessary params for openssl::certificate::x509 Enum['present', 'absent'] $ensure = present, Optional[String] $country = undef, diff --git a/manifests/command.pp b/manifests/command.pp index 23d59504..9728ed60 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. -# Define an ossec command -define wazuh::command( +# @summary Define an ossec command +define wazuh::command ( $command_name, $command_executable, $command_expect = 'srcip', diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index 9e1dbe1a..d4602344 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -1,7 +1,12 @@ # Copyright (C) 2015, Wazuh Inc. -# Setup for Wazuh Dashboard -# @param cert_filebucket_path Prefix for the certificate files, allowing for legacy and new filebucket -# usage. +# @summary Setup for Wazuh Dashboard +# @param cert_source_basepath +# Prefix for the certificate file source, allowing for legacy and new filebucket workflows. +# @param generate_certs +# Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +# They will be generated using the node FQDN as the common name and IP as the alternative name. +# @param certs_to_generate +# Array of certificate names to generate when `generate_certs` is true. class wazuh::dashboard ( $dashboard_package = 'wazuh-dashboard', $dashboard_service = 'wazuh-dashboard', @@ -80,7 +85,7 @@ } $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" - @@wazuh::certificate { $_certname: + @@wazuh::certificates::certificate { $_certname: ensure => present, altnames => [$facts['networking']['ip']], keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index 2351f578..a1857c76 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. -# Define an email alert -define wazuh::email_alert( +# @summary Define an email alert +define wazuh::email_alert ( $alert_email, $alert_group = false, $target_arg = 'manager_ossec.conf', diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 0a6b5bcf..f2ea26ba 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -1,5 +1,12 @@ # Copyright (C) 2015, Wazuh Inc. -# Setup for Filebeat_oss +# @summary Setup for Filebeat_oss +# @param cert_source_basepath +# Prefix for the certificate file source, allowing for legacy and new filebucket workflows. +# @param generate_certs +# Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` +# They will be generated using the node FQDN as the common name and IP as the alternative name. +# @param certs_to_generate +# Array of certificate names to generate when `generate_certs` is true. class wazuh::filebeat_oss ( $filebeat_oss_indexer_ip = '127.0.0.1', $filebeat_oss_indexer_port = '9200', @@ -104,7 +111,7 @@ } $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" - @@wazuh::certificate { $_certname: + @@wazuh::certificates::certificate { $_certname: ensure => present, altnames => [$facts['networking']['ip']], keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], diff --git a/manifests/indexer.pp b/manifests/indexer.pp index 5b8f19b8..67d805a0 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -2,12 +2,14 @@ # @summary Setup for Wazuh Indexer # @param indexer_hostname_validation # Whether OpenSearch requires the host to match the certificate CN +# @param cert_source_basepath +# Prefix for the certificate file source, allowing for legacy and new filebucket workflows. # @param generate_certs # Whether to generate certificates with the exported resources + Puppet CA workflow in `wazuh::certificates` # They will be generated using the node FQDN as the common name and IP as the alternative name. -# @param $certs_to_generate +# @param certs_to_generate # Array of certificate names to generate when `generate_certs` is true. On a single-node setup, this should be `['indexer', 'admin']`. -# @param $admin_cn +# @param admin_cn # The common name for the admin certificate, defaults to the indexer node name. class wazuh::indexer ( # opensearch.yml configuration @@ -94,7 +96,7 @@ } $certs_to_generate.each |String $cert| { $_certname = "wazuh_${cert}_cert_${facts['networking']['fqdn']}" - @@wazuh::certificate { $_certname: + @@wazuh::certificates::certificate { $_certname: ensure => present, altnames => [$facts['networking']['ip']], keyusage => ['digitalSignature', 'nonRepudiation', 'keyEncipherment', 'dataEncipherment'], diff --git a/manifests/init.pp b/manifests/init.pp index 8d6cbe92..d0753a48 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,3 @@ # Copyright (C) 2015, Wazuh Inc. -# Blank container class -class wazuh { } +# @summary Blank container class +class wazuh {} diff --git a/manifests/integration.pp b/manifests/integration.pp index 0e6ebd4b..bf14f0d2 100644 --- a/manifests/integration.pp +++ b/manifests/integration.pp @@ -1,6 +1,6 @@ # Copyright (C) 2015, Wazuh Inc. -#Define for a specific ossec integration -define wazuh::integration( +# @summary Define for a specific ossec integration +define wazuh::integration ( $hook_url = '', $api_key = '', $in_rule_id = '', @@ -10,12 +10,11 @@ $in_format = '', $in_max_log = '', ) { - require wazuh::params_manager concat::fragment { $name: target => 'manager_ossec.conf', order => 60, - content => template('wazuh/fragments/_integration.erb') + content => template('wazuh/fragments/_integration.erb'), } } diff --git a/manifests/manager.pp b/manifests/manager.pp index 7ba2fd42..15eeb798 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Main ossec server config +# @summary Main ossec server config class wazuh::manager ( # Installation diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index abb96ae1..3a5cc0e7 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Wazuh-Agent configuration parameters +# @summary Wazuh-Agent configuration parameters class wazuh::params_agent { $agent_package_version = '5.0.0' $agent_package_revision = '1' @@ -103,7 +103,6 @@ $ossec_labels_template = 'wazuh/fragments/_labels.erb' $ossec_labels = [] - ## Rootcheck $ossec_rootcheck_disabled = 'no' $ossec_rootcheck_check_files = 'yes' @@ -128,7 +127,6 @@ $ossec_rootcheck_windows_windows_apps = './shared/win_applications_rcl.txt' $ossec_rootcheck_windows_windows_malware = './shared/win_malware_rcl.txt' - # SCA ## Amazon @@ -159,14 +157,12 @@ $sca_else_skip_nfs = 'yes' $sca_else_policies = [] - ## open-scap $wodle_openscap_disabled = 'yes' $wodle_openscap_timeout = '1800' $wodle_openscap_interval = '1d' $wodle_openscap_scan_on_start = 'yes' - ## syscheck $ossec_syscheck_disabled = 'no' $ossec_syscheck_frequency = '43200' @@ -209,7 +205,6 @@ $ossec_syscheck_nodiff = '/etc/ssl/private.key' $ossec_syscheck_skip_nfs = 'yes' - # Audit $audit_manage_rules = false $audit_buffer_bytes = '8192' @@ -217,7 +212,7 @@ $audit_rules = [ "-b ${audit_buffer_bytes}", "--backlog_wait_time ${audit_backlog_wait_time}", - '-f 1' + '-f 1', ] $windows_audit_interval = 300 @@ -225,9 +220,8 @@ # active-response $active_response_linux_ca_store = '/var/ossec/etc/wpk_root.pem' - # OS specific configurations - case $::kernel { + case $facts['kernel'] { 'Linux': { $agent_package_name = 'wazuh-agent' $agent_service_name = 'wazuh-agent' @@ -292,7 +286,7 @@ $ossec_ruleset_decoder_dir = 'ruleset/decoders' $ossec_ruleset_rule_dir = 'ruleset/rules' $ossec_ruleset_rule_exclude = '0215-policy_rules.xml' - $ossec_ruleset_list = [ 'etc/lists/audit-keys', + $ossec_ruleset_list = ['etc/lists/audit-keys', 'etc/lists/amazon/aws-eventnames', 'etc/lists/security-eventchannel', 'etc/lists/malicious-ioc/malicious-ip', @@ -303,7 +297,7 @@ $ossec_ruleset_user_defined_decoder_dir = 'etc/decoders' $ossec_ruleset_user_defined_rule_dir = 'etc/rules' - case $::osfamily { + case $facts['os']['family'] { 'Debian': { $service_has_status = false $ossec_service_provider = undef @@ -315,15 +309,15 @@ { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog' }, { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog' }, ] - case $::lsbdistcodename { + case $facts['os']['distro']['codename'] { 'xenial': { $wodle_openscap_content = { 'ssg-ubuntu-1604-ds.xml' => { 'type' => 'xccdf', profiles => ['xccdf_org.ssgproject.content_profile_common'], }, 'cve-ubuntu-xenial-oval.xml' => { - 'type' => 'oval' - } + 'type' => 'oval', + }, } } 'jessie': { @@ -334,7 +328,7 @@ }, 'cve-debian-8-oval.xml' => { 'type' => 'oval', - } + }, } } /^(wheezy|stretch|buster|bullseye|bookworm|sid|precise|trusty|vivid|wily|xenial|bionic|focal|groovy|jammy)$/: { @@ -343,10 +337,9 @@ $wodle_openscap_content = undef } default: { - fail("Module ${module_name} is not supported on ${::operatingsystem}") + fail("Module ${module_name} is not supported on ${facts['os']['name']}") } } - } 'RedHat': { $service_has_status = true @@ -358,13 +351,12 @@ { 'location' => '/var/log/secure', 'log_format' => 'syslog' }, { 'location' => '/var/log/maillog', 'log_format' => 'syslog' }, ] - case $::operatingsystem { + case $facts['os']['name'] { 'Amazon': { $ossec_service_provider = 'systemd' } 'CentOS': { - - if ( $::operatingsystemrelease =~ /^6.*/ ) { + if ( $facts['os']['release']['full'] =~ /^6.*/ ) { $ossec_service_provider = 'redhat' $wodle_openscap_content = { @@ -373,11 +365,11 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server', - ] - } + ], + }, } } - if ( $::operatingsystemrelease =~ /^7.*/ ) { + if ( $facts['os']['release']['full'] =~ /^7.*/ ) { $ossec_service_provider = 'systemd' $wodle_openscap_content = { @@ -386,13 +378,13 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common', - ] - } + ], + }, } } } /^(RedHat|OracleLinux)$/: { - if ( $::operatingsystemrelease =~ /^6.*/ ) { + if ( $facts['os']['release']['full'] =~ /^6.*/ ) { $ossec_service_provider = 'redhat' $wodle_openscap_content = { @@ -401,14 +393,14 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server', - ] + ], }, 'cve-redhat-6-ds.xml' => { 'type' => 'xccdf', - } + }, } } - if ( $::operatingsystemrelease =~ /^7.*/ ) { + if ( $facts['os']['release']['full'] =~ /^7.*/ ) { $ossec_service_provider = 'systemd' $wodle_openscap_content = { @@ -417,14 +409,14 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common', - ] + ], }, 'cve-redhat-7-ds.xml' => { 'type' => 'xccdf', - } + }, } } - if ( $::operatingsystemrelease =~ /^8.*/ ) { + if ( $facts['os']['release']['full'] =~ /^8.*/ ) { $ossec_service_provider = 'systemd' $wodle_openscap_content = { @@ -433,16 +425,16 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common', - ] + ], }, 'cve-redhat-8-ds.xml' => { 'type' => 'xccdf', - } + }, } } } 'Fedora': { - if ( $::operatingsystemrelease =~ /^(23|24|25).*/ ) { + if ( $facts['os']['release']['full'] =~ /^(23|24|25).*/ ) { $ossec_service_provider = 'redhat' $wodle_openscap_content = { @@ -451,18 +443,18 @@ profiles => [ 'xccdf_org.ssgproject.content_profile_standard', 'xccdf_org.ssgproject.content_profile_common', - ] + ], }, } } } 'AlmaLinux': { - if ( $::operatingsystemrelease =~ /^8.*/ ) { + if ( $facts['os']['release']['full'] =~ /^8.*/ ) { $ossec_service_provider = 'redhat' } } 'Rocky': { - if ( $::operatingsystemrelease =~ /^8.*/ ) { + if ( $facts['os']['release']['full'] =~ /^8.*/ ) { $ossec_service_provider = 'redhat' } } @@ -479,9 +471,9 @@ { 'location' => '/var/log/secure', 'log_format' => 'syslog' }, { 'location' => '/var/log/maillog', 'log_format' => 'syslog' }, ] - case $::operatingsystem { + case $facts['os']['name'] { 'SLES': { - if ( $::operatingsystemrelease =~ /^(12|15).*/ ) { + if ( $facts['os']['release']['full'] =~ /^(12|15).*/ ) { $ossec_service_provider = 'redhat' } } diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index b4d7c833..498c6830 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Paramas file +# @summary Paramas file class wazuh::params_manager { case $facts['kernel'] { 'Linux': { diff --git a/manifests/repo.pp b/manifests/repo.pp index b9f9c96f..dd096a37 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Wazuh repository installation +# @summary Wazuh repository installation class wazuh::repo ( String $repo_baseurl = 'packages.wazuh.com', String $repo_version = '5.x', diff --git a/manifests/reports.pp b/manifests/reports.pp index 20c6ee6d..ded9d3eb 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -#Define for a Reports section +# @summary Define for a Reports section define wazuh::reports ( Optional[String] $r_group = undef, Optional[String] $r_category = undef, diff --git a/manifests/securityadmin.pp b/manifests/securityadmin.pp index 440df996..6fdd7b3d 100644 --- a/manifests/securityadmin.pp +++ b/manifests/securityadmin.pp @@ -1,5 +1,5 @@ # Copyright (C) 2015, Wazuh Inc. -# Wazuh repository installation +# @summary Wazuh OpenSearch security index init class wazuh::securityadmin ( $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock', $indexer_network_host = '127.0.0.1', From fa7e1825116eabd9cd0ba92bc5425214d2725fe2 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 17:52:26 -0400 Subject: [PATCH 25/29] add: support for puppet node certs for agent/manager validation --- manifests/agent.pp | 52 +++++++++++++++++++++++++--------- manifests/manager.pp | 31 ++++++++++++++------ manifests/params_manager.pp | 3 ++ templates/fragments/_auth.erb | 3 ++ templates/wazuh_agent.conf.erb | 12 ++++---- 5 files changed, 74 insertions(+), 27 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 3c642ac4..3f6e6c7c 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -2,6 +2,8 @@ # @summary Puppet class that installs and manages the Wazuh agent class wazuh::agent ( + Boolean $use_puppet_cert = false, + Boolean $use_manager_validation = false, # Versioning and package names $agent_package_version = $wazuh::params_agent::agent_package_version, @@ -239,6 +241,32 @@ # Logging $logging_log_format = $wazuh::params_agent::logging_log_format, ) inherits wazuh::params_agent { + if $use_puppet_cert { + $_wazuh_agent_cert_path = "${settings::ssldir}/certs/${trusted['certname']}.pem" + $_wazuh_agent_key_path = "${settings::ssldir}/private_keys/${trusted['certname']}.pem" + $_wazuh_manager_root_ca_pem_path = "${settings::ssldir}/certs/ca.pem" + if $use_manager_validation { + case $wazuh_enrollment_agent_cert_path { + undef: { + $_wazuh_enrollment_agent_cert_path = $_wazuh_agent_cert_path + $_wazuh_enrollment_agent_key_path = $_wazuh_agent_key_path + $_wazuh_enrollment_server_ca_path = $_wazuh_manager_root_ca_pem_path + } + default: { + $_wazuh_enrollment_agent_cert_path = $wazuh_enrollment_agent_cert_path + $_wazuh_enrollment_agent_key_path = $wazuh_enrollment_agent_key_path + $_wazuh_enrollment_server_ca_path = $wazuh_enrollment_server_ca_path + } + } + } + } else { + $_wazuh_agent_cert_path = $wazuh_agent_cert_path + $_wazuh_agent_key_path = $wazuh_agent_key_path + $_wazuh_enrollment_agent_cert_path = $wazuh_enrollment_agent_cert_path + $_wazuh_enrollment_agent_key_path = $wazuh_enrollment_agent_key_path + $_wazuh_manager_root_ca_pem_path = $wazuh_manager_root_ca_pem_path + $_wazuh_enrollment_server_ca_path = $wazuh_enrollment_server_ca_path + } # validate_bool( # $ossec_active_response, $ossec_rootcheck, # $selinux, @@ -511,32 +539,34 @@ $agent_auth_base_command = "${agent_auth_executable} -m ${wazuh_register_endpoint}" # https://documentation.wazuh.com/4.0/user-manual/registering/manager-verification/manager-verification-registration.html - if $wazuh_manager_root_ca_pem != undef { - validate_legacy(String, 'validate_string', $wazuh_manager_root_ca_pem) + if $wazuh_manager_root_ca_pem != undef or $_wazuh_manager_root_ca_pem_path != undef { + if ($wazuh_manager_root_ca_pem != undef and $_wazuh_manager_root_ca_pem_path != undef) { + fail('Pass either wazuh_manager_root_ca_pem or wazuh_manager_root_ca_pem_path, not both') + } file { '/var/ossec/etc/rootCA.pem': owner => $wazuh::params_agent::keys_owner, group => $wazuh::params_agent::keys_group, mode => $wazuh::params_agent::keys_mode, content => $wazuh_manager_root_ca_pem, + source => $_wazuh_manager_root_ca_pem_path, require => Package[$agent_package_name], } $agent_auth_option_manager = '-v /var/ossec/etc/rootCA.pem' - } elsif $wazuh_manager_root_ca_pem_path != undef { - validate_legacy(String, 'validate_string', $wazuh_manager_root_ca_pem) - $agent_auth_option_manager = "-v ${wazuh_manager_root_ca_pem_path}" } else { $agent_auth_option_manager = '' # Avoid errors when compounding final command } # https://documentation.wazuh.com/4.0/user-manual/registering/manager-verification/agent-verification-registration.html - if ($wazuh_agent_cert != undef) and ($wazuh_agent_key != undef) { - validate_legacy(String, 'validate_string', $wazuh_agent_cert) - validate_legacy(String, 'validate_string', $wazuh_agent_key) + if (($wazuh_agent_cert != undef) and ($wazuh_agent_key != undef)) or ($_wazuh_agent_cert_path != undef and $_wazuh_agent_key_path != undef) { + if ($wazuh_agent_cert != undef and $_wazuh_agent_cert_path != undef) or ($wazuh_agent_key != undef and $_wazuh_agent_key_path != undef) { + fail('Pass either wazuh_agent_cert/key or wazuh_agent_cert/key_path, not both') + } file { '/var/ossec/etc/sslagent.cert': owner => $wazuh::params_agent::keys_owner, group => $wazuh::params_agent::keys_group, mode => $wazuh::params_agent::keys_mode, content => $wazuh_agent_cert, + source => $_wazuh_agent_cert_path, require => Package[$agent_package_name], } file { '/var/ossec/etc/sslagent.key': @@ -544,14 +574,10 @@ group => $wazuh::params_agent::keys_group, mode => $wazuh::params_agent::keys_mode, content => $wazuh_agent_key, + source => $_wazuh_agent_key_path, require => Package[$agent_package_name], } - $agent_auth_option_agent = '-x /var/ossec/etc/sslagent.cert -k /var/ossec/etc/sslagent.key' - } elsif ($wazuh_agent_cert_path != undef) and ($wazuh_agent_key_path != undef) { - validate_legacy(String, 'validate_string', $wazuh_agent_cert_path) - validate_legacy(String, 'validate_string', $wazuh_agent_key_path) - $agent_auth_option_agent = "-x ${wazuh_agent_cert_path} -k ${wazuh_agent_key_path}" } else { $agent_auth_option_agent = '' } diff --git a/manifests/manager.pp b/manifests/manager.pp index 15eeb798..a5c89bf6 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -2,6 +2,7 @@ # @summary Main ossec server config class wazuh::manager ( + Boolean $use_puppet_certs = true, # Installation $server_package_version = $wazuh::params_manager::server_package_version, @@ -190,6 +191,7 @@ $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password, $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents, $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers, + $ossec_auth_ssl_agent_ca = $wazuh::params_manager::ossec_auth_ssl_agent_ca, $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host, $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert, $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key, @@ -248,9 +250,11 @@ $rule_exclude = $wazuh::params_manager::rule_exclude, $shared_agent_template = $wazuh::params_manager::shared_agent_template, - $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, - $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, - $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, + $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, + String $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, + String $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, + Stdlib::Absolutepath $wazuh_manager_server_crt_path = $wazuh::params_manager::wazuh_manager_server_crt_path, + Stdlib::Absolutepath $wazuh_manager_server_key_path = $wazuh::params_manager::wazuh_manager_server_key_path, $ossec_local_files = $wazuh::params_manager::default_local_files, @@ -300,6 +304,16 @@ Array, 'validate_array', $decoder_exclude, $rule_exclude ) + if $use_puppet_certs { + $_ossec_auth_ssl_agent_ca = "${settings::ssldir}/certs/ca.pem" + $_wazuh_manager_server_crt_path = "${settings::ssldir}/certs/${trusted['certname']}.pem" + $_wazuh_manager_server_key_path = "${settings::ssldir}/private_keys/${trusted['certname']}.pem" + } else { + $_ossec_auth_ssl_agent_ca = $ossec_auth_ssl_agent_ca + $_wazuh_manager_server_crt_path = $wazuh_manager_server_crt_path + $_wazuh_manager_server_key_path = $wazuh_manager_server_key_path + } + ## Determine which kernel and family puppet is running on. Will be used on _localfile, _rootcheck, _syscheck & _sca if ($facts['kernel'] == 'windows') { @@ -615,13 +629,13 @@ # https://documentation.wazuh.com/current/user-manual/registering/use-registration-service.html#verify-manager-via-ssl if $wazuh_manager_verify_manager_ssl { - if ($wazuh_manager_server_crt != undef) and ($wazuh_manager_server_key != undef) { - validate_legacy( - String, 'validate_string', $wazuh_manager_server_crt, $wazuh_manager_server_key - ) - + if (($wazuh_manager_server_crt != undef) and ($wazuh_manager_server_key != undef)) or ($_wazuh_manager_server_crt_path != undef and $_wazuh_manager_server_key_path != undef) { + if ($wazuh_manager_server_crt != undef and $_wazuh_manager_server_crt_path != undef) or ($wazuh_manager_server_key != undef and $_wazuh_manager_server_key_path != undef) { + fail('You cannot use both $wazuh_manager_server_crt and $_wazuh_manager_server_crt_path or $wazuh_manager_server_key and $_wazuh_manager_server_key_path simultaneously.') + } file { '/var/ossec/etc/sslmanager.key': content => $wazuh_manager_server_key, + source => $_wazuh_manager_server_key_path, owner => 'root', group => 'wazuh', mode => '0640', @@ -631,6 +645,7 @@ file { '/var/ossec/etc/sslmanager.cert': content => $wazuh_manager_server_crt, + source => $_wazuh_manager_server_crt_path, owner => 'root', group => 'wazuh', mode => '0640', diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 498c6830..a3415632 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -191,6 +191,7 @@ $ossec_auth_use_password = 'no' $ossec_auth_limit_maxagents = 'yes' $ossec_auth_ciphers = 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' + $ossec_auth_ssl_agent_ca = undef $ossec_auth_ssl_verify_host = 'no' $ossec_auth_ssl_manager_cert = '/var/ossec/etc/sslmanager.cert' $ossec_auth_ssl_manager_key = '/var/ossec/etc/sslmanager.key' @@ -283,6 +284,8 @@ $wazuh_manager_verify_manager_ssl = false $wazuh_manager_server_crt = undef $wazuh_manager_server_key = undef + $wazuh_manager_server_crt_path = undef + $wazuh_manager_server_key_path = undef ## Wazuh config folders and modes diff --git a/templates/fragments/_auth.erb b/templates/fragments/_auth.erb index ecf07d78..16eee118 100644 --- a/templates/fragments/_auth.erb +++ b/templates/fragments/_auth.erb @@ -16,6 +16,9 @@ <%= @ossec_auth_use_password %> <%= @ossec_auth_limit_maxagents %> <%= @ossec_auth_ciphers %> + <%- if @_ossec_auth_ssl_agent_ca then -%> + <%= @_ossec_auth_ssl_agent_ca %> + <%- end -%> <%= @ossec_auth_ssl_verify_host %> <%= @ossec_auth_ssl_manager_cert %> <%= @ossec_auth_ssl_manager_key %> diff --git a/templates/wazuh_agent.conf.erb b/templates/wazuh_agent.conf.erb index 072f44dd..8d06d82c 100644 --- a/templates/wazuh_agent.conf.erb +++ b/templates/wazuh_agent.conf.erb @@ -48,14 +48,14 @@ <%- if @wazuh_enrollment_ssl_cipher then -%> <%= @wazuh_enrollment_ssl_cipher %> <%- end -%> - <%- if @wazuh_enrollment_server_ca_path then -%> - <%= @wazuh_enrollment_server_ca_path %> + <%- if @_wazuh_enrollment_server_ca_path then -%> + <%= @_wazuh_enrollment_server_ca_path %> <%- end -%> - <%- if @wazuh_enrollment_agent_cert_path then -%> - <%= @wazuh_enrollment_agent_cert_path %> + <%- if @_wazuh_enrollment_agent_cert_path then -%> + <%= @_wazuh_enrollment_agent_cert_path %> <%- end -%> - <%- if @wazuh_enrollment_agent_key_path then -%> - <%= @wazuh_enrollment_agent_key_path %> + <%- if @_wazuh_enrollment_agent_key_path then -%> + <%= @_wazuh_enrollment_agent_key_path %> <%- end -%> <%- if @wazuh_enrollment_auth_pass_path then -%> <%= @wazuh_enrollment_auth_pass_path %> From 1d82e527d0cf575f2d52425baf9fd61f709f794e Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Fri, 8 Aug 2025 18:03:51 -0400 Subject: [PATCH 26/29] add: types for parameters that I removed legacy validators for --- REFERENCE.md | 78 +++++++++++++++++++++++++++++++++++++------- manifests/agent.pp | 18 +++++----- manifests/manager.pp | 2 +- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 2dd8b7ef..3a88ac17 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -18,7 +18,7 @@ * [`wazuh::params_agent`](#wazuh--params_agent): Wazuh-Agent configuration parameters * [`wazuh::params_manager`](#wazuh--params_manager): Paramas file * [`wazuh::repo`](#wazuh--repo): Wazuh repository installation -* [`wazuh::securityadmin`](#wazuh--securityadmin): Wazuh repository installation +* [`wazuh::securityadmin`](#wazuh--securityadmin): Wazuh OpenSearch security index init ### Defined types @@ -44,6 +44,8 @@ Copyright (C) 2015, Wazuh Inc. The following parameters are available in the `wazuh::agent` class: +* [`use_puppet_cert`](#-wazuh--agent--use_puppet_cert) +* [`use_manager_validation`](#-wazuh--agent--use_manager_validation) * [`agent_package_version`](#-wazuh--agent--agent_package_version) * [`agent_package_revision`](#-wazuh--agent--agent_package_revision) * [`agent_package_name`](#-wazuh--agent--agent_package_name) @@ -220,6 +222,22 @@ The following parameters are available in the `wazuh::agent` class: * [`download_path`](#-wazuh--agent--download_path) * [`logging_log_format`](#-wazuh--agent--logging_log_format) +##### `use_puppet_cert` + +Data type: `Boolean` + + + +Default value: `false` + +##### `use_manager_validation` + +Data type: `Boolean` + + + +Default value: `false` + ##### `agent_package_version` Data type: `Any` @@ -302,7 +320,7 @@ Default value: `$wazuh::params_agent::agent_address` ##### `wazuh_agent_cert` -Data type: `Any` +Data type: `String` @@ -310,7 +328,7 @@ Default value: `$wazuh::params_agent::wazuh_agent_cert` ##### `wazuh_agent_key` -Data type: `Any` +Data type: `String` @@ -318,7 +336,7 @@ Default value: `$wazuh::params_agent::wazuh_agent_key` ##### `wazuh_agent_cert_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -326,7 +344,7 @@ Default value: `$wazuh::params_agent::wazuh_agent_cert_path` ##### `wazuh_agent_key_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -342,7 +360,7 @@ Default value: `$wazuh::params_agent::agent_auth_password` ##### `wazuh_manager_root_ca_pem` -Data type: `Any` +Data type: `String` @@ -350,7 +368,7 @@ Default value: `$wazuh::params_agent::wazuh_manager_root_ca_pem` ##### `wazuh_manager_root_ca_pem_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -734,7 +752,7 @@ Default value: `$wazuh::params_agent::wazuh_enrollment_ssl_cipher` ##### `wazuh_enrollment_server_ca_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -742,7 +760,7 @@ Default value: `$wazuh::params_agent::wazuh_enrollment_server_ca_path` ##### `wazuh_enrollment_agent_cert_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -750,7 +768,7 @@ Default value: `$wazuh::params_agent::wazuh_enrollment_agent_cert_path` ##### `wazuh_enrollment_agent_key_path` -Data type: `Any` +Data type: `Stdlib::Absolutepath` @@ -2555,6 +2573,7 @@ Copyright (C) 2015, Wazuh Inc. The following parameters are available in the `wazuh::manager` class: +* [`use_puppet_certs`](#-wazuh--manager--use_puppet_certs) * [`server_package_version`](#-wazuh--manager--server_package_version) * [`manage_firewall`](#-wazuh--manager--manage_firewall) * [`ossec_logall`](#-wazuh--manager--ossec_logall) @@ -2698,6 +2717,7 @@ The following parameters are available in the `wazuh::manager` class: * [`ossec_auth_use_password`](#-wazuh--manager--ossec_auth_use_password) * [`ossec_auth_limit_maxagents`](#-wazuh--manager--ossec_auth_limit_maxagents) * [`ossec_auth_ciphers`](#-wazuh--manager--ossec_auth_ciphers) +* [`ossec_auth_ssl_agent_ca`](#-wazuh--manager--ossec_auth_ssl_agent_ca) * [`ossec_auth_ssl_verify_host`](#-wazuh--manager--ossec_auth_ssl_verify_host) * [`ossec_auth_ssl_manager_cert`](#-wazuh--manager--ossec_auth_ssl_manager_cert) * [`ossec_auth_ssl_manager_key`](#-wazuh--manager--ossec_auth_ssl_manager_key) @@ -2745,6 +2765,8 @@ The following parameters are available in the `wazuh::manager` class: * [`wazuh_manager_verify_manager_ssl`](#-wazuh--manager--wazuh_manager_verify_manager_ssl) * [`wazuh_manager_server_crt`](#-wazuh--manager--wazuh_manager_server_crt) * [`wazuh_manager_server_key`](#-wazuh--manager--wazuh_manager_server_key) +* [`wazuh_manager_server_crt_path`](#-wazuh--manager--wazuh_manager_server_crt_path) +* [`wazuh_manager_server_key_path`](#-wazuh--manager--wazuh_manager_server_key_path) * [`ossec_local_files`](#-wazuh--manager--ossec_local_files) * [`wazuh_api_host`](#-wazuh--manager--wazuh_api_host) * [`wazuh_api_port`](#-wazuh--manager--wazuh_api_port) @@ -2774,6 +2796,14 @@ The following parameters are available in the `wazuh::manager` class: * [`limits_eps`](#-wazuh--manager--limits_eps) * [`wazuh_api_template`](#-wazuh--manager--wazuh_api_template) +##### `use_puppet_certs` + +Data type: `Boolean` + + + +Default value: `true` + ##### `server_package_version` Data type: `Any` @@ -3918,6 +3948,14 @@ Data type: `Any` Default value: `$wazuh::params_manager::ossec_auth_ciphers` +##### `ossec_auth_ssl_agent_ca` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$wazuh::params_manager::ossec_auth_ssl_agent_ca` + ##### `ossec_auth_ssl_verify_host` Data type: `Any` @@ -4280,7 +4318,7 @@ Default value: `$wazuh::params_manager::wazuh_manager_verify_manager_ssl` ##### `wazuh_manager_server_crt` -Data type: `Any` +Data type: `String` @@ -4288,12 +4326,28 @@ Default value: `$wazuh::params_manager::wazuh_manager_server_crt` ##### `wazuh_manager_server_key` -Data type: `Any` +Data type: `String` Default value: `$wazuh::params_manager::wazuh_manager_server_key` +##### `wazuh_manager_server_crt_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$wazuh::params_manager::wazuh_manager_server_crt_path` + +##### `wazuh_manager_server_key_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$wazuh::params_manager::wazuh_manager_server_key_path` + ##### `ossec_local_files` Data type: `Any` diff --git a/manifests/agent.pp b/manifests/agent.pp index 3f6e6c7c..f9a7b9b5 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -18,13 +18,13 @@ $agent_name = $wazuh::params_agent::agent_name, $agent_group = $wazuh::params_agent::agent_group, $agent_address = $wazuh::params_agent::agent_address, - $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert, - $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key, - $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path, - $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path, + String $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert, + String $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key, + Stdlib::Absolutepath $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path, + Stdlib::Absolutepath $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path, $agent_auth_password = $wazuh::params_agent::agent_auth_password, - $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem, - $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path, + String $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem, + Stdlib::Absolutepath $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path, ## ossec.conf generation parameters # Generation variables @@ -83,9 +83,9 @@ $wazuh_enrollment_groups = $wazuh::params_agent::wazuh_enrollment_groups, $wazuh_enrollment_agent_address = $wazuh::params_agent::wazuh_enrollment_agent_address, $wazuh_enrollment_ssl_cipher = $wazuh::params_agent::wazuh_enrollment_ssl_cipher, - $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path, - $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path, - $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path, + Stdlib::Absolutepath $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path, + Stdlib::Absolutepath $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path, + Stdlib::Absolutepath $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path, $wazuh_enrollment_auth_pass = $wazuh::params_agent::wazuh_enrollment_auth_pass, $wazuh_enrollment_auth_pass_path = $wazuh::params_agent::wazuh_enrollment_auth_pass_path, $wazuh_enrollment_auto_method = $wazuh::params_agent::wazuh_enrollment_auto_method, diff --git a/manifests/manager.pp b/manifests/manager.pp index a5c89bf6..666397fc 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -191,7 +191,7 @@ $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password, $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents, $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers, - $ossec_auth_ssl_agent_ca = $wazuh::params_manager::ossec_auth_ssl_agent_ca, + Stdlib::Absolutepath $ossec_auth_ssl_agent_ca = $wazuh::params_manager::ossec_auth_ssl_agent_ca, $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host, $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert, $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key, From a509675481e710c31debc984537fec9b992df761 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Mon, 11 Aug 2025 15:31:43 -0400 Subject: [PATCH 27/29] fix: use optional for type enforcement of default undef values --- manifests/agent.pp | 12 ++++++------ manifests/certificates.pp | 8 ++++---- manifests/manager.pp | 6 +++--- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index f9a7b9b5..a8d81867 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -20,11 +20,11 @@ $agent_address = $wazuh::params_agent::agent_address, String $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert, String $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key, - Stdlib::Absolutepath $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path, - Stdlib::Absolutepath $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path, + Optional[Stdlib::Absolutepath] $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path, + Optional[Stdlib::Absolutepath] $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path, $agent_auth_password = $wazuh::params_agent::agent_auth_password, String $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem, - Stdlib::Absolutepath $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path, + Optional[Stdlib::Absolutepath] $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path, ## ossec.conf generation parameters # Generation variables @@ -83,9 +83,9 @@ $wazuh_enrollment_groups = $wazuh::params_agent::wazuh_enrollment_groups, $wazuh_enrollment_agent_address = $wazuh::params_agent::wazuh_enrollment_agent_address, $wazuh_enrollment_ssl_cipher = $wazuh::params_agent::wazuh_enrollment_ssl_cipher, - Stdlib::Absolutepath $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path, - Stdlib::Absolutepath $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path, - Stdlib::Absolutepath $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path, + Optional[Stdlib::Absolutepath] $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path, + Optional[Stdlib::Absolutepath] $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path, + Optional[Stdlib::Absolutepath] $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path, $wazuh_enrollment_auth_pass = $wazuh::params_agent::wazuh_enrollment_auth_pass, $wazuh_enrollment_auth_pass_path = $wazuh::params_agent::wazuh_enrollment_auth_pass_path, $wazuh_enrollment_auto_method = $wazuh::params_agent::wazuh_enrollment_auto_method, diff --git a/manifests/certificates.pp b/manifests/certificates.pp index 1b27f7f0..cb3377b6 100644 --- a/manifests/certificates.pp +++ b/manifests/certificates.pp @@ -19,11 +19,11 @@ $manager_worker_certs = [], $dashboard_certs = [], Boolean $manage_certs = true, - Stdlib::Absolutepath $ca_cert_path = $settings::cacert, - Stdlib::Absolutepath $ca_key_path = $settings::cakey, + Optional[Stdlib::Absolutepath] $ca_cert_path = $settings::cacert, + Optional[Stdlib::Absolutepath] $ca_key_path = $settings::cakey, String $bucket_name = 'wazuh', - Stdlib::Absolutepath $filebucket_path = "${settings::confdir}/filebucket", - Stdlib::Absolutepath $fileserver_conf = "${settings::confdir}/fileserver.conf", + Optional[Stdlib::Absolutepath] $filebucket_path = "${settings::confdir}/filebucket", + Optional[Stdlib::Absolutepath] $fileserver_conf = "${settings::confdir}/fileserver.conf", ) { if $use_legacy_workflow { file { 'Configure Wazuh Certificates config.yml': diff --git a/manifests/manager.pp b/manifests/manager.pp index 666397fc..fd10ac05 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -191,7 +191,7 @@ $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password, $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents, $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers, - Stdlib::Absolutepath $ossec_auth_ssl_agent_ca = $wazuh::params_manager::ossec_auth_ssl_agent_ca, + Optional[Stdlib::Absolutepath] $ossec_auth_ssl_agent_ca = $wazuh::params_manager::ossec_auth_ssl_agent_ca, $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host, $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert, $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key, @@ -253,8 +253,8 @@ $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, String $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, String $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, - Stdlib::Absolutepath $wazuh_manager_server_crt_path = $wazuh::params_manager::wazuh_manager_server_crt_path, - Stdlib::Absolutepath $wazuh_manager_server_key_path = $wazuh::params_manager::wazuh_manager_server_key_path, + Optional[Stdlib::Absolutepath] $wazuh_manager_server_crt_path = $wazuh::params_manager::wazuh_manager_server_crt_path, + Optional[Stdlib::Absolutepath] $wazuh_manager_server_key_path = $wazuh::params_manager::wazuh_manager_server_key_path, $ossec_local_files = $wazuh::params_manager::default_local_files, From 7287e9ea186815105b43553725d17fafcbc4487d Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Mon, 11 Aug 2025 15:34:24 -0400 Subject: [PATCH 28/29] fix: use optional for type enforcement of default undef values --- manifests/agent.pp | 6 +++--- manifests/manager.pp | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index a8d81867..d28d7774 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -18,12 +18,12 @@ $agent_name = $wazuh::params_agent::agent_name, $agent_group = $wazuh::params_agent::agent_group, $agent_address = $wazuh::params_agent::agent_address, - String $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert, - String $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key, + Optional[String] $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert, + Optional[String] $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key, Optional[Stdlib::Absolutepath] $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path, Optional[Stdlib::Absolutepath] $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path, $agent_auth_password = $wazuh::params_agent::agent_auth_password, - String $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem, + Optional[String] $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem, Optional[Stdlib::Absolutepath] $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path, ## ossec.conf generation parameters diff --git a/manifests/manager.pp b/manifests/manager.pp index fd10ac05..acce3e92 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -251,8 +251,8 @@ $shared_agent_template = $wazuh::params_manager::shared_agent_template, $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl, - String $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, - String $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, + Optional[String] $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt, + Optional[String] $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key, Optional[Stdlib::Absolutepath] $wazuh_manager_server_crt_path = $wazuh::params_manager::wazuh_manager_server_crt_path, Optional[Stdlib::Absolutepath] $wazuh_manager_server_key_path = $wazuh::params_manager::wazuh_manager_server_key_path, From 399b5271f0eb856001831b9a1403b9502735d673 Mon Sep 17 00:00:00 2001 From: griggi-ws Date: Mon, 11 Aug 2025 15:41:24 -0400 Subject: [PATCH 29/29] change: ensure the apt-update exec name is distinct from the apt module, to avoid issues in a staged run --- manifests/repo.pp | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index dd096a37..6ec56328 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -54,18 +54,16 @@ content => "deb [signed-by=/usr/share/keyrings/wazuh.gpg] ${wazuh_repo_url} ${repo_release} main\n", order => '01', require => File['/usr/share/keyrings/wazuh.gpg'], - notify => Exec['apt-update'], + notify => Exec['apt-update-wazuh'], } } default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } } - # Define an exec resource to run 'apt-get update' - if !defined(Exec['apt-update']) { - exec { 'apt-update': - command => 'apt-get update', - refreshonly => true, - path => ['/bin', '/usr/bin'], - } + # Define an exec resource to run 'apt-get update', without conflicting with the apt module (if using stage workflow) + exec { 'apt-update-wazuh': + command => 'apt-get update', + refreshonly => true, + path => ['/bin', '/usr/bin'], } } 'Linux', 'RedHat', 'Suse' : {