Puppet Class: wazuh::filebeat_oss

Defined in:: manifests/filebeat_oss.pp

Overview

Parameters:

filebeat_oss_elasticsearch_ip (Any) (defaults to: 'localhost')
filebeat_oss_elasticsearch_port (Any) (defaults to: '9200')
elasticsearch_server_ip (Any) (defaults to: "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"")
filebeat_oss_package (Any) (defaults to: 'filebeat')
filebeat_oss_service (Any) (defaults to: 'filebeat')
filebeat_oss_elastic_user (Any) (defaults to: 'admin')
filebeat_oss_elastic_password (Any) (defaults to: 'admin')
filebeat_oss_version (Any) (defaults to: '7.10.2')
wazuh_app_version (Any) (defaults to: '4.2.2_7.10.2')
wazuh_extensions_version (Any) (defaults to: 'v4.2.2')
wazuh_filebeat_module (Any) (defaults to: 'wazuh-filebeat-0.1.tar.gz')

# File 'manifests/filebeat_oss.pp', line 3

class wazuh::filebeat_oss (
  $filebeat_oss_elasticsearch_ip = 'localhost',
  $filebeat_oss_elasticsearch_port = '9200',
  $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"",

  $filebeat_oss_package = 'filebeat',
  $filebeat_oss_service = 'filebeat',
  $filebeat_oss_elastic_user = 'admin',
  $filebeat_oss_elastic_password = 'admin',
  $filebeat_oss_version = '7.10.2',
  $wazuh_app_version = '4.2.2_7.10.2',
  $wazuh_extensions_version = 'v4.2.2',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
){

  class {'wazuh::repo_elastic_oss':}

  if $::osfamily == 'Debian' {
    Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package]
  } else {
    Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package]
  }

  package { 'filebeat':
    ensure => $filebeat_oss_version,
    name   => $filebeat_oss_package,
  }

  file { 'Configure filebeat.yml':
    owner   => 'root',
    path    => '/etc/filebeat/filebeat.yml',
    group   => 'root',
    mode    => '0644',
    notify  => Service[$filebeat_oss_service], ## Restarts the service
    content => template('wazuh/filebeat_oss_yml.erb'),
    require => Package[$filebeat_oss_package]
  }

  exec { 'Installing wazuh-template.json...':
    path    => '/usr/bin',
    command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
    notify  => Service[$filebeat_oss_service],
    require => Package[$filebeat_oss_package]
  }

  exec { 'Installing filebeat module ... Downloading package':
    path    => '/usr/bin',
    command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
  }

  exec { 'Unpackaging ...':
    command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module',
    notify  => Service[$filebeat_oss_service],
    require => Package[$filebeat_oss_package]
  }

  file { '/usr/share/filebeat/module/wazuh':
    ensure  => 'directory',
    mode    => '0755',
    require => Package[$filebeat_oss_package]
  }

  service { 'filebeat':
    ensure  => running,
    enable  => true,
    require => Package[$filebeat_oss_package]
  }
}