valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch '3.2' into 3.2-better-reset

Browse Source
This commit is contained in:
Javier Castro 2018-03-13 11:32:15 +01:00 committed by GitHub
commit 7c852bde6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 649 additions and 431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package.json
View File

@ -1,7 +1,7 @@
{
"name": "wazuh",
"version": "3.2.1",
"revision": "0385",
"revision": "0386",
"kibana": {
"version": "6.2.2"
},
@ -33,6 +33,7 @@
"js-yaml": "3.10.0",
"lodash": "3.10.1",
"needle": "^2.0.1",
"node-cron": "^1.1.2"
"node-cron": "^1.1.2",
"winston": "3.0.0-rc1"
}
}

26
server/api/wazuh-api-elastic.js
View File

@ -11,10 +11,10 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
size: '100'
})
.then((data) => {
.then(data => {
reply(data.hits.hits);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -26,10 +26,10 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
id: req.params.id
})
.then((data) => {
.then(data => {
reply(data);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -42,7 +42,7 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
q: 'active:true'
})
.then((data) => {
.then(data => {
if (data.hits.total === 1) {
// Setting off previous default
elasticRequest.callWithRequest(req, 'update', {
@ -72,7 +72,7 @@ module.exports = (server, options) => {
message: 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,
@ -98,7 +98,7 @@ module.exports = (server, options) => {
'message': 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -107,7 +107,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -122,10 +122,10 @@ module.exports = (server, options) => {
index: '.wazuh',
type: 'wazuh-configuration'
})
.then((data) => {
.then(data => {
reply(data.hits.hits);
})
.catch((error) => {
.catch(error => {
reply(error);
});
};
@ -152,7 +152,7 @@ module.exports = (server, options) => {
'message': 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 8,
@ -223,7 +223,7 @@ module.exports = (server, options) => {
response: response
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,
@ -249,7 +249,7 @@ module.exports = (server, options) => {
message: 'ok'
});
})
.catch((error) => {
.catch(error => {
reply({
statusCode: 500,
error: 8,

7
server/api/wazuh-api.js
View File

@ -255,7 +255,7 @@ module.exports = (server, options) => {
}
getConfig(req.headers.id, wapi_config => {
if (wapi_config.error_code > 1) {
// Can not connect to elasticsearch
// Can not connect to elasticsearch
return reply({ statusCode: 200, error: '1', data: 'no_elasticsearch' });
} else if (wapi_config.error_code > 0) {
// Credentials not found
@ -279,7 +279,9 @@ module.exports = (server, options) => {
}
})
.catch(error => reply({ statusCode: 400, error: '9997', data: 'An error occurred trying to obtain PCI DSS requirements from Wazuh API' }));
.catch(error => {
reply({ statusCode: 400, error: '9997', data: 'An error occurred trying to obtain PCI DSS requirements from Wazuh API' })
});
});
} else {
if (typeof pciRequirements[req.params.requirement] !== 'undefined'){
@ -394,6 +396,7 @@ module.exports = (server, options) => {
const getApiSettings = (req, reply) => {
if(!protectedRoute(req)) return reply(genericErrorBuilder(401,7,'Session expired.')).code(401);
getConfig(req.payload.id, (wapi_config) => {
if (wapi_config.error_code > 1) {
//Can not connect to elasticsearch
return reply({

22
server/api/wazuh-elastic.js
View File

@ -52,7 +52,7 @@ module.exports = (server, options) => {
type: 'wazuh-configuration',
id: id
})
.then((data) => {
.then(data => {
callback({
'user': data._source.api_user,
'password': Buffer.from(data._source.api_password, 'base64').toString("ascii"),
@ -63,7 +63,7 @@ module.exports = (server, options) => {
'extensions': data._source.extensions
});
})
.catch((error) => {
.catch(error => {
callback({
'error': 'no elasticsearch',
'error_code': 2
@ -92,7 +92,7 @@ module.exports = (server, options) => {
}
}
})
.then((resp) => {
.then(resp => {
// Update the pattern in the configuration
importAppObjects(req.params.pattern);
reply({
@ -100,7 +100,7 @@ module.exports = (server, options) => {
'data': 'Index pattern updated'
});
})
.catch((err) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,
@ -111,7 +111,7 @@ module.exports = (server, options) => {
const getTemplate = (req, reply) => {
elasticRequest.callWithInternalUser('cat.templates', {})
.then((data) => {
.then(data => {
if (req.params.pattern == "wazuh-alerts-3.x-*" && data.includes("wazuh-alerts-3.*")) {
reply({
'statusCode': 200,
@ -147,7 +147,7 @@ module.exports = (server, options) => {
}
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 10000,
@ -188,7 +188,7 @@ module.exports = (server, options) => {
'data': 'Index pattern not found'
});
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 10000,
@ -250,7 +250,7 @@ module.exports = (server, options) => {
payload.aggs['2'].terms.field = req.params.field;
fetchElastic(req, payload)
.then((data) => {
.then(data => {
if (data.hits.total === 0 || typeof data.aggregations['2'].buckets[0] === 'undefined'){
reply({
@ -264,7 +264,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,
@ -279,7 +279,7 @@ module.exports = (server, options) => {
index: '.wazuh-version',
type: 'wazuh-version'
})
.then((data) => {
.then(data => {
if (data.hits.total === 0) {
reply({
'statusCode': 200,
@ -292,7 +292,7 @@ module.exports = (server, options) => {
});
}
})
.catch((error) => {
.catch(error => {
reply({
'statusCode': 500,
'error': 9,

827
server/initialize.js
View File

File diff suppressed because it is too large Load Diff

76
server/logger.js Normal file
View File

@ -0,0 +1,76 @@
const winston = require('winston');
const fs = require('fs');
const path = require('path');
/**
* Checks if /var/log/wazuh exists on linux systems. If it doesn't exist, it will be created.
*/
const initDirectory = () => {
if (!fs.existsSync('/var/log/wazuh') && process.platform === 'linux') {
fs.mkdirSync('/var/log/wazuh');
}
return;
}
/**
* Here we create the logger
*/
const wazuhlogger = winston.createLogger({
level : 'info',
format : winston.format.json(),
transports: [
new winston.transports.File({
filename: process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log')
})
]
});
/**
* Prevents from exit on error related to the logger.
*/
wazuhlogger.exitOnError = false;
/**
* Returns given file size in MB, if the file doesn't exist returns 0
* @param {*} filename Path to the file
*/
const getFilesizeInMegaBytes = filename => {
if (fs.existsSync(filename)) {
const stats = fs.statSync(filename)
const fileSizeInMegaBytes = stats.size
return fileSizeInMegaBytes / 1000000.0;
}
return 0;
}
/**
* Checks if the wazuhapp.log file size is greater than 100MB, if so it rotates the file.
*/
const checkFiles = () => {
if (getFilesizeInMegaBytes(process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log')) >= 100) {
fs.renameSync(
process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, '../../wazuhapp.log'),
process.platform === 'linux' ? '/var/log/wazuh/wazuhapp.log' : path.join(__dirname, `../../wazuhapp.${new Date().getTime()}.log`)
)
}
};
/**
* Main function to add a new log
* @param {*} location File where the log is being thrown
* @param {*} message Message to show
* @param {*} level Optional, default is 'error'
*/
const log = (location, message, level) => {
initDirectory();
checkFiles();
wazuhlogger.log({
date : new Date(),
level : level || 'error',
location: location || 'unknown',
message : message || 'An error occurred'
});
};
module.exports = { log }

71
server/monitoring.js
View File

@ -9,6 +9,8 @@ const blueWazuh = colors.blue('wazuh');
const APP_OBJECTS_FILE = './integration-files/app-objects-file-monitoring.json';
const { log } = require('./logger');
module.exports = (server, options) => {
// Elastic JS Client
const elasticRequest = server.plugins.elasticsearch.getCluster('admin');
@ -25,13 +27,15 @@ module.exports = (server, options) => {
// Read Wazuh App package file
try {
packageJSON = require('../package.json');
} catch (e) {
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the Wazuh package file due to ' + e);
} catch (error) {
log('monitoring.js', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the Wazuh package file due to ' + error.message || error);
}
// Check status and get agent status array
const checkStatus = (apiEntry, maxSize, offset) => {
if (!maxSize) {
log('monitoring.js', 'You must provide a max size');
server.log([blueWazuh, 'monitoring', 'error'], 'You must provide a max size');
}
@ -58,6 +62,7 @@ module.exports = (server, options) => {
saveStatus();
}
} else {
log('monitoring.js', 'Can not access Wazuh API');
server.log([blueWazuh, 'monitoring', 'error'], 'Can not access Wazuh API');
}
});
@ -83,6 +88,7 @@ module.exports = (server, options) => {
if (!response.error && response.body.data && response.body.data.totalItems) {
checkStatus(apiEntry, response.body.data.totalItems);
} else {
log('monitoring.js', 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.');
server.log([blueWazuh, 'monitoring', 'error'], 'Wazuh API credentials not found or are not correct. Open the app in your browser and configure it to start monitoring agents.');
}
});
@ -110,6 +116,7 @@ module.exports = (server, options) => {
'insecure': element._source.insecure
};
if (apiEntry.error) {
log('monitoring.js loadCredentials', apiEntry.error || apiEntry);
server.log([blueWazuh, 'monitoring', 'error'], `Error getting wazuh-api data: ${apiEntry.error}`);
break;
}
@ -127,13 +134,15 @@ module.exports = (server, options) => {
if (data.hits.total > 0) {
callback(data.hits);
} else {
log('monitoring.js getConfig','no credentials');
callback({
'error': 'no credentials',
'error_code': 1
});
}
})
.catch(() => {
.catch(error => {
log('monitoring.js getConfig',error.message || error);
callback({
'error': 'no elasticsearch',
'error_code': 2
@ -143,14 +152,16 @@ module.exports = (server, options) => {
// Importing Wazuh app visualizations and dashboards
const importAppObjects = (id) => {
log('monitoring.js importAppObjects','Importing Wazuh app visualizations...','info');
server.log([blueWazuh, 'monitoring', 'info'], 'Importing Wazuh app visualizations...');
try {
app_objects = require(APP_OBJECTS_FILE);
} catch (e) {
} catch (error) {
log('monitoring.js importAppObjects', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Could not read the objects file.');
server.log([blueWazuh, 'monitoring', 'error'], 'Path: ' + APP_OBJECTS_FILE);
server.log([blueWazuh, 'monitoring', 'error'], 'Exception: ' + e);
server.log([blueWazuh, 'monitoring', 'error'], 'Exception: ' + error.message || error);
}
let body = '';
@ -180,9 +191,11 @@ module.exports = (server, options) => {
index: ['.kibana', index_pattern]
}))
.then(() => {
log('monitoring.js importAppObjects', 'Wazuh app visualizations were successfully installed. App ready to be used.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Wazuh app visualizations were successfully installed. App ready to be used.');
})
.catch((error) => {
.catch(error => {
log('monitoring.js importAppObjects',error.message || error);
server.log([blueWazuh, 'server', 'error'], 'Error importing objects into elasticsearch. Bulk request failed.');
});
};
@ -192,6 +205,7 @@ module.exports = (server, options) => {
// Configure Kibana patterns.
const configureKibana = () => {
log('monitoring.js configureKibana', `Creating index pattern: ${index_pattern}`, 'info');
server.log([blueWazuh, 'monitoring', 'info'], `Creating index pattern: ${index_pattern}`);
let patternId = 'index-pattern:' + index_pattern;
@ -207,23 +221,27 @@ module.exports = (server, options) => {
}
}
})
.then((resp) => {
server.log([blueWazuh, 'monitoring', 'info'], 'Created index pattern: ' + index_pattern);
.then(resp => {
log('monitoring.js configureKibana', `Created index pattern: ${index_pattern}`, 'info');
server.log([blueWazuh, 'monitoring', 'info'], `Created index pattern: ${index_pattern}`);
importAppObjects(index_pattern);
})
.catch((error) => {
.catch(error => {
log('monitoring.js configureKibana',error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Error creating index-pattern due to ' + error);
});;
});
};
// Creating wazuh-monitoring index
const createIndex = (todayIndex) => {
elasticRequest.callWithInternalUser('indices.create', { index: todayIndex })
.then(() => {
log('monitoring.js createIndex', 'Successfully created today index.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Successfully created today index.');
insertDocument(todayIndex);
})
.catch((error) => {
.catch(error => {
log('monitoring.js createIndex', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], `Could not create ${todayIndex} index on elasticsearch due to ` + error);
});
};
@ -250,7 +268,8 @@ module.exports = (server, options) => {
body: body
})
.then((response) => agentsArray.length = 0)
.catch((error) => {
.catch(error => {
log('monitoring.js insertDocument', error.message || error);
server.log([blueWazuh, 'monitoring', 'error'], 'Error inserting agent data into elasticsearch. Bulk request failed due to ' + error);
});
}
@ -266,13 +285,15 @@ module.exports = (server, options) => {
if (result) insertDocument(todayIndex);
else createIndex(todayIndex);
})
.catch((error) => {
.catch(error => {
log('monitoring.js saveStatus', `Could not check if the index ${todayIndex} exists due to ${error.message || error}`);
server.log([blueWazuh, 'monitoring', 'error'], `Could not check if the index ${todayIndex} exists due to ` + error);
});
};
// Main. First execution when installing / loading App.
const init = () => {
log('monitoring.js init', 'Creating today index...', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Creating today index...');
saveStatus();
@ -282,10 +303,12 @@ module.exports = (server, options) => {
type: 'doc',
id: patternId
})
.then((data) => {
.then(data => {
log('monitoring.js init', 'Skipping index-pattern creation. Already exists.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], 'Skipping index-pattern creation. Already exists.');
})
.catch((error) => {
.catch(error => {
log('monitoring.js init', 'Didn\'t find wazuh-monitoring pattern for Kibana v6.x. Proceeding to create it...');
server.log([blueWazuh, 'monitoring', 'info'], "Didn't find wazuh-monitoring pattern for Kibana v6.x. Proceeding to create it...");
elasticRequest.callWithInternalUser('delete', {
@ -293,10 +316,12 @@ module.exports = (server, options) => {
type: 'doc',
id: 'index-pattern:wazuh-monitoring-*'
})
.then((resp) => {
.then(resp => {
log('monitoring.js init', 'Successfully deleted old wazuh-monitoring pattern.', 'info');
server.log([blueWazuh, 'monitoring', 'info'], "Successfully deleted old wazuh-monitoring pattern.");
})
.catch((error) => {
.catch(error => {
log('monitoring.js init', 'Didn\'t find old wazuh-monitoring pattern. Skipping deletion.');
server.log([blueWazuh, 'monitoring', 'info'], "Didn't find old wazuh-monitoring pattern. Skipping deletion.");
});
configureKibana();
@ -307,11 +332,12 @@ module.exports = (server, options) => {
const checkElasticsearchServer = () => {
return new Promise(function (resolve, reject) {
elasticRequest.callWithInternalUser('indices.exists', { index: ".kibana" })
.then((data) => {
if (data) server.plugins.elasticsearch.waitUntilReady().then((data) => { resolve(data); });
.then(data => {
if (data) server.plugins.elasticsearch.waitUntilReady().then(data => { resolve(data); });
else reject(data);
})
.catch((error) => {
.catch(error => {
log('monitoring.js checkElasticsearchServer',error.message || error);
reject(error);
});
})
@ -319,8 +345,9 @@ module.exports = (server, options) => {
// Wait until Kibana server is ready
const checkKibanaStatus = () => {
checkElasticsearchServer().then((data) => { init() })
.catch((error) => {
checkElasticsearchServer().then(data => { init() })
.catch(error => {
log('monitoring.js checkKibanaStatus',error.message || error);
server.log([blueWazuh, 'monitoring', 'info'], 'Waiting for Kibana and Elasticsearch servers to be ready...');
setTimeout(() => checkKibanaStatus(), 3000);
});