wazuh · pearsondavid · Oct 29, 2024 · Oct 29, 2024 · Oct 29, 2024 · Nov 5, 2024
diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp
@@ -1,6 +1,6 @@
 # Copyright (C) 2015, Wazuh Inc.
 #Define for a specific ossec active-response
-define wazuh::activeresponse(
+define wazuh::activeresponse (
   $active_response_name               = 'Rendering active-response template',
   $active_response_disabled           = undef,
   $active_response_linux_ca_store     = undef,
@@ -21,6 +21,6 @@
     target  => $target_arg,
     order   => $order_arg,
     before  => $before_arg,
-    content => template($content_arg)
+    content => template($content_arg),
   }
 }
diff --git a/manifests/addlog.pp b/manifests/addlog.pp
@@ -1,6 +1,6 @@
 # Copyright (C) 2015, Wazuh Inc.
 #Define a log-file to add to ossec
-define wazuh::addlog(
+define wazuh::addlog (
   $logfile      = undef,
   $logtype      = 'syslog',
   $logcommand   = undef,
@@ -15,5 +15,4 @@
     content => template('wazuh/fragments/_localfile_generation.erb'),
     order   => 21,
   }
-
 }
diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -91,7 +91,6 @@
   $wazuh_delay_after_enrollment      = $wazuh::params_agent::wazuh_delay_after_enrollment,
   $wazuh_enrollment_use_source_ip    = $wazuh::params_agent::wazuh_enrollment_use_source_ip,
 
-
   # Rootcheck
   $ossec_rootcheck_disabled           = $wazuh::params_agent::ossec_rootcheck_disabled,
   $ossec_rootcheck_check_files        = $wazuh::params_agent::ossec_rootcheck_check_files,
@@ -109,7 +108,6 @@
   $ossec_rootcheck_skip_nfs           = $wazuh::params_agent::ossec_rootcheck_skip_nfs,
   $ossec_rootcheck_system_audit      = $wazuh::params_agent::ossec_rootcheck_system_audit,
 
-
   # rootcheck windows
   $ossec_rootcheck_windows_disabled        = $wazuh::params_agent::ossec_rootcheck_windows_disabled,
   $ossec_rootcheck_windows_windows_apps    = $wazuh::params_agent::ossec_rootcheck_windows_windows_apps,
@@ -186,46 +184,46 @@
   $wodle_docker_listener_disabled    = $wazuh::params_agent::wodle_docker_listener_disabled,
 
   # Localfile
-  $ossec_local_files                 = $wazuh::params_agent::default_local_files,
+  $ossec_local_files = $wazuh::params_agent::default_local_files,
 
   # Syscheck
-  $ossec_syscheck_disabled           = $wazuh::params_agent::ossec_syscheck_disabled,
-  $ossec_syscheck_frequency          = $wazuh::params_agent::ossec_syscheck_frequency,
-  $ossec_syscheck_scan_on_start      = $wazuh::params_agent::ossec_syscheck_scan_on_start,
-  $ossec_syscheck_auto_ignore        = $wazuh::params_agent::ossec_syscheck_auto_ignore,
-  $ossec_syscheck_directories_1      = $wazuh::params_agent::ossec_syscheck_directories_1,
-  $ossec_syscheck_directories_2      = $wazuh::params_agent::ossec_syscheck_directories_2,
-
-  $ossec_syscheck_report_changes_directories_1            = $wazuh::params_agent::ossec_syscheck_report_changes_directories_1,
-  $ossec_syscheck_whodata_directories_1            = $wazuh::params_agent::ossec_syscheck_whodata_directories_1,
-  $ossec_syscheck_realtime_directories_1           = $wazuh::params_agent::ossec_syscheck_realtime_directories_1,
-  $ossec_syscheck_report_changes_directories_2         = $wazuh::params_agent::ossec_syscheck_report_changes_directories_2,
-  $ossec_syscheck_whodata_directories_2            = $wazuh::params_agent::ossec_syscheck_whodata_directories_2,
-  $ossec_syscheck_realtime_directories_2           = $wazuh::params_agent::ossec_syscheck_realtime_directories_2,
-  $ossec_syscheck_ignore_list        = $wazuh::params_agent::ossec_syscheck_ignore_list,
-  $ossec_syscheck_ignore_type_1      = $wazuh::params_agent::ossec_syscheck_ignore_type_1,
-  $ossec_syscheck_ignore_type_2      = $wazuh::params_agent::ossec_syscheck_ignore_type_2,
+  $ossec_syscheck_disabled      = $wazuh::params_agent::ossec_syscheck_disabled,
+  $ossec_syscheck_frequency     = $wazuh::params_agent::ossec_syscheck_frequency,
+  $ossec_syscheck_scan_on_start = $wazuh::params_agent::ossec_syscheck_scan_on_start,
+  $ossec_syscheck_auto_ignore   = $wazuh::params_agent::ossec_syscheck_auto_ignore,
+  $ossec_syscheck_directories_1 = $wazuh::params_agent::ossec_syscheck_directories_1,
+  $ossec_syscheck_directories_2 = $wazuh::params_agent::ossec_syscheck_directories_2,
+
+  $ossec_syscheck_report_changes_directories_1 = $wazuh::params_agent::ossec_syscheck_report_changes_directories_1,
+  $ossec_syscheck_whodata_directories_1        = $wazuh::params_agent::ossec_syscheck_whodata_directories_1,
+  $ossec_syscheck_realtime_directories_1       = $wazuh::params_agent::ossec_syscheck_realtime_directories_1,
+  $ossec_syscheck_report_changes_directories_2 = $wazuh::params_agent::ossec_syscheck_report_changes_directories_2,
+  $ossec_syscheck_whodata_directories_2        = $wazuh::params_agent::ossec_syscheck_whodata_directories_2,
+  $ossec_syscheck_realtime_directories_2       = $wazuh::params_agent::ossec_syscheck_realtime_directories_2,
+  $ossec_syscheck_ignore_list                  = $wazuh::params_agent::ossec_syscheck_ignore_list,
+  $ossec_syscheck_ignore_type_1                = $wazuh::params_agent::ossec_syscheck_ignore_type_1,
+  $ossec_syscheck_ignore_type_2                = $wazuh::params_agent::ossec_syscheck_ignore_type_2,
   $ossec_syscheck_max_eps                      = $wazuh::params_agent::ossec_syscheck_max_eps,
   $ossec_syscheck_process_priority             = $wazuh::params_agent::ossec_syscheck_process_priority,
   $ossec_syscheck_synchronization_enabled      = $wazuh::params_agent::ossec_syscheck_synchronization_enabled,
   $ossec_syscheck_synchronization_interval     = $wazuh::params_agent::ossec_syscheck_synchronization_interval,
   $ossec_syscheck_synchronization_max_eps      = $wazuh::params_agent::ossec_syscheck_synchronization_max_eps,
   $ossec_syscheck_synchronization_max_interval = $wazuh::params_agent::ossec_syscheck_synchronization_max_interval,
-  $ossec_syscheck_nodiff             = $wazuh::params_agent::ossec_syscheck_nodiff,
-  $ossec_syscheck_skip_nfs           = $wazuh::params_agent::ossec_syscheck_skip_nfs,
-  $ossec_syscheck_windows_audit_interval      = $wazuh::params_agent::windows_audit_interval,
+  $ossec_syscheck_nodiff                       = $wazuh::params_agent::ossec_syscheck_nodiff,
+  $ossec_syscheck_skip_nfs                     = $wazuh::params_agent::ossec_syscheck_skip_nfs,
+  $ossec_syscheck_windows_audit_interval       = $wazuh::params_agent::windows_audit_interval,
 
   # Audit
-  $audit_manage_rules                = $wazuh::params_agent::audit_manage_rules,
-  $audit_buffer_bytes                = $wazuh::params_agent::audit_buffer_bytes,
-  $audit_backlog_wait_time           = $wazuh::params_agent::audit_backlog_wait_time,
-  $audit_rules                       = $wazuh::params_agent::audit_rules,
+  $audit_manage_rules      = $wazuh::params_agent::audit_manage_rules,
+  $audit_buffer_bytes      = $wazuh::params_agent::audit_buffer_bytes,
+  $audit_backlog_wait_time = $wazuh::params_agent::audit_backlog_wait_time,
+  $audit_rules             = $wazuh::params_agent::audit_rules,
 
   # active-response
-  $ossec_active_response_disabled             =  $wazuh::params_agent::active_response_disabled,
-  $ossec_active_response_linux_ca_store       =  $wazuh::params_agent::active_response_linux_ca_store,
-  $ossec_active_response_ca_verification      =  $wazuh::params_agent::active_response_ca_verification,
-  $ossec_active_response_repeated_offenders   =  $wazuh::params_agent::active_response_repeated_offenders,
+  $ossec_active_response_disabled           =  $wazuh::params_agent::active_response_disabled,
+  $ossec_active_response_linux_ca_store     =  $wazuh::params_agent::active_response_linux_ca_store,
+  $ossec_active_response_ca_verification    =  $wazuh::params_agent::active_response_ca_verification,
+  $ossec_active_response_repeated_offenders =  $wazuh::params_agent::active_response_repeated_offenders,
 
   # Agent Labels
   $ossec_labels                      = $wazuh::params_agent::ossec_labels,
@@ -260,15 +258,14 @@
     }
   }
 
-
   if $manage_client_keys == 'yes' {
     if $wazuh_register_endpoint == undef {
       fail('The $wazuh_register_endpoint parameter is needed in order to register the Agent.')
     }
   }
 
   # Package installation
-  case $::kernel {
+  case $facts['kernel'] {
     'Linux': {
       package { $agent_package_name:
         ensure => "${agent_package_version}-${agent_package_revision}", # lint:ignore:security_package_pinned_version
@@ -284,12 +281,12 @@
         group              => 'Administrators',
         mode               => '0774',
         source             => "${agent_msi_download_location}/wazuh-agent-${agent_package_version}-${agent_package_revision}.msi",
-        source_permissions => ignore
+        source_permissions => ignore,
       }
 
       # We dont need to pin the package version on Windows since we install if from the right MSI.
       -> package { $agent_package_name:
-        ensure          => "${agent_package_version}",
+        ensure          => "${ agent_package_version }",
         provider        => 'windows',
         source          => "${download_path}\\wazuh-agent-${agent_package_version}-${agent_package_revision}.msi",
         install_options => [
@@ -302,46 +299,44 @@
     default: { fail('OS not supported') }
   }
 
-  case $::kernel {
-  'Linux': {
-    ## ossec.conf generation concats
-    case $::operatingsystem {
-      'RedHat', 'OracleLinux', 'Suse':{
-        $apply_template_os = 'rhel'
-        if ( $::operatingsystemrelease =~ /^9.*/ ){
-          $rhel_version = '9'
-        }elsif ( $::operatingsystemrelease =~ /^8.*/ ){
-          $rhel_version = '8'
-        }elsif ( $::operatingsystemrelease =~ /^7.*/ ){
-          $rhel_version = '7'
-        }elsif ( $::operatingsystemrelease =~ /^6.*/ ){
-          $rhel_version = '6'
-        }elsif ( $::operatingsystemrelease =~ /^5.*/ ){
-          $rhel_version = '5'
-        }else{
-          fail('This ossec module has not been tested on your distribution')
-        }
-      }'Debian', 'debian', 'Ubuntu', 'ubuntu':{
-        $apply_template_os = 'debian'
-        if ( $::lsbdistcodename == 'wheezy') or ($::lsbdistcodename == 'jessie'){
-          $debian_additional_templates = 'yes'
+  case $facts['kernel'] {
+    'Linux': {
+      ## ossec.conf generation concats
+      case $facts['os']['name'] {
+        'RedHat', 'OracleLinux', 'Suse':{
+          $apply_template_os = 'rhel'
+          if ( $facts['os']['release']['full'] =~ /^9.*/ ) {
+            $rhel_version = '9'
+          } elsif ( $facts['os']['release']['full'] =~ /^8.*/ ) {
+            $rhel_version = '8'
+          } elsif ( $facts['os']['release']['full'] =~ /^7.*/ ) {
+            $rhel_version = '7'
+          } elsif ( $facts['os']['release']['full'] =~ /^6.*/ ) {
+            $rhel_version = '6'
+          } elsif ( $facts['os']['release']['full'] =~ /^5.*/ ) {
+            $rhel_version = '5'
+          } else {
+            fail('This ossec module has not been tested on your distribution')
+          }
+        } 'Debian', 'debian', 'Ubuntu', 'ubuntu':{
+          $apply_template_os = 'debian'
+          if ( $facts['os']['distro']['codename']  == 'wheezy') or ( $facts['os']['distro']['codename'] == 'jessie') {
+            $debian_additional_templates = 'yes'
+          }
+        } 'Amazon':{
+          $apply_template_os = 'amazon'
+        } 'CentOS','Centos','centos','AlmaLinux','Rocky':{
+          $apply_template_os = 'centos'
+        } 'SLES':{
+          $apply_template_os = 'suse'
         }
-      }'Amazon':{
-        $apply_template_os = 'amazon'
-      }'CentOS','Centos','centos','AlmaLinux','Rocky':{
-        $apply_template_os = 'centos'
-      }'SLES':{
-        $apply_template_os = 'suse'
+        default: { fail('OS not supported') }
       }
-      default: { fail('OS not supported') }
-    }
-  }'windows': {
+    } 'windows': {
       $apply_template_os = 'windows'
     }
     default: { fail('OS not supported') }
   }
-
-
   concat { 'agent_ossec.conf':
     path    => $wazuh::params_agent::config_file,
     owner   => $wazuh::params_agent::config_owner,
@@ -355,7 +350,7 @@
   concat::fragment {
     'ossec.conf_header':
       target  => 'agent_ossec.conf',
-      order   => 00,
+      order   => '00',
       before  => Service[$agent_service_name],
       content => "<ossec_config>\n";
     'ossec.conf_agent':
@@ -448,19 +443,19 @@
   }
   if ($configure_active_response == true) {
     wazuh::activeresponse { 'active-response configuration':
-      active_response_disabled           =>  $ossec_active_response_disabled,
-      active_response_linux_ca_store     =>  $ossec_active_response_linux_ca_store,
-      active_response_ca_verification    =>  $ossec_active_response_ca_verification,
-      active_response_repeated_offenders =>  $ossec_active_response_repeated_offenders,
+      active_response_disabled           => $ossec_active_response_disabled,
+      active_response_linux_ca_store     => $ossec_active_response_linux_ca_store,
+      active_response_ca_verification    => $ossec_active_response_ca_verification,
+      active_response_repeated_offenders => $ossec_active_response_repeated_offenders,
       order_arg                          => 40,
       before_arg                         => Service[$agent_service_name],
-      target_arg                         => 'agent_ossec.conf'
+      target_arg                         => 'agent_ossec.conf',
     }
   }
 
-  if ($configure_labels == true){
+  if ($configure_labels == true) {
     concat::fragment {
-        'ossec.conf_labels':
+      'ossec.conf_labels':
         target  => 'agent_ossec.conf',
         order   => 45,
         before  => Service[$agent_service_name],
@@ -504,9 +499,9 @@
       $agent_auth_option_address = ''
     }
 
-    case $::kernel {
+    case $facts['kernel'] {
       'Linux': {
-        file { $::wazuh::params_agent::keys_file:
+        file { $wazuh::params_agent::keys_file:
           owner => $wazuh::params_agent::keys_owner,
           group => $wazuh::params_agent::keys_group,
           mode  => $wazuh::params_agent::keys_mode,
@@ -567,7 +562,7 @@
         exec { 'agent-auth-linux':
           path    => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'],
           command => $agent_auth_command,
-          unless  => "egrep -q '.' ${::wazuh::params_agent::keys_file}",
+          unless  => "egrep -q '.' ${wazuh::params_agent::keys_file}",
           require => Concat['agent_ossec.conf'],
           before  => Service[$agent_service_name],
           notify  => Service[$agent_service_name],
@@ -595,7 +590,7 @@
         exec { 'agent-auth-windows':
           command  => $agent_auth_command,
           provider => 'powershell',
-          onlyif   => "if ((Get-Item '${$::wazuh::params_agent::keys_file}').length -gt 0kb) {exit 1}",
+          onlyif   => "if ((Get-Item '${$wazuh::params_agent::keys_file}').length -gt 0kb) {exit 1}",
           require  => Concat['agent_ossec.conf'],
           before   => Service[$agent_service_name],
           notify   => Service[$agent_service_name],
@@ -625,7 +620,7 @@
 
   # SELinux
   # Requires selinux module specified in metadata.json
-  if ($::osfamily == 'RedHat' and $selinux == true) {
+  if ( $facts['os']['family'] == 'RedHat' and $selinux == true ) {
     selinux::module { 'ossec-logrotate':
       ensure    => 'present',
       source_te => 'puppet:///modules/wazuh/ossec-logrotate.te',
@@ -656,5 +651,4 @@
       require => Package[$wazuh::params_agent::agent_package_name],
     }
   }
-
 }
diff --git a/manifests/audit.pp b/manifests/audit.pp
@@ -7,18 +7,17 @@
   $audit_rules = [],
   $audit_package_title = 'Installing Audit..',
 ) {
-
-  case $::kernel {
+  case $facts['kernel'] {
     'Linux': {
-      case $::operatingsystem {
+      case $facts['os']['name'] {
         'Debian', 'debian', 'Ubuntu', 'ubuntu': {
           package { $audit_package_title:
             name => 'auditd',
           }
         }
         default: {
           package { $audit_package_title:
-            name => 'audit'
+            name => 'audit',
           }
         }
       }
@@ -31,21 +30,21 @@
 
       if $audit_manage_rules == true {
         file { '/etc/audit/rules.d/audit.rules':
-          ensure  => present,
+          ensure  => file,
           require => Service['auditd'],
         }
 
         $audit_rules.each |String $rule| {
           file_line { "Append rule ${rule} to /etc/audit/rules.d/audit.rules":
             path    => '/etc/audit/rules.d/audit.rules',
             line    => $rule,
-            require => File['/etc/audit/rules.d/audit.rules']
+            require => File['/etc/audit/rules.d/audit.rules'],
           }
         }
       }
     }
     default: {
-      fail("Module Audit not supported on ${::operatingsystem}")
+      fail("Module Audit not supported on ${$facts['os']['name']}")
     }
   }
 }
diff --git a/manifests/certificates.pp b/manifests/certificates.pp
@@ -35,12 +35,12 @@
     ],
   }
   file { 'Copy all certificates into module':
-    ensure => 'directory',
-    source => '/tmp/wazuh-certificates/',
+    ensure  => 'directory',
+    source  => '/tmp/wazuh-certificates/',
     recurse => 'remote',
-    path => '/etc/puppetlabs/code/environments/production/modules/archive/files/',
-    owner => 'root',
-    group => 'root',
-    mode  => '0755',
+    path    => '/etc/puppetlabs/code/environments/production/modules/archive/files/',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
   }
 }
diff --git a/manifests/command.pp b/manifests/command.pp
@@ -1,6 +1,6 @@
 # Copyright (C) 2015, Wazuh Inc.
 # Define an ossec command
-define wazuh::command(
+define wazuh::command (
   $command_name,
   $command_executable,
   $command_expect  = 'srcip',