Skip to content

Commit

Permalink
chore: agent_name added; version upgrade to 0.2.3
Browse files Browse the repository at this point in the history
  • Loading branch information
stephane-segning committed Oct 4, 2024
1 parent 04b8851 commit 75299d2
Show file tree
Hide file tree
Showing 17 changed files with 225 additions and 66 deletions.
4 changes: 2 additions & 2 deletions helm/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.2
version: 0.2.3

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand All @@ -29,4 +29,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
tags:
- common
- bitnami-common
- bitnami-common
4 changes: 2 additions & 2 deletions scripts/install.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ $ErrorActionPreference = "Stop"
# Default log level and application details
$LOG_LEVEL = ${LOG_LEVEL:-"INFO"}
$APP_NAME = ${APP_NAME:-"wazuh-cert-oauth2-client"}
$WOPS_VERSION = ${WOPS_VERSION:-"0.2.2"}
$WOPS_VERSION = ${WOPS_VERSION:-"0.2.3"}
$OSSEC_CONF_PATH = ${OSSEC_CONF_PATH:-"C:\Program Files\ossec\etc\ossec.conf"}
$USER = "root"
$GROUP = "wazuh"
Expand Down Expand Up @@ -128,4 +128,4 @@ else
Warn-Message "Wazuh agent configuration file not found at $OSSEC_CONF_PATH. Skipping agent certificate configuration."
}

Success-Message "Installation and configuration complete! You can now use '$APP_NAME' from your terminal."
Success-Message "Installation and configuration complete! You can now use '$APP_NAME' from your terminal."
6 changes: 3 additions & 3 deletions scripts/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ fi
# Default log level and application details
LOG_LEVEL=${LOG_LEVEL:-INFO}
APP_NAME=${APP_NAME:-"wazuh-cert-oauth2-client"}
WOPS_VERSION=${WOPS_VERSION:-"0.2.2"}
WOPS_VERSION=${WOPS_VERSION:-"0.2.3"}
OSSEC_CONF_PATH=${OSSEC_CONF_PATH:-"/var/ossec/etc/ossec.conf"}
USER="root"
GROUP="wazuh"
Expand Down Expand Up @@ -143,7 +143,7 @@ configure_agent_certificates() {

check_enrollment() {
if ! maybe_sudo grep -q "<enrollment>" "$OSSEC_CONF_PATH"; then
ENROLLMENT_BLOCK="<enrollment>\n <agent_certificate_path>etc/sslagent.cert</agent_certificate_path>\n <agent_key_path>etc/sslagent.key</agent_key_path>\n</enrollment>\n"
ENROLLMENT_BLOCK="\t\t\n<enrollment>\n <agent_name></agent_name>\n <agent_certificate_path>etc/sslagent.cert</agent_certificate_path>\n <agent_key_path>etc/sslagent.key</agent_key_path>\n</enrollment>\n"
# Add the file_limit block after the <syscheck> line
maybe_sudo sed_alternative -i "/<\/server=*/ a\ $ENROLLMENT_BLOCK" "$OSSEC_CONF_PATH" || {
error_message "Error occurred during the addition of the enrollment block."
Expand Down Expand Up @@ -234,4 +234,4 @@ else
warn_message "Wazuh agent configuration file not found at $OSSEC_CONF_PATH. Skipping agent certificate configuration."
fi

success_message "Installation and configuration complete! You can now use '$APP_NAME' from your terminal."
success_message "Installation and configuration complete! You can now use '$APP_NAME' from your terminal."
81 changes: 79 additions & 2 deletions wazuh-cert-oauth2-client/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions wazuh-cert-oauth2-client/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
[package]
name = "wazuh-cert-oauth2-client"
version = "0.2.2"
version = "0.2.3"
edition = "2021"

[dependencies]
tokio = { version = "1.38.1", features = ["windows-sys", "macros", "rt-multi-thread", "fs"] }
tokio = { version = "1.38.1", features = ["windows-sys", "macros", "rt-multi-thread", "fs", "process"] }
anyhow = "1.0.86"
thiserror = "1.0.63"
log = "0.4.22"
Expand All @@ -13,4 +13,6 @@ structopt = "0"
oauth2 = "4.4.2"
reqwest = { version = "0", features = ["json"] }
wazuh-cert-oauth2-model = { path = "../wazuh-cert-oauth2-model" }
openssl = { version = "0.10.66", features = ["vendored"] }
openssl = { version = "0.10.66", features = ["vendored"] }
mid = "3.0.0"
local-ip-address = "0.6.3"
45 changes: 34 additions & 11 deletions wazuh-cert-oauth2-client/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@ extern crate log;

use std::env::var;

use anyhow::Result;
use structopt::StructOpt;

use crate::services::get_token::get_token;
use crate::services::get_user_keys::fetch_user_keys;
use crate::services::save_to_file::save_keys;
use crate::shared::cli::Opt;
use crate::shared::constants::*;
use crate::shared::path::{default_cert_path, default_key_path};
use anyhow::Result;
use structopt::StructOpt;
use wazuh_cert_oauth2_model::models::claims::Claims;
use wazuh_cert_oauth2_model::models::document::DiscoveryDocument;
use wazuh_cert_oauth2_model::services::fetch_only::fetch_only;
use wazuh_cert_oauth2_model::services::jwks::validate_token;
use crate::services::set_name::set_name;

mod services;
mod shared;
Expand All @@ -25,25 +30,43 @@ async fn main() -> Result<()> {
match Opt::from_args() {
Opt::OAuth2 {
issuer: default_issuer,
audience: default_audiences,
client_id: default_client_id,
client_secret: default_client_secret,
endpoint: default_endpoint,
cert_path: default_cert_path,
key_path: default_key_path
} => {
let issuer = var(OAUTH2_ISSUER).unwrap_or(default_issuer);
let client_id = var(OAUTH2_CLIENT_ID).unwrap_or(default_client_id);
let client_secret = var(OAUTH2_CLIENT_SECRET).ok().or_else(|| default_client_secret);
let endpoint = var(ENDPOINT).unwrap_or(default_endpoint);
let cert_path = var(PUBLIC_KEY_FILE).unwrap_or_else(|_| default_cert_path);
let key_path = var(PRIVATE_KEY_FILE).unwrap_or_else(|_| default_key_path);
let cert_path = var(PUBLIC_KEY_FILE).unwrap_or_else(|_| default_cert_path());
let key_path = var(PRIVATE_KEY_FILE).unwrap_or_else(|_| default_key_path());

let kc_audiences = var("KC_AUDIENCES").unwrap_or(default_audiences);
let kc_audiences = kc_audiences
.split(",")
.map(|s| s.to_string())
.collect::<Vec<String>>();

let document = fetch_only::<DiscoveryDocument>(&format!("{}/.well-known/openid-configuration", issuer)).await?;
let jwks = fetch_only(&document.jwks_uri).await?;

let token = get_token(&issuer, &client_id, client_secret).await?;
let user_key = fetch_user_keys(&endpoint, &token).await?;
save_keys(&cert_path, &key_path, &user_key).await?;
info!("Keys saved successfully!");
match validate_token(&token, &jwks, &kc_audiences).await {
Ok(Claims { name, ..}) => {
let user_key = fetch_user_keys(&endpoint, &token).await?;
save_keys(&cert_path, &key_path, &user_key).await?;
info!("Keys saved successfully!");

set_name(&name).await?;
info!("Name set successfully!");
}
Err(_) => {
error!("Unauthorized");
}
}
}
}

Ok(())
}
}
3 changes: 2 additions & 1 deletion wazuh-cert-oauth2-client/src/services/mod.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
pub mod get_token;
pub mod get_user_keys;
pub mod save_to_file;
pub mod save_to_file;
pub mod set_name;
30 changes: 30 additions & 0 deletions wazuh-cert-oauth2-client/src/services/set_name.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
use crate::shared::path::{default_path_agent_control, default_path_to_ossec_conf};
use crate::shared::sed_command::sed_command;
use anyhow::Result;
use tokio::process::Command;

/**
Edit the ossef.conf file and add agent_name under client tag.
Then restart the agent to apply the changes.
*/
pub async fn set_name(name: &str) -> Result<()> {
let machine_id = mid::get(name)?;
let agent_name = format!("{}-{}", name, machine_id);

let ossec_conf = default_path_to_ossec_conf();

let update_cmd = format!(r"s|<agent_name>.*</agent_name>|<agent_name>{}</agent_name>|g", agent_name);
sed_command(&update_cmd, &ossec_conf).await?;

let control_bin = default_path_agent_control();
let status = Command::new(control_bin)
.arg("restart")
.status().await?;

if !status.success() {
error!("Failed to restart agent");
return Ok(());
}

Ok(())
}
37 changes: 4 additions & 33 deletions wazuh-cert-oauth2-client/src/shared/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ pub enum Opt {
#[structopt(long, default_value = "https://login.wazuh.adorsys.team/realms/adorsys")]
issuer: String,

#[structopt(long, short = "a", default_value = "account")]
audience: String,

#[structopt(long, short = "i", default_value = "adorsys-machine-client")]
client_id: String,

Expand All @@ -20,37 +23,5 @@ pub enum Opt {
default_value = "https://cert.wazuh.adorsys.team/api/register-agent"
)]
endpoint: String,

#[structopt(
long,
short = "c",
default_value = default_cert_path()
)]
cert_path: String,

#[structopt(
long,
short = "k",
default_value = default_key_path()
)]
key_path: String,
},
}

// Define a function to handle the default cert path
fn default_cert_path() -> &'static str {
if cfg!(target_os = "macos") {
"/Library/Ossec/etc/sslagent.cert"
} else {
"/var/ossec/etc/sslagent.cert"
}
}

// Define a function to handle the default key path
fn default_key_path() -> &'static str {
if cfg!(target_os = "macos") {
"/Library/Ossec/etc/sslagent.key"
} else {
"/var/ossec/etc/sslagent.key"
}
}
}
Loading

0 comments on commit 75299d2

Please sign in to comment.