Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Flask - YAML configuration #2570

Closed
2 tasks done
crd1985 opened this issue Feb 12, 2019 · 4 comments
Closed
2 tasks done

API: Flask - YAML configuration #2570

crd1985 opened this issue Feb 12, 2019 · 4 comments
Assignees
@mgmacias95
Labels
module/api
Projects
Wazuh 4.0.0
Milestone
8th week sprint

Comments

@crd1985
Copy link
Contributor

crd1985 commented Feb 12, 2019
edited by mgmacias95

This issue is related to #2413

Current nodejs API configuration is located in /var/ossec/api/configuration/config.js file. It is time to migrate to a config.yml file!

Tasks:

  • Research and select the best Python package to deal with yml files
  • Load the configuration into Python from the new config.yml file
@jesuslinares jesuslinares mentioned this issue Feb 12, 2019
Closed
11 tasks
@mgmacias95
Copy link
Contributor

Hello @crd1985,

I think the most suitable option is PyYaml.. It isn't fully compatible with Python 3.7 (yaml/pyyaml#212) but hopefully, that will be fixed soon.

Best regards,
Marta

@mgmacias95 mgmacias95 self-assigned this Feb 19, 2019
@mgmacias95
Copy link
Contributor

Status update

Summary

I'm working on branch dev-api-flask-config-yml. I have translated the config.js file to yml. This new configuration file will be installed under api/configuration/ directory. In addition, I have also added support for CORS and HTTPS.

Tasks

  • Translate configuration to YML (1f77a5e).
  • Install configuration file (1f77a5e).
  • Load configuration file when the API daemon is started (1f77a5e).
  • Configure API logging (logging level and log file path) using variables from configuration (f1d79c3).
  • Configure API's port and host using values defined in configuration (4d6660f).
  • Add support for CORS (1913196).
  • Add support for HTTPS (without CA) (8754a99).

Best regards,
Marta

@crd1985 crd1985 added this to To do in Wazuh 4.0.0 via automation Feb 20, 2019
@crd1985 crd1985 added this to the 8th week sprint milestone Feb 20, 2019
@mgmacias95
Copy link
Contributor

Hello @crd1985,

I have been doing research on certificate authorities. I have found out that use_ca and ca options in the configuration aren't necessary. The steps to have a self generated CA on the API server are:

  1. Create the CA: 
    # openssl req -x509 -new -nodes -newkey rsa:2048 -keyout rootCA.key -out rootCA.pem -batch -subj "/C=US/ST=CA/O=Manager"
Generating a 2048 bit RSA private key
...................+++
.........................................................+++
writing new private key to 'rootCA.key'
-----
  2. Create a certificate for the API server: 
    # openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj '/C=US/CN=172.17.0.100'
Generating a 2048 bit RSA private key
........................................................................................+++
.....................+++
writing new private key to 'server.key'
-----
# openssl x509 -req -days 365 -in server.csr -CA rootCA.pem -CAkey rootCA.key -out server.crt -CAcreateserial
Signature ok
subject=C = US, CN = 172.17.0.100
Getting CA Private Key
  3. Use the CA to make requests against the API: 
    # curl -u foo:bar "https://172.17.0.100:55000/agents?limit=1" --cacert /var/ossec/api/configuration/ssl/rootCA.pem
{
   "data": {
   "items": [
      {
        "dateAdd": "2019-02-19 11:17:53",
        "id": "000",
        "ip": "127.0.0.1",
        "lastKeepAlive": "9999-12-31 23:59:59",
        "manager": "master",
        "name": "master",
        "node_name": "master",
        "os": {
          "arch": "x86_64",
          "codename": "Bionic Beaver",
          "major": "18",
          "minor": "04",
          "name": "Ubuntu",
          "platform": "ubuntu",
          "uname": "Linux |master |4.15.0-43-generic |#46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 |x86_64",
          "version": "18.04.1 LTS"
        },
        "status": "Active",
        "version": "Wazuh v3.9.0"
      }
    ],
    "totalItems": 2
  },
  "error": 0
}

I have removed ca and use_ca options in commit 2cd29c7.

Best regards,
Marta

@mgmacias95
Copy link
Contributor

Hello team,

The main goal of this issue has already been achieved: configuration is already translated to YML and the API uses it. However, there are some options which implementation remains pending:

Best regards,
Marta

Wazuh 4.0.0 automation moved this from To do to Done Feb 20, 2019
This was referenced Feb 20, 2019
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mgmacias95 mgmacias95

Labels
module/api
Projects
No open projects
Wazuh 4.0.0
  
Done
Milestone
8th week sprint
Development

No branches or pull requests
2 participants
@mgmacias95 @crd1985