[Backport 4.5-7.10] Add different responses to endpoints (#5330)

Add different responses to endpoints (#5313) * Add difertents responses to endpoints * Remove unused response * Add and edit responses used * change info in imposter (cherry picked from commit cb2d9c1) Co-authored-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com>
wazuh · Mar 28, 2023 · b0cc83c · b0cc83c
1 parent 117bdde
commit b0cc83c
Show file tree

Hide file tree

Showing 13 changed files with 1,247 additions and 0 deletions.
diff --git a/docker/imposter/agents/agents-configuration.js b/docker/imposter/agents/agents-configuration.js
@@ -0,0 +1,6 @@
+var path = context.request.path;
+var pathArray = path.split('/');
+pathArray.splice(0, 4);
+var pathFile = 'agents/configuration/' + pathArray.join('-') + '.json';
+
+respond().withStatusCode(200).withFile(pathFile);
diff --git a/docker/imposter/agents/configuration/agent-buffer.json b/docker/imposter/agents/configuration/agent-buffer.json
@@ -0,0 +1,10 @@
+{
+  "data": {
+    "buffer": {
+      "disabled": "no",
+      "queue_size": 5000,
+      "events_per_second": 500
+    }
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/agent-client.json b/docker/imposter/agents/configuration/agent-client.json
@@ -0,0 +1,32 @@
+{
+  "data": {
+    "client": {
+      "config-profile": "ubuntu, ubuntu20, ubuntu20.04",
+      "notify_time": 10,
+      "time-reconnect": 60,
+      "force_reconnect_interval": 0,
+      "ip_update_interval": 0,
+      "auto_restart": "yes",
+      "remote_conf": "yes",
+      "crypto_method": "aes",
+      "server": [
+        {
+          "address": "wazuh.manager/172.27.0.3",
+          "port": 1514,
+          "max_retries": 5,
+          "retry_interval": 10,
+          "protocol": "tcp"
+        }
+      ],
+      "enrollment": {
+        "enabled": "yes",
+        "delay_after_enrollment": 20,
+        "port": 1515,
+        "group": "default",
+        "ssl_cipher": "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH",
+        "auto_method": "no"
+      }
+    }
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/agent-labels.json b/docker/imposter/agents/configuration/agent-labels.json
@@ -0,0 +1,32 @@
+{
+  "data": {
+    "labels": [
+      {
+        "value": "i-052a1838c",
+        "key": "aws.instance-id",
+        "hidden": "no"
+      },
+      {
+        "value": "sg-1103",
+        "key": "aws.sec-group",
+        "hidden": "no"
+      },
+      {
+        "value": "172.17.0.0",
+        "key": "network.ip",
+        "hidden": "no"
+      },
+      {
+        "value": "02:42:ac:11:00:02",
+        "key": "network.mac",
+        "hidden": "no"
+      },
+      {
+        "value": "January 1st, 2017",
+        "key": "installation",
+        "hidden": "yes"
+      }
+    ]
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/auth-auth.json b/docker/imposter/agents/configuration/auth-auth.json
@@ -0,0 +1,27 @@
+{
+  "data": {
+    "auth": {
+      "port": 1515,
+      "disabled": "no",
+      "remote_enrollment": "yes",
+      "use_source_ip": "no",
+      "purge": "yes",
+      "use_password": "no",
+      "ssl_verify_host": "no",
+      "ssl_auto_negotiate": "no",
+      "ciphers": "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH",
+      "ssl_manager_cert": "etc/sslmanager.cert",
+      "ssl_manager_key": "etc/sslmanager.key",
+      "force": {
+        "enabled": "yes",
+        "key_mismatch": "yes",
+        "disconnected_time": {
+          "enabled": "yes",
+          "value": 3600
+        },
+        "after_registration_time": 3600
+      }
+    }
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/com-active-response.json b/docker/imposter/agents/configuration/com-active-response.json
@@ -0,0 +1,8 @@
+{
+  "data": {
+    "active-response": {
+      "disabled": "no"
+    }
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/logcollector-localfile.json b/docker/imposter/agents/configuration/logcollector-localfile.json
@@ -0,0 +1,87 @@
+{
+  "data": {
+    "localfile": [
+      {
+        "logformat": "command",
+        "command": "df -P",
+        "alias": "df -P",
+        "ignore_binaries": "no",
+        "target": ["agent"],
+        "frequency": 360
+      },
+      {
+        "logformat": "full_command",
+        "command": "netstat -tulpn | sed 's/\\([[:alnum:]]\\+\\)\\ \\+[[:digit:]]\\+\\ \\+[[:digit:]]\\+\\ \\+\\(.*\\):\\([[:digit:]]*\\)\\ \\+\\([0-9\\.\\:\\*]\\+\\).\\+\\ \\([[:digit:]]*\\/[[:alnum:]\\-]*\\).*/\\1 \\2 == \\3 == \\4 \\5/' | sort -k 4 -g | sed 's/ == \\(.*\\) ==/:\\1/' | sed 1,2d",
+        "alias": "netstat listening ports",
+        "ignore_binaries": "no",
+        "target": ["agent"],
+        "frequency": 360
+      },
+      {
+        "logformat": "full_command",
+        "command": "last -n 20",
+        "alias": "last -n 20",
+        "ignore_binaries": "no",
+        "target": ["agent"],
+        "frequency": 360
+      },
+      {
+        "file": "/var/log/test.log",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/nginx/access.log",
+        "logformat": "apache",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/nginx/error.log",
+        "logformat": "apache",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/ossec/logs/active-responses.log",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/auth.log",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/syslog",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/dpkg.log",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      },
+      {
+        "file": "/var/log/kern.log",
+        "logformat": "syslog",
+        "ignore_binaries": "no",
+        "only-future-events": "yes",
+        "target": ["agent"]
+      }
+    ]
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/logcollector-socket.json b/docker/imposter/agents/configuration/logcollector-socket.json
@@ -0,0 +1,18 @@
+{
+  "data": {
+    "target": [
+      {
+        "name": "custom_socket",
+        "location": "/var/run/custom.sock",
+        "mode": "tcp",
+        "prefix": "custom_syslog: "
+      },
+      {
+        "name": "test_socket",
+        "location": "/var/run/test.sock",
+        "mode": "udp"
+      }
+    ]
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/request-remote.json b/docker/imposter/agents/configuration/request-remote.json
@@ -0,0 +1,14 @@
+{
+  "data": {
+    "remote": [
+      {
+        "connection": "secure",
+        "ipv6": "no",
+        "protocol": ["TCP"],
+        "port": "1514",
+        "queue_size": "131072"
+      }
+    ]
+  },
+  "error": 0
+}
diff --git a/docker/imposter/agents/configuration/syscheck-rootcheck.json b/docker/imposter/agents/configuration/syscheck-rootcheck.json
@@ -0,0 +1,22 @@
+{
+  "data": {
+    "rootcheck": {
+      "disabled": "no",
+      "base_directory": "",
+      "rootkit_files": "etc/rootcheck/rootkit_files.txt",
+      "rootkit_trojans": "etc/rootcheck/rootkit_trojans.txt",
+      "scanall": "no",
+      "skip_nfs": "yes",
+      "frequency": 43200,
+      "check_dev": "yes",
+      "check_files": "yes",
+      "check_if": "yes",
+      "check_pids": "yes",
+      "check_ports": "yes",
+      "check_sys": "yes",
+      "check_trojans": "yes",
+      "check_unixaudit": "no"
+    }
+  },
+  "error": 0
+}