96 lines
3.4 KiB
Django/Jinja
96 lines
3.4 KiB
Django/Jinja
|
|
var config = {};
|
|
|
|
// Basic configuration
|
|
|
|
// Path
|
|
config.ossec_path = "/var/ossec";
|
|
// The host to bind the API to.
|
|
config.host = "{{ wazuh_manager_config.api.bind_addr }}";
|
|
// TCP Port used by the API.
|
|
config.port = "{{ wazuh_manager_config.api.port }}";
|
|
// Use HTTP protocol over TLS/SSL. Values: yes, no.
|
|
config.https = "{{ wazuh_manager_config.api.https }}";
|
|
// Use HTTP authentication. Values: yes, no.
|
|
config.basic_auth = "{{ wazuh_manager_config.api.basic_auth }}";
|
|
//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no.
|
|
config.BehindProxyServer = "{{ wazuh_manager_config.api.behind_proxy_server }}";
|
|
|
|
// HTTPS Certificates
|
|
config.https_key = "{{ wazuh_manager_config.api.https_key }}"
|
|
config.https_cert = "{{ wazuh_manager_config.api.https_cert }}"
|
|
config.https_use_ca = "{{ wazuh_manager_config.api.https_use_ca }}"
|
|
config.https_ca = "{{ wazuh_manager_config.api.https_ca }}"
|
|
|
|
// Advanced configuration
|
|
|
|
// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
|
|
config.logs = "info";
|
|
// Cross-origin resource sharing. Values: yes, no.
|
|
config.cors = "yes";
|
|
// Cache (time in milliseconds)
|
|
config.cache_enabled = "yes";
|
|
config.cache_debug = "no";
|
|
config.cache_time = "750";
|
|
// Log path
|
|
config.log_path = config.ossec_path + "/logs/api.log";
|
|
// Python
|
|
config.python = [
|
|
// Default installation
|
|
{
|
|
bin: "python",
|
|
lib: ""
|
|
},
|
|
// Python 3
|
|
{
|
|
bin: "python3",
|
|
lib: ""
|
|
},
|
|
// Package 'python27' for CentOS 6
|
|
{
|
|
bin: "/opt/rh/python27/root/usr/bin/python",
|
|
lib: "/opt/rh/python27/root/usr/lib64"
|
|
}
|
|
];
|
|
// Shared library path
|
|
config.ld_library_path = config.ossec_path + "/framework/lib"
|
|
|
|
// Option to force the use of authd to remove and add agents
|
|
config.use_only_authd = {{ wazuh_manager_config.api.use_only_authd }};
|
|
|
|
// Option to drop privileges (run as ossec)
|
|
config.drop_privileges = {{ wazuh_manager_config.api.drop_privileges }};
|
|
|
|
// Activate features still under development
|
|
config.experimental_features = {{ wazuh_manager_config.api.experimental_features }};
|
|
|
|
/************************* SSL OPTIONS ****************************************/
|
|
// SSL protocol
|
|
|
|
// SSL protocol to use. All available secure protocols available at:
|
|
// https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
|
|
config.secureProtocol = "{{ wazuh_manager_config.api.secure_protocol }}";
|
|
try {
|
|
// Disable the use of SSLv3, TLSv1.1 and TLSv1.0. All available secureOptions at:
|
|
// https://nodejs.org/api/crypto.html#crypto_openssl_options
|
|
const crypto = require('crypto');
|
|
config.secureOptions = crypto.constants.SSL_OP_NO_SSLv3 |
|
|
crypto.constants.SSL_OP_NO_TLSv1 |
|
|
crypto.constants.SSL_OP_NO_TLSv1_1;
|
|
} catch (err) {
|
|
console.log("Could not configure NodeJS to avoid unsecure SSL/TLS protocols: " + err)
|
|
}
|
|
|
|
// SSL ciphersuit
|
|
|
|
// When choosing a cipher, use the server's preferences instead of the client
|
|
// preferences. When not set, the SSL server will always follow the clients
|
|
// preferences. More info at:
|
|
// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
|
|
config.honorCipherOrder = {{ wazuh_manager_config.api.honor_cipher_order }};
|
|
// Modify default ciphersuit. More info:
|
|
// https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite
|
|
config.ciphers = "{{ wazuh_manager_config.api.ciphers }}";
|
|
|
|
module.exports = config;
|