Updates on Wazuh text

Author: oneswig

source/include/wazuh_ansible.rst

@@ -1,65 +1,94 @@
-One of methods for deploying and maintaining Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config.
+One method for deploying and maintaining Wazuh is the `official
+Ansible playbooks <https://github.com/wazuh/wazuh-ansible>`_.  These
+can be integrated into |kayobe_config| as a custom playbook.
 
 Configuring Wazuh Manager
 -------------------------
 
-Wazuh manager can easily be configured by editing the ``wazuh-manager.yml`` groups vars file found at ``etc/kayobe/inventory/group_vars/wazuh-master/``. 
-This file gives you control over various important aspects of the Wazuh manager.
-Most notably;
+Wazuh Manager is configured by editing the ``wazuh-manager.yml``
+groups vars file found at
+``etc/kayobe/inventory/group_vars/wazuh-manager/``.  This file 
+controls various aspects of Wazuh Manager configuration.
+Most notably:
 
 *domain_name*:
-    the domain used by Search Guard CE when generating certificates.
+    The domain used by Search Guard CE when generating certificates.
 
 *wazuh_manager_ip*:
-    the IP address that the wazuh manager shall reside on for communicating with the agents.
+    The IP address that the Wazuh Manager shall reside on for communicating with the agents.
 
 *wazuh_manager_connection*:
-    used to define port and protocol for the manager to be listening on.
+    Used to define port and protocol for the manager to be listening on.
 
 *wazuh_manager_authd*:
-    connection settings for the daemon responsible for registering new agents.
+    Connection settings for the daemon responsible for registering new agents.
 
-Running ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these changes.
+Running ``kayobe playbook run
+$KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these
+changes.
 
 Secrets
 -------
 
-Wazuh requires that secrets or passwords are set for itself and the services it communiticates with.
-The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets which can then be encrypted with Ansible Vault.
+Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates.
+The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets, which should then be encrypted with Ansible Vault.
 
 To update the secrets you can execute the following two commands
 
-.. code-block:: console
+.. code-block:: shell
     :substitutions:
 
-    kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen)
-    kayobe# ansible-vault encrypt --vault-password-file |vault_password_file_path| $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml
+    kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml \
+        -e wazuh_user_pass=$(uuidgen) \
+        -e wazuh_admin_pass=$(uuidgen)
+    kayobe# ansible-vault encrypt --vault-password-file |vault_password_file_path| \
+        $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml
 
-Once generated you can run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which shall copy the secrets into place.
+Once generated, run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which copies the secrets into place.
 
-.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password``
+.. note:: Use ``ansible-vault`` to view the secrets:
+
+  ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``
 
 Adding a New Agent
 ------------------
-When adding a new host it should be automically picked up by the ``wazuh-agent:children`` group in ``etc/kayobe/inventory/groups`` as it would be included in the ``overcloud`` member.
+The Wazuh Agent is deployed to all hosts in the ``wazuh-agent``
+inventory group, comprising the ``seed`` group (containing |seed_name|)
+plus the ``overcloud`` group (containing all hosts in the
+OpenStack control plane).
 
 .. code-block:: ini
 
     [wazuh-agent:children]
     seed
     overcloud
 
-Running the follow playbook ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml`` will deploy the agent to the new host.
-This should automatically be registered and accessible within the Wazuh manager dashboard.
+The following playbook deploys the Wazuh Agent to all hosts in the
+``wazuh-agent`` group:
+
+.. code-block:: shell
+
+  kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml
 
-The playbook ``wazuh-agent.yml`` can be setup as a hook within kayobe, which will automatically run either pre or post a given kayobe command.
-See `here <https://docs.openstack.org/kayobe/wallaby/custom-ansible-playbooks.html#hooks>`_ for more details. 
+The hosts running Wazuh Agent should automatically be registered
+and visible within the Wazuh Manager dashboard.
+
+.. note:: It is good practice to use a `Kayobe deploy hook
+  <https://docs.openstack.org/kayobe/wallaby/custom-ansible-playbooks.html#hooks>`_
+  to automate deployment and configuration of the Wazuh Agent
+  following a run of ``kayobe overcloud host configure``.
 
 Accessing Wazuh Manager
 -----------------------
 
-To access the Wazuh manager dashboard, navigate to the ip address of the |wazuh_master_name| (|wazuh_master_url|).
+To access the Wazuh Manager dashboard, navigate to the ip address
+of |wazuh_manager_name| (|wazuh_manager_url|).
+
+You can login to the dashboard with the username ``admin``.  The
+password for ``admin`` is defined in the secret
+``opendistro_admin_password`` which can be found within
+``etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``.
 
-You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``.
+.. note:: Use ``ansible-vault`` to view Wazuh secrets:
 
-.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password``
+  ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``

source/vars.rst

@@ -48,6 +48,6 @@
 .. |tempest_recipes| replace:: https://github.com/acme-openstack/tempest-recipes.git
 .. |tls_setup| replace:: TLS is implemented using a wildcard certificate available for ``*.acme.example``.
 .. |vault_password_file_path| replace:: ~/vault-password
-.. |wazuh_master_url| replace:: https://|wazuh_master_ip|
-.. |wazuh_master_ip| replace:: 172.168.0.10:5601
-.. |wazuh_master_name| replace:: wazuh-master01
+.. |wazuh_manager_url| replace:: https://172.168.0.10:5601
+.. |wazuh_manager_ip| replace:: 172.168.0.10:5601
+.. |wazuh_manager_name| replace:: wazuh-manager01

source/wazuh.rst

@@ -6,7 +6,11 @@ Wazuh Security Platform
 
 .. ifconfig:: deployment['wazuh']
 
-    The |project_name| deployment uses Wazuh as security platform to detect intruders within your network.
+    The |project_name| deployment uses `Wazuh <https://wazuh.com>`_ as security monitoring platform.  Among other things, Wazuh monitors for:
+
+* Security-related system events.
+* Known vulnerabilities (CVEs) in versions of installed software.
+* Misconfigurations in system security.
 
 .. ifconfig:: deployment['wazuh_managed']
 
@@ -21,4 +25,4 @@ Wazuh Security Platform
     Wazuh deployment via Ansible
     ============================
 
-    .. include:: include/wazuh_ansible.rst
+    .. include:: include/wazuh_ansible.rst