From 13e283687ca1de2d4e7f62e491d9e1e62ff9d43d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 14:49:53 +0100 Subject: [PATCH 01/47] Define agent_groups group list --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5f32a0f1..3d5c9986 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -397,3 +397,7 @@ nodejs: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" + +agent_groups: + groups: # [] # groups to create + - group2 \ No newline at end of file From 8d8ed17ce98387905e056b57f7b220d85c30a03c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 14:50:06 +0100 Subject: [PATCH 02/47] Add task to create agent groups --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 842d33a6..f26664eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -355,6 +355,13 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 +- name: Create agent groups + shell: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" + with_items: + - "{{ agent_groups.groups }}" + when: + - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" From e11c44e72e6b95d102093a8ad30cc1d075f7c625 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 16:14:50 +0100 Subject: [PATCH 03/47] Set group list to empty --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..51ba5302 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -37,6 +37,7 @@ wazuh_agent_authd: enable: false port: 1515 agent_name: null + groups: [] ssl_agent_ca: null ssl_agent_cert: null ssl_agent_key: null diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d5c9986..52de8dab 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -399,5 +399,4 @@ nodejs: repo_url_ext: "nodesource.com/setup_10.x" agent_groups: - groups: # [] # groups to create - - group2 \ No newline at end of file + groups: [] # groups to create From e1b3156ee647dbd358c6c3cbf9db24788c860256 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 16:16:15 +0100 Subject: [PATCH 04/47] Add ability to register agent and assign it to groups --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..6dbf1e46 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,6 +76,9 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + -G "{{ wazuh_agent_authd.groups | join(',') }}" + {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From 76215bf6ed5c01d648c37ed29dc8ed2c64512e21 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 17:55:51 +0100 Subject: [PATCH 05/47] Replace shell by command --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f26664eb..6637f287 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -356,7 +356,7 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - name: Create agent groups - shell: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" + command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - "{{ agent_groups.groups }}" when: From 50ad3e07da8f4cf8b4c1afb3a6c52b19f83cb60d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 17:56:06 +0100 Subject: [PATCH 06/47] Remove trailing spaces --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 6dbf1e46..5465f393 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,8 +76,8 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} - -G "{{ wazuh_agent_authd.groups | join(',') }}" + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + -G "{{ wazuh_agent_authd.groups | join(',') }}" {% endif %} register: agent_auth_output notify: restart wazuh-agent From 4adc19a02ff42585ffcff00a249b47193fb0f921 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 12 Feb 2020 14:16:38 +0100 Subject: [PATCH 07/47] Ignore idempotence test for agent groups creation --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 6637f287..6a2ccf95 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -361,6 +361,7 @@ - "{{ agent_groups.groups }}" when: - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" when: From 91948198a093ad10c0f2b208877f44c8034e853b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:56:32 +0100 Subject: [PATCH 08/47] Revert "Merge pull request #381 from wazuh/remove_windows_md5_check" This reverts commit 4cc3e077a01750a8386fd486dc7a72dd790a01c2, reversing changes made to 52a81af988a00abd60483f1ccacab34ddd2c9b76. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fbb278eb..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0b844d0a..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,6 +30,15 @@ when: - not wazuh_package_downloaded.stat.exists +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + get_checksum: true + checksum_algorithm: md5 + register: wazuh_agent_status + failed_when: + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 3b166ea617801ea54658af109f03184d13b01d63 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 15:07:21 +0100 Subject: [PATCH 09/47] Add flag to enable/disable Windows MD5 check --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..039e5960 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + check_md5: True md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..461249e9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -38,6 +38,8 @@ register: wazuh_agent_status failed_when: - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + when: + - wazuh_winagent_config.check_md5 - name: Windows | Install Agent if not already installed win_package: From efcb55b52362b517b3b9343f0b2183d7a8ef149e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 9 Mar 2020 18:27:05 +0100 Subject: [PATCH 10/47] Setting restrictive permissions on filebeat related files --- roles/wazuh/ansible-filebeat/tasks/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index ce63503d..d45b06e8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -5,7 +5,7 @@ dest: "/etc/filebeat/filebeat.yml" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -15,7 +15,7 @@ dest: "/etc/filebeat/wazuh-template.json" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0644 + mode: 0400 with_items: - "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_certificate_file }}" From ba424e944a5d9b1c004094ad0a89fc6a7acc4d62 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:26:33 +0100 Subject: [PATCH 11/47] Minor style fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..300efaff 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false From 163c89dbabcb822d18d58a7d4ddae65c16587dd6 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:23:35 +0100 Subject: [PATCH 12/47] Adding nodejs recommended node_options and plugin optimization --- .../ansible-kibana/defaults/main.yml | 5 ++++- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 4 +--- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..dcc2bf8a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,8 +43,11 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false wazuh_plugin_branch: 3.11-7.6 + +#Nodejs NODE_OPTIONS +node_options: --max-old-space-size=4096 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 37cfd7dc..5fb74823 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,9 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0d663cc..72f229ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,6 +62,12 @@ - kibana_xpack_security tags: xpack-security +- name: Node configuration + replace: + path: /usr/share/kibana/bin/kibana + regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -119,9 +125,7 @@ - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -135,6 +139,13 @@ when: - not build_from_sources +- name: Kibana optimization (can take a while) + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + args: + executable: /bin/bash + become: yes + become_user: kibana + - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From cfd2de0610c40f9c99d27f313ebbcb1ecfa34dc1 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 15:59:48 +0100 Subject: [PATCH 13/47] node_options scope improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcc2bf8a..a237607a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,4 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -node_options: --max-old-space-size=4096 \ No newline at end of file +# kibana_script_node_options: --max-old-space-size=4096 +node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 72f229ae..163605cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,11 +62,12 @@ - kibana_xpack_security tags: xpack-security -- name: Node configuration +- name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options is defined - name: Ensuring certificates folder owner file: From a4465eb82fd9c87778712c035330a977558bbf46 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 16:27:44 +0100 Subject: [PATCH 14/47] node options variable improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index a237607a..f62e114a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -# kibana_script_node_options: --max-old-space-size=4096 +kibana_script_node_options: "--max-old-space-size=4096" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 163605cc..8fad346a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -67,7 +67,7 @@ path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options is defined + when: kibana_script_node_options != "" - name: Ensuring certificates folder owner file: From 9dc91b88775e901c91f34b3ea591431b78e4c683 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 17:55:28 +0100 Subject: [PATCH 15/47] Adding lint fixes --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f62e114a..79078f7b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "--max-old-space-size=4096" +kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 5fb74823..e2b0bb50 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8fad346a..e6c7f52d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -65,9 +65,14 @@ - name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana - regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options != "" + regexp: >- + 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: >- + 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options | length > 0 + - name: Ensuring certificates folder owner file: @@ -126,7 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: >- + 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -141,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From efd55e5a5b0717f1957f10ed811a06bd233c1383 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 18:11:00 +0100 Subject: [PATCH 16/47] Minor linting fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e6c7f52d..7c78baa6 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,8 @@ executable: /bin/bash become: yes become_user: kibana + tags: + - skip_ansible_lint - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From 83aa5de3ef9e3df80d582f1a4ad313b6ec5c0469 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 11 Mar 2020 18:21:25 +0100 Subject: [PATCH 17/47] Bump NodeJS version to 10.x --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..692b85ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" # Build from sources build_from_sources: false From c0670f02afd26e1314f9287b1604024d786a3599 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 09:06:18 +0100 Subject: [PATCH 18/47] Lint fixes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index e2b0bb50..141438af 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 7c78baa6..2241c900 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -69,7 +69,7 @@ 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: >- - 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' when: kibana_script_node_options | length > 0 @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From b4bd4b334cea2262b5413344d5839a2146e8d530 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 10:47:28 +0100 Subject: [PATCH 19/47] multiline wrap with whitespace in a correct column --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 2241c900..53571026 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,8 +132,8 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} - -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From 3d2cce76fa7ee8a972f4f6ef86bed4982744bc73 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 11:50:02 +0100 Subject: [PATCH 20/47] multiline wrapping fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 53571026..118945ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -131,9 +131,8 @@ - name: Install Wazuh Plugin (can take a while) - shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ + install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From dab2f69b68dc7246c0a0356395d7c6354b962a64 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 15:02:28 +0100 Subject: [PATCH 21/47] removing single quotes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 141438af..cd22f42e 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 118945ae..8c8ed588 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -66,11 +66,11 @@ replace: path: /usr/share/kibana/bin/kibana regexp: >- - 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} replace: >- - 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} when: kibana_script_node_options | length > 0 @@ -131,8 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ - install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: >- + NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -147,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From b9a8dfff8abcbe123f9baa125f498b6a18d5457e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 09:29:54 +0100 Subject: [PATCH 22/47] fix to pass the indempotence test --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8c8ed588..1900777b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,7 @@ executable: /bin/bash become: yes become_user: kibana + changed_when: false tags: - skip_ansible_lint From 84b5510e3010f88da3863a53d416c789786fbded Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:11:07 +0100 Subject: [PATCH 23/47] Removing whitespaces surrounding node_options var --- .../elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index cd22f42e..a674a95f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 1900777b..dc7c3696 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From f4b70ab1c643b60b71236802ed04d143b76ea1ca Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:27:18 +0100 Subject: [PATCH 24/47] removing kibana script extra node options --- .../elastic-stack/ansible-kibana/defaults/main.yml | 1 - roles/elastic-stack/ansible-kibana/tasks/main.yml | 13 ------------- 2 files changed, 14 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index da865a38..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,4 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dc7c3696..b43b3755 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,18 +62,6 @@ - kibana_xpack_security tags: xpack-security -- name: Kibana script additional configuration for node - replace: - path: /usr/share/kibana/bin/kibana - regexp: >- - NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} - replace: >- - NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} - when: kibana_script_node_options | length > 0 - - - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -129,7 +117,6 @@ - build_from_sources is defined - build_from_sources - - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install From 3ba86f7cd8d30da34a81373881f7bf7ada71b681 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 14:15:50 +0100 Subject: [PATCH 25/47] minor fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 7f5d17c8..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,11 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" -<<<<<<< HEAD - repo_url_ext: "nodesource.com/setup_8.x" -======= repo_url_ext: "nodesource.com/setup_10.x" ->>>>>>> feature-node_options-variable # Build from sources build_from_sources: false From eff4b38bedf6091786e26bf55c8ceef51f47cf61 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 12:17:49 +0100 Subject: [PATCH 26/47] Restricting too open xpack and kibana permissions --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e9261956..82f3b081 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b43b3755..ad4a3e4c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -41,7 +41,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0664' + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" From c6a3dda23ac56d0e35bc208586d1a7cb8ffa3af8 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 15:50:22 +0100 Subject: [PATCH 27/47] Restricting already existing cert permissions and setting missing ones --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 ++ roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 82f3b081..664d1b4d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,6 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -163,6 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index ad4a3e4c..80bdeca9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,6 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 07bc94ea..b5b4cba8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -43,6 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" From 33fceff612a3f97c291c03158759b0ea0ad356f4 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 16:40:39 +0100 Subject: [PATCH 28/47] Normalization to octal for permissions asignations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 14 +++++++------- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 8 ++++---- .../tasks/installation_from_sources.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 664d1b4d..6eff899f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -100,7 +100,7 @@ file: path: "{{ master_certs_path }}" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -109,7 +109,7 @@ file: path: "{{ master_certs_path }}/ca/" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -178,7 +178,7 @@ - name: Ensuring folder permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a674a95f..b7ceb87f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -14,7 +14,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + mode: 0700 - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 80bdeca9..a31950bf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -66,7 +66,7 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: 0770 recurse: yes when: - kibana_xpack_security @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: 0664 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c83aaff1..e019d2f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file @@ -91,7 +91,7 @@ dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Executing "install.sh" script to build and install the Wazuh Manager shell: ./install.sh > /tmp/build_wazuh_manager_log.txt @@ -167,7 +167,7 @@ dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Execute Wazuh API installation script shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8ef1c2cb..1f354ca3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -18,7 +18,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh - mode: '0775' + mode: 0775 changed_when: false - name: Run NodeJS bash script From 4b9fb53549acd8a0fd2712ce59953827a3125f05 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 18:21:33 +0100 Subject: [PATCH 29/47] Removing readall perms in certs files. Minor syntax normalizations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- roles/wazuh/ansible-filebeat/tasks/main.yml | 6 +++--- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 6eff899f..47438f98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a31950bf..efd16de5 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: 0664 + mode: 0644 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b5b4cba8..4948c252 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -44,7 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -57,7 +57,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 69934631..73b3e6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -76,7 +76,7 @@ dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent From c63756d541dc64cd052943e24c4297136c7f9ae1 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 20 Mar 2020 21:35:18 +0100 Subject: [PATCH 30/47] Fix list check if it's empty --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5465f393..27819956 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,7 +76,7 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} -G "{{ wazuh_agent_authd.groups | join(',') }}" {% endif %} register: agent_auth_output From b67a5e5e97e274705b023986e8ded6cf4e22de97 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 12:47:58 +0100 Subject: [PATCH 31/47] Adding new registration_adress ansible var --- roles/wazuh/ansible-wazuh-agent/README.md | 3 ++- .../wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 ++++++++-------- .../wazuh/ansible-wazuh-agent/tasks/Windows.yml | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md index 9709d9b3..e43ddb87 100644 --- a/roles/wazuh/ansible-wazuh-agent/README.md +++ b/roles/wazuh/ansible-wazuh-agent/README.md @@ -37,11 +37,12 @@ The following is an example of how this role can be used: api_proto: 'http' api_user: 'ansible' wazuh_agent_authd: + registration_address: 127.0.0.1 enable: true port: 1515 ssl_agent_ca: null ssl_auto_negotiate: 'no' - + License and copyright --------------------- diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 039e5960..31aaa7dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -43,6 +43,7 @@ wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' wazuh_agent_authd: + registration_address: 127.0.0.1 enable: false port: 1515 agent_name: null diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index c1c701fc..c83ca90d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -68,7 +68,7 @@ {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} -A {{ wazuh_agent_authd.agent_name }} {% endif %} - -m {{ wazuh_managers.0.address }} + -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} @@ -88,13 +88,13 @@ agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - name: Linux | Verify agent registration shell: echo {{ agent_auth_output }} | grep "Valid key created" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none when: wazuh_agent_authd.enable tags: @@ -109,7 +109,7 @@ - name: Linux | Create the agent key via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/" + url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" validate_certs: false method: POST body: '{"name":"{{ agent_name }}"}' @@ -126,13 +126,13 @@ agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none become: false ignore_errors: true - name: Linux | Retieve new agent data via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" + url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" validate_certs: false method: GET return_content: true @@ -140,7 +140,7 @@ password: "{{ api_pass }}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - newagent_api.json.error == 0 register: newagentdata_api delegate_to: localhost @@ -158,7 +158,7 @@ register: manage_agents_output when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - newagent_api.changed notify: restart wazuh-agent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 461249e9..bac0e1dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -61,7 +61,7 @@ - name: Windows | Register agent win_shell: > {{ wazuh_agent_win_auth_path }} - -m {{ wazuh_managers.0.address }} + -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} @@ -70,7 +70,7 @@ when: - wazuh_agent_authd.enable - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none tags: - config From d75f75b76b46027db5d25af995d0e6cd6e900b95 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Mon, 23 Mar 2020 14:01:57 +0100 Subject: [PATCH 32/47] Fixes #390 . Removed bad formed XML comments. --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 1 - .../templates/var-ossec-etc-ossec-server.conf.j2 | 1 - .../templates/var-ossec-etc-shared-agent.conf.j2 | 1 - 3 files changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 128ba142..0c640cdc 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -203,7 +203,6 @@ no - {{ wazuh_agent_config.syscheck.frequency }} {% if ansible_system == "Linux" %} {{ wazuh_agent_config.syscheck.scan_on_start }} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 43853bec..d4340c9b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -295,7 +295,6 @@ {{ wazuh_manager_config.syscheck.disable }} {{ wazuh_manager_config.syscheck.alert_new_files }} - {{ wazuh_manager_config.syscheck.frequency }} {{ wazuh_manager_config.syscheck.scan_on_start }} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 00fdcd01..f300f22a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -8,7 +8,6 @@ {{ agent_config.syscheck.auto_ignore }} {% endif %} {{ agent_config.syscheck.alert_new_files }} - {{ agent_config.syscheck.frequency }} {{ agent_config.syscheck.scan_on_start }} From ec481c790a2640d740d141a94dc82bbeb2ce88bf Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 15:37:52 +0100 Subject: [PATCH 33/47] Fixing lint warnings --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index c83ca90d..1a9076be 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -132,7 +132,9 @@ - name: Linux | Retieve new agent data via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" + url: >- + "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address + }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" validate_certs: false method: GET return_content: true From 0f1d958ff2e9f99611c57841324c33384594c8a4 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 17:57:22 +0100 Subject: [PATCH 34/47] Added registration address var to default wazuh-agent playbook --- playbooks/wazuh-agent.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 8c7eaa69..5e1fcacc 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -11,6 +11,7 @@ api_proto: 'http' api_user: ansible wazuh_agent_authd: + registration_address: enable: true port: 1515 ssl_agent_ca: null From e27d0d33102c631e0ecabb4d3bdcaaafa16735e7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 23 Mar 2020 20:32:12 +0100 Subject: [PATCH 35/47] Remove agent groups redundant list --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 86b0205b..8b4151de 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -410,5 +410,4 @@ nodejs: redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" -agent_groups: - groups: [] # groups to create +agent_groups: [] # groups to create diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 254b7e88..eaabdb77 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,9 +354,9 @@ - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - - "{{ agent_groups.groups }}" + - "{{ agent_groups }}" when: - - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" From 1f2670f74ecf8de4b595a4faf2676b192dc14d4e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 12:42:45 +0100 Subject: [PATCH 36/47] Rule paths are now relative to playbooks --- playbooks/wazuh-agent.yml | 2 +- playbooks/wazuh-elastic.yml | 2 +- playbooks/wazuh-elastic_stack-distributed.yml | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 5e1fcacc..806b07c0 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,7 +1,7 @@ --- - hosts: roles: - - /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-agent + - ../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: - address: diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index eda19931..6c372889 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,5 +1,5 @@ --- - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: '' diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 16abfcf5..c0c14054 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,7 +2,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: true @@ -33,7 +33,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-2 single_node: false @@ -46,7 +46,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 single_node: false @@ -60,21 +60,21 @@ # - hosts: 172.16.0.162 # roles: -# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager +# - role: ../roles/wazuh/ansible-wazuh-manager -# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat +# - role: ../roles/wazuh/ansible-filebeat # filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false # elasticsearch_xpack_security_password: elastic_pass -# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch +# - role: ../roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 # node_name: node-2 # elasticsearch_bootstrap_node: false # elasticsearch_master_candidate: true -# elasticsearch_discovery_nodes: +# elasticsearch_discovery_nodes: # - 172.16.0.161 # - 172.16.0.162 # elasticsearch_xpack_security: true @@ -83,7 +83,7 @@ # - hosts: 172.16.0.163 # roles: -# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana +# - role: ../roles/elastic-stack/ansible-kibana # kibana_xpack_security: true # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 From 14e2a6bb4730e4e6068a4a474b8bcec5dee293bb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 16:46:01 +0100 Subject: [PATCH 37/47] Bump versions to 3.12.0_7.6.1 --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 10 +++++----- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e930eae7..7223db60 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.6.1 -wazuh_version: 3.11.4 +wazuh_version: 3.12.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 05b0fe8b..b2808488 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.4-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw wazuh_agent_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -63,9 +63,9 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: 87ce22038688efb44d95f9daff472056 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi -wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi + md5: 91efaefae4e1977670eab0c768a22a93 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.0-1.msi +wazuh_winagent_package_name: wazuh-agent-3.12.0-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8b4151de..a4ce627f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.4-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws. # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -40,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" update: "y" remove: "y" directory: null From dfc7bbf4b36fd33e29beebb479076ac7ab15e6bf Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 18:21:46 +0100 Subject: [PATCH 38/47] Updates to adapt ossec.conf templates to Wazuh v3.12 default ones --- .../ansible-wazuh-agent/defaults/main.yml | 136 +++++------------- .../var-ossec-etc-ossec-agent.conf.j2 | 28 +++- 2 files changed, 61 insertions(+), 103 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b2808488..75c21d3c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -87,8 +87,17 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - win_audit_interval: 300 + win_audit_interval: 60 skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 ignore: - /etc/mtab - /etc/hosts.deny @@ -114,106 +123,39 @@ wazuh_agent_config: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' win_directories: - - dirs: '%WINDIR%\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\system.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\win.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cmd.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\lsass.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\winrm.vbs' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cmd.exe' - checks: 'check_all="yes"' + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\winrm.vbs' - checks: 'check_all="yes"' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'check_all="yes" realtime="yes"' + checks: 'realtime="yes"' + windows_registry: - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 0c640cdc..28b6828a 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -61,7 +61,6 @@ yes {% endif %} {% if ansible_os_family == "Windows" %} - ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt {% endif %} @@ -186,13 +185,13 @@ {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} + {% if wazuh_agent_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} + {% if wazuh_agent_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} + {% if wazuh_agent_config.sca.time | length > 0 %} {% endif %} @@ -246,8 +245,11 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} + {{ wazuh_agent_config.syscheck.skip_dev }} + {{ wazuh_agent_config.syscheck.skip_proc }} + {{ wazuh_agent_config.syscheck.skip_sys }} {% endif %} {% if ansible_os_family == "Windows" %} @@ -274,6 +276,20 @@ {{ wazuh_agent_config.syscheck.win_audit_interval }} {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + {% endif %} @@ -292,7 +308,7 @@ {% if ansible_system == "Linux" %} {% for localfile in wazuh_agent_config.localfiles.linux %} - + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} From 2cdc6fd7310990f74d4ae410b0cff152206e024a Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 24 Mar 2020 18:31:13 +0100 Subject: [PATCH 39/47] Updated elasticsearch template --- .../templates/wazuh-elastic7-template-alerts.json.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 index 06af6322..0b153fd4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 @@ -531,6 +531,9 @@ "sha1_before": { "type": "keyword" }, + "hard_links": { + "type": "keyword" + }, "sha1_after": { "type": "keyword" }, From bee5986b0301bbdbd2b229389fac4dc88ab1ee23 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 20:24:59 +0100 Subject: [PATCH 40/47] Bump branch when building from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 7223db60..2ac2cde5 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -47,7 +47,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.6 +wazuh_plugin_branch: 3.12-7.6 #Nodejs NODE_OPTIONS node_options: --max-old-space-size=4096 From c872140f28e54abda5c7cf8f8dccc3537e3a3dbb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 20:25:38 +0100 Subject: [PATCH 41/47] Update path for wazuh.yml --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efd16de5..2e39391f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -161,10 +161,15 @@ validate_certs: no status_code: 200, 404 +- name: Create wazuh plugin config directory + file: + path: /usr/share/kibana/optimize/wazuh/config/ + state: directory + - name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml owner: kibana group: root mode: 0644 From 52f4907847affe4b4edde48838434b4ed480e386 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 18:21:46 +0100 Subject: [PATCH 42/47] Updates to adapt ossec.conf templates to Wazuh v3.12 default ones --- .../ansible-wazuh-agent/defaults/main.yml | 136 +++++------------- .../var-ossec-etc-ossec-agent.conf.j2 | 28 +++- 2 files changed, 61 insertions(+), 103 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 05b0fe8b..2e5bf4f0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -87,8 +87,17 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - win_audit_interval: 300 + win_audit_interval: 60 skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 ignore: - /etc/mtab - /etc/hosts.deny @@ -114,106 +123,39 @@ wazuh_agent_config: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' win_directories: - - dirs: '%WINDIR%\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\system.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\win.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cmd.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\lsass.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\winrm.vbs' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cmd.exe' - checks: 'check_all="yes"' + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\winrm.vbs' - checks: 'check_all="yes"' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'check_all="yes" realtime="yes"' + checks: 'realtime="yes"' + windows_registry: - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 0c640cdc..28b6828a 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -61,7 +61,6 @@ yes {% endif %} {% if ansible_os_family == "Windows" %} - ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt {% endif %} @@ -186,13 +185,13 @@ {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} + {% if wazuh_agent_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} + {% if wazuh_agent_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} + {% if wazuh_agent_config.sca.time | length > 0 %} {% endif %} @@ -246,8 +245,11 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} + {{ wazuh_agent_config.syscheck.skip_dev }} + {{ wazuh_agent_config.syscheck.skip_proc }} + {{ wazuh_agent_config.syscheck.skip_sys }} {% endif %} {% if ansible_os_family == "Windows" %} @@ -274,6 +276,20 @@ {{ wazuh_agent_config.syscheck.win_audit_interval }} {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + {% endif %} @@ -292,7 +308,7 @@ {% if ansible_system == "Linux" %} {% for localfile in wazuh_agent_config.localfiles.linux %} - + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} From f625f0b310fe3a15d11a970535121d8de3426f34 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 12:49:49 +0100 Subject: [PATCH 43/47] Updating manager configuration templates and vars --- .../ansible-wazuh-agent/defaults/main.yml | 4 --- .../ansible-wazuh-manager/defaults/main.yml | 19 +++++++---- .../var-ossec-etc-ossec-server.conf.j2 | 33 ++++++++++++++++--- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2e5bf4f0..7df27cc9 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -111,11 +111,7 @@ wazuh_agent_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8b4151de..ffd2925c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -105,7 +105,7 @@ wazuh_manager_config: authd: enable: true port: 1515 - use_source_ip: 'yes' + use_source_ip: 'no' force_insert: 'yes' force_time: 0 purge: 'yes' @@ -166,24 +166,29 @@ wazuh_manager_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' auto_ignore_frequency: frequency: 'frequency="10"' timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 rootcheck: frequency: 43200 openscap: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d4340c9b..1a6b59c7 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -245,13 +245,13 @@ {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} + {% if wazuh_manager_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} + {% if wazuh_manager_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} + {% if wazuh_manager_config.sca.time | length > 0 %} {% endif %} @@ -332,6 +332,29 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} + {% if wazuh_manager_config.syscheck.skip_dev is defined %} + {{ wazuh_manager_config.syscheck.skip_dev }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_proc is defined %} + {{ wazuh_manager_config.syscheck.skip_proc }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_sys is defined %} + {{ wazuh_manager_config.syscheck.skip_sys }} + {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + @@ -470,7 +493,7 @@ {% endfor %} {% endif -%} -{% if ansible_os_family == "RedHat" %} +{% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} @@ -578,7 +601,7 @@ {% endif %} {% if wazuh_manager_config.authd.ciphers is not none %} {{wazuh_manager_config.authd.ciphers}} - {% endif %} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 245f4e7d6badda72c716bceada8198df2500f701 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 15:33:55 +0100 Subject: [PATCH 44/47] jinja template fixes --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 6 +++--- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 28b6828a..ee71769e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -286,9 +286,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 1a6b59c7..88620e7d 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -351,9 +351,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} From 0019c7fdf28b83d57d6994567b7dc1803b211af2 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 12:49:49 +0100 Subject: [PATCH 45/47] Updating manager configuration templates and vars --- .../ansible-wazuh-agent/defaults/main.yml | 4 --- .../ansible-wazuh-manager/defaults/main.yml | 19 +++++++---- .../var-ossec-etc-ossec-server.conf.j2 | 33 ++++++++++++++++--- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 75c21d3c..953da95e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -111,11 +111,7 @@ wazuh_agent_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index a4ce627f..db4f8841 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -105,7 +105,7 @@ wazuh_manager_config: authd: enable: true port: 1515 - use_source_ip: 'yes' + use_source_ip: 'no' force_insert: 'yes' force_time: 0 purge: 'yes' @@ -166,24 +166,29 @@ wazuh_manager_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' auto_ignore_frequency: frequency: 'frequency="10"' timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 rootcheck: frequency: 43200 openscap: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d4340c9b..1a6b59c7 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -245,13 +245,13 @@ {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} + {% if wazuh_manager_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} + {% if wazuh_manager_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} + {% if wazuh_manager_config.sca.time | length > 0 %} {% endif %} @@ -332,6 +332,29 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} + {% if wazuh_manager_config.syscheck.skip_dev is defined %} + {{ wazuh_manager_config.syscheck.skip_dev }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_proc is defined %} + {{ wazuh_manager_config.syscheck.skip_proc }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_sys is defined %} + {{ wazuh_manager_config.syscheck.skip_sys }} + {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + @@ -470,7 +493,7 @@ {% endfor %} {% endif -%} -{% if ansible_os_family == "RedHat" %} +{% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} @@ -578,7 +601,7 @@ {% endif %} {% if wazuh_manager_config.authd.ciphers is not none %} {{wazuh_manager_config.authd.ciphers}} - {% endif %} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 6b57e195b868dc74183c020abe614c55118a7007 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 15:33:55 +0100 Subject: [PATCH 46/47] jinja template fixes --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 6 +++--- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 28b6828a..ee71769e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -286,9 +286,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 1a6b59c7..88620e7d 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -351,9 +351,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} From 1d6988768f5da3f8fa5bad0c047188e5f8726dab Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 16:23:46 +0100 Subject: [PATCH 47/47] Minor jinja template fixes --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 88620e7d..998900b2 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -343,17 +343,17 @@ {% endif %} - {{ wazuh_agent_config.syscheck.process_priority }} + {{ wazuh_manager_config.syscheck.process_priority }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_manager_config.syscheck.max_eps }} - {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.sync_interval }} - {{ wazuh_agent_config.syscheck.sync_max_interval }} - {{ wazuh_agent_config.syscheck.sync_max_eps }} + {{ wazuh_manager_config.syscheck.sync_enabled }} + {{ wazuh_manager_config.syscheck.sync_interval }} + {{ wazuh_manager_config.syscheck.sync_max_interval }} + {{ wazuh_manager_config.syscheck.sync_max_eps }}