diff --git a/CHANGELOG.md b/CHANGELOG.md index b4961a77..f92b855d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,20 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.4_7.2.0] + +### Added + +- Support for registring agents behind NAT [@jheikki100](https://github.com/jheikki100) [#208](https://github.com/wazuh/wazuh-ansible/pull/208) + +### Changed + +- Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204). + +### Fixed + +- Fixed network.host is not localhost [@rshad](https://github.com/rshad) [#204](https://github.com/wazuh/wazuh-ansible/pull/212). + ## [v3.9.3_7.2.0] ### Added diff --git a/Pipfile b/Pipfile index 89f86b7c..3de882c3 100644 --- a/Pipfile +++ b/Pipfile @@ -5,8 +5,8 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.12" -molecule = "*" +ansible = "==2.7.13" +molecule = "2.20" [dev-packages] @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +destroy ="molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/VERSION b/VERSION index fe2acb96..8909e7be 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.3" -REVISION="3930" +WAZUH-ANSIBLE_VERSION="v3.9.4" +REVISION="3940" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..bc49d808 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,37 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true + memory_reservation: 2048m command: /sbin/init - - name: trusty - image: ubuntu:trusty - - name: centos6 - image: centos:6 + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd + memory_reservation: 2048m privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 639e6320..242a3777 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -4,7 +4,3 @@ roles: - role: wazuh/ansible-wazuh-manager -# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' -# Elasticsearch requires too much memory to test multiple containers concurrently - To Fix -# - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} -# - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 4be45b4e..227f8e59 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_wazuh_packages_are_installed(host): @@ -74,7 +74,7 @@ def test_open_ports(host): distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': assert host.socket("tcp://0.0.0.0:1515").is_listening - assert not host.socket("tcp://0.0.0.0:1514").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 5d6d3075..7b2bbe1f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -23,18 +23,18 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 2048m - ulimits: - - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 2048m diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e456c4ae..5e055508 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -9,8 +9,8 @@ lint: config-data: ignore: .virtualenv platforms: - - name: trusty - image: ubuntu:trusty + # - name: trusty + # image: ubuntu:trusty - name: bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -19,12 +19,12 @@ platforms: image: solita/ubuntu-systemd:xenial privileged: true command: /sbin/init - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + #- name: centos6 + # image: geerlingguy/docker-centos6-ansible + # privileged: true + # command: /sbin/init + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro - name: centos7 image: milcom/centos7-systemd privileged: true diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml index f3dc9aac..49325b85 100644 --- a/molecule/filebeat/prepare.yml +++ b/molecule/filebeat/prepare.yml @@ -7,6 +7,7 @@ - name: "Install Python packages for Trusty to solve trust issues" package: name: + - python-apt - python-setuptools - python-pip state: latest diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 2017a6bd..20ea5e07 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -28,12 +28,12 @@ platforms: # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 1024m @@ -55,7 +55,6 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 256 - kibana_plugin_install_ignore_error: true verifier: name: testinfra lint: diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 74fc1038..6deac809 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,4 +2,6 @@ - name: Converge hosts: all roles: + - role: elastic-stack/ansible-kibana + \ No newline at end of file diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 48fdfc6e..223f4198 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_ossec_package_installed(Package): diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 8c7eaa69..bd85a3a6 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 0c3b0a61..36bd9b1d 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,4 +1,5 @@ --- -- hosts: +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: '' diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 2fc5cc1d..200f4891 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,10 +1,6 @@ --- -- hosts: 172.16.0.162 +- hosts: roles: - role: ../roles/elastic-stack/ansible-kibana - kibana_xpack_security: true - kibana_user: elastic - kibana_password: elastic_pass - kibana_node_name: node-2 - elasticsearch_network_host: 172.16.0.161 - node_certs_generator: false + elasticsearch_network_host: + diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 93fb9e9d..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,10 +1,8 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 - filebeat_xpack_security: true - filebeat_node_name: node-1 - node_certs_generator: true + filebeat_output_elasticsearch_hosts: :9200 + diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 1340dabb..58b5e308 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 -single_node: false +single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 2c7dba73..67a34e7e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -8,12 +8,6 @@ register: elasticsearch_ca_packages_installed until: elasticsearch_ca_packages_installed is succeeded -- name: "Install Java Repo for Trusty" - apt_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: @@ -24,14 +18,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Install Oracle Java 8 - become: true - apt: name=openjdk-8-jdk state=latest - - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 81176ee0..16366dfc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,13 +9,6 @@ gpgcheck: true changed_when: false -- name: CentOS x.x => x.x < 7.0 | Installing Java - yum: - name: java-1.8.0-openjdk.x86_64 - state: present - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 48c25b98..7ee77beb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -65,7 +65,7 @@ - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ elasticsearch_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" register: certificate_file_exists when: - elasticsearch_xpack_security @@ -73,7 +73,7 @@ - name: Write the instances.yml file in the selected node (force = no) template: src: instances.yml.j2 - dest: "{{node_certs_source}}/instances.yml" + dest: "{{ node_certs_source }}/instances.yml" force: no register: instances_file_exists tags: @@ -86,23 +86,25 @@ - name: Update instances.yml status after generation stat: - path: "{{node_certs_source}}/instances.yml" + path: "{{ node_certs_source }}/instances.yml" register: instances_file_exists - when: + when: - node_certs_generator - elasticsearch_xpack_security - name: Check if the certificates ZIP file exists stat: - path: "{{node_certs_source}}/certs.zip" + path: "{{ node_certs_source }}/certs.zip" register: xpack_certs_zip - when: + when: - node_certs_generator - elasticsearch_xpack_security - name: Generating certificates for Elasticsearch security - shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" - when: + command: >- + "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip" + when: - node_certs_generator - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists @@ -112,10 +114,10 @@ - name: Unzip generated certs.zip unarchive: - src: "{{node_certs_source}}/certs.zip" - dest: "{{node_certs_source}}/" + src: "{{ node_certs_source }}/certs.zip" + dest: "{{ node_certs_source }}/" remote_src: yes - when: + when: - node_certs_generator - elasticsearch_xpack_security - certs_file_generated is defined @@ -124,35 +126,39 @@ - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ elasticsearch_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" register: check_certs_permissions - when: + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ elasticsearch_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - elasticsearch_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - elasticsearch_xpack_security @@ -161,23 +167,32 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chown -R elasticsearch: {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + state: directory + recurse: yes + owner: elasticsearch + group: elasticsearch when: - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes when: - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security - - name: Remove generated certs file - shell: /bin/rm -f {{node_certs_source}}/certs.zip* - when: + file: + state: absent + path: "{{ node_certs_source }}/certs.zip*" + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security @@ -193,10 +208,12 @@ tags: configure - name: Set elasticsearch bootstrap password - shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + shell: | + set -o pipefail + "echo '{{ elasticsearch_xpack_security_password }}' | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - elasticsearch_xpack_security - + - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf lineinfile: path: /etc/security/limits.conf @@ -228,13 +245,6 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Distribution is centos 6.* | Enable Elasticsearch - service: name=elasticsearch enabled=yes - -- name: Distribution is centos 6.* | Start Elasticsearch - service: name=elasticsearch state=started - ignore_errors: true - - name: Ensure Elasticsearch started and enabled service: name: elasticsearch @@ -242,7 +252,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init @@ -252,7 +262,7 @@ url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: GET status_code: 200, 404 - when: + when: - elasticsearch_bootstrap_node or single_node - not elasticsearch_xpack_security poll: 30 @@ -267,7 +277,7 @@ status_code: 200 body_format: json body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: + when: - wazuh_alerts_template_exits.status is defined - wazuh_alerts_template_exits.status != 200 - not elasticsearch_xpack_security diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcaa0f59..9e9367ca 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.2.0 -wazuh_version: 3.9.3 +wazuh_version: 3.9.4 # Xpack Security kibana_xpack_security: false @@ -23,3 +23,5 @@ node_certs_destination: /etc/kibana/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +kibana_plugin_install_ignore_error: true \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4e12b1b2..fe0c9365 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -118,14 +118,15 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + become: yes + become_user: kibana tags: - install - skip_ansible_lint diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 103d61eb..1fed5fb0 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -43,3 +43,8 @@ node_certs_destination: /etc/filebeat/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /root/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7bafcc79..fbf8cfbf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,6 +88,41 @@ - filebeat_xpack_security tags: xpack-security +- name: Checking if Filebeat Module folder file exists + stat: + path: "{{ filebeat_module_folder }}" + register: filebeat_module_folder + + +- name: Download Filebeat module package + get_url: + url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + dest: "{{ filebeat_module_package_path }}" + when: not filebeat_module_folder.stat.exists + +- name: Unpakcing Filebeat module package + unarchive: + src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_destination }}" + remote_src: yes + when: not filebeat_module_folder.stat.exists + +- name: Setting 0755 permission for Filebeat module folder + file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + when: not filebeat_module_folder.stat.exists + +- name: Checking if Filebeat Module package file exists + stat: + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + register: filebeat_module_package + when: filebeat_module_package is not defined + +- name: Delete Filebeat module package file + file: + state: absent + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + when: filebeat_module_package.stat.exists + - import_tasks: config.yml when: filebeat_create_config notify: restart filebeat diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md index 703c247b..9709d9b3 100644 --- a/roles/wazuh/ansible-wazuh-agent/README.md +++ b/roles/wazuh/ansible-wazuh-agent/README.md @@ -32,7 +32,7 @@ The following is an example of how this role can be used: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: 'ansible' diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7d6135ad..d0898cb0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.3 +wazuh_agent_version: 3.9.4 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -24,7 +24,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.3' + version: '3.9.4' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: c3fdbd6c121ca371b8abcd477ed4e8a4 @@ -305,3 +305,4 @@ wazuh_agent_config: list: - key: Env value: Production +wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index faa28b57..d9415ffc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -54,6 +54,7 @@ -A {{ agent_name }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_nat %}-I "any" {% endif %} {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} {% if wazuh_agent_authd.ssl_agent_ca is not none %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" @@ -128,7 +129,7 @@ environment: OSSEC_ACTION: i OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}' - OSSEC_AGENT_IP: '{{ newagentdata_api.json.data.ip }}' + OSSEC_AGENT_IP: '{% if wazuh_agent_nat %}any{% else %}{{ newagentdata_api.json.data.ip }}{% endif %}' OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}' OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}' OSSEC_ACTION_CONFIRMED: y diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index a49a059c..a35e3387 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.3 +wazuh_manager_api_version: 3.9.4 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest @@ -42,7 +42,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'udp' + protocol: 'tcp' queue_size: 131072 authd: enable: true