diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
index 41154c2d..13d5ffbb 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
@@ -3,7 +3,7 @@
block:
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
- url: https://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jre-8u181-linux-x64.rpm
+ url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm
dest: /tmp/jre-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
index 95f44436..b5afdf5f 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -71,6 +71,7 @@
- name: Reload systemd
systemd: daemon_reload=yes
ignore_errors: yes
+ when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: Ensure Elasticsearch started and enabled
service:
diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
index 65b29528..4d81579f 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -12,6 +12,7 @@
- name: Reload systemd
systemd: daemon_reload=yes
ignore_errors: yes
+ when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: Kibana configuration
template:
diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml
index d10c989d..09e68d87 100644
--- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml
+++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml
@@ -3,7 +3,7 @@
block:
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
- url: https://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jre-8u181-linux-x64.rpm
+ url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm
dest: /tmp/jre-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
@@ -42,3 +42,10 @@
when:
- logstash_input_beats == false
- wazuh_manager_check_rpm.rc == 0
+
+- name: Amazon Linux change startup group
+ shell: sed -i 's/.*LS_GROUP=logstash.*/LS_GROUP=ossec/' /etc/logstash/startup.options
+ when:
+ - logstash_input_beats == false
+ - wazuh_manager_check_rpm.rc == 0
+ - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
diff --git a/roles/elastic-stack/ansible-logstash/tasks/main.yml b/roles/elastic-stack/ansible-logstash/tasks/main.yml
index 00a0bffb..d88082c8 100644
--- a/roles/elastic-stack/ansible-logstash/tasks/main.yml
+++ b/roles/elastic-stack/ansible-logstash/tasks/main.yml
@@ -11,6 +11,11 @@
- name: Reload systemd
systemd: daemon_reload=yes
ignore_errors: yes
+ when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
+
+- name: Amazon Linux create service
+ shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options
+ when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
- name: Ensure Logstash started and enabled
service:
@@ -18,6 +23,13 @@
enabled: yes
state: started
+- name: Amazon Linux start Logstash
+ service:
+ name: logstash
+ enabled: yes
+ state: started
+ when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
- import_tasks: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml
index f118293d..cb2ab772 100644
--- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml
@@ -1,5 +1,5 @@
---
-- name: RedHat/CentOS/Fedora | Install Filebeats repo
+- name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo
yum_repository:
name: elastic_repo
description: Elastic repository for 6.x packages
diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
index 8ae22509..29ba695c 100644
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@@ -16,6 +16,7 @@
- name: Reload systemd
systemd: daemon_reload=yes
ignore_errors: yes
+ when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: Ensure Filebeat is started and enabled at boot.
service:
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 3644c86f..fb0b8ce2 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -56,7 +56,7 @@
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
register: agent_auth_output
when:
- - check_keys.stat.size == 0
+ - check_keys.stat.exists == false or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
@@ -65,7 +65,7 @@
- name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key created"
when:
- - check_keys.stat.size == 0
+ - check_keys.stat.exists == false or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
@@ -97,7 +97,7 @@
register: newagent_api
changed_when: newagent_api.json.error == 0
when:
- - check_keys.stat.size == 0
+ - check_keys.stat.exists == false or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
become: no
tags:
@@ -113,7 +113,7 @@
user: "{{ wazuh_managers.0.api_user }}"
password: "{{ api_pass }}"
when:
- - check_keys.stat.size == 0
+ - check_keys.stat.exists == false or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.json.error == 0
register: newagentdata_api
@@ -134,7 +134,7 @@
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
when:
- - check_keys.stat.size == 0
+ - check_keys.stat.exists == false or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.changed
tags:
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
index ebbe1bb6..8aebbda8 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@@ -19,6 +19,16 @@
when:
- ansible_distribution_major_version|int == 5
+- name: AmazonLinux | Install Wazuh repo
+ yum_repository:
+ name: wazuh_repo
+ description: Wazuh repository
+ baseurl: https://packages.wazuh.com/3.x/yum/
+ gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+ gpgcheck: yes
+ when:
+ - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
url: http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jre-8u171-linux-x64.rpm
@@ -53,7 +63,7 @@
- name: Set Distribution CIS filename for RHEL7
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7") or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: RedHat/CentOS/RedHat | Install openscap
package: name=openscap-scanner state=present
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
index 25232291..7b68f4dd 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@@ -62,7 +62,7 @@
notify: restart wazuh-agent windows
when:
- wazuh_agent_authd.enable == true
- - check_windows_key.stat.exists == false
+ - check_windows_key.stat.exists == false or check_windows_key.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 18f02855..3b94cc22 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -5,6 +5,7 @@ wazuh_manager_config:
json_output: 'yes'
alerts_log: 'yes'
logall: 'no'
+ logall_json: 'no'
log_format: 'plain'
api:
bind_addr: '0.0.0.0'
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index f644a38f..27eea91b 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -18,6 +18,20 @@
gpgcheck: yes
when: ansible_distribution == 'Fedora'
+- name: AmazonLinux | Get Nodejs
+ shell: curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
+ args:
+ warn: no
+ when:
+ - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
+- name: AmazonLinux | Install Nodejs repo
+ yum:
+ name: nodejs
+ state: present
+ when:
+ - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
- name: RedHat/CentOS/Fedora | Install Wazuh repo
yum_repository:
name: wazuh_repo
@@ -26,7 +40,7 @@
gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
gpgcheck: yes
when:
- - ansible_distribution_major_version|int > 5
+ - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: RedHat/CentOS 5 | Install Wazuh repo
yum_repository:
@@ -36,12 +50,13 @@
gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
gpgcheck: yes
when:
- - ansible_distribution_major_version|int < 6
+ - ansible_distribution_major_version|int == 5
- name: RedHat/CentOS/Fedora | Install openscap
package: name=openscap-scanner state=present
tags:
- init
+ when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
- name: CentOS 6 | Install Software Collections (SCL) Repository
package: name=centos-release-scl state=present
@@ -113,4 +128,4 @@
- name: Set Distribution CIS filename for RHEL7/CentOS-7
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7') or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 4c768216..9e619192 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -1,6 +1,6 @@
---
- import_tasks: "RedHat.yml"
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5
+ when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
- import_tasks: "Debian.yml"
when: ansible_os_family == "Debian"
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 72d564f2..0f37b560 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -10,6 +10,7 @@
{{ wazuh_manager_config.json_output }}
{{ wazuh_manager_config.alerts_log }}
{{ wazuh_manager_config.logall }}
+ {{ wazuh_manager_config.logall_json }}
{% if wazuh_manager_config.email_notification | lower == "yes" %}
yes
{% else %}