From 2424ee9eadd026583605e6dc700a490dd392f49b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 17 May 2022 11:24:20 -0300 Subject: [PATCH 01/12] Install curl added --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 08698f73..0befc651 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -23,6 +23,7 @@ - unzip - openssl - tar + - curl state: present - include_tasks: "RedHat.yml" From 6fff4701179b64ce6fbaf81ff0cdf0ed4ac6f725 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 17 May 2022 11:31:36 -0300 Subject: [PATCH 02/12] Install dependencies task order update --- .../wazuh/ansible-wazuh-manager/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 0befc651..b3af417a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,5 +1,14 @@ --- +- name: "Install dependencies" + package: + name: + - unzip + - openssl + - tar + - curl + state: present + - name: Get latest wazuh release shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" register: wazuh_latest_release @@ -17,15 +26,6 @@ config_layer: '{{ wazuh_manager_config | default({}) }}' when: wazuh_manager_config_overlay | bool -- name: "Install dependencies" - package: - name: - - unzip - - openssl - - tar - - curl - state: present - - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") From df42b9bcae74772fed850ab5e39fc1254eb7234a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 10:06:11 -0300 Subject: [PATCH 03/12] Molecule distributed scenario updated --- .github/workflows/main.yml | 4 +- .../distributed-wazuh-odfe/group_vars/all.yml | 47 ------------------- .../group_vars/elastic.yml | 16 ------- .../group_vars/kibana.yml | 17 ------- .../INSTALL.rst | 0 .../converge.yml | 26 +++++----- .../group_vars/agents.yml | 0 molecule/distributed-wazuh/group_vars/all.yml | 39 +++++++++++++++ .../group_vars/dashboard.yml | 17 +++++++ .../distributed-wazuh/group_vars/indexer.yml | 12 +++++ .../group_vars/managers.yml | 2 +- .../molecule.yml | 28 +++++------ .../tests/test_default.py | 0 13 files changed, 98 insertions(+), 110 deletions(-) delete mode 100644 molecule/distributed-wazuh-odfe/group_vars/all.yml delete mode 100644 molecule/distributed-wazuh-odfe/group_vars/elastic.yml delete mode 100644 molecule/distributed-wazuh-odfe/group_vars/kibana.yml rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/INSTALL.rst (100%) rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/converge.yml (69%) rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/group_vars/agents.yml (100%) create mode 100644 molecule/distributed-wazuh/group_vars/all.yml create mode 100644 molecule/distributed-wazuh/group_vars/dashboard.yml create mode 100644 molecule/distributed-wazuh/group_vars/indexer.yml rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/group_vars/managers.yml (83%) rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/molecule.yml (88%) rename molecule/{distributed-wazuh-odfe => distributed-wazuh}/tests/test_default.py (100%) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 48c8bf6a..72078678 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,7 +35,7 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - scenario-distributed-wazuh-odfe: + scenario-distributed-wazuh: name: Distributed ODFE + Wazuh runs-on: ubuntu-latest steps: @@ -60,7 +60,7 @@ jobs: run: poetry install - name: Run Molecule tests. - run: poetry run molecule test -s distributed-wazuh-odfe + run: poetry run molecule test -s distributed-wazuh env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml deleted file mode 100644 index 4fcb46fd..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" -kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" -kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" - -######################################################## -# General ELK stack variables - -# OpenDistro -kibana_opendistro_security: true - -opendistro_kibana_user: kibanaserver -opendistro_security_user: elastic - -opendistro_kibana_password: changeme -opendistro_security_password: admin -opendistro_admin_password: changeme - -# All nodes are called by IP name -elasticsearch_node_name: '{{ ansible_hostname }}' -kibana_node_name: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' - -######################################################## -# Versions -# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ - -elastic_stack_version: 7.10.2 -opendistro_version: 1.13.2 -filebeat_version: 7.10.2 -kibana_opendistro_version: 1.13.2-1 - -# Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.1-1 -wazuh_agent_version: 4.3.1-1 - -# Kibana role appends it automatically. -wazuh_version: 4.3.1 diff --git a/molecule/distributed-wazuh-odfe/group_vars/elastic.yml b/molecule/distributed-wazuh-odfe/group_vars/elastic.yml deleted file mode 100644 index 056f5184..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/elastic.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' - -elasticsearch_reachable_host: '{{ private_ip }}' -elasticsearch_http_port: 9200 - -elasticsearch_bootstrap_node: true -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - -opendistro_jvm_xms: 1024 diff --git a/molecule/distributed-wazuh-odfe/group_vars/kibana.yml b/molecule/distributed-wazuh-odfe/group_vars/kibana.yml deleted file mode 100644 index 5101d76a..00000000 --- a/molecule/distributed-wazuh-odfe/group_vars/kibana.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -kibana_server_name: '{{ ansible_hostname }}' -elasticsearch_network_host: "{{ elastic_addresses[0] }}" -#elasticsearch_http_port: 9200 - -elasticsearch_node_master: false -elasticsearch_node_ingest: false -elasticsearch_node_data: false - -wazuh_api_credentials: - - id: default - url: 'https://{{ manager_addresses[0] }}' - port: 55000 - #port: 1514 - username: wazuh - password: wazuh diff --git a/molecule/distributed-wazuh-odfe/INSTALL.rst b/molecule/distributed-wazuh/INSTALL.rst similarity index 100% rename from molecule/distributed-wazuh-odfe/INSTALL.rst rename to molecule/distributed-wazuh/INSTALL.rst diff --git a/molecule/distributed-wazuh-odfe/converge.yml b/molecule/distributed-wazuh/converge.yml similarity index 69% rename from molecule/distributed-wazuh-odfe/converge.yml rename to molecule/distributed-wazuh/converge.yml index 874df159..53f95153 100644 --- a/molecule/distributed-wazuh-odfe/converge.yml +++ b/molecule/distributed-wazuh/converge.yml @@ -5,7 +5,7 @@ become: true become_user: root vars: - endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' + endpoints_hostvars: '{{ managers_hostvars | union(indexer_hostvars) | union(dashboard_hostvars) }}' wazuh_managers_common: port: 1514 protocol: tcp @@ -17,7 +17,7 @@ pre_tasks: - name: (converge) build instances list dynamically for cert generator consumption set_fact: - odfe_endpoint_list: "{{ odfe_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" + wazuh_endpoint_list: "{{ wazuh_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" vars: instance_hostname: '{{ item.ansible_facts.hostname }}' instance_item: @@ -35,39 +35,39 @@ - name: overview of cert configuration debug: - var: odfe_endpoint_list + var: wazuh_endpoint_list - name: Generate certificates prior to converging - hosts: molecule_odfe_elasticsearch_centos7 + hosts: molecule_wazuh_indexer_centos7 become: true become_user: root roles: - - role: ../../roles/opendistro/opendistro-elasticsearch + - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true perform_installation: false - instances: '{{ odfe_endpoint_list }}' + instances: '{{ wazuh_endpoint_list }}' pre_tasks: - name: overview of cert configuration debug: - var: odfe_endpoint_list + var: wazuh_endpoint_list - name: Converge hosts: all become: true become_user: root roles: - # 1. Elasticsearch - - role: ../../roles/opendistro/opendistro-elasticsearch - when: inventory_hostname in groups['elastic'] + # 1. Wazuh indexer + - role: ../../roles/wazuh/wazuh-indexer + when: inventory_hostname in groups['indexer'] # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager when: inventory_hostname in groups['managers'] - role: ../../roles/wazuh/ansible-filebeat-oss when: inventory_hostname in groups['managers'] - # 3. Kibana - - role: ../../roles/opendistro/opendistro-kibana - when: inventory_hostname in groups['kibana'] + # 3. Wazuh dashboard + - role: ../../roles/wazuh/wazuh-dashboard + when: inventory_hostname in groups['dashboard'] # 4. Agents: - role: ../../roles/wazuh/ansible-wazuh-agent vars: diff --git a/molecule/distributed-wazuh-odfe/group_vars/agents.yml b/molecule/distributed-wazuh/group_vars/agents.yml similarity index 100% rename from molecule/distributed-wazuh-odfe/group_vars/agents.yml rename to molecule/distributed-wazuh/group_vars/agents.yml diff --git a/molecule/distributed-wazuh/group_vars/all.yml b/molecule/distributed-wazuh/group_vars/all.yml new file mode 100644 index 00000000..44025daa --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/all.yml @@ -0,0 +1,39 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +indexer_hostvars: "{{ groups['indexer'] | map('extract', hostvars) | list }}" +dashboard_hostvars: "{{ groups['dashboard'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +indexer_addresses: "{{ indexer_hostvars | map(attribute='private_ip') | list }}" +dashboard_addresses: "{{ dashboard_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# General Wazuh stack variables + +# Wazuh indexer/dashboard +dashboard_security: true + +dashboard_user: kibanaserver +indexer_security_user: admin + +dashboard_password: changeme +indexer_security_password: changeme +indexer_admin_password: changeme + +# All nodes are called by IP name +indexer_node_name: '{{ ansible_hostname }}' +dashboard_node_name: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' + +indexer_version: 4.3.1 +filebeat_version: 7.10.2 +wazuh_version: 4.3.1 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.3.1-1 +wazuh_agent_version: 4.3.1-1 diff --git a/molecule/distributed-wazuh/group_vars/dashboard.yml b/molecule/distributed-wazuh/group_vars/dashboard.yml new file mode 100644 index 00000000..73550266 --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/dashboard.yml @@ -0,0 +1,17 @@ +--- + +dashboard_server_name: '{{ ansible_hostname }}' +indexer_network_host: "{{ indexer_addresses[0] }}" +#indexer_http_port: 9200 + +indexer_node_master: false +indexer_node_ingest: false +indexer_node_data: false + +wazuh_api_credentials: + - id: default + url: 'https://{{ manager_addresses[0] }}' + port: 55000 + #port: 1514 + username: wazuh + password: wazuh diff --git a/molecule/distributed-wazuh/group_vars/indexer.yml b/molecule/distributed-wazuh/group_vars/indexer.yml new file mode 100644 index 00000000..747fdd6c --- /dev/null +++ b/molecule/distributed-wazuh/group_vars/indexer.yml @@ -0,0 +1,12 @@ +--- + +single_node: false +indexer_node_master: true +minimum_master_nodes: 1 + +indexer_network_host: '{{ private_ip }}' + +indexer_http_port: 9200 + +indexer_cluster_nodes: '{{ indexer_addresses }}' +indexer_discovery_nodes: '{{ indexer_addresses }}' diff --git a/molecule/distributed-wazuh-odfe/group_vars/managers.yml b/molecule/distributed-wazuh/group_vars/managers.yml similarity index 83% rename from molecule/distributed-wazuh-odfe/group_vars/managers.yml rename to molecule/distributed-wazuh/group_vars/managers.yml index 4f15afd5..866b1ebe 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/managers.yml +++ b/molecule/distributed-wazuh/group_vars/managers.yml @@ -1,7 +1,7 @@ --- wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' +filebeat_output_indexer_hosts: '{{ indexer_addresses }}' wazuh_manager_config: connection: diff --git a/molecule/distributed-wazuh-odfe/molecule.yml b/molecule/distributed-wazuh/molecule.yml similarity index 88% rename from molecule/distributed-wazuh-odfe/molecule.yml rename to molecule/distributed-wazuh/molecule.yml index 46c08695..d6f1d90b 100644 --- a/molecule/distributed-wazuh-odfe/molecule.yml +++ b/molecule/distributed-wazuh/molecule.yml @@ -18,7 +18,7 @@ platforms: ################################################ # Wazuh Managers ################################################ - - name: molecule_odfe_manager_centos7 + - name: molecule_wazuh_manager_centos7 hostname: wazuh-mgr01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -33,7 +33,7 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_manager_debian9 + - name: molecule_wazuh_manager_debian9 hostname: wazuh-mgr02 image: geerlingguy/docker-debian9-ansible command: /sbin/init @@ -49,9 +49,9 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:ro ################################################ - # Elastic Cluster + # Wazuh indexer Cluster ################################################ - - name: molecule_odfe_elasticsearch_centos7 + - name: molecule_wazuh_indexer_centos7 hostname: wazuh-es01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -60,13 +60,13 @@ platforms: memory: 4096m memory_reservation: 2048m groups: - - elastic + - indexer ulimits: - nofile:262144:262144 volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_elasticsearch_centos7_2 + - name: molecule_wazuh_indexer_centos7_2 hostname: wazuh-es02 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -75,7 +75,7 @@ platforms: memory: 4096m memory_reservation: 2048m groups: - - elastic + - indexer ulimits: - nofile:262144:262144 volumes: @@ -84,7 +84,7 @@ platforms: ################################################ # Wazuh Agents ################################################ - - name: molecule_odfe_agent_centos7 + - name: molecule_wazuh_agent_centos7 hostname: wazuh-agent01 image: geerlingguy/docker-centos7-ansible command: /sbin/init @@ -97,7 +97,7 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: molecule_odfe_agent_debian9 + - name: molecule_wazuh_agent_debian9 hostname: wazuh-agent02 image: geerlingguy/docker-debian9-ansible command: /sbin/init @@ -111,11 +111,11 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:ro ################################################ - # Kibana + # Wazuh dashboard ################################################ - - name: molecule_odfe_kibana_centos7 - hostname: wazuh-kib01 + - name: molecule_wazuh_dashboard_centos7 + hostname: wazuh-dash01 image: geerlingguy/docker-centos7-ansible command: /sbin/init pre_build_image: true @@ -123,7 +123,7 @@ platforms: memory: 2048m memory_reservation: 512m groups: - - kibana + - dashboard volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro @@ -147,7 +147,7 @@ provisioner: name: ansible-lint enabled: false scenario: - name: distributed-wazuh-odfe + name: distributed-wazuh test_sequence: - dependency - syntax diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh/tests/test_default.py similarity index 100% rename from molecule/distributed-wazuh-odfe/tests/test_default.py rename to molecule/distributed-wazuh/tests/test_default.py From 8350a30dacb7960367eafd0003a147ba35d52254 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 11:09:16 -0300 Subject: [PATCH 04/12] Distributed test updated --- molecule/distributed-wazuh/converge.yml | 84 ++++++++++++++++++- .../group_vars/dashboard.yml | 1 + .../distributed-wazuh/group_vars/indexer.yml | 1 + .../distributed-wazuh/group_vars/managers.yml | 2 + 4 files changed, 87 insertions(+), 1 deletion(-) diff --git a/molecule/distributed-wazuh/converge.yml b/molecule/distributed-wazuh/converge.yml index 53f95153..5033b56a 100644 --- a/molecule/distributed-wazuh/converge.yml +++ b/molecule/distributed-wazuh/converge.yml @@ -46,7 +46,33 @@ vars: generate_certs: true perform_installation: false - instances: '{{ wazuh_endpoint_list }}' + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: wazuh-es02 + ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" + role: indexer +# node3: +# name: node-3 +# ip: "{{ hostvars.wi3.private_ip }}" +# role: indexer + node4: + name: wazuh-mgr01 + ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" + role: wazuh + node_type: master + node5: + name: wazuh-mgr02 + ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" + role: wazuh + node_type: worker + node6: + name: wazuh-dash01 + ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" + role: dashboard pre_tasks: - name: overview of cert configuration debug: @@ -60,6 +86,34 @@ # 1. Wazuh indexer - role: ../../roles/wazuh/wazuh-indexer when: inventory_hostname in groups['indexer'] + vars: + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: wazuh-es02 + ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" + role: indexer +# node3: +# name: node-3 +# ip: "{{ hostvars.wi3.private_ip }}" +# role: indexer + node4: + name: wazuh-mgr01 + ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" + role: wazuh + node_type: master + node5: + name: wazuh-mgr02 + ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" + role: wazuh + node_type: worker + node6: + name: wazuh-dash01 + ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" + role: dashboard # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager when: inventory_hostname in groups['managers'] @@ -68,6 +122,34 @@ # 3. Wazuh dashboard - role: ../../roles/wazuh/wazuh-dashboard when: inventory_hostname in groups['dashboard'] + vars: + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: wazuh-es02 + ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" + role: indexer +# node3: +# name: node-3 +# ip: "{{ hostvars.wi3.private_ip }}" +# role: indexer + node4: + name: wazuh-mgr01 + ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" + role: wazuh + node_type: master + node5: + name: wazuh-mgr02 + ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" + role: wazuh + node_type: worker + node6: + name: wazuh-dash01 + ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" + role: dashboard # 4. Agents: - role: ../../roles/wazuh/ansible-wazuh-agent vars: diff --git a/molecule/distributed-wazuh/group_vars/dashboard.yml b/molecule/distributed-wazuh/group_vars/dashboard.yml index 73550266..0cc8e6f5 100644 --- a/molecule/distributed-wazuh/group_vars/dashboard.yml +++ b/molecule/distributed-wazuh/group_vars/dashboard.yml @@ -7,6 +7,7 @@ indexer_network_host: "{{ indexer_addresses[0] }}" indexer_node_master: false indexer_node_ingest: false indexer_node_data: false +role: 'dashboard' wazuh_api_credentials: - id: default diff --git a/molecule/distributed-wazuh/group_vars/indexer.yml b/molecule/distributed-wazuh/group_vars/indexer.yml index 747fdd6c..f8804629 100644 --- a/molecule/distributed-wazuh/group_vars/indexer.yml +++ b/molecule/distributed-wazuh/group_vars/indexer.yml @@ -3,6 +3,7 @@ single_node: false indexer_node_master: true minimum_master_nodes: 1 +role: 'indexer' indexer_network_host: '{{ private_ip }}' diff --git a/molecule/distributed-wazuh/group_vars/managers.yml b/molecule/distributed-wazuh/group_vars/managers.yml index 866b1ebe..354136c7 100644 --- a/molecule/distributed-wazuh/group_vars/managers.yml +++ b/molecule/distributed-wazuh/group_vars/managers.yml @@ -2,6 +2,8 @@ wazuh_manager_fqdn: '{{ ansible_hostname }}' filebeat_output_indexer_hosts: '{{ indexer_addresses }}' +node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" +role: 'wazuh' wazuh_manager_config: connection: From 725b764a8019f926b4eeb41b820ec7f6780ed2ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 11:21:27 -0300 Subject: [PATCH 05/12] Instances added to distributed test --- molecule/distributed-wazuh/converge.yml | 86 +++++++++---------------- 1 file changed, 29 insertions(+), 57 deletions(-) diff --git a/molecule/distributed-wazuh/converge.yml b/molecule/distributed-wazuh/converge.yml index 5033b56a..299fe8a3 100644 --- a/molecule/distributed-wazuh/converge.yml +++ b/molecule/distributed-wazuh/converge.yml @@ -86,34 +86,6 @@ # 1. Wazuh indexer - role: ../../roles/wazuh/wazuh-indexer when: inventory_hostname in groups['indexer'] - vars: - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node2: - name: wazuh-es02 - ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" - role: indexer -# node3: -# name: node-3 -# ip: "{{ hostvars.wi3.private_ip }}" -# role: indexer - node4: - name: wazuh-mgr01 - ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" - role: wazuh - node_type: master - node5: - name: wazuh-mgr02 - ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" - role: wazuh - node_type: worker - node6: - name: wazuh-dash01 - ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" - role: dashboard # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager when: inventory_hostname in groups['managers'] @@ -122,36 +94,36 @@ # 3. Wazuh dashboard - role: ../../roles/wazuh/wazuh-dashboard when: inventory_hostname in groups['dashboard'] - vars: - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node2: - name: wazuh-es02 - ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" - role: indexer -# node3: -# name: node-3 -# ip: "{{ hostvars.wi3.private_ip }}" -# role: indexer - node4: - name: wazuh-mgr01 - ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" - role: wazuh - node_type: master - node5: - name: wazuh-mgr02 - ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" - role: wazuh - node_type: worker - node6: - name: wazuh-dash01 - ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" - role: dashboard # 4. Agents: - role: ../../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: '{{ wazuh_managers_list }}' - when: inventory_hostname in groups['agents'] \ No newline at end of file + when: inventory_hostname in groups['agents'] + vars: + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: wazuh-es02 + ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" + role: indexer +# node3: +# name: node-3 +# ip: "{{ hostvars.wi3.private_ip }}" +# role: indexer + node4: + name: wazuh-mgr01 + ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" + role: wazuh + node_type: master + node5: + name: wazuh-mgr02 + ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" + role: wazuh + node_type: worker + node6: + name: wazuh-dash01 + ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" + role: dashboard \ No newline at end of file From 039ede12b863a51b1f864c76e117bd7667d868c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 13:22:52 -0300 Subject: [PATCH 06/12] API call changed to localhost --- roles/wazuh/wazuh-indexer/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index 0e18d05f..45094949 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -111,7 +111,7 @@ - name: Wait for Wazuh indexer API (Private IP) uri: - url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else indexer_network_host }}:{{ indexer_http_port }}/_cat/health/" + url: "https://127.0.0.1:{{ indexer_http_port }}/_cat/health/" user: "admin" # Default Indexer user is always "admin" password: "{{ indexer_admin_password }}" validate_certs: no From f3259712b8adecd6cbf778ed25faa3481abe0e29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 13:45:01 -0300 Subject: [PATCH 07/12] Indexer node name updated --- molecule/distributed-wazuh/group_vars/all.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/distributed-wazuh/group_vars/all.yml b/molecule/distributed-wazuh/group_vars/all.yml index 44025daa..8bac41a5 100644 --- a/molecule/distributed-wazuh/group_vars/all.yml +++ b/molecule/distributed-wazuh/group_vars/all.yml @@ -26,9 +26,9 @@ indexer_security_password: changeme indexer_admin_password: changeme # All nodes are called by IP name -indexer_node_name: '{{ ansible_hostname }}' -dashboard_node_name: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' +indexer_node_name: '{{ ansible_facts.hostname }}' +dashboard_node_name: '{{ ansible_facts.hostname }}' +filebeat_node_name: '{{ ansible_facts.hostname }}' indexer_version: 4.3.1 filebeat_version: 7.10.2 From 35bdc3d85671e30d22ee80fb70e8e47ba56996ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 13:51:58 -0300 Subject: [PATCH 08/12] API call restored to private_ip --- roles/wazuh/wazuh-indexer/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index 45094949..0e18d05f 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -111,7 +111,7 @@ - name: Wait for Wazuh indexer API (Private IP) uri: - url: "https://127.0.0.1:{{ indexer_http_port }}/_cat/health/" + url: "https://{{ hostvars[inventory_hostname]['private_ip'] if not single_node else indexer_network_host }}:{{ indexer_http_port }}/_cat/health/" user: "admin" # Default Indexer user is always "admin" password: "{{ indexer_admin_password }}" validate_certs: no From f195b2c0987ac0056a72eeaaf6f62e4dda6842b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 14:28:58 -0300 Subject: [PATCH 09/12] Distributed test comments removed --- molecule/distributed-wazuh/converge.yml | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/molecule/distributed-wazuh/converge.yml b/molecule/distributed-wazuh/converge.yml index 299fe8a3..8ff42c37 100644 --- a/molecule/distributed-wazuh/converge.yml +++ b/molecule/distributed-wazuh/converge.yml @@ -55,21 +55,17 @@ name: wazuh-es02 ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" role: indexer -# node3: -# name: node-3 -# ip: "{{ hostvars.wi3.private_ip }}" -# role: indexer - node4: + node3: name: wazuh-mgr01 ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" role: wazuh node_type: master - node5: + node4: name: wazuh-mgr02 ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" role: wazuh node_type: worker - node6: + node5: name: wazuh-dash01 ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" role: dashboard @@ -109,21 +105,17 @@ name: wazuh-es02 ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" role: indexer -# node3: -# name: node-3 -# ip: "{{ hostvars.wi3.private_ip }}" -# role: indexer - node4: + node3: name: wazuh-mgr01 ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" role: wazuh node_type: master - node5: + node4: name: wazuh-mgr02 ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" role: wazuh node_type: worker - node6: + node5: name: wazuh-dash01 ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" role: dashboard \ No newline at end of file From 2aaed526492de78727674c87a10f9b47554291cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 14:40:21 -0300 Subject: [PATCH 10/12] Dashboard commented parameter deleted --- molecule/distributed-wazuh/group_vars/dashboard.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/molecule/distributed-wazuh/group_vars/dashboard.yml b/molecule/distributed-wazuh/group_vars/dashboard.yml index 0cc8e6f5..16f48959 100644 --- a/molecule/distributed-wazuh/group_vars/dashboard.yml +++ b/molecule/distributed-wazuh/group_vars/dashboard.yml @@ -2,7 +2,6 @@ dashboard_server_name: '{{ ansible_hostname }}' indexer_network_host: "{{ indexer_addresses[0] }}" -#indexer_http_port: 9200 indexer_node_master: false indexer_node_ingest: false @@ -13,6 +12,5 @@ wazuh_api_credentials: - id: default url: 'https://{{ manager_addresses[0] }}' port: 55000 - #port: 1514 username: wazuh password: wazuh From 41dfecbdf846888f067a4124592c0b50c2628ed0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 16:39:00 -0300 Subject: [PATCH 11/12] Password tasks updated --- .github/workflows/main.yml | 2 +- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 72078678..b13122b2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -36,7 +36,7 @@ jobs: ANSIBLE_FORCE_COLOR: '1' scenario-distributed-wazuh: - name: Distributed ODFE + Wazuh + name: Distributed Wazuh runs-on: ubuntu-latest steps: - name: Check out the codebase. diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 405bfe33..8a679c72 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -60,7 +60,6 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - run_once: true # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword @@ -78,7 +77,6 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - run_once: true - name: Initialize the Opensearch security index in Wazuh indexer command: > From 7ba3f4bf752ef04bc9068a0f590d9e0fcdd51584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 19 May 2022 16:52:33 -0300 Subject: [PATCH 12/12] Indexer security actions updated --- .../wazuh-indexer/tasks/security_actions.yml | 95 ++++++++++--------- 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 8a679c72..3921db2d 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -45,55 +45,56 @@ mode: 0644 run_once: true -- name: Hashing the custom admin password - shell: | - export JAVA_HOME=/usr/share/wazuh-indexer/jdk - {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} - register: indexer_admin_password_hashed - no_log: '{{ indexer_nolog_sensible | bool }}' +- block: + - name: Hashing the custom admin password + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} + register: indexer_admin_password_hashed + no_log: '{{ indexer_nolog_sensible | bool }}' + + - name: Set the Admin user password + replace: + path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" + regexp: '(?<=admin:\n hash: )(.*)(?=)' + replace: "{{ indexer_password_hash | quote }}" + vars: + indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" + + # this can also be achieved with password_hash, but it requires dependencies on the controller + - name: Hash the kibanaserver role/user pasword + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }} + register: indexer_kibanaserver_password_hashed + no_log: '{{ indexer_nolog_sensible | bool }}' + + - name: Set the kibanaserver user password + replace: + path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" + regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)' + replace: "{{ indexer_password_hash | quote }}" + vars: + indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" + + - name: Initialize the Opensearch security index in Wazuh indexer + command: > + sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} + JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/securityadmin.sh + -cd {{ indexer_sec_plugin_conf_path }}/ + -icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/ + -nhnv + -cacert {{ indexer_conf_path }}/certs/root-ca.pem + -cert {{ indexer_conf_path }}/certs/admin.pem + -key {{ indexer_conf_path }}/certs/admin-key.pem + -h {{ target_address }} + retries: 2 + delay: 5 + register: result + until: result.rc == 0 run_once: true -- name: Set the Admin user password - replace: - path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" - regexp: '(?<=admin:\n hash: )(.*)(?=)' - replace: "{{ indexer_password_hash | quote }}" - vars: - indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - -# this can also be achieved with password_hash, but it requires dependencies on the controller -- name: Hash the kibanaserver role/user pasword - shell: | - export JAVA_HOME=/usr/share/wazuh-indexer/jdk - {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }} - register: indexer_kibanaserver_password_hashed - no_log: '{{ indexer_nolog_sensible | bool }}' - run_once: true - -- name: Set the kibanaserver user password - replace: - path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" - regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)' - replace: "{{ indexer_password_hash | quote }}" - vars: - indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - -- name: Initialize the Opensearch security index in Wazuh indexer - command: > - sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} - JAVA_HOME=/usr/share/wazuh-indexer/jdk - {{ indexer_sec_plugin_tools_path }}/securityadmin.sh - -cd {{ indexer_sec_plugin_conf_path }}/ - -icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/ - -nhnv - -cacert {{ indexer_conf_path }}/certs/root-ca.pem - -cert {{ indexer_conf_path }}/certs/admin.pem - -key {{ indexer_conf_path }}/certs/admin-key.pem - -h {{ target_address }} - retries: 2 - delay: 5 - register: result - until: result.rc == 0 - name: Create custom user uri: