diff --git a/CHANGELOG.md b/CHANGELOG.md index 405be5c4..295cafaf 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,21 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.0.0] + +### Added + +- Update to Wazuh v4.0.0 + +### Fixed + +- Ensure recursive /usr/share/kibana permissions before installing WUI ([@Zenidd](https://github.com/Zenidd)) [PR#471](https://github.com/wazuh/wazuh-ansible/pull/471) +- Remove vuls integration ([@manuasir](https://github.com/manuasir)) [PR#469](https://github.com/wazuh/wazuh-ansible/pull/469) + +### Added + +- New example playbooks on README ([@Zenidd](https://github.com/Zenidd)) [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) + ## [v3.13.2] ### Added diff --git a/README.md b/README.md index c9f54929..47235d22 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Wazuh-Ansible +# Wazuh-Ansible [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/) [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) @@ -11,6 +11,12 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. * `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable. * `3.13` branch on correspond to the last Wazuh Ansible stable version. +## Compatibility Matrix + +| Wazuh version | Elastic | ODFE | +|---------------|---------|--------| +| v4.0.0 | 7.9.2 | 1.10.1 | + ## Documentation * [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) @@ -20,15 +26,15 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. ├── wazuh-ansible │ ├── roles - │ │ ├── elastic-stack - │ │ │ ├── ansible-elasticsearch + │ │ ├── elastic-stack + │ │ │ ├── ansible-elasticsearch │ │ │ ├── ansible-kibana - │ │ - │ │ ├── opendistro + │ │ + │ │ ├── opendistro │ │ │ ├── opendistro-elasticsearch │ │ │ ├── opendistro-kibana - │ │ - │ │ ├── wazuh + │ │ + │ │ ├── wazuh │ │ │ ├── ansible-filebeat │ │ │ ├── ansible-filebeat-oss │ │ │ ├── ansible-wazuh-manager @@ -99,7 +105,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod ip: "{{ hostvars.kibana.private_ip }}" tags: - generate-certs - + #ODFE Cluster - hosts: odfe_cluster strategy: free @@ -137,7 +143,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" - + #Wazuh cluster - hosts: manager roles: @@ -159,14 +165,15 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod disable: 'no' node_name: 'master' node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + - hosts: worker roles: - role: "../roles/wazuh/ansible-wazuh-manager" @@ -189,13 +196,13 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod node_type: 'worker' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + #ODFE+Kibana node - hosts: kibana roles: @@ -247,9 +254,9 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod ### Inventory file -- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node. +- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node. - The `private_ip` variable should contain the `address/FQDN` used for the internal cluster communications. -- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match. +- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match. - The ssh credentials used by Ansible during the provision can be specified in this file too. Another option is including them directly on the playbook. ```ini @@ -299,7 +306,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing single_node: true minimum_master_nodes: 1 elasticsearch_node_master: true - elasticsearch_network_host: + elasticsearch_network_host: filebeat_node_name: node-1 filebeat_output_elasticsearch_hosts: ansible_ssh_user: vagrant @@ -335,7 +342,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https:// If you want to contribute to our repository, please fork our Github repository and submit a pull request. -If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. +If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. ### Modified by Wazuh diff --git a/VERSION b/VERSION index 22dfe1fb..61785a6e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4" -REVISION="31220" +REVISION="40000" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 1b020f6a..289e4f86 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -6,18 +6,18 @@ import re testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + def get_wazuh_version(): - """This returns the version of Wazuh.""" - return "3.13.2" + """This return the version of Wazuh.""" + return "4.0.0" + def test_wazuh_packages_are_installed(host): """Test the main packages are installed.""" manager = host.package("wazuh-manager") - api = host.package("wazuh-api") assert manager.is_installed assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) + def test_wazuh_services_are_running(host): """Test the services are enabled and running. @@ -30,7 +30,9 @@ def test_wazuh_services_are_running(host): # api = host.service("wazuh-api") # assert manager.is_running # assert api.is_running - output = host.check_output('ps aux | grep ossec | tr -s " " | cut -d" " -f11') + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) assert 'ossec-authd' in output assert 'wazuh-modulesd' in output assert 'wazuh-db' in output @@ -48,7 +50,6 @@ def test_wazuh_services_are_running(host): ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), ]) - def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" wazuh_file_host = host.file(wazuh_file) @@ -56,6 +57,7 @@ def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): assert wazuh_file_host.group == wazuh_group assert wazuh_file_host.mode == wazuh_mode + def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index d7cbb7a7..be73e030 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,15 +6,9 @@ wazuh_managers: - address: port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible max_retries: 5 - retry_interval: 5 - wazuh_agent_authd: - registration_address: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' + retry_interval: 5 \ No newline at end of file diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index b2675834..b6cba365 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -38,7 +38,7 @@ ip: "{{ hostvars.kibana.private_ip }}" tags: - generate-certs - + #ODFE Cluster - hosts: odfe_cluster strategy: free @@ -76,7 +76,7 @@ node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" - + #Wazuh cluster - hosts: manager roles: @@ -98,14 +98,18 @@ disable: 'no' node_name: 'master' node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' + wazuh_api_users: + - username: custom-user + password: .S3cur3Pa55w0rd*- filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + - hosts: worker roles: - role: "../roles/wazuh/ansible-wazuh-manager" @@ -128,13 +132,13 @@ node_type: 'worker' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + #ODFE+Kibana node - hosts: kibana roles: @@ -161,8 +165,8 @@ - id: default url: https://{{ hostvars.manager.private_ip }} port: 55000 - user: foo - password: bar + username: custom-user + password: .S3cur3Pa55w0rd*- instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. @@ -181,4 +185,4 @@ ip: "{{ hostvars.worker.private_ip }}" node6: name: node-6 - ip: "{{ hostvars.kibana.private_ip }}" \ No newline at end of file + ip: "{{ hostvars.kibana.private_ip }}" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9f15444d..35bae043 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,9 +6,9 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana -elastic_stack_version: 7.9.1 -wazuh_version: 3.13.2 -wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +elastic_stack_version: 7.9.2 +wazuh_version: 4.0.0 +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' @@ -19,10 +19,10 @@ elasticrepo: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # Xpack Security kibana_xpack_security: false @@ -49,7 +49,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.13-7.9 +wazuh_plugin_branch: 4.0-7.9 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 44643ebd..0181a262 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -115,7 +115,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..ee70c2ad 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -21,7 +21,7 @@ # ------------------------------- Index patterns ------------------------------- # # Default index pattern to use. -#pattern: wazuh-alerts-3.x-* +#pattern: wazuh-alerts-4.x-* # # ----------------------------------- Checks ----------------------------------- # @@ -92,17 +92,17 @@ # Default: 900 (s) #wazuh.monitoring.frequency: 900 # -# Configure wazuh-monitoring-3.x-* indices shards and replicas. +# Configure wazuh-monitoring-4.x-* indices shards and replicas. #wazuh.monitoring.shards: 2 #wazuh.monitoring.replicas: 0 # -# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Configure wazuh-monitoring-4.x-* indices custom creation interval. # Values: h (hourly), d (daily), w (weekly), m (monthly) # Default: d #wazuh.monitoring.creation: d # # Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +#wazuh.monitoring.pattern: wazuh-monitoring-4.x-* # # # ------------------------------- App privileges -------------------------------- @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 1117e04b..22709024 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -16,7 +16,7 @@ elasticsearch_cluster_nodes: elasticsearch_discovery_nodes: - 127.0.0.1 -local_certs_path: ./opendistro/certificates +local_certs_path: "{{ playbook_dir }}/opendistro/certificates" # Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster minimum_master_nodes: 2 @@ -53,7 +53,7 @@ opendistro_jvm_xms: null opendistro_http_port: 9200 -certs_gen_tool_version: 1.7 +certs_gen_tool_version: 1.8 # Url of Search Guard certificates generator tool certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml index 3c89e6ab..04f20378 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml @@ -29,7 +29,7 @@ - name: Local action | Extract the certificates generation tool unarchive: - src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip" + src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" dest: "{{ local_certs_path }}/" - name: Local action | Add the execution bit to the binary diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 8bf679f0..2974bf3d 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -14,8 +14,8 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.9.1 -wazuh_version: 3.13.2 -wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +wazuh_version: 4.0.0 +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository kibana_opendistro_version: -1.10.1-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts @@ -33,10 +33,10 @@ package_repos: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # opendistro Security kibana_opendistro_security: true @@ -48,7 +48,7 @@ opendistro_security_user: elastic opendistro_admin_password: changeme opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme -local_certs_path: ./opendistro/certificates +local_certs_path: "{{ playbook_dir }}/opendistro/certificates" # Nodejs nodejs: @@ -59,7 +59,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.13-7.8 +wazuh_plugin_branch: 4.0-7.9 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index ff324bf8..f43fecba 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -58,7 +58,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..ee70c2ad 100644 --- a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 @@ -21,7 +21,7 @@ # ------------------------------- Index patterns ------------------------------- # # Default index pattern to use. -#pattern: wazuh-alerts-3.x-* +#pattern: wazuh-alerts-4.x-* # # ----------------------------------- Checks ----------------------------------- # @@ -92,17 +92,17 @@ # Default: 900 (s) #wazuh.monitoring.frequency: 900 # -# Configure wazuh-monitoring-3.x-* indices shards and replicas. +# Configure wazuh-monitoring-4.x-* indices shards and replicas. #wazuh.monitoring.shards: 2 #wazuh.monitoring.replicas: 0 # -# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Configure wazuh-monitoring-4.x-* indices custom creation interval. # Values: h (hourly), d (daily), w (weekly), m (monthly) # Default: d #wazuh.monitoring.creation: d # # Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +#wazuh.monitoring.pattern: wazuh-monitoring-4.x-* # # # ------------------------------- App privileges -------------------------------- @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index d31b6057..ace9077f 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.9.1 -wazuh_template_branch: v3.13.2 +wazuh_template_branch: v4.0.0 filebeat_create_config: true @@ -9,7 +9,7 @@ filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index a3fd803a..f2c02a48 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.9.1 +filebeat_version: 7.9.2 -wazuh_template_branch: v3.13.2 +wazuh_template_branch: v4.0.0 filebeat_create_config: true @@ -28,7 +28,7 @@ filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_insecure: "false" -filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b708772b..38ff1151 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.13.2-1 +wazuh_agent_version: 4.0.0-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v3.13.2" + branch: "v4.0.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -35,7 +35,7 @@ wazuh_agent_sources_installation: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: null @@ -66,13 +66,13 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: 101917472eef112270d83aa077b75670 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.13.2-1.msi -wazuh_winagent_package_name: wazuh-agent-3.13.2-1.msi + md5: f9737cbd7df7104c1bee9f3e8b9ca26e +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi +wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi wazuh_agent_config: repo: - apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' - yum: 'https://packages.wazuh.com/3.x/yum/' + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: @@ -284,4 +284,19 @@ wazuh_agent_config: list: - key: Env value: Production + enrollment: + enabled: '' + manager_address: '' + port: 1515 + agent_name: 'testname' + groups: '' + agent_address: '' + ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + server_ca_path: '' + agent_certificate_path: '' + agent_key_path: '' + authorization_pass_path : /var/ossec/etc/authd.pass + auto_method: 'no' + delay_after_enrollment: 20 + use_source_ip: 'no' wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index fdfd87a9..54b370f8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,4 +1,9 @@ --- +- name: Retrieving authd Credentials + include_vars: authd_pass.yml + tags: + - config + - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -42,6 +47,7 @@ - name: Linux | Check if client.keys exists stat: path=/var/ossec/etc/client.keys register: check_keys + when: wazuh_agent_config.enrollment.enabled == 'yes' tags: - config @@ -108,7 +114,9 @@ - not check_keys.stat.exists or check_keys.stat.size == 0 - wazuh_agent_authd.registration_address is not none - when: wazuh_agent_authd.enable + when: + - wazuh_agent_authd.enable + - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' tags: - config - authd @@ -181,6 +189,7 @@ when: - not wazuh_agent_authd.enable + - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' tags: - config - api @@ -207,6 +216,20 @@ - init - config +- name: Create auto-enrollment password file + template: + src: authd_pass.j2 + dest: "/var/ossec/etc/authd.pass" + owner: ossec + group: ossec + mode: 0640 + when: + - wazuh_agent_config.enrollment.enabled == 'yes' + - wazuh_agent_config.enrollment.authorization_pass_path | length > 0 + - ( authd_pass is defined) and ( authd_pass|length > 0) + tags: + - config + - name: Linux | Ensure Wazuh Agent service is started and enabled service: name: wazuh-agent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index e21baaaa..e2bedc16 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -69,7 +69,7 @@ register: agent_auth_output notify: Windows | Restart Wazuh Agent when: - - wazuh_agent_authd.enable + - wazuh_agent_authd.enable == true - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - wazuh_agent_authd.registration_address is not none tags: diff --git a/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 new file mode 100644 index 00000000..97a481f2 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 @@ -0,0 +1 @@ +{{ authd_pass }} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 1077ce3d..bb71ca45 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -36,6 +36,49 @@ {% endif %} {{ wazuh_auto_restart }} {{ wazuh_crypto_method }} + + {% if wazuh_agent_config.enrollment.enabled | length > 0 %} + + {{ wazuh_agent_config.enrollment.enabled }} + {% if wazuh_agent_config.enrollment.manager_address | length > 0 %} + {{ wazuh_agent_config.enrollment.manager_address }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_name | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_name }} + {% endif %} + {% if wazuh_agent_config.enrollment.port is defined > 0 %} + {{ wazuh_agent_config.enrollment.port }} + {% endif %} + {% if wazuh_agent_config.enrollment.groups | length > 0 %} + {{ wazuh_agent_config.enrollment.groups }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_address | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_address }} + {% endif %} + {% if wazuh_agent_config.enrollment.server_ca_path | length > 0 %} + {{ wazuh_agent_config.enrollment.server_ca_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_certificate_path | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_certificate_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_key_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} + {{ wazuh_agent_config.enrollment.authorization_pass_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.auto_method | length > 0 %} + {{ wazuh_agent_config.enrollment.auto_method }} + {% endif %} + {% if wazuh_agent_config.enrollment.delay_after_enrollment is defined > 0 %} + {{ wazuh_agent_config.enrollment.delay_after_enrollment }} + {% endif %} + {% if wazuh_agent_config.enrollment.use_source_ip | length > 0 %} + {{ wazuh_agent_config.enrollment.use_source_ip }} + {% endif %} + + {% endif %} + diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml index bc8113e3..c1f4da4f 100644 --- a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml +++ b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml @@ -1,3 +1,4 @@ --- # We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. # authd_pass: 'foobar' +authd_pass: '' \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 50c54990..ea73e74b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.13.2-1 +wazuh_manager_version: 4.0.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -8,14 +8,11 @@ wazuh_manager_package_state: present wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_api_enabled: false -wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.13.2" + branch: "v4.0.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -38,31 +35,14 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" -wazuh_api_sources_installation: - enabled: false - branch: "v3.13.2" - update: "y" - remove: "y" - directory: null - port: 55000 - https: "n" - authd: null - proxy: null - country: null - state: null - locality: null - org_name: null - org_unit: null - common_name: null - password: null - -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" +# wazuh_api_users: +# - username: custom-user +# password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars) wazuh_manager_config: repo: - apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' - yum: 'https://packages.wazuh.com/3.x/yum/' + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' @@ -71,21 +51,29 @@ wazuh_manager_config: logall_json: 'no' log_format: 'plain' api: - bind_addr: '0.0.0.0' + bind_addr: 0.0.0.0 port: 55000 - https: 'no' - basic_auth: 'yes' - behind_proxy_server: 'no' - https_cert: '/var/ossec/etc/sslmanager.cert' - https_key: '/var/ossec/etc/sslmanager.key' - https_use_ca: 'no' - https_ca: '' - use_only_authd: 'false' - drop_privileges: 'true' - experimental_features: 'false' - secure_protocol: 'TLSv1_2_method' - honor_cipher_order: 'true' - ciphers: '' + behind_proxy_server: no + https: yes + https_key: "api/configuration/ssl/server.key" + https_cert: "api/configuration/ssl/server.crt" + https_use_ca: False + https_ca: "api/configuration/ssl/ca.crt" + logging_level: "info" + logging_path: "logs/api.log" + cors: no + cors_source_route: "*" + cors_expose_headers: "*" + cors_allow_headers: "*" + cors_allow_credentials: no + cache: yes + cache_time: 0.750 + access_max_login_attempts: 5 + access_block_time: 300 + access_max_request_per_minute: 300 + use_only_authd: no + drop_privileges: yes + experimental_features: no cluster: disable: 'yes' name: 'wazuh' @@ -100,7 +88,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'udp' + protocol: 'tcp' queue_size: 131072 authd: enable: true diff --git a/roles/wazuh/ansible-wazuh-manager/files/create_user.py b/roles/wazuh/ansible-wazuh-manager/files/create_user.py new file mode 100644 index 00000000..aeabde44 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py @@ -0,0 +1,86 @@ +import logging +import sys +import json +import random +import string +import argparse +import os + +# Set framework path +sys.path.append("/var/ossec/framework") + +try: + from wazuh.security import ( + create_user, + get_users, + get_roles, + set_user_role, + update_user, + ) +except Exception as e: + logging.error("No module 'wazuh' found.") + sys.exit(1) + + +def db_users(): + users_result = get_users() + return {user["username"]: user["id"] for user in users_result.affected_items} + + +def db_roles(): + roles_result = get_roles() + return {role["name"]: role["id"] for role in roles_result.affected_items} + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description='add_user script') + parser.add_argument('--username', action="store", dest="username") + parser.add_argument('--password', action="store", dest="password") + results = parser.parse_args() + + username = results.username + password = results.password + + initial_users = db_users() + if username not in initial_users: + # create a new user + create_user(username=username, password=password) + users = db_users() + uid = users[username] + roles = db_roles() + rid = roles["administrator"] + set_user_role( + user_id=[ + str(uid), + ], + role_ids=[ + str(rid), + ], + ) + else: + # modify an existing user ("wazuh" or "wazuh-wui") + uid = initial_users[username] + update_user( + user_id=[ + str(uid), + ], + password=password, + ) + # set a random password for all other users + for name, id in initial_users.items(): + if name != username: + random_pass = "".join( + random.choices( + string.ascii_uppercase + + string.ascii_lowercase + + string.digits + + "@$!%*?&-_", + k=16, + ) + ) + update_user( + user_id=[ + str(id), + ], + password=random_pass, + ) diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index f422b85d..faf885b0 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -9,4 +9,4 @@ service: name: wazuh-api state: restarted - enabled: true \ No newline at end of file + enabled: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9247543e..9d76fc7f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -23,8 +23,8 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,8 +32,8 @@ id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -43,8 +43,8 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -109,23 +109,8 @@ - include_tasks: "installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - include_tasks: "installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - -- name: Debian/Ubuntu | Install wazuh-api - apt: - name: - - "wazuh-api={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - install_recommends: false - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - tags: init - when: - - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled - - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file + - wazuh_custom_packages_installation_manager_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 2e0751fd..54be369b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -10,8 +10,8 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,8 +24,8 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -107,25 +107,11 @@ - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - include_tasks: "../tasks/installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - -- name: CentOS/RedHat/Amazon | Install wazuh-api - package: - name: "wazuh-api-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - register: wazuh_api_main_packages_installed - until: wazuh_api_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_api_enabled - - wazuh_manager_config.cluster.node_type == "master" - tags: - - init + - wazuh_custom_packages_installation_manager_enabled - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index 0dc9808d..e238ad0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -6,15 +6,6 @@ state: present when: - wazuh_custom_packages_installation_manager_enabled - - - name: Install Wazuh API from .deb packages - apt: - deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - wazuh_manager_config.cluster.node_type == "master" - when: - ansible_os_family|lower == "debian" @@ -36,26 +27,5 @@ - wazuh_custom_packages_installation_manager_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - - name: Install Wazuh API from .rpm packages | yum - yum: - name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - wazuh_manager_config.cluster.node_type == "master" - - - name: Install Wazuh API from .rpm packages | dnf - dnf: - name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - wazuh_manager_config.cluster.node_type == "master" - when: - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 2fa00fe7..62aa5cac 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -115,71 +115,3 @@ - wazuh_manager_sources_installation.enabled tags: - manager - -# Wazuh API - - - name: Check if Wazuh API is already installed - stat: - path: /var/ossec/api/app.js - register: wazuh_api - when: - - wazuh_manager_config.cluster.node_type == "master" or wazuh_manager_config.cluster.node_type == "worker" - - - name: Install Wazuh API from sources - block: - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present - - - name: Explicitly installing npm for Debian hosts - package: - name: npm - state: present - when: - - ansible_distribution == "Debian" - - - name: Ensure Git is present in the host - package: - name: git - state: present - - - name: Remove old repository folder - file: - path: /tmp/wazuh-api - state: absent - - - name: Download the Wazuh API repository - git: - repo: 'https://github.com/wazuh/wazuh-api.git' - version: "{{ wazuh_api_sources_installation.branch }}" - dest: /tmp/wazuh-api - - - name: Configure Wazuh API installation - template: - src: "templates/preloaded_vars_api.conf.j2" - dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" - owner: root - group: root - mode: 0644 - - - name: Execute Wazuh API installation script - shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt - register: install_api - changed_when: install_api.rc == 0 - args: - chdir: "/tmp/wazuh-api" - notify: - - restart wazuh-api - when: - - not wazuh_api.stat.exists - - wazuh_api_sources_installation.enabled - - wazuh_manager_config.cluster.node_type == "master" - tags: - - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index bbea6295..fb0be0e0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -29,17 +29,6 @@ - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" -- name: Installing NodeJS - package: - name: nodejs - state: present - register: nodejs_service_is_installed - until: nodejs_service_is_installed is succeeded - when: - - wazuh_manager_config.cluster.node_type == "master" - - tags: init - - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") @@ -166,16 +155,15 @@ when: - shared_agent_config is defined -- name: Installing the config.js (api configuration) - template: src=var-ossec-api-configuration-config.js.j2 - dest=/var/ossec/api/configuration/config.js +- name: Installing the api.yaml (api configuration) + template: src=api.yaml.j2 + dest=/var/ossec/api/configuration/api.yaml owner=root group=ossec - mode=0740 - notify: restart wazuh-api + mode=0640 + notify: restart wazuh-manager when: - wazuh_manager_config.cluster.node_type == "master" - tags: - init - config @@ -201,7 +189,6 @@ tags: - config - - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none @@ -264,11 +251,12 @@ - config - name: Configure ossec.conf - template: src=var-ossec-etc-ossec-server.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 + template: + src: var-ossec-etc-ossec-server.conf.j2 + dest: /var/ossec/etc/ossec.conf + owner: root + group: ossec + mode: 0644 notify: restart wazuh-manager tags: - init @@ -289,20 +277,29 @@ tags: - config -- name: Wazuh-API User - template: - src: api_user.j2 - dest: "/var/ossec/api/configuration/auth/user" - owner: root - group: root - mode: 0750 - no_log: true - notify: restart wazuh-api - when: - - wazuh_api_user is defined - - wazuh_manager_config.cluster.node_type == "master" +- name: Create custom API user + block: + - name: Copy create_user script + copy: + src: create_user.py + dest: /var/ossec/framework/scripts/create_user.py + owner: root + group: ossec + mode: 0644 + + - name: Execute create_user script + script: + chdir: /var/ossec/framework/scripts/ + cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}" + executable: /var/ossec/framework/python/bin/python3 + with_items: + - "{{ wazuh_api_users }}" + tags: - - config + - config_api_users + when: + - wazuh_api_users is defined + - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: @@ -330,15 +327,6 @@ tags: - config -- name: Ensure Wazuh API service is started and enabled. - service: - name: "wazuh-api" - enabled: true - state: started - when: wazuh_manager_config.cluster.node_type == "master" - tags: - - config - - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 new file mode 100644 index 00000000..638c4750 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 @@ -0,0 +1,44 @@ +# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION + + host: {{ wazuh_manager_config.api.bind_addr }} + port: {{ wazuh_manager_config.api.port }} + +# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no + + behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }} +#Advanced configuration + + https: + enabled: {{ wazuh_manager_config.api.https }} + key: "{{ wazuh_manager_config.api.https_key }}" + cert: "{{ wazuh_manager_config.api.https_cert }}" + use_ca: {{ wazuh_manager_config.api.https_use_ca }} + ca: "{{ wazuh_manager_config.api.https_ca }}" + +# Logging configuration +# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). + logs: + level: "{{ wazuh_manager_config.api.logging_level }}" + path: "{{ wazuh_manager_config.api.logging_path }}" +# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage + cors: + enabled: {{ wazuh_manager_config.api.cors }} + source_route: "{{ wazuh_manager_config.api.cors_source_route }}" + expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}" + allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}" + allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }} +# Cache (time in seconds) + cache: + enabled: {{ wazuh_manager_config.api.cache }} + time: {{ wazuh_manager_config.api.cache_time }} +# Access parameters + access: + max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }} + block_time: {{ wazuh_manager_config.api.access_block_time }} + max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }} +# Force the use of authd when adding and removing agents. Values: yes, no + use_only_authd: {{ wazuh_manager_config.api.use_only_authd }} +# Drop privileges (Run as ossec user) + drop_privileges: {{ wazuh_manager_config.api.drop_privileges }} +# Enable features under development + experimental_features: {{ wazuh_manager_config.api.experimental_features }} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 deleted file mode 100644 index 91413e46..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for user in wazuh_api_user %} -{{ user }} -{% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 index 27c97708..97a481f2 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 @@ -1 +1 @@ -{{ authd_pass }} +{{ authd_pass }} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 deleted file mode 100644 index 198178c8..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% for key, value in wazuh_api_sources_installation.items() %} -{% if "enabled" not in key and "branch" not in key %} -{% if value is defined and value is not none %} -{{ key|upper }}="{{ value }}" -{% endif %} -{% endif %} -{% endfor %} \ No newline at end of file