From 45a14c128c71b52b1906cac831f9d08d5b606ccf Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 12 Aug 2020 19:45:46 +0200 Subject: [PATCH 01/41] WIP: Adapting to v4.0 --- playbooks/wazuh-agent.yml | 2 +- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/handlers/main.yml | 6 - .../ansible-wazuh-manager/tasks/Debian.yml | 19 -- .../ansible-wazuh-manager/tasks/RedHat.yml | 28 +-- .../tasks/installation_from_sources.yml | 185 ------------------ .../ansible-wazuh-manager/tasks/main.yml | 1 - 8 files changed, 8 insertions(+), 237 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index d7cbb7a7..b06589cd 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index a9a08d02..586fd594 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -35,7 +35,7 @@ wazuh_agent_sources_installation: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: null diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e6f86739..1ab15270 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -100,7 +100,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'udp' + protocol: 'tcp' queue_size: 131072 authd: enable: true diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index f422b85d..29641392 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -4,9 +4,3 @@ name: wazuh-manager state: restarted enabled: true - -- name: restart wazuh-api - service: - name: wazuh-api - state: restarted - enabled: true \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index da27042f..e790bff9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -111,25 +111,6 @@ - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled -- include_tasks: "installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - -- name: Debian/Ubuntu | Install wazuh-api - apt: - name: - - "wazuh-api={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - install_recommends: false - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - tags: init - when: - - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled - - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 2e0751fd..2d7a57b1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -10,8 +10,8 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,8 +24,8 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -105,27 +105,9 @@ tags: - init -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - - include_tasks: "../tasks/installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - -- name: CentOS/RedHat/Amazon | Install wazuh-api - package: - name: "wazuh-api-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - register: wazuh_api_main_packages_installed - until: wazuh_api_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_api_enabled - - wazuh_manager_config.cluster.node_type == "master" - tags: - - init + - wazuh_custom_packages_installation_manager_enabled - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml deleted file mode 100644 index 2fa00fe7..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ /dev/null @@ -1,185 +0,0 @@ ---- -# Wazuh Manager - - name: Check if Wazuh Manager is already installed - stat: - path: /var/ossec/bin/ossec-control - register: wazuh_ossec_control - - - name: Installing Wazuh Manager from sources - block: - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present - - - name: Removing old files - file: - path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent - - - name: Removing old folders - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent - - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python - when: - - ansible_os_family|lower == "redhat" - - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" - - - name: Remove old repository folder - file: - path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} - state: absent - - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" - - - name: Create folder to extract Wazuh branch - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: directory - - # When downloading "v3.11.0" extracted folder name is 3.11.0. - - # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - - - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: >- - tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz - --strip 1 - --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} - register: wazuh_untar - changed_when: wazuh_untar.rc ==0 - args: - warn: false - - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false - - - name: Render the "preloaded-vars.conf" file - template: - src: "templates/preloaded_vars_manager.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: 0644 - - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_wazuh_manager_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - - - name: Cleanup downloaded files - file: - path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent - - - name: Cleanup created folders - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent - - when: - - not wazuh_ossec_control.stat.exists - - wazuh_manager_sources_installation.enabled - tags: - - manager - -# Wazuh API - - - name: Check if Wazuh API is already installed - stat: - path: /var/ossec/api/app.js - register: wazuh_api - when: - - wazuh_manager_config.cluster.node_type == "master" or wazuh_manager_config.cluster.node_type == "worker" - - - name: Install Wazuh API from sources - block: - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present - - - name: Explicitly installing npm for Debian hosts - package: - name: npm - state: present - when: - - ansible_distribution == "Debian" - - - name: Ensure Git is present in the host - package: - name: git - state: present - - - name: Remove old repository folder - file: - path: /tmp/wazuh-api - state: absent - - - name: Download the Wazuh API repository - git: - repo: 'https://github.com/wazuh/wazuh-api.git' - version: "{{ wazuh_api_sources_installation.branch }}" - dest: /tmp/wazuh-api - - - name: Configure Wazuh API installation - template: - src: "templates/preloaded_vars_api.conf.j2" - dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" - owner: root - group: root - mode: 0644 - - - name: Execute Wazuh API installation script - shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt - register: install_api - changed_when: install_api.rc == 0 - args: - chdir: "/tmp/wazuh-api" - notify: - - restart wazuh-api - when: - - not wazuh_api.stat.exists - - wazuh_api_sources_installation.enabled - - wazuh_manager_config.cluster.node_type == "master" - tags: - - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index efd71eb3..96c55d79 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -175,7 +175,6 @@ notify: restart wazuh-api when: - wazuh_manager_config.cluster.node_type == "master" - tags: - init - config From 1117de8d5fb83c260a521bf21c641f451a702dd5 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 21 Aug 2020 16:17:07 +0200 Subject: [PATCH 02/41] Create new API config template file --- .../ansible-wazuh-manager/defaults/main.yml | 35 ++++++++------- .../ansible-wazuh-manager/tasks/Debian.yml | 14 +++--- .../installation_from_custom_packages.yml | 30 ------------- .../templates/api_conf.j2 | 44 +++++++++++++++++++ 4 files changed, 71 insertions(+), 52 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1ab15270..6683ede2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -8,9 +8,6 @@ wazuh_manager_package_state: present wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_api_enabled: false -wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" # Sources installation wazuh_manager_sources_installation: @@ -73,19 +70,27 @@ wazuh_manager_config: api: bind_addr: '0.0.0.0' port: 55000 - https: 'no' - basic_auth: 'yes' behind_proxy_server: 'no' - https_cert: '/var/ossec/etc/sslmanager.cert' - https_key: '/var/ossec/etc/sslmanager.key' - https_use_ca: 'no' - https_ca: '' - use_only_authd: 'false' - drop_privileges: 'true' - experimental_features: 'false' - secure_protocol: 'TLSv1_2_method' - honor_cipher_order: 'true' - ciphers: '' + https: 'yes' + https_key: 'api/configuration/ssl/server.key' + https_cert: 'api/configuration/ssl/server.crt' + https_use_ca: 'False' + https_ca: 'api/configuration/ssl/ca.crt' + logging_level: 'info' + logging_path: 'logs/api.log' + cors: 'no' + cors_source_route: '*' + cors_expose_headers: '*' + cors_allow_headers: '*' + cors_allow_credentials: 'no' + cache: 'yes' + cache_time: 0.750 + access_max_login_attempts: 5 + access_block_time: 300 + access_max_request_per_minute: 300 + use_only_authd: 'no' + drop_privileges: 'yes' + experimental_features: 'no' cluster: disable: 'yes' name: 'wazuh' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e790bff9..cc588450 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -23,8 +23,8 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,8 +32,8 @@ id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -43,8 +43,8 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled + - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -113,4 +113,4 @@ - include_tasks: "installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - wazuh_custom_packages_installation_manager_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index 0dc9808d..e238ad0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -6,15 +6,6 @@ state: present when: - wazuh_custom_packages_installation_manager_enabled - - - name: Install Wazuh API from .deb packages - apt: - deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - wazuh_manager_config.cluster.node_type == "master" - when: - ansible_os_family|lower == "debian" @@ -36,26 +27,5 @@ - wazuh_custom_packages_installation_manager_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - - name: Install Wazuh API from .rpm packages | yum - yum: - name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - wazuh_manager_config.cluster.node_type == "master" - - - name: Install Wazuh API from .rpm packages | dnf - dnf: - name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" - state: present - when: - - wazuh_custom_packages_installation_api_enabled - - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - wazuh_manager_config.cluster.node_type == "master" - when: - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 new file mode 100644 index 00000000..570bd4de --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 @@ -0,0 +1,44 @@ +# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION + +host: "{{ wazuh_manager_config.api.bind_addr }}" +port: "{{ wazuh_manager_config.api.port }}" + +# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no + +behind_proxy_server: "{{ wazuh_manager_config.api.behind_proxy_server }}" +#Advanced configuration + +https: + enabled: "{{ wazuh_manager_config.api.https }}" + key: "{{ wazuh_manager_config.api.https_key }}" + cert: "{{ wazuh_manager_config.api.https_cert }}" + use_ca: "{{ wazuh_manager_config.api.https_use_ca }}" + ca: "{{ wazuh_manager_config.api.https_ca }}" + +# Logging configuration +# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). +logs: + level: "{{ wazuh_manager_config.api.logging_level }}" + path: "{{ wazuh_manager_config.api.logging_path }}" +# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage +cors: + enabled: "{{ wazuh_manager_config.api.cors }}" + source_route: "{{ wazuh_manager_config.api.cors_source_route }}" + expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}" + allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}" + allow_credentials: "{{ wazuh_manager_config.api.cors_allow_credentials }}" +# Cache (time in seconds) +cache: + enabled: "{{ wazuh_manager_config.api.cache }}" + time: "{{ wazuh_manager_config.api.cache_time }}" +# Access parameters +access: + max_login_attempts: "{{ wazuh_manager_config.api.access_max_login_attempts }}" + block_time: "{{ wazuh_manager_config.api.access_block_time }}" + max_request_per_minute: "{{ wazuh_manager_config.api.access_max_request_per_minute }}" +# Force the use of authd when adding and removing agents. Values: yes, no +use_only_authd: "{{ wazuh_manager_config.api.use_only_authd }}" +# Drop privileges (Run as ossec user) +drop_privileges: "{{ wazuh_manager_config.api.drop_privileges }}" +# Enable features under development +experimental_features: "{{ wazuh_manager_config.api.experimental_features }}" \ No newline at end of file From 255d262b624b26e2279c363ed2553beb1aed5a71 Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 24 Aug 2020 16:15:02 +0200 Subject: [PATCH 03/41] removing unnecessary old api files --- .../templates/{api_conf.j2 => api.yaml.j2} | 0 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 | 3 --- .../templates/preloaded_vars_api.conf.j2 | 7 ------- 3 files changed, 10 deletions(-) rename roles/wazuh/ansible-wazuh-manager/templates/{api_conf.j2 => api.yaml.j2} (100%) delete mode 100644 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 delete mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 similarity index 100% rename from roles/wazuh/ansible-wazuh-manager/templates/api_conf.j2 rename to roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 deleted file mode 100644 index 91413e46..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for user in wazuh_api_user %} -{{ user }} -{% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 deleted file mode 100644 index 198178c8..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% for key, value in wazuh_api_sources_installation.items() %} -{% if "enabled" not in key and "branch" not in key %} -{% if value is defined and value is not none %} -{{ key|upper }}="{{ value }}" -{% endif %} -{% endif %} -{% endfor %} \ No newline at end of file From 2deb53272a6cae54643e8c6299492e73655341b6 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 25 Aug 2020 16:02:06 +0200 Subject: [PATCH 04/41] Adaptation to Wazuh 4.0 and fixes --- .../ansible-kibana/defaults/main.yml | 6 +- .../ansible-kibana/templates/wazuh.yml.j2 | 2 +- .../defaults/main.yml | 2 +- .../opendistro-kibana/templates/wazuh.yml.j2 | 2 +- .../ansible-wazuh-manager/handlers/main.yml | 6 ++ .../ansible-wazuh-manager/tasks/main.yml | 89 +++++++++++++++---- .../templates/api.yaml.j2 | 40 ++++----- 7 files changed, 103 insertions(+), 44 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 434dabc2..e252cc4a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -19,10 +19,10 @@ elasticrepo: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # Xpack Security kibana_xpack_security: false diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..aa1305ee 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index d9e4641a..d5b3a04f 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -56,7 +56,7 @@ opendistro_http_port: 9200 certs_gen_tool_version: 1.7 # Url of Search Guard certificates generator tool -certs_gen_tool_url: "https://releases.floragunn.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" +certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' diff --git a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..aa1305ee 100644 --- a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 29641392..faf885b0 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -4,3 +4,9 @@ name: wazuh-manager state: restarted enabled: true + +- name: restart wazuh-api + service: + name: wazuh-api + state: restarted + enabled: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 96c55d79..f7445982 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -166,12 +166,12 @@ when: - shared_agent_config is defined -- name: Installing the config.js (api configuration) - template: src=var-ossec-api-configuration-config.js.j2 - dest=/var/ossec/api/configuration/config.js +- name: Installing the api.yaml (api configuration) + template: src=api.yaml.j2 + dest=/var/ossec/api/configuration/api.yaml owner=root group=ossec - mode=0740 + mode=0640 notify: restart wazuh-api when: - wazuh_manager_config.cluster.node_type == "master" @@ -301,20 +301,73 @@ tags: - config -- name: Wazuh-API User - template: - src: api_user.j2 - dest: "/var/ossec/api/configuration/auth/user" - owner: root - group: root - mode: 0750 - no_log: true - notify: restart wazuh-api - when: - - wazuh_api_user is defined - - wazuh_manager_config.cluster.node_type == "master" - tags: - - config +# - name: Get API auth token +# uri: +# url: "https://{{ inventory_hostname }}:55000/security/user/authenticate?raw=true" +# method: GET +# user: wazuh +# password: wazuh +# validate_certs: no +# force_basic_auth: yes +# return_content: yes +# status_code: 200 +# retries: 10 +# delay: 5 +# until: token.status == 200 +# register: token +# tags: +# - config_api_users +# when: +# - wazuh_api_users is defined +# - wazuh_manager_config.cluster.node_type == "master" + +# - name: Create Wazuh-API Users +# block: +# - name: Create new user +# uri: +# url: "https://{{ inventory_hostname }}:55000/security/users" +# method: POST +# body_format: json +# body: +# username: "{{ item.username }}" +# password: "{{ item.password }}" +# validate_certs: no +# status_code: 200 +# headers: +# Authorization: "Bearer {{ token.content }}" +# with_items: +# - "{{ wazuh_api_users }}" +# register: user_creation + +# - name: Get new users IDs +# uri: +# url: "https://{{ inventory_hostname }}:5500/security/users" +# method: GET +# validate_certs: no +# status_code: 200 +# headers: +# Authorization: "Bearer {{ token.content }}" +# register: new_users_id + + # - name: Join new users into administrator role + # uri: + # url: "https://{{ inventory_hostname }}:55000/security/users/3/roles" + # method: POST + # force_basic_auth: yes + # body_format: form-urlencoded + # body: "role_ids=1" + # validate_certs: no + # status_code: 200 + # headers: + # Authorization: "Bearer {{ token.content }}" + # with_items: + # - "{{ wazuh_api_users }}" + # register: user_creation + # tags: + # - config_api_users + # when: + # - wazuh_api_users is defined + # - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 index 570bd4de..638c4750 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 @@ -1,44 +1,44 @@ # USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION -host: "{{ wazuh_manager_config.api.bind_addr }}" -port: "{{ wazuh_manager_config.api.port }}" + host: {{ wazuh_manager_config.api.bind_addr }} + port: {{ wazuh_manager_config.api.port }} # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no -behind_proxy_server: "{{ wazuh_manager_config.api.behind_proxy_server }}" + behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }} #Advanced configuration -https: - enabled: "{{ wazuh_manager_config.api.https }}" + https: + enabled: {{ wazuh_manager_config.api.https }} key: "{{ wazuh_manager_config.api.https_key }}" cert: "{{ wazuh_manager_config.api.https_cert }}" - use_ca: "{{ wazuh_manager_config.api.https_use_ca }}" + use_ca: {{ wazuh_manager_config.api.https_use_ca }} ca: "{{ wazuh_manager_config.api.https_ca }}" # Logging configuration # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). -logs: + logs: level: "{{ wazuh_manager_config.api.logging_level }}" path: "{{ wazuh_manager_config.api.logging_path }}" # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage -cors: - enabled: "{{ wazuh_manager_config.api.cors }}" + cors: + enabled: {{ wazuh_manager_config.api.cors }} source_route: "{{ wazuh_manager_config.api.cors_source_route }}" expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}" allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}" - allow_credentials: "{{ wazuh_manager_config.api.cors_allow_credentials }}" + allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }} # Cache (time in seconds) -cache: - enabled: "{{ wazuh_manager_config.api.cache }}" - time: "{{ wazuh_manager_config.api.cache_time }}" + cache: + enabled: {{ wazuh_manager_config.api.cache }} + time: {{ wazuh_manager_config.api.cache_time }} # Access parameters -access: - max_login_attempts: "{{ wazuh_manager_config.api.access_max_login_attempts }}" - block_time: "{{ wazuh_manager_config.api.access_block_time }}" - max_request_per_minute: "{{ wazuh_manager_config.api.access_max_request_per_minute }}" + access: + max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }} + block_time: {{ wazuh_manager_config.api.access_block_time }} + max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }} # Force the use of authd when adding and removing agents. Values: yes, no -use_only_authd: "{{ wazuh_manager_config.api.use_only_authd }}" + use_only_authd: {{ wazuh_manager_config.api.use_only_authd }} # Drop privileges (Run as ossec user) -drop_privileges: "{{ wazuh_manager_config.api.drop_privileges }}" + drop_privileges: {{ wazuh_manager_config.api.drop_privileges }} # Enable features under development -experimental_features: "{{ wazuh_manager_config.api.experimental_features }}" \ No newline at end of file + experimental_features: {{ wazuh_manager_config.api.experimental_features }} \ No newline at end of file From 1f32a2663b80cfe67d53f8f38b278db0923ab749 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 26 Aug 2020 12:53:11 +0200 Subject: [PATCH 05/41] remove tasks --- .../ansible-wazuh-manager/tasks/main.yml | 27 ------------------- 1 file changed, 27 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f7445982..923ac413 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -338,33 +338,6 @@ # with_items: # - "{{ wazuh_api_users }}" # register: user_creation - -# - name: Get new users IDs -# uri: -# url: "https://{{ inventory_hostname }}:5500/security/users" -# method: GET -# validate_certs: no -# status_code: 200 -# headers: -# Authorization: "Bearer {{ token.content }}" -# register: new_users_id - - # - name: Join new users into administrator role - # uri: - # url: "https://{{ inventory_hostname }}:55000/security/users/3/roles" - # method: POST - # force_basic_auth: yes - # body_format: form-urlencoded - # body: "role_ids=1" - # validate_certs: no - # status_code: 200 - # headers: - # Authorization: "Bearer {{ token.content }}" - # with_items: - # - "{{ wazuh_api_users }}" - # register: user_creation - # tags: - # - config_api_users # when: # - wazuh_api_users is defined # - wazuh_manager_config.cluster.node_type == "master" From 62ecf0325a8c143e015c43090dea651df6414067 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 26 Aug 2020 13:00:19 +0200 Subject: [PATCH 06/41] Enabling sources install --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index cc588450..1cc75f38 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -111,6 +111,10 @@ - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled + - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled From af88cc4de8605288e5fc50034df7bc1a954d8eff Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 26 Aug 2020 13:04:03 +0200 Subject: [PATCH 07/41] Allow redhat sources install --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 2d7a57b1..0bdd4d98 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -105,6 +105,10 @@ tags: - init +- include_tasks: "../tasks/installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled + - include_tasks: "../tasks/installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled From f2e7a75b097a553a03f9510fdb53423adea6600f Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 26 Aug 2020 14:05:38 +0200 Subject: [PATCH 08/41] Using latest SearchGuard tool. Fixing Wazuh API credentials template --- .../defaults/main.yml | 4 +- .../tasks/local_actions.yml | 2 +- .../opendistro-kibana/defaults/main.yml | 6 +- .../ansible-wazuh-manager/defaults/main.yml | 60 +++++++------------ 4 files changed, 28 insertions(+), 44 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index d5b3a04f..57310642 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -53,10 +53,10 @@ opendistro_jvm_xms: null opendistro_http_port: 9200 -certs_gen_tool_version: 1.7 +certs_gen_tool_version: 1.8 # Url of Search Guard certificates generator tool -certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" +certs_gen_tool_url: "https://maven.search-guard.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml index 3c89e6ab..04f20378 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml @@ -29,7 +29,7 @@ - name: Local action | Extract the certificates generation tool unarchive: - src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip" + src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" dest: "{{ local_certs_path }}/" - name: Local action | Add the execution bit to the binary diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 2dd687bb..565285fc 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -34,10 +34,10 @@ package_repos: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # opendistro Security kibana_opendistro_security: true diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 6683ede2..d2276a0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -35,26 +35,10 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" -wazuh_api_sources_installation: - enabled: false - branch: "v3.13.1" - update: "y" - remove: "y" - directory: null - port: 55000 - https: "n" - authd: null - proxy: null - country: null - state: null - locality: null - org_name: null - org_unit: null - common_name: null - password: null - -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" +# wazuh_api_users: +# - username: custom_user5 +# password: Custom_password0 +# role: administrator wazuh_manager_config: repo: @@ -68,29 +52,29 @@ wazuh_manager_config: logall_json: 'no' log_format: 'plain' api: - bind_addr: '0.0.0.0' + bind_addr: 0.0.0.0 port: 55000 - behind_proxy_server: 'no' - https: 'yes' - https_key: 'api/configuration/ssl/server.key' - https_cert: 'api/configuration/ssl/server.crt' - https_use_ca: 'False' - https_ca: 'api/configuration/ssl/ca.crt' - logging_level: 'info' - logging_path: 'logs/api.log' - cors: 'no' - cors_source_route: '*' - cors_expose_headers: '*' - cors_allow_headers: '*' - cors_allow_credentials: 'no' - cache: 'yes' + behind_proxy_server: no + https: yes + https_key: "api/configuration/ssl/server.key" + https_cert: "api/configuration/ssl/server.crt" + https_use_ca: False + https_ca: "api/configuration/ssl/ca.crt" + logging_level: "info" + logging_path: "logs/api.log" + cors: no + cors_source_route: "*" + cors_expose_headers: "*" + cors_allow_headers: "*" + cors_allow_credentials: no + cache: yes cache_time: 0.750 access_max_login_attempts: 5 access_block_time: 300 access_max_request_per_minute: 300 - use_only_authd: 'no' - drop_privileges: 'yes' - experimental_features: 'no' + use_only_authd: no + drop_privileges: yes + experimental_features: no cluster: disable: 'yes' name: 'wazuh' From bc7e1fbb8a7417932bac12269366419fb5f5be0b Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 1 Sep 2020 15:31:35 +0200 Subject: [PATCH 09/41] Added autoenrollment feature to agent ossec.conf template --- .../ansible-wazuh-agent/defaults/main.yml | 15 ++++++++++++++ .../var-ossec-etc-ossec-agent.conf.j2 | 20 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 586fd594..c2652053 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -294,4 +294,19 @@ wazuh_agent_config: list: - key: Env value: Production + enrollment: + enabled: no + manager_address: '' + port: 1515 + agent_name: '' + groups: '' + agent_address: '' + ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + server_ca_path: '' + agent_certificate_path: '' + agent_key_path: '' + authorization_pass: ChangeMe + auto_method: no + delay_after_enrollment: 20 + use_source_ip: no wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index a1e79db5..d5433660 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -45,6 +45,26 @@ {{ wazuh_agent_config.client_buffer.events_per_sec }} + {% if wazuh_agent_config.enrollment is defined and wazuh_agent_config.enrollment.enabled == 'yes' %} + + {{ wazuh_agent_config.enrollment.enabled }} + {{ wazuh_agent_config.enrollment.manager_address }} + {{ wazuh_agent_config.enrollment.port }} + {{ wazuh_agent_config.enrollment.agent_name }} + {{ wazuh_agent_config.enrollment.groups }} + {{ wazuh_agent_config.enrollment.agent_address }} + {{ wazuh_agent_config.enrollment.ssl_cipher }} + {{ wazuh_agent_config.enrollment.server_ca_path }} + {{ wazuh_agent_config.enrollment.agent_certificate_path }} + {{ wazuh_agent_config.enrollment.agent_key_path }} + {{ wazuh_agent_config.enrollment.authorization_pass }} + {{ wazuh_agent_config.enrollment.auto_method }} + {{ wazuh_agent_config.enrollment.delay_after_enrollment }} + {{ wazuh_agent_config.enrollment.use_source_ip }} + + {% endif %} + + {% if wazuh_agent_config.rootcheck is defined %} no From 4f68e701f0400c3fa43827d0180d0d7271a7aea3 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 1 Sep 2020 17:01:28 +0200 Subject: [PATCH 10/41] Regen the install from sources fil --- .../tasks/installation_from_sources.yml | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml new file mode 100644 index 00000000..62aa5cac --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -0,0 +1,117 @@ +--- +# Wazuh Manager + - name: Check if Wazuh Manager is already installed + stat: + path: /var/ossec/bin/ossec-control + register: wazuh_ossec_control + + - name: Installing Wazuh Manager from sources + block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Removing old files + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent + + - name: Removing old folders + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Remove old repository folder + file: + path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + state: absent + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: directory + + # When downloading "v3.11.0" extracted folder name is 3.11.0. + + # Explicitly creating the folder with proper naming and striping first level in .tar.gz file + + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: >- + tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 + args: + warn: false + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars_manager.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: 0644 + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_wazuh_manager_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + + - name: Cleanup downloaded files + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent + + - name: Cleanup created folders + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent + + when: + - not wazuh_ossec_control.stat.exists + - wazuh_manager_sources_installation.enabled + tags: + - manager From b117407c1613ce3e8c10b70a9c78bcbf34b15968 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 1 Sep 2020 17:23:49 +0200 Subject: [PATCH 11/41] Fix unreadable token --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 0bdd4d98..54be369b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -105,8 +105,8 @@ tags: - init -- include_tasks: "../tasks/installation_from_sources.yml" - when: +- include_tasks: "../tasks/installation_from_sources.yml" + when: - wazuh_manager_sources_installation.enabled - include_tasks: "../tasks/installation_from_custom_packages.yml" From 54443102f72dee6fe2eb80bf5deea622a2a52110 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 1 Sep 2020 22:55:53 +0200 Subject: [PATCH 12/41] WIP: auto-enrollment implementation --- playbooks/wazuh-agent.yml | 12 +--- playbooks/wazuh-manager.yml | 4 +- .../ansible-wazuh-agent/defaults/main.yml | 14 ++--- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 24 ++++++- .../templates/authd_pass.j2 | 1 + .../var-ossec-etc-ossec-agent.conf.j2 | 63 +++++++++++++------ .../ansible-wazuh-agent/vars/authd_pass.yml | 1 + .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/tasks/main.yml | 21 ------- .../templates/authd_pass.j2 | 2 +- 10 files changed, 82 insertions(+), 62 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index b06589cd..e4f7291c 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,20 +1,14 @@ --- -- hosts: +- hosts: agents roles: - ../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: - - address: + - address: 172.16.0.111 port: 1514 protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible max_retries: 5 - retry_interval: 5 - wazuh_agent_authd: - registration_address: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' + retry_interval: 5 \ No newline at end of file diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 5ec6a50b..18bd3afe 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,8 +1,8 @@ --- -- hosts: +- hosts: managers roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: :9200 + filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c2652053..fb185bdb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -4,9 +4,9 @@ wazuh_agent_version: 3.13.1-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: false +wazuh_custom_packages_installation_agent_enabled: true wazuh_custom_packages_installation_agent_deb_url: "" -wazuh_custom_packages_installation_agent_rpm_url: "" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/staging/yum/wazuh-agent-4.0.0-0.40000.20200901.x86_64.rpm" # Sources installation @@ -295,18 +295,18 @@ wazuh_agent_config: - key: Env value: Production enrollment: - enabled: no + enabled: '' manager_address: '' port: 1515 - agent_name: '' + agent_name: 'testname' groups: '' agent_address: '' ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH server_ca_path: '' agent_certificate_path: '' agent_key_path: '' - authorization_pass: ChangeMe - auto_method: no + authorization_pass_path : /var/ossec/etc/authd.pass + auto_method: 'no' delay_after_enrollment: 20 - use_source_ip: no + use_source_ip: 'no' wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 70987a01..f1068d2e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,4 +1,9 @@ --- +- name: Retrieving authd Credentials + include_vars: authd_pass.yml + tags: + - config + - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -42,6 +47,7 @@ - name: Linux | Check if client.keys exists stat: path=/var/ossec/etc/client.keys register: check_keys + when: wazuh_agent_config.enrollment.enabled == 'yes' tags: - config @@ -108,7 +114,9 @@ - not check_keys.stat.exists or check_keys.stat.size == 0 - wazuh_agent_authd.registration_address is not none - when: wazuh_agent_authd.enable + when: + - wazuh_agent_authd.enable + - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' tags: - config - authd @@ -181,6 +189,7 @@ when: - not wazuh_agent_authd.enable + - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' tags: - config - api @@ -220,6 +229,19 @@ - init - config +- name: Create auto-enrollment password file + template: + src: authd_pass.j2 + dest: "/var/ossec/etc/authd.pass" + owner: ossec + group: ossec + mode: 0640 + when: + - wazuh_agent_config.enrollment.enabled == 'yes' + - wazuh_agent_config.enrollment.authorization_pass_path | length > 0 + tags: + - config + - name: Linux | Ensure Wazuh Agent service is started and enabled service: name: wazuh-agent diff --git a/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 new file mode 100644 index 00000000..97a481f2 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 @@ -0,0 +1 @@ +{{ authd_pass }} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index d5433660..5de7ffa6 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -36,6 +36,49 @@ {% endif %} {{ wazuh_auto_restart }} {{ wazuh_crypto_method }} + + {% if wazuh_agent_config.enrollment.enabled | length > 0 %} + + {{ wazuh_agent_config.enrollment.enabled }} + {% if wazuh_agent_config.enrollment.manager_address | length > 0 %} + {{ wazuh_agent_config.enrollment.manager_address }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_name | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_name }} + {% endif %} + {% if wazuh_agent_config.enrollment.port is defined > 0 %} + {{ wazuh_agent_config.enrollment.port }} + {% endif %} + {% if wazuh_agent_config.enrollment.groups | length > 0 %} + {{ wazuh_agent_config.enrollment.groups }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_address | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_address }} + {% endif %} + {% if wazuh_agent_config.enrollment.server_ca_path | length > 0 %} + {{ wazuh_agent_config.enrollment.server_ca_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_certificate_path | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_certificate_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} + {{ wazuh_agent_config.enrollment.agent_key_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} + {{ wazuh_agent_config.enrollment.authorization_pass_path }} + {% endif %} + {% if wazuh_agent_config.enrollment.auto_method | length > 0 %} + {{ wazuh_agent_config.enrollment.auto_method }} + {% endif %} + {% if wazuh_agent_config.enrollment.delay_after_enrollment is defined > 0 %} + {{ wazuh_agent_config.enrollment.delay_after_enrollment }} + {% endif %} + {% if wazuh_agent_config.enrollment.use_source_ip | length > 0 %} + {{ wazuh_agent_config.enrollment.use_source_ip }} + {% endif %} + + {% endif %} + @@ -45,26 +88,6 @@ {{ wazuh_agent_config.client_buffer.events_per_sec }} - {% if wazuh_agent_config.enrollment is defined and wazuh_agent_config.enrollment.enabled == 'yes' %} - - {{ wazuh_agent_config.enrollment.enabled }} - {{ wazuh_agent_config.enrollment.manager_address }} - {{ wazuh_agent_config.enrollment.port }} - {{ wazuh_agent_config.enrollment.agent_name }} - {{ wazuh_agent_config.enrollment.groups }} - {{ wazuh_agent_config.enrollment.agent_address }} - {{ wazuh_agent_config.enrollment.ssl_cipher }} - {{ wazuh_agent_config.enrollment.server_ca_path }} - {{ wazuh_agent_config.enrollment.agent_certificate_path }} - {{ wazuh_agent_config.enrollment.agent_key_path }} - {{ wazuh_agent_config.enrollment.authorization_pass }} - {{ wazuh_agent_config.enrollment.auto_method }} - {{ wazuh_agent_config.enrollment.delay_after_enrollment }} - {{ wazuh_agent_config.enrollment.use_source_ip }} - - {% endif %} - - {% if wazuh_agent_config.rootcheck is defined %} no diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml index bc8113e3..36e0cdeb 100644 --- a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml +++ b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml @@ -1,3 +1,4 @@ --- # We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. # authd_pass: 'foobar' +authd_pass: ultrasecret \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index d2276a0f..3efdd492 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -7,7 +7,7 @@ wazuh_manager_package_state: present # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" +wazuh_custom_packages_installation_manager_rpm_url: " +´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" # Sources installation wazuh_manager_sources_installation: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 923ac413..7cb2a719 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -29,17 +29,6 @@ - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" -- name: Installing NodeJS - package: - name: nodejs - state: present - register: nodejs_service_is_installed - until: nodejs_service_is_installed is succeeded - when: - - wazuh_manager_config.cluster.node_type == "master" - - tags: init - - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") @@ -200,7 +189,6 @@ tags: - config - - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none @@ -368,15 +356,6 @@ tags: - config -- name: Ensure Wazuh API service is started and enabled. - service: - name: "wazuh-api" - enabled: true - state: started - when: wazuh_manager_config.cluster.node_type == "master" - tags: - - config - - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 index 27c97708..97a481f2 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 @@ -1 +1 @@ -{{ authd_pass }} +{{ authd_pass }} \ No newline at end of file From 33d4aaedf162f274153246a07e53373373bf63f2 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 1 Sep 2020 23:10:42 +0200 Subject: [PATCH 13/41] Fixed unreadable token --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9e57193d..9d76fc7f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -107,8 +107,8 @@ - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled -- include_tasks: "installation_from_sources.yml" - when: +- include_tasks: "installation_from_sources.yml" + when: - wazuh_manager_sources_installation.enabled - include_tasks: "installation_from_custom_packages.yml" From 8adceb5833e7760aebddd2bab01482e0e32b30ae Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 2 Sep 2020 00:08:43 +0200 Subject: [PATCH 14/41] Fixed authorization_pass_path XML option --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 5de7ffa6..466f9451 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -65,7 +65,7 @@ {{ wazuh_agent_config.enrollment.agent_key_path }} {% endif %} {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} - {{ wazuh_agent_config.enrollment.authorization_pass_path }} + {{ wazuh_agent_config.enrollment.authorization_pass_path }} {% endif %} {% if wazuh_agent_config.enrollment.auto_method | length > 0 %} {{ wazuh_agent_config.enrollment.auto_method }} From e532e214d56c15f676c6ca45f1ba4ba8078849f3 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 1 Oct 2020 10:43:44 +0200 Subject: [PATCH 15/41] Using placeholders instead of addresses --- playbooks/wazuh-agent.yml | 4 ++-- playbooks/wazuh-manager.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index e4f7291c..be73e030 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,10 +1,10 @@ --- -- hosts: agents +- hosts: roles: - ../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: - - address: 172.16.0.111 + - address: port: 1514 protocol: tcp api_port: 55000 diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 18bd3afe..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,8 +1,8 @@ --- -- hosts: managers +- hosts: roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 + filebeat_output_elasticsearch_hosts: :9200 From 12708cf9bc6dace9830f0eacf53c78478a70e791 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 1 Oct 2020 15:44:53 +0200 Subject: [PATCH 16/41] Bump opendistro and wazuh versions --- roles/opendistro/opendistro-kibana/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 565285fc..29804071 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -14,12 +14,12 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 -elastic_stack_version: 7.8.0 -wazuh_version: 3.13.1 +elastic_stack_version: 7.9.1 +wazuh_version: 4.0.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # The OpenDistro package repository -kibana_opendistro_version: -1.8.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +kibana_opendistro_version: -1.10.1-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts package_repos: yum: @@ -60,7 +60,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.13-7.8 +wazuh_plugin_branch: 4.0-7.9 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 From 73764f5db2706155849744f0ffa7a93dd8a2a591 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 1 Oct 2020 15:52:53 +0200 Subject: [PATCH 17/41] Adding latests wazuh packages --- playbooks/opendistro/certificates/tools/sgtlstool.sh | 12 ++++++++++++ roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100755 playbooks/opendistro/certificates/tools/sgtlstool.sh diff --git a/playbooks/opendistro/certificates/tools/sgtlstool.sh b/playbooks/opendistro/certificates/tools/sgtlstool.sh new file mode 100755 index 00000000..0df46578 --- /dev/null +++ b/playbooks/opendistro/certificates/tools/sgtlstool.sh @@ -0,0 +1,12 @@ +#!/bin/bash +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +BIN_PATH="java" + +if [ -z "$JAVA_HOME" ]; then + echo "WARNING: JAVA_HOME not set, will use $(which $BIN_PATH)" +else + BIN_PATH="$JAVA_HOME/bin/java" +fi + +"$BIN_PATH" $JAVA_OPTS -cp "$DIR/../deps/*" com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool "$@" + diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fb185bdb..b210303e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -5,8 +5,8 @@ wazuh_agent_version: 3.13.1-1 # Custom packages installation wazuh_custom_packages_installation_agent_enabled: true -wazuh_custom_packages_installation_agent_deb_url: "" -wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/staging/yum/wazuh-agent-4.0.0-0.40000.20200901.x86_64.rpm" +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.0-1_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/wazuh-agent-4.0.0-1.x86_64.rpm" # Sources installation From 46b073d7dd8e11e896fc2edd50a350bcef21c403 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 1 Oct 2020 15:59:00 +0200 Subject: [PATCH 18/41] adding latest WUI package --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 30fad99d..a7a86178 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -107,7 +107,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/test/4.0/ui/kibana/wazuh_kibana-4.0.0_7.9.1-0.0.0.todelete.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From 5ad76a1e3678e99124c39774353efb808a53c2d1 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 20 Oct 2020 17:40:28 +0200 Subject: [PATCH 19/41] Bump versions --- CHANGELOG.md | 6 ++++++ molecule/default/tests/test_default.py | 6 ++---- .../elastic-stack/ansible-kibana/defaults/main.yml | 6 +++--- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 14 +++++++------- .../wazuh/ansible-wazuh-manager/defaults/main.yml | 13 ++++++------- 7 files changed, 28 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ba466ff..07318fd9 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.0.0] + +### Added + +- Update to Wazuh v4.0.0 + ## [v3.13.1_7.8.0] ### Added diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e63a0bab..10b1210d 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -7,7 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.13.1" + return "4.0.0" def test_wazuh_packages_are_installed(host): """Test if the main packages are installed.""" @@ -26,9 +26,7 @@ def test_wazuh_services_are_running(host): """ manager = host.service("wazuh-manager") api = host.service("wazuh-api") - # assert manager.is_running assert manager.is_running - # assert api.is_running assert api.is_running @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ @@ -49,4 +47,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.8.0') + assert filebeat.version.startswith('7.9.1') diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e252cc4a..ae6ece7d 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,8 +6,8 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana -elastic_stack_version: 7.8.0 -wazuh_version: 3.13.1 +elastic_stack_version: 7.9.2 +wazuh_version: 4.0.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: @@ -49,7 +49,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.13-7.8 +wazuh_plugin_branch: 4.0-7.9 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 1ef027e7..d802febd 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.8.0 +filebeat_version: 7.9.1 -wazuh_template_branch: v3.13.1 +wazuh_template_branch: v4.0.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d9599520..3a8cc186 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.8.0 +filebeat_version: 7.9.2 -wazuh_template_branch: v3.13.1 +wazuh_template_branch: v4.0.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b210303e..1b6ee516 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,18 +1,18 @@ --- -wazuh_agent_version: 3.13.1-1 +wazuh_agent_version: 4.0.0-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: true -wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.0-1_amd64.deb" -wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/wazuh-agent-4.0.0-1.x86_64.rpm" +wazuh_custom_packages_installation_agent_enabled: false +wazuh_custom_packages_installation_agent_deb_url: "" +wazuh_custom_packages_installation_agent_rpm_url: "" # Sources installation wazuh_agent_sources_installation: enabled: false - branch: "v3.13.1" + branch: "v4.0.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -67,8 +67,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: d0f13c0c417c74ccbad7b45f66518513 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.13.1-1.msi -wazuh_winagent_package_name: wazuh-agent-3.13.1-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi +wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3efdd492..161a2ef2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,18 +1,18 @@ --- -wazuh_manager_version: 3.13.1-1 +wazuh_manager_version: 4.0.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false -wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -wazuh_custom_packages_installation_manager_rpm_url: " +´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" +wazuh_custom_packages_installation_manager_deb_url: "" +wazuh_custom_packages_installation_manager_rpm_url: "" # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.13.1" + branch: "v4.0.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -36,9 +36,8 @@ wazuh_manager_sources_installation: threads: "2" # wazuh_api_users: -# - username: custom_user5 -# password: Custom_password0 -# role: administrator +# - username: custom_user +# password: changeme wazuh_manager_config: repo: From 8e784694bb6edac060bc3f80511a117dfdd7f887 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 20 Oct 2020 17:52:38 +0200 Subject: [PATCH 20/41] Restoring defaulf configuration --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 400352c8..44643ebd 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -115,7 +115,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/test/4.0/ui/kibana/wazuh_kibana-4.0.0_7.9.1-0.0.0.todelete.zip + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2a5a24e8..b9ba3101 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -6,8 +6,8 @@ wazuh_manager_package_state: present # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false -wazuh_custom_packages_installation_manager_deb_url: "" -wazuh_custom_packages_installation_manager_rpm_url: "" +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" # Sources installation wazuh_manager_sources_installation: From 2666d49b156bf1042fa46bfea664ff26415de400 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 20 Oct 2020 17:56:39 +0200 Subject: [PATCH 21/41] added compatibility matrix --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index c9f54929..f812363b 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,12 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. * `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable. * `3.13` branch on correspond to the last Wazuh Ansible stable version. +## Compatibility Matrix + +| Wazuh version | Elastic | ODFE | +|---------------|---------|--------| +| v4.0.0 | 7.9.2 | 1.10.1 | + ## Documentation * [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) From 09408c3b8c39c8e3703ae8456064ac39ae92e39a Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 10:35:15 +0200 Subject: [PATCH 22/41] Update windows package md5sum --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7c3e266a..31da003c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -66,7 +66,7 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: d0f13c0c417c74ccbad7b45f66518513 + md5: f9737cbd7df7104c1bee9f3e8b9ca26e wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi wazuh_agent_config: From 319261d29f3283d8dfdd8e642283ac7d849a6da7 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 10:42:46 +0200 Subject: [PATCH 23/41] Filebeat module version update --- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 3a8cc186..f2c02a48 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,7 +28,7 @@ filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_insecure: "false" -filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module From ac7b80d54ebb2ef4241c798768956ed858ce2bed Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 11:36:07 +0200 Subject: [PATCH 24/41] Replace APP URL --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/tasks/main.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ae6ece7d..35bae043 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -8,7 +8,7 @@ kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.9.2 wazuh_version: 4.0.0 -wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 44643ebd..0181a262 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -115,7 +115,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index ad58224a..32cbcfec 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -15,7 +15,7 @@ kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.9.1 wazuh_version: 4.0.0 -wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository kibana_opendistro_version: -1.10.1-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index ff324bf8..f43fecba 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -58,7 +58,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index d802febd..ace9077f 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -9,7 +9,7 @@ filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module From cab1f1d520074a25bfa090bde18880c230b97ec4 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 12:36:07 +0200 Subject: [PATCH 25/41] update wazuh repos --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b9ba3101..d630afc0 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -41,8 +41,8 @@ wazuh_manager_sources_installation: wazuh_manager_config: repo: - apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' - yum: 'https://packages.wazuh.com/3.x/yum/' + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' From dee32f7b7938569e5bb34fae558d463923f7fd74 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 12:37:32 +0200 Subject: [PATCH 26/41] update wazuh agent repos --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 31da003c..38ff1151 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -71,8 +71,8 @@ wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4. wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi wazuh_agent_config: repo: - apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' - yum: 'https://packages.wazuh.com/3.x/yum/' + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: From 2f33aa20c591727f0e372070d47c257901b6814b Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 13:21:32 +0200 Subject: [PATCH 27/41] New major version fixes --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index e21baaaa..e2bedc16 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -69,7 +69,7 @@ register: agent_auth_output notify: Windows | Restart Wazuh Agent when: - - wazuh_agent_authd.enable + - wazuh_agent_authd.enable == true - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - wazuh_agent_authd.registration_address is not none tags: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1f33b80c..0ff08bfe 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -161,7 +161,7 @@ owner=root group=ossec mode=0640 - notify: restart wazuh-api + notify: restart wazuh-manager when: - wazuh_manager_config.cluster.node_type == "master" tags: From 9cac95729b4c77024f8f86bd3a5ce2349d9b7992 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 14:04:18 +0200 Subject: [PATCH 28/41] Set empty authd pass --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 1 + roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index fcda6d31..54b370f8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -226,6 +226,7 @@ when: - wazuh_agent_config.enrollment.enabled == 'yes' - wazuh_agent_config.enrollment.authorization_pass_path | length > 0 + - ( authd_pass is defined) and ( authd_pass|length > 0) tags: - config diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml index 36e0cdeb..c1f4da4f 100644 --- a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml +++ b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml @@ -1,4 +1,4 @@ --- # We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. # authd_pass: 'foobar' -authd_pass: ultrasecret \ No newline at end of file +authd_pass: '' \ No newline at end of file From 7d0202206ed2f01efbcba817154d2cf894113bc8 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 17:07:52 +0200 Subject: [PATCH 29/41] Bump Revision version --- VERSION | 2 +- playbooks/opendistro/certificates/tools/sgtlstool.sh | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100755 playbooks/opendistro/certificates/tools/sgtlstool.sh diff --git a/VERSION b/VERSION index 22dfe1fb..61785a6e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4" -REVISION="31220" +REVISION="40000" diff --git a/playbooks/opendistro/certificates/tools/sgtlstool.sh b/playbooks/opendistro/certificates/tools/sgtlstool.sh deleted file mode 100755 index 0df46578..00000000 --- a/playbooks/opendistro/certificates/tools/sgtlstool.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -BIN_PATH="java" - -if [ -z "$JAVA_HOME" ]; then - echo "WARNING: JAVA_HOME not set, will use $(which $BIN_PATH)" -else - BIN_PATH="$JAVA_HOME/bin/java" -fi - -"$BIN_PATH" $JAVA_OPTS -cp "$DIR/../deps/*" com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool "$@" - From f1dba34f50af6a120b5dc517197f11184a2c5a8d Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 17:09:03 +0200 Subject: [PATCH 30/41] Updating default index pattern --- roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 | 8 ++++---- roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index aa1305ee..ee70c2ad 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -21,7 +21,7 @@ # ------------------------------- Index patterns ------------------------------- # # Default index pattern to use. -#pattern: wazuh-alerts-3.x-* +#pattern: wazuh-alerts-4.x-* # # ----------------------------------- Checks ----------------------------------- # @@ -92,17 +92,17 @@ # Default: 900 (s) #wazuh.monitoring.frequency: 900 # -# Configure wazuh-monitoring-3.x-* indices shards and replicas. +# Configure wazuh-monitoring-4.x-* indices shards and replicas. #wazuh.monitoring.shards: 2 #wazuh.monitoring.replicas: 0 # -# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Configure wazuh-monitoring-4.x-* indices custom creation interval. # Values: h (hourly), d (daily), w (weekly), m (monthly) # Default: d #wazuh.monitoring.creation: d # # Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +#wazuh.monitoring.pattern: wazuh-monitoring-4.x-* # # # ------------------------------- App privileges -------------------------------- diff --git a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 index aa1305ee..ee70c2ad 100644 --- a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 @@ -21,7 +21,7 @@ # ------------------------------- Index patterns ------------------------------- # # Default index pattern to use. -#pattern: wazuh-alerts-3.x-* +#pattern: wazuh-alerts-4.x-* # # ----------------------------------- Checks ----------------------------------- # @@ -92,17 +92,17 @@ # Default: 900 (s) #wazuh.monitoring.frequency: 900 # -# Configure wazuh-monitoring-3.x-* indices shards and replicas. +# Configure wazuh-monitoring-4.x-* indices shards and replicas. #wazuh.monitoring.shards: 2 #wazuh.monitoring.replicas: 0 # -# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Configure wazuh-monitoring-4.x-* indices custom creation interval. # Values: h (hourly), d (daily), w (weekly), m (monthly) # Default: d #wazuh.monitoring.creation: d # # Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +#wazuh.monitoring.pattern: wazuh-monitoring-4.x-* # # # ------------------------------- App privileges -------------------------------- From 9870df09176f0e9eb24784071e97466cb63f829b Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 23 Oct 2020 17:17:35 +0200 Subject: [PATCH 31/41] Update changelog --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f21a5503..295cafaf 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,15 @@ All notable changes to this project will be documented in this file. - Update to Wazuh v4.0.0 +### Fixed + +- Ensure recursive /usr/share/kibana permissions before installing WUI ([@Zenidd](https://github.com/Zenidd)) [PR#471](https://github.com/wazuh/wazuh-ansible/pull/471) +- Remove vuls integration ([@manuasir](https://github.com/manuasir)) [PR#469](https://github.com/wazuh/wazuh-ansible/pull/469) + +### Added + +- New example playbooks on README ([@Zenidd](https://github.com/Zenidd)) [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) + ## [v3.13.2] ### Added From b79f3c62134bcbb54ff3ba40e4e45474fb20c61a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Mon, 26 Oct 2020 19:26:44 +0100 Subject: [PATCH 32/41] Remove API test --- molecule/default/tests/test_default.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index a25d7aa1..36787f1e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -6,18 +6,18 @@ import re testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + def get_wazuh_version(): """This return the version of Wazuh.""" return "4.0.0" + def test_wazuh_packages_are_installed(host): """Test the main packages are installed.""" manager = host.package("wazuh-manager") - api = host.package("wazuh-api") assert manager.is_installed assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) + def test_wazuh_services_are_running(host): """Test the services are enabled and running. From b679c7d185933baf89b8245071e7c4b2fa4b3f0e Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Mon, 26 Oct 2020 19:27:03 +0100 Subject: [PATCH 33/41] Apply format --- molecule/default/tests/test_default.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 36787f1e..289e4f86 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -30,7 +30,9 @@ def test_wazuh_services_are_running(host): # api = host.service("wazuh-api") # assert manager.is_running # assert api.is_running - output = host.check_output('ps aux | grep ossec | tr -s " " | cut -d" " -f11') + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) assert 'ossec-authd' in output assert 'wazuh-modulesd' in output assert 'wazuh-db' in output @@ -48,7 +50,6 @@ def test_wazuh_services_are_running(host): ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), ]) - def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" wazuh_file_host = host.file(wazuh_file) @@ -56,6 +57,7 @@ def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): assert wazuh_file_host.group == wazuh_group assert wazuh_file_host.mode == wazuh_mode + def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") From f345ec1439bbc2e3a8e29e7d8ba3f5a006998cd5 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Mon, 26 Oct 2020 19:32:12 +0100 Subject: [PATCH 34/41] Update username param on sample playbook --- playbooks/wazuh-odfe-production-ready.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index b2675834..e57e9353 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -38,7 +38,7 @@ ip: "{{ hostvars.kibana.private_ip }}" tags: - generate-certs - + #ODFE Cluster - hosts: odfe_cluster strategy: free @@ -76,7 +76,7 @@ node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" - + #Wazuh cluster - hosts: manager roles: @@ -105,7 +105,7 @@ - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + - hosts: worker roles: - role: "../roles/wazuh/ansible-wazuh-manager" @@ -134,7 +134,7 @@ - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + #ODFE+Kibana node - hosts: kibana roles: @@ -161,7 +161,7 @@ - id: default url: https://{{ hostvars.manager.private_ip }} port: 55000 - user: foo + username: foo password: bar instances: node1: @@ -181,4 +181,4 @@ ip: "{{ hostvars.worker.private_ip }}" node6: name: node-6 - ip: "{{ hostvars.kibana.private_ip }}" \ No newline at end of file + ip: "{{ hostvars.kibana.private_ip }}" From 13cda56e94e1d6268299ee59c44824b9a9a35866 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Mon, 26 Oct 2020 19:33:25 +0100 Subject: [PATCH 35/41] Use playbook_dir for relative paths --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 9c9cf736..22709024 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -16,7 +16,7 @@ elasticsearch_cluster_nodes: elasticsearch_discovery_nodes: - 127.0.0.1 -local_certs_path: ./opendistro/certificates +local_certs_path: "{{ playbook_dir }}/opendistro/certificates" # Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster minimum_master_nodes: 2 diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 32cbcfec..2974bf3d 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -48,7 +48,7 @@ opendistro_security_user: elastic opendistro_admin_password: changeme opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme -local_certs_path: ./opendistro/certificates +local_certs_path: "{{ playbook_dir }}/opendistro/certificates" # Nodejs nodejs: From 8cb307064b2bd883acc55a5d6a81a22d078cfdb2 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 14:26:10 +0100 Subject: [PATCH 36/41] Fix cluster key and add custom user --- README.md | 31 ++++++++++++----------- playbooks/wazuh-odfe-production-ready.yml | 8 ++++-- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index f812363b..93d7a0dc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Wazuh-Ansible +# Wazuh-Ansible [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/) [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) @@ -26,15 +26,15 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. ├── wazuh-ansible │ ├── roles - │ │ ├── elastic-stack - │ │ │ ├── ansible-elasticsearch + │ │ ├── elastic-stack + │ │ │ ├── ansible-elasticsearch │ │ │ ├── ansible-kibana - │ │ - │ │ ├── opendistro + │ │ + │ │ ├── opendistro │ │ │ ├── opendistro-elasticsearch │ │ │ ├── opendistro-kibana - │ │ - │ │ ├── wazuh + │ │ + │ │ ├── wazuh │ │ │ ├── ansible-filebeat │ │ │ ├── ansible-filebeat-oss │ │ │ ├── ansible-wazuh-manager @@ -105,7 +105,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod ip: "{{ hostvars.kibana.private_ip }}" tags: - generate-certs - + #ODFE Cluster - hosts: odfe_cluster strategy: free @@ -143,7 +143,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" - + #Wazuh cluster - hosts: manager roles: @@ -165,6 +165,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod disable: 'no' node_name: 'master' node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - '"{{ hostvars.manager.private_ip }}"' hidden: 'no' @@ -172,7 +173,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + - hosts: worker roles: - role: "../roles/wazuh/ansible-wazuh-manager" @@ -201,7 +202,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" - "{{ hostvars.es3.private_ip }}" - + #ODFE+Kibana node - hosts: kibana roles: @@ -253,9 +254,9 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod ### Inventory file -- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node. +- The `ansible_host` variable should contain the `address/FQDN` used to gather facts and provision each node. - The `private_ip` variable should contain the `address/FQDN` used for the internal cluster communications. -- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match. +- Whether the environment is located in a local subnet, `ansible_host` and `private_ip` variables should match. - The ssh credentials used by Ansible during the provision can be specified in this file too. Another option is including them directly on the playbook. ```ini @@ -305,7 +306,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a sing single_node: true minimum_master_nodes: 1 elasticsearch_node_master: true - elasticsearch_network_host: + elasticsearch_network_host: filebeat_node_name: node-1 filebeat_output_elasticsearch_hosts: ansible_ssh_user: vagrant @@ -341,7 +342,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https:// If you want to contribute to our repository, please fork our Github repository and submit a pull request. -If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. +If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. ### Modified by Wazuh diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index e57e9353..948b3838 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -98,9 +98,13 @@ disable: 'no' node_name: 'master' node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - '"{{ hostvars.manager.private_ip }}"' hidden: 'no' + wazuh_api_users: + - username: custom-user + password: .S3cur3Pa55w0rd*- filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" - "{{ hostvars.es2.private_ip }}" @@ -161,8 +165,8 @@ - id: default url: https://{{ hostvars.manager.private_ip }} port: 55000 - username: foo - password: bar + username: custom-user + password: .S3cur3Pa55w0rd*- instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. From 926f4fd102f65e2dd386a8a60e6552a8fa909b54 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 14:57:24 +0100 Subject: [PATCH 37/41] Fix cluster node rendering --- playbooks/wazuh-odfe-production-ready.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index 948b3838..b6cba365 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -100,7 +100,7 @@ node_type: 'master' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' wazuh_api_users: - username: custom-user @@ -132,7 +132,7 @@ node_type: 'worker' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" From f4b6fa098fa6efda6c53d1805941df1b6810ddee Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 15:00:53 +0100 Subject: [PATCH 38/41] Specify API password requirements on defaults --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index d630afc0..ea73e74b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -36,8 +36,8 @@ wazuh_manager_sources_installation: threads: "2" # wazuh_api_users: -# - username: custom_user -# password: changeme +# - username: custom-user +# password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars) wazuh_manager_config: repo: From 912d6692816d60dbcc0dedcd858dffb86e953d76 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 15:01:28 +0100 Subject: [PATCH 39/41] Use standard module format --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 0ff08bfe..e3b03c03 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -251,11 +251,12 @@ - config - name: Configure ossec.conf - template: src=var-ossec-etc-ossec-server.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 + template: + src: var-ossec-etc-ossec-server.conf.j2 + dest: /var/ossec/etc/ossec.conf + owner: root + group: ossec + mode: 0644 notify: restart wazuh-manager tags: - init From a77be1f9590b02921e9203fc12f33decb1e8ef69 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 15:02:27 +0100 Subject: [PATCH 40/41] Add custom API user support --- .../files/create_user.py | 86 +++++++++++++++++++ .../ansible-wazuh-manager/tasks/main.yml | 61 +++++-------- 2 files changed, 108 insertions(+), 39 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/files/create_user.py diff --git a/roles/wazuh/ansible-wazuh-manager/files/create_user.py b/roles/wazuh/ansible-wazuh-manager/files/create_user.py new file mode 100644 index 00000000..aeabde44 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py @@ -0,0 +1,86 @@ +import logging +import sys +import json +import random +import string +import argparse +import os + +# Set framework path +sys.path.append("/var/ossec/framework") + +try: + from wazuh.security import ( + create_user, + get_users, + get_roles, + set_user_role, + update_user, + ) +except Exception as e: + logging.error("No module 'wazuh' found.") + sys.exit(1) + + +def db_users(): + users_result = get_users() + return {user["username"]: user["id"] for user in users_result.affected_items} + + +def db_roles(): + roles_result = get_roles() + return {role["name"]: role["id"] for role in roles_result.affected_items} + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description='add_user script') + parser.add_argument('--username', action="store", dest="username") + parser.add_argument('--password', action="store", dest="password") + results = parser.parse_args() + + username = results.username + password = results.password + + initial_users = db_users() + if username not in initial_users: + # create a new user + create_user(username=username, password=password) + users = db_users() + uid = users[username] + roles = db_roles() + rid = roles["administrator"] + set_user_role( + user_id=[ + str(uid), + ], + role_ids=[ + str(rid), + ], + ) + else: + # modify an existing user ("wazuh" or "wazuh-wui") + uid = initial_users[username] + update_user( + user_id=[ + str(uid), + ], + password=password, + ) + # set a random password for all other users + for name, id in initial_users.items(): + if name != username: + random_pass = "".join( + random.choices( + string.ascii_uppercase + + string.ascii_lowercase + + string.digits + + "@$!%*?&-_", + k=16, + ) + ) + update_user( + user_id=[ + str(id), + ], + password=random_pass, + ) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e3b03c03..fb0be0e0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -277,46 +277,29 @@ tags: - config -# - name: Get API auth token -# uri: -# url: "https://{{ inventory_hostname }}:55000/security/user/authenticate?raw=true" -# method: GET -# user: wazuh -# password: wazuh -# validate_certs: no -# force_basic_auth: yes -# return_content: yes -# status_code: 200 -# retries: 10 -# delay: 5 -# until: token.status == 200 -# register: token -# tags: -# - config_api_users -# when: -# - wazuh_api_users is defined -# - wazuh_manager_config.cluster.node_type == "master" +- name: Create custom API user + block: + - name: Copy create_user script + copy: + src: create_user.py + dest: /var/ossec/framework/scripts/create_user.py + owner: root + group: ossec + mode: 0644 -# - name: Create Wazuh-API Users -# block: -# - name: Create new user -# uri: -# url: "https://{{ inventory_hostname }}:55000/security/users" -# method: POST -# body_format: json -# body: -# username: "{{ item.username }}" -# password: "{{ item.password }}" -# validate_certs: no -# status_code: 200 -# headers: -# Authorization: "Bearer {{ token.content }}" -# with_items: -# - "{{ wazuh_api_users }}" -# register: user_creation - # when: - # - wazuh_api_users is defined - # - wazuh_manager_config.cluster.node_type == "master" + - name: Execute create_user script + script: + chdir: /var/ossec/framework/scripts/ + cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}" + executable: /var/ossec/framework/python/bin/python3 + with_items: + - "{{ wazuh_api_users }}" + + tags: + - config_api_users + when: + - wazuh_api_users is defined + - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: From 4a3ff23794195ca1e79907705ed4049c46edbbc9 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez <1380243+xr09@users.noreply.github.com> Date: Tue, 27 Oct 2020 15:04:29 +0100 Subject: [PATCH 41/41] Fixed cluster example --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 93d7a0dc..47235d22 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod node_type: 'master' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}" @@ -196,7 +196,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod node_type: 'worker' key: 'c98b62a9b6169ac5f67dae55ae4a9088' nodes: - - '"{{ hostvars.manager.private_ip }}"' + - "{{ hostvars.manager.private_ip }}" hidden: 'no' filebeat_output_elasticsearch_hosts: - "{{ hostvars.es1.private_ip }}"