afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #458 from wazuh/feature-adapt-major-version

Browse Source 
Adapt wazuh-ansible to new 4.0 major version
This commit is contained in:
Manuel J. Bernal 2020-10-27 16:10:28 +01:00 committed by GitHub
commit 1391d258e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 400 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@ -1,6 +1,21 @@
# Change Log
All notable changes to this project will be documented in this file.
## [v4.0.0]
### Added
- Update to Wazuh v4.0.0
### Fixed
- Ensure recursive /usr/share/kibana permissions before installing WUI ([@Zenidd](https://github.com/Zenidd)) [PR#471](https://github.com/wazuh/wazuh-ansible/pull/471)
- Remove vuls integration ([@manuasir](https://github.com/manuasir)) [PR#469](https://github.com/wazuh/wazuh-ansible/pull/469)
### Added
- New example playbooks on README ([@Zenidd](https://github.com/Zenidd)) [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468)
## [v3.13.2]
### Added

11
README.md
View File

@ -11,6 +11,12 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
* `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable.
* `3.13` branch on correspond to the last Wazuh Ansible stable version.
## Compatibility Matrix
| Wazuh version | Elastic | ODFE |
|---------------|---------|--------|
| v4.0.0 | 7.9.2 | 1.10.1 |
## Documentation
* [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
@ -159,8 +165,9 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- '"{{ hostvars.manager.private_ip }}"'
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
filebeat_output_elasticsearch_hosts:
- "{{ hostvars.es1.private_ip }}"
@ -189,7 +196,7 @@ The hereunder example playbook uses the `wazuh-ansible` role to provision a prod
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- '"{{ hostvars.manager.private_ip }}"'
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
filebeat_output_elasticsearch_hosts:
- "{{ hostvars.es1.private_ip }}"

2
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v4"
REVISION="31220"
REVISION="40000"

16
molecule/default/tests/test_default.py
View File

@ -6,18 +6,18 @@ import re
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This returns the version of Wazuh."""
return "3.13.2"
"""This return the version of Wazuh."""
return "4.0.0"
def test_wazuh_packages_are_installed(host):
"""Test the main packages are installed."""
manager = host.package("wazuh-manager")
api = host.package("wazuh-api")
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
assert api.is_installed
assert api.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test the services are enabled and running.
@ -30,7 +30,9 @@ def test_wazuh_services_are_running(host):
# api = host.service("wazuh-api")
# assert manager.is_running
# assert api.is_running
output = host.check_output('ps aux | grep ossec | tr -s " " | cut -d" " -f11')
output = host.check_output(
'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
)
assert 'ossec-authd' in output
assert 'wazuh-modulesd' in output
assert 'wazuh-db' in output
@ -48,7 +50,6 @@ def test_wazuh_services_are_running(host):
("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
@ -56,6 +57,7 @@ def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed."""
filebeat = host.package("filebeat")

8
playbooks/wazuh-agent.yml
View File

@ -6,15 +6,9 @@
wazuh_managers:
- address: <your manager IP>
port: 1514
protocol: udp
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
max_retries: 5
retry_interval: 5
wazuh_agent_authd:
registration_address: <registration IP>
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

12
playbooks/wazuh-odfe-production-ready.yml
View File

@ -98,9 +98,13 @@
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- '"{{ hostvars.manager.private_ip }}"'
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: .S3cur3Pa55w0rd*-
filebeat_output_elasticsearch_hosts:
- "{{ hostvars.es1.private_ip }}"
- "{{ hostvars.es2.private_ip }}"
@ -128,7 +132,7 @@
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- '"{{ hostvars.manager.private_ip }}"'
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
filebeat_output_elasticsearch_hosts:
- "{{ hostvars.es1.private_ip }}"
@ -161,8 +165,8 @@
- id: default
url: https://{{ hostvars.manager.private_ip }}
port: 55000
user: foo
password: bar
username: custom-user
password: .S3cur3Pa55w0rd*-
instances:
node1:
name: node-1 # Important: must be equal to elasticsearch_node_name.

14
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -6,9 +6,9 @@ elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
kibana_conf_path: /etc/kibana
elastic_stack_version: 7.9.1
wazuh_version: 3.13.2
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
elastic_stack_version: 7.9.2
wazuh_version: 4.0.0
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
@ -19,10 +19,10 @@ elasticrepo:
# API credentials
wazuh_api_credentials:
- id: "default"
url: "http://localhost"
url: "https://localhost"
port: 55000
user: "foo"
password: "bar"
username: "wazuh"
password: "wazuh"
# Xpack Security
kibana_xpack_security: false
@ -49,7 +49,7 @@ nodejs:
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 3.13-7.9
wazuh_plugin_branch: 4.0-7.9
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

2
roles/elastic-stack/ansible-kibana/tasks/main.yml
View File

@ -115,7 +115,7 @@
- name: Install Wazuh Plugin (can take a while)
shell: >-
NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
args:
executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json

10
roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2
View File

@ -21,7 +21,7 @@
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-3.x-*
#pattern: wazuh-alerts-4.x-*
#
# ----------------------------------- Checks -----------------------------------
#
@ -92,17 +92,17 @@
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-3.x-* indices shards and replicas.
# Configure wazuh-monitoring-4.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-3.x-* indices custom creation interval.
# Configure wazuh-monitoring-4.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*
#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
#
#
# ------------------------------- App privileges --------------------------------
@ -129,6 +129,6 @@ hosts:
- {{ api['id'] }}:
url: {{ api['url'] }}
port: {{ api['port'] }}
user: {{ api['user'] }}
username: {{ api['username'] }}
password: {{ api['password'] }}
{% endfor %}

4
roles/opendistro/opendistro-elasticsearch/defaults/main.yml
View File

@ -16,7 +16,7 @@ elasticsearch_cluster_nodes:
elasticsearch_discovery_nodes:
- 127.0.0.1
local_certs_path: ./opendistro/certificates
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
# Minimum master nodes in cluster, 2 for 3 nodes elasticsearch cluster
minimum_master_nodes: 2
@ -53,7 +53,7 @@ opendistro_jvm_xms: null
opendistro_http_port: 9200
certs_gen_tool_version: 1.7
certs_gen_tool_version: 1.8
# Url of Search Guard certificates generator tool
certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"

2
roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml
View File

@ -29,7 +29,7 @@
- name: Local action | Extract the certificates generation tool
unarchive:
src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip"
dest: "{{ local_certs_path }}/"
- name: Local action | Add the execution bit to the binary

14
roles/opendistro/opendistro-kibana/defaults/main.yml
View File

@ -14,8 +14,8 @@ kibana_server_port: "5601"
kibana_server_name: "kibana"
kibana_max_payload_bytes: 1048576
elastic_stack_version: 7.9.1
wazuh_version: 3.13.2
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
wazuh_version: 4.0.0
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
# The OpenDistro package repository
kibana_opendistro_version: -1.10.1-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
@ -33,10 +33,10 @@ package_repos:
# API credentials
wazuh_api_credentials:
- id: "default"
url: "http://localhost"
url: "https://localhost"
port: 55000
user: "foo"
password: "bar"
username: "wazuh"
password: "wazuh"
# opendistro Security
kibana_opendistro_security: true
@ -48,7 +48,7 @@ opendistro_security_user: elastic
opendistro_admin_password: changeme
opendistro_kibana_user: kibanaserver
opendistro_kibana_password: changeme
local_certs_path: ./opendistro/certificates
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
# Nodejs
nodejs:
@ -59,7 +59,7 @@ nodejs:
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 3.13-7.8
wazuh_plugin_branch: 4.0-7.9
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

2
roles/opendistro/opendistro-kibana/tasks/main.yml
View File

@ -58,7 +58,7 @@
- name: Install Wazuh Plugin (can take a while)
shell: >-
NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
args:
executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json

10
roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2
View File

@ -21,7 +21,7 @@
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-3.x-*
#pattern: wazuh-alerts-4.x-*
#
# ----------------------------------- Checks -----------------------------------
#
@ -92,17 +92,17 @@
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-3.x-* indices shards and replicas.
# Configure wazuh-monitoring-4.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-3.x-* indices custom creation interval.
# Configure wazuh-monitoring-4.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*
#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
#
#
# ------------------------------- App privileges --------------------------------
@ -129,6 +129,6 @@ hosts:
- {{ api['id'] }}:
url: {{ api['url'] }}
port: {{ api['port'] }}
user: {{ api['user'] }}
username: {{ api['username'] }}
password: {{ api['password'] }}
{% endfor %}

4
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
filebeat_version: 7.9.1
wazuh_template_branch: v3.13.2
wazuh_template_branch: v4.0.0
filebeat_create_config: true
@ -9,7 +9,7 @@ filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module

6
roles/wazuh/ansible-filebeat/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
filebeat_version: 7.9.1
filebeat_version: 7.9.2
wazuh_template_branch: v3.13.2
wazuh_template_branch: v4.0.0
filebeat_create_config: true
@ -28,7 +28,7 @@ filebeat_ssl_dir: /etc/pki/filebeat
filebeat_ssl_certificate_file: ""
filebeat_ssl_insecure: "false"
filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module

31
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
wazuh_agent_version: 3.13.2-1
wazuh_agent_version: 4.0.0-1
# Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
wazuh_agent_sources_installation:
enabled: false
branch: "v3.13.2"
branch: "v4.0.0"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
@ -35,7 +35,7 @@ wazuh_agent_sources_installation:
wazuh_managers:
- address: 127.0.0.1
port: 1514
protocol: udp
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: null
@ -66,13 +66,13 @@ wazuh_winagent_config:
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_md5: True
md5: 101917472eef112270d83aa077b75670
wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.13.2-1.msi
wazuh_winagent_package_name: wazuh-agent-3.13.2-1.msi
md5: f9737cbd7df7104c1bee9f3e8b9ca26e
wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi
wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi
wazuh_agent_config:
repo:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
yum: 'https://packages.wazuh.com/3.x/yum/'
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
active_response:
@ -284,4 +284,19 @@ wazuh_agent_config:
list:
- key: Env
value: Production
enrollment:
enabled: ''
manager_address: ''
port: 1515
agent_name: 'testname'
groups: ''
agent_address: ''
ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
server_ca_path: ''
agent_certificate_path: ''
agent_key_path: ''
authorization_pass_path : /var/ossec/etc/authd.pass
auto_method: 'no'
delay_after_enrollment: 20
use_source_ip: 'no'
wazuh_agent_nat: false

25
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -1,4 +1,9 @@
---
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
tags:
- config
- include_tasks: "RedHat.yml"
when: ansible_os_family == "RedHat"
@ -42,6 +47,7 @@
- name: Linux | Check if client.keys exists
stat: path=/var/ossec/etc/client.keys
register: check_keys
when: wazuh_agent_config.enrollment.enabled == 'yes'
tags:
- config
@ -108,7 +114,9 @@
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_agent_authd.registration_address is not none
when: wazuh_agent_authd.enable
when:
- wazuh_agent_authd.enable
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no'
tags:
- config
- authd
@ -181,6 +189,7 @@
when:
- not wazuh_agent_authd.enable
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no'
tags:
- config
- api
@ -207,6 +216,20 @@
- init
- config
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "/var/ossec/etc/authd.pass"
owner: ossec
group: ossec
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path | length > 0
- ( authd_pass is defined) and ( authd_pass|length > 0)
tags:
- config
- name: Linux | Ensure Wazuh Agent service is started and enabled
service:
name: wazuh-agent

2
roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
View File

@ -69,7 +69,7 @@
register: agent_auth_output
notify: Windows | Restart Wazuh Agent
when:
- wazuh_agent_authd.enable
- wazuh_agent_authd.enable == true
- not check_windows_key.stat.exists or check_windows_key.stat.size == 0
- wazuh_agent_authd.registration_address is not none
tags:

1
roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 Normal file
View File

@ -0,0 +1 @@
{{ authd_pass }}

43
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -36,6 +36,49 @@
{% endif %}
<auto_restart>{{ wazuh_auto_restart }}</auto_restart>
<crypto_method>{{ wazuh_crypto_method }}</crypto_method>
{% if wazuh_agent_config.enrollment.enabled | length > 0 %}
<enrollment>
<enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled>
{% if wazuh_agent_config.enrollment.manager_address | length > 0 %}
<manager_address>{{ wazuh_agent_config.enrollment.manager_address }}</manager_address>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_name | length > 0 %}
<agent_name>{{ wazuh_agent_config.enrollment.agent_name }}</agent_name>
{% endif %}
{% if wazuh_agent_config.enrollment.port is defined > 0 %}
<port>{{ wazuh_agent_config.enrollment.port }}</port>
{% endif %}
{% if wazuh_agent_config.enrollment.groups | length > 0 %}
<groups>{{ wazuh_agent_config.enrollment.groups }}</groups>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_address | length > 0 %}
<agent_address>{{ wazuh_agent_config.enrollment.agent_address }}</agent_address>
{% endif %}
{% if wazuh_agent_config.enrollment.server_ca_path | length > 0 %}
<server_ca_path>{{ wazuh_agent_config.enrollment.server_ca_path }}</server_ca_path>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_certificate_path | length > 0 %}
<agent_certificate_path>{{ wazuh_agent_config.enrollment.agent_certificate_path }}</agent_certificate_path>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
{% endif %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path>
{% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
{% endif %}
{% if wazuh_agent_config.enrollment.delay_after_enrollment is defined > 0 %}
<delay_after_enrollment>{{ wazuh_agent_config.enrollment.delay_after_enrollment }}</delay_after_enrollment>
{% endif %}
{% if wazuh_agent_config.enrollment.use_source_ip | length > 0 %}
<use_source_ip>{{ wazuh_agent_config.enrollment.use_source_ip }}</use_source_ip>
{% endif %}
</enrollment>
{% endif %}
</client>
<client_buffer>

1
roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml
View File

@ -1,3 +1,4 @@
---
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
# authd_pass: 'foobar'
authd_pass: ''

72
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
wazuh_manager_version: 3.13.2-1
wazuh_manager_version: 4.0.0-1
wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present
@ -8,14 +8,11 @@ wazuh_manager_package_state: present
wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_api_enabled: false
wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
# Sources installation
wazuh_manager_sources_installation:
enabled: false
branch: "v3.13.2"
branch: "v4.0.0"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"
@ -38,31 +35,14 @@ wazuh_manager_sources_installation:
user_ca_store: null
threads: "2"
wazuh_api_sources_installation:
enabled: false
branch: "v3.13.2"
update: "y"
remove: "y"
directory: null
port: 55000
https: "n"
authd: null
proxy: null
country: null
state: null
locality: null
org_name: null
org_unit: null
common_name: null
password: null
wazuh_api_user:
- "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
# wazuh_api_users:
# - username: custom-user
# password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars)
wazuh_manager_config:
repo:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
yum: 'https://packages.wazuh.com/3.x/yum/'
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
json_output: 'yes'
@ -71,21 +51,29 @@ wazuh_manager_config:
logall_json: 'no'
log_format: 'plain'
api:
bind_addr: '0.0.0.0'
bind_addr: 0.0.0.0
port: 55000
https: 'no'
basic_auth: 'yes'
behind_proxy_server: 'no'
https_cert: '/var/ossec/etc/sslmanager.cert'
https_key: '/var/ossec/etc/sslmanager.key'
https_use_ca: 'no'
https_ca: ''
use_only_authd: 'false'
drop_privileges: 'true'
experimental_features: 'false'
secure_protocol: 'TLSv1_2_method'
honor_cipher_order: 'true'
ciphers: ''
behind_proxy_server: no
https: yes
https_key: "api/configuration/ssl/server.key"
https_cert: "api/configuration/ssl/server.crt"
https_use_ca: False
https_ca: "api/configuration/ssl/ca.crt"
logging_level: "info"
logging_path: "logs/api.log"
cors: no
cors_source_route: "*"
cors_expose_headers: "*"
cors_allow_headers: "*"
cors_allow_credentials: no
cache: yes
cache_time: 0.750
access_max_login_attempts: 5
access_block_time: 300
access_max_request_per_minute: 300
use_only_authd: no
drop_privileges: yes
experimental_features: no
cluster:
disable: 'yes'
name: 'wazuh'
@ -100,7 +88,7 @@ wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'udp'
protocol: 'tcp'
queue_size: 131072
authd:
enable: true

86
roles/wazuh/ansible-wazuh-manager/files/create_user.py Normal file
View File

@ -0,0 +1,86 @@
import logging
import sys
import json
import random
import string
import argparse
import os
# Set framework path
sys.path.append("/var/ossec/framework")
try:
from wazuh.security import (
create_user,
get_users,
get_roles,
set_user_role,
update_user,
)
except Exception as e:
logging.error("No module 'wazuh' found.")
sys.exit(1)
def db_users():
users_result = get_users()
return {user["username"]: user["id"] for user in users_result.affected_items}
def db_roles():
roles_result = get_roles()
return {role["name"]: role["id"] for role in roles_result.affected_items}
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='add_user script')
parser.add_argument('--username', action="store", dest="username")
parser.add_argument('--password', action="store", dest="password")
results = parser.parse_args()
username = results.username
password = results.password
initial_users = db_users()
if username not in initial_users:
# create a new user
create_user(username=username, password=password)
users = db_users()
uid = users[username]
roles = db_roles()
rid = roles["administrator"]
set_user_role(
user_id=[
str(uid),
],
role_ids=[
str(rid),
],
)
else:
# modify an existing user ("wazuh" or "wazuh-wui")
uid = initial_users[username]
update_user(
user_id=[
str(uid),
],
password=password,
)
# set a random password for all other users
for name, id in initial_users.items():
if name != username:
random_pass = "".join(
random.choices(
string.ascii_uppercase
+ string.ascii_lowercase
+ string.digits
+ "@$!%*?&-_",
k=16,
)
)
update_user(
user_id=[
str(id),
],
password=random_pass,
)

31
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -23,8 +23,8 @@
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key:
@ -32,8 +32,8 @@
id: "{{ wazuh_manager_config.repo.key_id }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Add Wazuh repositories
apt_repository:
@ -43,8 +43,8 @@
update_cache: true
changed_when: false
when:
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
set_fact:
@ -109,23 +109,8 @@
- include_tasks: "installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
- wazuh_manager_sources_installation.enabled
- include_tasks: "installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
- name: Debian/Ubuntu | Install wazuh-api
apt:
name:
- "wazuh-api={{ wazuh_manager_version }}"
state: present
cache_valid_time: 3600
install_recommends: false
register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded
tags: init
when:
- not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- wazuh_manager_config.cluster.node_type == "master"
- wazuh_custom_packages_installation_manager_enabled

26
roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
View File

@ -10,8 +10,8 @@
when:
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5)
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed
- name: RedHat/CentOS/Fedora | Install Wazuh repo
@ -24,8 +24,8 @@
changed_when: false
when:
- repo_v5_manager_installed is skipped
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: RedHat/CentOS/Fedora | Install openscap
package: name={{ item }} state=present
@ -107,25 +107,11 @@
- include_tasks: "../tasks/installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
- wazuh_manager_sources_installation.enabled
- include_tasks: "../tasks/installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
- name: CentOS/RedHat/Amazon | Install wazuh-api
package:
name: "wazuh-api-{{ wazuh_manager_version }}"
state: "{{ wazuh_manager_package_state }}"
register: wazuh_api_main_packages_installed
until: wazuh_api_main_packages_installed is succeeded
when:
- ansible_os_family|lower == "redhat"
- not wazuh_api_sources_installation.enabled
- not wazuh_custom_packages_installation_api_enabled
- wazuh_manager_config.cluster.node_type == "master"
tags:
- init
- wazuh_custom_packages_installation_manager_enabled
- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3
replace:

30
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
View File

@ -6,15 +6,6 @@
state: present
when:
- wazuh_custom_packages_installation_manager_enabled
- name: Install Wazuh API from .deb packages
apt:
deb: "{{ wazuh_custom_packages_installation_api_deb_url }}"
state: present
when:
- wazuh_custom_packages_installation_api_enabled
- wazuh_manager_config.cluster.node_type == "master"
when:
- ansible_os_family|lower == "debian"
@ -36,26 +27,5 @@
- wazuh_custom_packages_installation_manager_enabled
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
- name: Install Wazuh API from .rpm packages | yum
yum:
name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
state: present
when:
- wazuh_custom_packages_installation_api_enabled
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
- wazuh_manager_config.cluster.node_type == "master"
- name: Install Wazuh API from .rpm packages | dnf
dnf:
name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
state: present
when:
- wazuh_custom_packages_installation_api_enabled
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
- wazuh_manager_config.cluster.node_type == "master"
when:
- ansible_os_family|lower == "redhat"

68
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
View File

@ -115,71 +115,3 @@
- wazuh_manager_sources_installation.enabled
tags:
- manager
# Wazuh API
- name: Check if Wazuh API is already installed
stat:
path: /var/ossec/api/app.js
register: wazuh_api
when:
- wazuh_manager_config.cluster.node_type == "master" or wazuh_manager_config.cluster.node_type == "worker"
- name: Install Wazuh API from sources
block:
- name: Install dependencies to build Wazuh packages
package:
name:
- make
- gcc
- automake
- autoconf
- libtool
- tar
state: present
- name: Explicitly installing npm for Debian hosts
package:
name: npm
state: present
when:
- ansible_distribution == "Debian"
- name: Ensure Git is present in the host
package:
name: git
state: present
- name: Remove old repository folder
file:
path: /tmp/wazuh-api
state: absent
- name: Download the Wazuh API repository
git:
repo: 'https://github.com/wazuh/wazuh-api.git'
version: "{{ wazuh_api_sources_installation.branch }}"
dest: /tmp/wazuh-api
- name: Configure Wazuh API installation
template:
src: "templates/preloaded_vars_api.conf.j2"
dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf"
owner: root
group: root
mode: 0644
- name: Execute Wazuh API installation script
shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt
register: install_api
changed_when: install_api.rc == 0
args:
chdir: "/tmp/wazuh-api"
notify:
- restart wazuh-api
when:
- not wazuh_api.stat.exists
- wazuh_api_sources_installation.enabled
- wazuh_manager_config.cluster.node_type == "master"
tags:
- api

76
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -29,17 +29,6 @@
- not node_service_status.stat.exists
- wazuh_manager_config.cluster.node_type == "master"
- name: Installing NodeJS
package:
name: nodejs
state: present
register: nodejs_service_is_installed
until: nodejs_service_is_installed is succeeded
when:
- wazuh_manager_config.cluster.node_type == "master"
tags: init
- include_tasks: "RedHat.yml"
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
@ -166,16 +155,15 @@
when:
- shared_agent_config is defined
- name: Installing the config.js (api configuration)
template: src=var-ossec-api-configuration-config.js.j2
dest=/var/ossec/api/configuration/config.js
- name: Installing the api.yaml (api configuration)
template: src=api.yaml.j2
dest=/var/ossec/api/configuration/api.yaml
owner=root
group=ossec
mode=0740
notify: restart wazuh-api
mode=0640
notify: restart wazuh-manager
when:
- wazuh_manager_config.cluster.node_type == "master"
tags:
- init
- config
@ -201,7 +189,6 @@
tags:
- config
- name: Check if syslog output is enabled
set_fact: syslog_output=true
when: item.server is not none
@ -264,11 +251,12 @@
- config
- name: Configure ossec.conf
template: src=var-ossec-etc-ossec-server.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
group=ossec
mode=0644
template:
src: var-ossec-etc-ossec-server.conf.j2
dest: /var/ossec/etc/ossec.conf
owner: root
group: ossec
mode: 0644
notify: restart wazuh-manager
tags:
- init
@ -289,20 +277,29 @@
tags:
- config
- name: Wazuh-API User
template:
src: api_user.j2
dest: "/var/ossec/api/configuration/auth/user"
- name: Create custom API user
block:
- name: Copy create_user script
copy:
src: create_user.py
dest: /var/ossec/framework/scripts/create_user.py
owner: root
group: root
mode: 0750
no_log: true
notify: restart wazuh-api
when:
- wazuh_api_user is defined
- wazuh_manager_config.cluster.node_type == "master"
group: ossec
mode: 0644
- name: Execute create_user script
script:
chdir: /var/ossec/framework/scripts/
cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}"
executable: /var/ossec/framework/python/bin/python3
with_items:
- "{{ wazuh_api_users }}"
tags:
- config
- config_api_users
when:
- wazuh_api_users is defined
- wazuh_manager_config.cluster.node_type == "master"
- name: Agentless Hosts & Passwd
template:
@ -330,15 +327,6 @@
tags:
- config
- name: Ensure Wazuh API service is started and enabled.
service:
name: "wazuh-api"
enabled: true
state: started
when: wazuh_manager_config.cluster.node_type == "master"
tags:
- config
- name: Create agent groups
command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q"
with_items:

44
roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 Normal file
View File

@ -0,0 +1,44 @@
# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION
host: {{ wazuh_manager_config.api.bind_addr }}
port: {{ wazuh_manager_config.api.port }}
# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }}
#Advanced configuration
https:
enabled: {{ wazuh_manager_config.api.https }}
key: "{{ wazuh_manager_config.api.https_key }}"
cert: "{{ wazuh_manager_config.api.https_cert }}"
use_ca: {{ wazuh_manager_config.api.https_use_ca }}
ca: "{{ wazuh_manager_config.api.https_ca }}"
# Logging configuration
# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
logs:
level: "{{ wazuh_manager_config.api.logging_level }}"
path: "{{ wazuh_manager_config.api.logging_path }}"
# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
cors:
enabled: {{ wazuh_manager_config.api.cors }}
source_route: "{{ wazuh_manager_config.api.cors_source_route }}"
expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}"
allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}"
allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }}
# Cache (time in seconds)
cache:
enabled: {{ wazuh_manager_config.api.cache }}
time: {{ wazuh_manager_config.api.cache_time }}
# Access parameters
access:
max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }}
block_time: {{ wazuh_manager_config.api.access_block_time }}
max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }}
# Force the use of authd when adding and removing agents. Values: yes, no
use_only_authd: {{ wazuh_manager_config.api.use_only_authd }}
# Drop privileges (Run as ossec user)
drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
# Enable features under development
experimental_features: {{ wazuh_manager_config.api.experimental_features }}

3
roles/wazuh/ansible-wazuh-manager/templates/api_user.j2
View File

@ -1,3 +0,0 @@
{% for user in wazuh_api_user %}
{{ user }}
{% endfor %}

7
roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2
View File

@ -1,7 +0,0 @@
{% for key, value in wazuh_api_sources_installation.items() %}
{% if "enabled" not in key and "branch" not in key %}
{% if value is defined and value is not none %}
{{ key|upper }}="{{ value }}"
{% endif %}
{% endif %}
{% endfor %}