afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '3.9' into add-molecule-tests

Browse Source
This commit is contained in:
Manuel J. Bernal 2019-04-15 11:05:27 +02:00 committed by GitHub
commit 1c4b87b60e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 71 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGELOG.md
View File

@ -1,11 +1,22 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v3.8.1]
## [v3.9.0]
## [v3.8.2]
### Changed ### Changed
- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150))
## [v3.8.1]
### Changed
- Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148)) - Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148))
## [v3.8.0] ## [v3.8.0]
### Added ### Added
@ -14,7 +25,7 @@ All notable changes to this project will be documented in this file.
- Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118)) - Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118))
- Added labels to ossec.conf ([#135](https://github.com/wazuh/wazuh-ansible/pull/135)) - Added labels to ossec.conf ([#135](https://github.com/wazuh/wazuh-ansible/pull/135))
### Changed ### Changed
- Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116)) - Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116))
- move redundant tags to the outer block ([#133](https://github.com/wazuh/wazuh-ansible/pull/133)) - move redundant tags to the outer block ([#133](https://github.com/wazuh/wazuh-ansible/pull/133))
@ -50,7 +61,7 @@ All notable changes to this project will be documented in this file.
- Changed windows agent version. ([#89](https://github.com/wazuh/wazuh-ansible/pull/89)) - Changed windows agent version. ([#89](https://github.com/wazuh/wazuh-ansible/pull/89))
- Updating to Elastic Stack to 6.5.3 and Wazuh 3.7.1. ([#108](https://github.com/wazuh/wazuh-ansible/pull/108)) - Updating to Elastic Stack to 6.5.3 and Wazuh 3.7.1. ([#108](https://github.com/wazuh/wazuh-ansible/pull/108))
### Fixed ### Fixed
- Solve the conflict betwwen tha agent configuration and the shared master configuration. Also include monitoring for `/var/log/auth.log`. ([#90](https://github.com/wazuh/wazuh-ansible/pull/90)) - Solve the conflict betwwen tha agent configuration and the shared master configuration. Also include monitoring for `/var/log/auth.log`. ([#90](https://github.com/wazuh/wazuh-ansible/pull/90))

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v3.8.1" WAZUH-ANSIBLE_VERSION="v3.8.3"
REVISION="3800" REVISION="3802"

2
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -4,7 +4,7 @@ elasticsearch_node_name: node-1
elasticsearch_http_port: 9200 elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1 elasticsearch_network_host: 127.0.0.1
elasticsearch_jvm_xms: null elasticsearch_jvm_xms: null
elastic_stack_version: 6.5.4 elastic_stack_version: 6.7.1
elasticsearch_shards: 5 elasticsearch_shards: 5
elasticsearch_replicas: 1 elasticsearch_replicas: 1
elasticsearch_install_java: yes elasticsearch_install_java: yes

6
roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- when: elasticsearch_install_java - when: elasticsearch_install_java
block: block:

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -3,6 +3,6 @@ elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1" elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 6.5.4 elastic_stack_version: 6.7.1
wazuh_version: 3.8.1 wazuh_version: 3.8.2

6
roles/elastic-stack/ansible-kibana/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch GPG key - name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key: apt_key:

2
roles/elastic-stack/ansible-logstash/defaults/main.yml
View File

@ -9,7 +9,7 @@ elasticsearch_network_host: ["Localhost"]
elasticsearch_http_port: "9200" elasticsearch_http_port: "9200"
elasticsearch_shards: 5 elasticsearch_shards: 5
elasticsearch_replicas: 1 elasticsearch_replicas: 1
elastic_stack_version: 6.5.4 elastic_stack_version: 6.7.1
logstash_ssl: false logstash_ssl: false
logstash_ssl_dir: /etc/pki/logstash logstash_ssl_dir: /etc/pki/logstash

6
roles/elastic-stack/ansible-logstash/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- when: logstash_install_java - when: logstash_install_java
block: block:

7
roles/wazuh/ansible-filebeat/tasks/Debian.yml
View File

@ -1,12 +1,9 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch apt key. - name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key: apt_key:

8
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -23,7 +23,7 @@ wazuh_winagent_config:
install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
version: '3.8.1' version: '3.8.2'
revision: '1' revision: '1'
repo: https://packages.wazuh.com/3.x/windows/ repo: https://packages.wazuh.com/3.x/windows/
md5: 43936e7bc7eb51bd186f47dac4a6f477 md5: 43936e7bc7eb51bd186f47dac4a6f477
@ -223,7 +223,7 @@ wazuh_agent_config:
log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log' log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log'
config_path: '/etc/osquery/osquery.conf' config_path: '/etc/osquery/osquery.conf'
config_path_win: 'C:\ProgramData\osquery\osquery.conf' config_path_win: 'C:\ProgramData\osquery\osquery.conf'
ad_labels: 'yes' add_labels: 'yes'
syscollector: syscollector:
disable: 'no' disable: 'no'
interval: '1h' interval: '1h'
@ -281,10 +281,10 @@ wazuh_agent_config:
- format: 'syslog' - format: 'syslog'
location: '/var/ossec/logs/active-responses.log' location: '/var/ossec/logs/active-responses.log'
- format: 'command' - format: 'command'
command: 'df -P' command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'

18
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing repository key - name: Debian/Ubuntu | Installing repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
@ -49,15 +45,11 @@
- name: Debian/Ubuntu | Install OpenScap - name: Debian/Ubuntu | Install OpenScap
apt: apt:
name: "{{ item }}" name: ['libopenscap8', 'xsltproc']
state: present state: present
cache_valid_time: 3600 when: wazuh_agent_config.openscap.disable == 'no'
when: wazuh_agent_config.openscap.disable == 'no' tags:
with_items: - init
- libopenscap8
- xsltproc
tags:
- init
- name: Debian/Ubuntu | Get OpenScap installed version - name: Debian/Ubuntu | Get OpenScap installed version
shell: "dpkg-query --showformat='${Version}' --show libopenscap8" shell: "dpkg-query --showformat='${Version}' --show libopenscap8"

4
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2
View File

@ -10,3 +10,7 @@
# This is the template of Ansible for the file local_internal_options.conf # This is the template of Ansible for the file local_internal_options.conf
# In this file you could include the configuration settings for your agents # In this file you could include the configuration settings for your agents
# Logcollector - If it should accept remote commands from the manager
logcollector.remote_commands=1

9
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -291,6 +291,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
@ -305,6 +308,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
@ -319,6 +325,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}

16
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -29,7 +29,6 @@ wazuh_manager_config:
node_name: 'manager_01' node_name: 'manager_01'
node_type: 'master' node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
interval: '2m'
port: '1516' port: '1516'
bind_addr: '0.0.0.0' bind_addr: '0.0.0.0'
nodes: nodes:
@ -183,10 +182,10 @@ wazuh_manager_config:
localfiles: localfiles:
common: common:
- format: 'command' - format: 'command'
command: 'df -P' command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
@ -256,17 +255,6 @@ wazuh_manager_config:
decoders_path: 'custom_ruleset/decoders/' decoders_path: 'custom_ruleset/decoders/'
rule_exclude: rule_exclude:
- '0215-policy_rules.xml' - '0215-policy_rules.xml'
active_responses:
- command: 'restart-ossec'
location: 'local'
rules_id: '100002'
- command: 'win_restart-ossec'
location: 'local'
rules_id: '100003'
- command: 'host-deny'
location: 'local'
level: 6
timeout: 600
syslog_outputs: syslog_outputs:
- server: null - server: null
port: null port: null

3
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600 cache_valid_time: 3600
with_items: with_items:
@ -9,6 +9,7 @@
- ca-certificates - ca-certificates
- urllib3 - urllib3
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH

45
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -11,11 +11,7 @@
<alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log> <alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log>
<logall>{{ wazuh_manager_config.logall }}</logall> <logall>{{ wazuh_manager_config.logall }}</logall>
<logall_json>{{ wazuh_manager_config.logall_json }}</logall_json> <logall_json>{{ wazuh_manager_config.logall_json }}</logall_json>
{% if wazuh_manager_config.email_notification | lower == "yes" %} <email_notification>{{ wazuh_manager_config.email_notification }}</email_notification>
<email_notification>yes</email_notification>
{% else %}
<email_notification>no</email_notification>
{% endif %}
{% for to in wazuh_manager_config.mail_to %} {% for to in wazuh_manager_config.mail_to %}
<email_to>{{ to }}</email_to> <email_to>{{ to }}</email_to>
{% endfor %} {% endfor %}
@ -235,7 +231,7 @@
<disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled> <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval> <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
</feed> </feed>
<feed name="redhat-7"> <feed name="redhat">
<disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled> <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval> <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
</feed> </feed>
@ -308,12 +304,6 @@
</command> </command>
{% endfor %} {% endfor %}
<!--
<active-response>
active-response options here
</active-response>
-->
<ruleset> <ruleset>
<!-- Default ruleset --> <!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir> <decoder_dir>ruleset/decoders</decoder_dir>
@ -398,21 +388,22 @@
{% endif %} {% endif %}
<!-- Active Response Config
{% for response in wazuh_manager_config.active_responses %} {% if wazuh_manager_config.active_responses is defined %}
<active-response> {% for response in wazuh_manager_config.active_responses %}
<disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled> <active-response>
{%if response.command is defined %}<command>{{ response.command }}</command>{% endif %} <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
{%if response.location is defined %}<location>{{ response.location }}</location>{% endif %} {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
{%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %} {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
{%if response.level is defined %}<level>{{ response.level }}</level>{% endif %} {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
{%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %} {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}
{%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %} {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}
{%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %} {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}
{%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %} {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
</active-response> {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
{% endfor %} </active-response>
--> {% endfor %}
{% endif %}
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_manager_config.localfiles.common %} {% for localfile in wazuh_manager_config.localfiles.common %}

2
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
View File

@ -2,6 +2,7 @@
{% if wazuh_agent_configs is defined %} {% if wazuh_agent_configs is defined %}
{% for agent_config in wazuh_agent_configs %} {% for agent_config in wazuh_agent_configs %}
<agent_config {{ agent_config.type }}="{{ agent_config.type_value }}"> <agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
{% if agent_config.syscheck is defined %}
<syscheck> <syscheck>
<auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore> <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
<alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files> <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
@ -40,6 +41,7 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
</syscheck> </syscheck>
{% endif %}
{% for localfile in agent_config.localfiles %} {% for localfile in agent_config.localfiles %}
<localfile> <localfile>