Refactoring Wazuh Manager role

ansible-wazuh-manager/README.md

@@ -1,95 +1,69 @@
-Role Name
-=========
+Ansible Playbook - Wazuh manager
+================================
 
-This role will install the Wazuh server on a host.
+This role will install the Wazuh manager on a host.
 
 Requirements
 ------------
 
 This role will work on:
  * Red Hat
+ * CentOS
+ * Fedora
  * Debian
-
+ * Ubuntu
 
 Role Variables
 --------------
 
 This role has some variables which you can or need to override.
 ```
-ossec_server_config: []
-ossec_agent_configs: []
-api_user: []
+wazuh_manager_fqdn: []
+wazuh_manager_config: []
+wazuh_agent_configs: []
 ```
+
 Vault variables
 ----------------
 
-### vars/agentless.yml
-This file has the agenless c.
+### vars/agentless_creeds.yml
+This file has the agenless credentials.
 ```
 ---
-agentless_passlist:
-  - host: wazuh@wazuh.com
-    passwd: testpasswd
-  - host: wazuh2@wazuh.com
-    passwd: test2passwd
+ agentless_creeds:
+ - type: ssh_integrity_check_linux
+   frequency: 3600
+   host: root@example.net
+   state: periodic
+   arguments: '/bin /etc/ /sbin'
+   passwd: qwerty
 ```
-
-### templates/agentless.j2
-
-In this template we create the file with the format .passlist that ossec needs.
-
-```
-{% for agentless in agentless_passlist %}
-{{ agentless.host }}|{{ agentless.passwd }}
-{% endfor %}
-```
-
-### tasks/main
-
-In the main we import the variables included in the vault file agentless.yml, then we move to a temporal file the folder /var/ossec/agentless/.passlist_tmp and then encode to base64.
-
-```
-- name: Import agentless secret variable file
-  include_vars: "agentless.yml"
-  no_log: true
-
-- name: Agentless Credentials
-  template:
-    src: agentless.j2
-    dest: "/var/ossec/agentless/.passlist_tmp"
-    owner: root
-    group: root
-    mode: 0644
-  no_log: true
-  when: agentless_passlist is defined
-
-- name: Encode the secret
-  shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
-  when: agentless_passlist is defined
-```
-
-### vars/api_user.yml
+### vars/wazuh_api_creds
 This file has user and password created in httpasswd format.
 ```
 ---
-user:
-  - "wazuh:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
-  - "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
+wazuh_api_user:
+  - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
 ```
 
+Default config
+--------------
 
-### Example setup
-
-Edit the vars file for the host which runs the ossec-server:
-### host_vars/ossec-server
+### defaults/main.yml
 ```
-ossec_server_config:
+---
+wazuh_manager_fqdn: "wazuh-server"
+
+wazuh_manager_config:
+  email_notification: no
   mail_to:
-    - me@example.com
+    - admin@example.net
   mail_smtp_server: localhost
-  mail_from: ossec@example.com
+  mail_from: wazuh-server@example.com
   frequency_check: 43200
   syscheck_scan_on_start: 'yes'
+  log_level: 1
+  email_level: 12
   ignore_files:
     - /etc/mtab
     - /etc/mnttab
@@ -131,9 +105,7 @@ ossec_server_config:
   connection:
     - type: 'secure'
       port: '1514'
-      protocol: 'udp'
-  log_level: 1
-  email_level: 12
+      protocol: 'tcp'
   commands:
     - name: 'disable-account'
       executable: 'disable-account.sh'
@@ -165,7 +137,7 @@ ossec_server_config:
       level: 6
       timeout: 600
 
-ossec_agent_configs:
+wazuh_agent_configs:
   - type: os
     type_value: linux
     frequency_check: 79200
@@ -195,24 +167,19 @@ ossec_agent_configs:
         location: '/var/ossec/logs/active-responses.log'
 ```
 
-####ossec_server_config:
-At first, there is the server configuration. Change it for your needs, as this default setup won't do any good for you. (You don't have access to use the mail.example.com mailhost. :-))
+#### Custom variables:
+You can create a YAML file and change the default variables for this role, to later using it with `-e` option in `ansible-playbooks`, for example:
 
+```
+---
+wazuh_manager_fqdn: "wazuh-server"
 
-####ossec_agent_configs:
-http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html
-
-There are 3 "types":
-  * os
-  * name
-  * profile
-
-In the above setup, the type is os. And this configuration is for the "linux" os. You can have several types configured in the host_vars file, so you can create all kind of different configs.
-
-You can find here some more information about the ossec shared agent configuration: http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/
-
-#### <_role_>/vars/main.yml
-nil
+wazuh_manager_config:
+  email_notification: yes
+  mail_to:
+    - myadmin@mydomain.com
+  mail_smtp_server: mysmtp.mydomain.com
+```
 
 Dependencies
 ------------
@@ -224,22 +191,19 @@ Example Playbook
 
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
-    - hosts: ossec-server.example.com
+    - hosts: wazuh-server.example.com
       roles:
-         - { role: ansible-wazuh-manager }
+         - { role: ansible-wazuh-server }
 
-License
--------
+License and copyright
+---------------------
 
-GPLv3
+WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3)
 
-Author Information
-------------------
+### Based on previous work from dj-wasabi
 
-Please send suggestion or pull requests to make this role better.
+ - https://github.com/dj-wasabi/ansible-ossec-server
 
-Github: https://github.com/dj-wasabi/ansible-ossec-server
+### Modified by Wazuh
 
-mail: ikben [ at ] werner-dijkerman . nl
-
-Modificated by **Wazuh**
+The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.

ansible-wazuh-manager/defaults/main.yml

@@ -1,12 +1,12 @@
 ---
-ossec_server_fqdn: "ossec-server"
+wazuh_manager_fqdn: "wazuh-server"
 
-ossec_server_config:
+wazuh_manager_config:
   email_notification: no
   mail_to:
     - admin@example.net
   mail_smtp_server: localhost
-  mail_from: ossec@example.com
+  mail_from: wazuh-server@example.com
   frequency_check: 43200
   syscheck_scan_on_start: 'yes'
   log_level: 1
@@ -84,7 +84,7 @@ ossec_server_config:
       level: 6
       timeout: 600
 
-ossec_agent_configs:
+wazuh_agent_configs:
   - type: os
     type_value: linux
     frequency_check: 79200

ansible-wazuh-manager/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
-  author: Jose Luis Ruiz
-  description: Installing and maintaining the wazuh-manager.
+  author: Wazuh
+  description: Installing, deploying and configuring Wazuh Manager.
   company: wazuh.com
   license: license (GPLv3)
   min_ansible_version: 2.0

ansible-wazuh-manager/playbook.yml

@@ -0,0 +1,3 @@
+- hosts: wazuh-server.example.com
+  roles:
+     - { role: ansible-wazuh-server }

ansible-wazuh-manager/tasks/main.yml

@@ -15,7 +15,7 @@
     - init
 
 - name: Generate SSL files
-  command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
+  command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/"
   args:
     creates: sslmanager.cert
     chdir: /var/ossec/etc/
@@ -64,11 +64,11 @@
 
 - name: Enable client-syslog
   command: /var/ossec/bin/ossec-control enable client-syslog
-  when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
+  when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
 
 - name: Start client-syslog
   command: /var/ossec/bin/ossec-control start client-syslog
-  when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
+  when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
 
 - name: Check if ossec-agentlessd is enabled
   shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo"

ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -8,20 +8,20 @@
   <global>
     <jsonout_output>yes</jsonout_output>
     <alerts_log>yes</alerts_log>
-    {% if ossec_server_config.email_notification | lower == "yes" %}
+    {% if wazuh_manager_config.email_notification | lower == "yes" %}
     <email_notification>yes</email_notification>
-    {% for to in ossec_server_config.mail_to %}
-    <email_to>{{ to }}</email_to>
-    {% endfor %}
-    <smtp_server>{{ ossec_server_config.mail_smtp_server }}</smtp_server>
-    <email_from>{{ ossec_server_config.mail_from }}</email_from>
     {% else %}
     <email_notification>no</email_notification>
     {% endif %}
+    {% for to in wazuh_manager_config.mail_to %}
+    <email_to>{{ to }}</email_to>
+    {% endfor %}
+    <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
+    <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
   </global>
 
-{% if ossec_server_config.extra_emails is defined %}
-{% for mail in ossec_server_config.extra_emails %}
+{% if wazuh_manager_config.extra_emails is defined %}
+{% for mail in wazuh_manager_config.extra_emails %}
   <email_alerts>
     <email_to>{{ mail.mail_to }}</email_to>
     {% if mail.format is defined %}
@@ -50,12 +50,12 @@
 {% endif %}
 
   <alerts>
-    <log_alert_level>{{ ossec_server_config.log_level }}</log_alert_level>
-    <email_alert_level>{{ ossec_server_config.email_level }}</email_alert_level>
+    <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
+    <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
   </alerts>
 
   <remote>
-{% for connection in ossec_server_config.connection %}
+{% for connection in wazuh_manager_config.connection %}
     <connection>{{ connection.type }}</connection>
     <port>{{ connection.port }}</port>
     <protocol>{{ connection.protocol }}</protocol>
@@ -89,27 +89,28 @@
 
   <syscheck>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ ossec_server_config.frequency_check }}</frequency>
-    <scan_on_start>{{ ossec_server_config.syscheck_scan_on_start }}</scan_on_start>
+    <frequency>{{ wazuh_manager_config.frequency_check }}</frequency>
+    <scan_on_start>{{ wazuh_manager_config.syscheck_scan_on_start }}</scan_on_start>
 
     <!-- Directories to check  (perform all possible verifications) -->
-{% for directory in ossec_server_config.directories %}
+{% for directory in wazuh_manager_config.directories %}
    <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
 {% endfor %}
 
     <!-- Files/directories to ignore -->
-    {% for ignore_file in ossec_server_config.ignore_files %}
+    {% for ignore_file in wazuh_manager_config.ignore_files %}
     <ignore>{{ ignore_file }}</ignore>
     {% endfor %}
 
     <!-- Files no diff -->
-    {% for no_diff in ossec_server_config.no_diff %}
+    {% for no_diff in wazuh_manager_config.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
     {% endfor %}
   </syscheck>
 
   {% if ansible_distribution == 'Ubuntu'  and ansible_distribution_release == 'xenial' %}
-    <wodle name="open-scap">
+  <wodle name="open-scap">
+    <disabled>no</disabled>
     <timeout>1800</timeout>
     <interval>1d</interval>
     <scan-on-start>yes</scan-on-start>
@@ -118,8 +119,20 @@
       <profile>xccdf_org.ssgproject.content_profile_common</profile>
     </content>
   </wodle>
+  {% elif ansible_distribution == 'Debian'  and ansible_distribution_release == 'jessie' %}
+  <wodle name="open-scap">
+    <disabled>no</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <content type="xccdf" path="ssg-debian-8-ds.xml">
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+  </wodle>
   {% elif ansible_distribution == 'CentOS' %}
   <wodle name="open-scap">
+    <disabled>no</disabled>
     <timeout>1800</timeout>
     <interval>1d</interval>
     <scan-on-start>yes</scan-on-start>
@@ -134,7 +147,8 @@
     </content>
   </wodle>
   {% elif ansible_distribution == 'RedHat' %}
-   <wodle name="open-scap">
+  <wodle name="open-scap">
+    <disabled>no</disabled>
     <timeout>1800</timeout>
     <interval>1d</interval>
     <scan-on-start>yes</scan-on-start>
@@ -150,7 +164,7 @@
   </wodle>
   {% elif ansible_distribution == 'Fedora' %}
   <wodle name="open-scap">
-    <disabled>yes</disabled>
+    <disabled>no</disabled>
     <timeout>1800</timeout>
     <interval>1d</interval>
     <scan-on-start>yes</scan-on-start>
@@ -178,12 +192,12 @@
 {% endif %}
 
   <global>
-{% for white_list in ossec_server_config.globals %}
+{% for white_list in wazuh_manager_config.globals %}
     <white_list>{{ white_list }}</white_list>
 {% endfor %}
   </global>
 
-  {% for command in ossec_server_config.commands %}
+  {% for command in wazuh_manager_config.commands %}
     <command>
       <name>{{ command.name }}</name>
       <executable>{{ command.executable }}</executable>
@@ -206,7 +220,7 @@
   </ruleset>
 
   <!-- Active Response Config -->
-{% for response in ossec_server_config.active_responses %}
+{% for response in wazuh_manager_config.active_responses %}
   <active-response>
     <command>{{ response.command }}</command>
     <location>{{ response.location }}</location>
@@ -216,7 +230,7 @@
 {% endfor %}
 
   <!-- Files to monitor (localfiles) -->
-{% for localfile in ossec_server_config.localfiles %}
+{% for localfile in wazuh_manager_config.localfiles %}
   <localfile>
      <log_format>{{ localfile.format }}</log_format>
      {% if localfile.format == 'command' or localfile.format == 'full_command' %}
@@ -228,8 +242,8 @@
   </localfile>
 {% endfor %}
 
-{% if ossec_server_config.syslog_outputs is defined %}
-{% for syslog_output in ossec_server_config.syslog_outputs %}
+{% if wazuh_manager_config.syslog_outputs is defined %}
+{% for syslog_output in wazuh_manager_config.syslog_outputs %}
   <syslog_output>
     <server>{{ syslog_output.server }}</server>
     <port>{{ syslog_output.port }}</port>

ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2

@@ -1,4 +1,4 @@
-{% for item in ossec_agent_configs %}
+{% for item in wazuh_agent_configs %}
 <agent_config {{ item.type }}="{{ item.type_value }}">
   <syscheck>
   <!-- Directories to check (perform all possible verifications) -->

ansible-wazuh-manager/vars/agentless_creeds.yml

@@ -1,4 +1,4 @@
-# Be sure you encrypt this file with ansible-vault.
+---
 # agentless_creeds:
 # - type: ssh_integrity_check_linux
 #   frequency: 3600

ansible-wazuh-manager/vars/wazuh_api_creds.yml

@@ -0,0 +1,3 @@
+---
+wazuh_api_user:
+  - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"

ansible-wazuh-server/playbook.retry

@@ -1 +0,0 @@
-192.168.212.138

ansible-wazuh-server/playbook.yml

@@ -1,3 +0,0 @@
-- hosts: ossec-manager
-  roles:
-    - role: ansible-ossec-server

ansible-wazuh-server/vars/wazuh_api_creds.yml

@@ -1,3 +0,0 @@
-# Be sure you encrypt this file with ansible-vault
-wazuh_api_user:
-  - foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/