afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'feature-role-agent-registration'

Browse Source
This commit is contained in:
neonmei 2020-11-23 15:21:10 -03:00
commit 26bb8a61e5
No known key found for this signature in database
GPG Key ID: 7EA1832E7E17237E
3 changed files with 113 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -43,16 +43,6 @@ wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_agent_authd:
registration_address: 127.0.0.1
enable: false
port: 1515
agent_name: null
groups: []
ssl_agent_ca: null
ssl_agent_cert: null
ssl_agent_key: null
ssl_auto_negotiate: 'no'
wazuh_notify_time: '10' wazuh_notify_time: '10'
wazuh_time_reconnect: '60' wazuh_time_reconnect: '60'
wazuh_crypto_method: 'aes' wazuh_crypto_method: 'aes'
@ -74,26 +64,38 @@ wazuh_agent_repo:
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
# This is deprecated, see: wazuh_agent_address
wazuh_agent_nat: false wazuh_agent_nat: false
########################################## ##########################################
### Wazuh ### Wazuh
########################################## ##########################################
wazuh_agent_nolog_sensible: yes
wazuh_agent_config_overlay: yes wazuh_agent_config_overlay: yes
## Client # This is a middle ground between breaking existing uses of wazuh_agent_nat
# and allow working with agents having several network interfaces
wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}'
# List of managers. The first one with register variable declared *and* set to true
# is the one used to register the agent. Otherwise, the first one in the list will be used.
wazuh_managers: wazuh_managers:
- address: 127.0.0.1 - address: 127.0.0.1
port: 1514 port: 1514
protocol: tcp protocol: tcp
api_port: 55000 api_port: 55000
api_proto: 'http' api_proto: https
api_user: wazuh api_user: wazuh
max_retries: 5 max_retries: 5
retry_interval: 5 retry_interval: 5
register: yes
## Authentication Method: Enrollment section (4.x)
# For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment
## Enrollment
wazuh_agent_enrollment: wazuh_agent_enrollment:
enabled: 'yes' enabled: 'yes'
manager_address: '' manager_address: ''
@ -110,6 +112,28 @@ wazuh_agent_enrollment:
delay_after_enrollment: 20 delay_after_enrollment: 20
use_source_ip: 'no' use_source_ip: 'no'
## Authentication Method: invoking agent-auth
# For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/registering/password-authorization-registration.html
wazuh_agent_authd:
registration_address: 127.0.0.1
enable: false
port: 1515
agent_name: null
groups: []
ssl_agent_ca: null
ssl_agent_cert: null
ssl_agent_key: null
ssl_auto_negotiate: 'no'
## Authentication Method: REST API
# For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/registering/restful-api-registration.html
wazuh_agent_api_validate: yes
## Client buffer ## Client buffer
wazuh_agent_client_buffer: wazuh_agent_client_buffer:
disable: 'no' disable: 'no'

120
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -41,8 +41,7 @@
- name: Linux | Check if client.keys exists - name: Linux | Check if client.keys exists
stat: stat:
path: /var/ossec/etc/client.keys path: /var/ossec/etc/client.keys
register: check_keys register: client_keys_file
when: wazuh_agent_config.enrollment.enabled == 'no'
tags: tags:
- config - config
@ -97,18 +96,18 @@
vars: vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none - wazuh_agent_authd.registration_address is not none
- name: Linux | Verify agent registration - name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key received" shell: echo {{ agent_auth_output }} | grep "Valid key received"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none - wazuh_agent_authd.registration_address is not none
when: when:
- wazuh_agent_authd.enable - wazuh_agent_authd.enable | bool
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' - wazuh_agent_config.enrollment.enabled != 'yes'
tags: tags:
- config - config
- authd - authd
@ -116,69 +115,100 @@
- name: Linux | Agent registration via rest-API - name: Linux | Agent registration via rest-API
block: block:
- name: Establish target Wazuh Manager for registration task
set_fact:
target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
vars:
manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
manager_fallback: "{{ wazuh_managers | list }}"
- name: Linux | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: GET
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200
return_content: yes
force_basic_auth: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ ansible_host if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_jwt_result.json.error == 0
register: api_jwt_result
become: no
tags:
- config
- api
- name: Linux | Create the agent key via rest-API - name: Linux | Create the agent key via rest-API
uri: uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
validate_certs: false
method: POST method: POST
body: '{"name":"{{ agent_name }}"}'
body_format: json body_format: json
status_code: 200 body:
name: '{{ agent_name }}'
ip: '{{ wazuh_agent_address }}'
force_time: 1
headers: headers:
Content-Type: "application/json" Authorization: 'Bearer {{ jwt_token }}'
user: "{{ wazuh_managers.0.api_user }}" status_code: 200
password: "{{ api_pass }}" return_content: yes
register: newagent_api validate_certs: '{{ target_manager.validate_certs | default(false) }}'
delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
become: no become: no
changed_when: newagent_api.json.error == 0 no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
when: delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
- not check_keys.stat.exists or check_keys.stat.size == 0 changed_when: api_agent_post.json.error == 0
- wazuh_managers.0.address is not none register: api_agent_post
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
tags: tags:
- config - config
- api - api
- name: Linux | Retrieve new agent data via rest-API - name: Linux | Validate registered agent key matches manager record
uri: uri:
url: >- url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
"{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address
}}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}"
validate_certs: false
method: GET method: GET
return_content: true headers:
user: "{{ wazuh_managers.0.api_user }}" Authorization: 'Bearer {{ jwt_token }}'
password: "{{ api_pass }}" status_code: 200
when: return_content: yes
- not check_keys.stat.exists or check_keys.stat.size == 0 validate_certs: '{{ target_manager.validate_certs | default(false) }}'
- wazuh_agent_authd.registration_address is not none
- newagent_api.json.error == 0
register: newagentdata_api
delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
become: no become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}"
register: api_agent_validation
vars:
agent_id: '{{ api_agent_post.json.data.id }}'
agent_key: '{{ api_agent_post.json.data.key }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
when:
- wazuh_agent_api_validate | bool
- api_agent_post.json.error == 0
tags: tags:
- config - config
- api - api
- name: Linux | Register agent (via rest-API) - name: Linux | Import Key (via rest-API)
command: /var/ossec/bin/manage_agents command: /var/ossec/bin/manage_agents
environment: environment:
OSSEC_ACTION: i OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}' OSSEC_AGENT_NAME: '{{ agent_name }}'
OSSEC_AGENT_IP: '{% if wazuh_agent_nat %}any{% else %}{{ newagentdata_api.json.data.ip }}{% endif %}' OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}' OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}' OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output register: manage_agents_output
when: vars:
- not check_keys.stat.exists or check_keys.stat.size == 0 agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
- wazuh_agent_authd.registration_address is not none
- newagent_api.json.error == 0
notify: restart wazuh-agent notify: restart wazuh-agent
when: when:
- not wazuh_agent_authd.enable - not ( wazuh_agent_authd.enable | bool )
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' - wazuh_agent_config.enrollment.enabled != 'yes'
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
tags: tags:
- config - config
- api - api

2
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -37,7 +37,7 @@
<auto_restart>{{ wazuh_auto_restart }}</auto_restart> <auto_restart>{{ wazuh_auto_restart }}</auto_restart>
<crypto_method>{{ wazuh_crypto_method }}</crypto_method> <crypto_method>{{ wazuh_crypto_method }}</crypto_method>
{% if wazuh_agent_config.enrollment.enabled | length > 0 %} {% if wazuh_agent_config.enrollment.enabled == 'yes' %}
<enrollment> <enrollment>
<enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled> <enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled>
{% if wazuh_agent_config.enrollment.manager_address | length > 0 %} {% if wazuh_agent_config.enrollment.manager_address | length > 0 %}