Updating the manager role with the new Wazuh version 2.1

2017-08-18 13:12:57 -07:00 · 2017-08-18 13:12:57 -07:00 · 278336cbf2
commit 278336cbf2
parent 5e3055a730 a263a27e0c
8 changed files with 119 additions and 166 deletions
--- a/ansible-wazuh-manager/README.md
+++ b/ansible-wazuh-manager/README.md
@ -38,7 +38,8 @@ This file has the agenless credentials.
   arguments: '/bin /etc/ /sbin'
   passwd: qwerty
 ```
-### vars/wazuh_api_creds
+
 ### vars/wazuh_api_creds.yml
 This file has user and password created in httpasswd format.
 ```
 ---
@ -46,6 +47,13 @@ wazuh_api_user:
  - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
 ```
 ### vars/authd_pass.yml
 This file has the password to be used for the authd daemon.
 ```
 ---
 authd_pass: foobar
 ```
 Default config
 --------------
@ -55,16 +63,20 @@ Default config
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_config:
  json_output: 'yes'
  alerts_log: 'yes'
  logall: 'no'
  authd:
    enable: false
  email_notification: no
  mail_to:
    - admin@example.net
  mail_smtp_server: localhost
  mail_from: wazuh-server@example.com
-  frequency_check: 43200
+  syscheck:
-  syscheck_scan_on_start: 'yes'
+    frequency: 43200
-  log_level: 1
+    scan_on_start: 'yes'
-  email_level: 12
+    ignore:
  ignore_files:
      - /etc/mtab
      - /etc/mnttab
      - /etc/hosts.deny
@ -81,10 +93,18 @@ wazuh_manager_config:
    no_diff:
      - /etc/ssl/private.key
    directories:
-    - check_all: 'yes'
+      - dirs: /etc,/usr/bin,/usr/sbin
-      dirs: /etc,/usr/bin,/usr/sbin
+        checks: 'check_all="yes"'
-    - check_all: 'yes'
+      - dirs: /bin,/sbin
-      dirs: /bin,/sbin
+        checks: 'check_all="yes"'
  rootcheck:
    frequency: 43200
  openscap:
    timeout: 1800
    interval: '1d'
    scan_on_start: 'yes'
  log_level: 1
  email_level: 12
  localfiles:
    - format: 'syslog'
      location: '/var/log/messages'
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@ -5,7 +5,8 @@ wazuh_manager_config:
  json_output: 'yes'
  alerts_log: 'yes'
  logall: 'no'
-  enable_authd: false
+  authd:
    enable: false
  email_notification: no
  mail_to:
    - admin@example.net
--- a/ansible-wazuh-manager/tasks/main.yml
+++ b/ansible-wazuh-manager/tasks/main.yml
@ -14,13 +14,27 @@
  tags:
    - init
- name: Generate SSL files
+- name: Generate SSL files for authd
  command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/"
  args:
    creates: sslmanager.cert
    chdir: /var/ossec/etc/
  tags:
      - config
  when: wazuh_manager_config.authd.ssl_agent_ca is not defined
 - name: Copy CA, SSL key and cert for authd
  copy:
    src: "{{ item }}"
    dest: "/var/ossec/etc/{{ item | basename }}"
    mode: 0644
  with_items:
    - "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
    - "{{ wazuh_manager_config.authd.ssl_manager_cert }}"
    - "{{ wazuh_manager_config.authd.ssl_manager_key }}"
  tags:
    - config
  when: wazuh_manager_config.authd.ssl_agent_ca is defined
 - name: Installing the local_rules.xml (default local_rules.xml)
  template: src=var-ossec-rules-local_rules.xml.j2
@ -79,15 +93,41 @@
  command: /var/ossec/bin/ossec-control enable agentless
  when: agentless_running.stdout == '0' and agentless_creeds is defined
- name: Start client-syslog
+- name: Start ossec-agentlessd
  command: /var/ossec/bin/ossec-control start agentless
  when: agentless_running.stdout == '0' and agentless_creeds is defined
 - name: Check if ossec-authd is enabled
  shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-authd is running' | xargs echo"
  register: authd_running
  changed_when: False
 - name: Enable ossec-authd
  command: /var/ossec/bin/ossec-control enable auth
  when:
    - authd_running.stdout == '0'
    - wazuh_manager_config.authd.enable == true
 - name: Start ossec-authd
  command: /var/ossec/bin/ossec-control start auth
  when:
    - authd_running.stdout == '0'
    - wazuh_manager_config.authd.enable == true
 - name: Retrieving authd Credentials
  include_vars: authd_pass.yml
  tags:
    - config
 - name: Retrieving Agentless Credentials
  include_vars: agentless_creeds.yml
  tags:
    - config
 - name: Retrieving Wazuh-api User Credentials
  include_vars: wazuh_api_creds.yml
  tags:
    - config
 - name: Checking alert log output settings
  fail: msg="Please enable json_output or alerts_log options."
@ -109,35 +149,18 @@
    - init
    - config
- name: Write ossec-authd init file
+- name: Ossec-authd password
  template: src=ossec-authd-init.service
            dest=/etc/init.d/ossec-authd
            owner=root
            group=root
            mode=0755
  when:
    - ansible_service_mgr == "upstart"
    - ansible_os_family != "CoreOS"
    - wazuh_manager_config.enable_authd == true
  tags:
    - init
    - config
 - name: Write ossec-authd systemd file
  template:
-    src: ossec-authd.service
+    src: authd_pass.j2
-    dest: /lib/systemd/system/ossec-authd.service
+    dest: "/var/ossec/etc/authd.pass"
    owner: ossec
    group: ossec
    mode: 0640
  no_log: true
  notify: restart wazuh-manager
  when:
-    - ansible_service_mgr == "systemd"
+    - wazuh_manager_config.authd.use_password is defined
-    - ansible_os_family != "CoreOS"
+    - wazuh_manager_config.authd.use_password == true
    - wazuh_manager_config.enable_authd == true
  tags:
    - init
    - config
 - name: Ensure ossec-authd service is started and enabled
  service: name=ossec-authd enabled=yes state=started
  when: wazuh_manager_config.enable_authd == true
  tags:
    - config
--- a/ansible-wazuh-manager/templates/authd_pass.j2
+++ b/ansible-wazuh-manager/templates/authd_pass.j2
@ -0,0 +1 @@
 {{ authd_pass }}
--- a/ansible-wazuh-manager/templates/ossec-authd-init.service
+++ b/ansible-wazuh-manager/templates/ossec-authd-init.service
@ -1,104 +0,0 @@
 #!/bin/sh
 #
 # ossec-authd  Start the OSSEC-HIDS Authentication Daemon
 #
 # chkconfig: 2345 99 01
 # description: Provides key signing for OSSEC Clients
 # processname: ossec-authd
 # config: /var/ossec/etc/ossec.conf
 # pidfile: /var/run/ossec-authd.pid
 ### BEGIN INIT INFO
 # Provides:          ossec-authd
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Authentication Daemon for OSSEC-HIDS.
 # Description:       Provides key signing for OSSEC Clients
 ### END INIT INFO
 # Author: Brad Lhotsky <brad.lhotsky@gmail.com>
 NAME=ossec-authd
 HOME=/var/ossec
 DAEMON=/var/ossec/bin/ossec-authd
 DAEMON_ARGS="-p 1515 2>&1 >> /var/ossec/logs/ossec-authd.log &"
 PIDDIR=/var/ossec/var/run
 SCRIPTNAME=/etc/init.d/ossec-authd
 if [ ! -e $HOME/etc/sslmanager.key ]
  then
    echo "Creating ossec-authd key and cert"
    openssl genrsa -out $HOME/etc/sslmanager.key 4096
    openssl req -new -x509 -key $HOME/etc/sslmanager.key\
      -out $HOME/etc/sslmanager.cert -days 3650\
      -subj /CN=fqdn/
 fi
 . /etc/rc.d/init.d/functions
 getpid() {
    for filename in $PIDDIR/${NAME}*.pid; do
        pidfile=$(basename $filename)
        pid=$(echo $pidfile |cut -d\- -f 3 |cut -d\. -f 1)
        kill -0 $pid &> /dev/null
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
            PIDFILE=$filename
            PID=$pid
        else
            rm -f $filename
        fi;
    done;
 }
 start() {
  echo -n $"Starting $NAME: "
  daemon $DAEMON $DAEMON_ARGS
  retval=$?
  if [ $retval -eq 0 ]; then
    echo_success
    echo
  else
    echo_failure
    echo
  fi
  return $retval
 }
 stop() {
  echo -n $"Stopping $NAME: "
  getpid
  killproc -p $PIDFILE $NAME
  retval=$?
  echo
  return $retval
 }
 restart() {
  stop
  start
 }
 case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  status)
    getpid
    if [ -z $PIDFILE ]; then
        status $NAME
    else
        status -p $PIDFILE $NAME
    fi;
    ;;
  restart)
    restart
    ;;
  *)
    echo "Usage: $0 {start|stop|status}"
    exit 2
    ;;
 esac
 exit $?
--- a/ansible-wazuh-manager/templates/ossec-authd.service
+++ b/ansible-wazuh-manager/templates/ossec-authd.service
@ -1,8 +0,0 @@
 [Unit]
 Description=Wazuh authd
 [Service]
 EnvironmentFile=/etc/ossec-init.conf
 Environment=DIRECTORY=/var/ossec
 ExecStart=/usr/bin/env ${DIRECTORY}/bin/ossec-authd -p 1515
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -1,3 +1,4 @@
 #jinja2: trim_blocks:False
 <!--
  Wazuh - Manager - Default configuration
  More info at: https://documentation.wazuh.com
@ -21,6 +22,23 @@
    <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
  </global>
 {% if wazuh_manager_config.authd.enable == true %}
  <auth>
    <disabled>no</disabled>
    {% if wazuh_manager_config.authd.port is defined %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
    {% if wazuh_manager_config.authd.use_source_ip is defined %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
    {% if wazuh_manager_config.authd.force_insert is defined %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
    {% if wazuh_manager_config.authd.force_time is defined %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
    {% if wazuh_manager_config.authd.purge is defined %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
    {% if wazuh_manager_config.authd.use_password is defined %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
    {% if wazuh_manager_config.authd.ssl_agent_ca is defined %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
    {% if wazuh_manager_config.authd.ssl_verify_host is defined %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
    {% if wazuh_manager_config.authd.ssl_manager_cert is defined %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
    {% if wazuh_manager_config.authd.ssl_manager_key is defined %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
    {% if wazuh_manager_config.authd.ssl_auto_negotiate is defined %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
  </auth>
 {% endif %}
 {% if wazuh_manager_config.extra_emails is defined %}
 {% for mail in wazuh_manager_config.extra_emails %}
  <email_alerts>
--- a/ansible-wazuh-manager/vars/authd_pass.yml
+++ b/ansible-wazuh-manager/vars/authd_pass.yml
@ -0,0 +1,2 @@
 ---
 #authd_pass: foobar