Support for Amazon Linux added

Logstash bug fixed for single server installation on Amazon Linux

roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml

@@ -3,7 +3,7 @@
   block:
     - name: RedHat/CentOS/Fedora | download Oracle Java RPM
       get_url:
-        url: https://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jre-8u181-linux-x64.rpm
+        url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm
         dest: /tmp/jre-8-linux-x64.rpm
         headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
       register: oracle_java_task_rpm_download

roles/elastic-stack/ansible-elasticsearch/tasks/main.yml

@@ -71,6 +71,7 @@
 - name: Reload systemd
   systemd: daemon_reload=yes
   ignore_errors: yes
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: Ensure Elasticsearch started and enabled
   service:

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -12,6 +12,7 @@
 - name: Reload systemd
   systemd: daemon_reload=yes
   ignore_errors: yes
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: Kibana configuration
   template:

roles/elastic-stack/ansible-logstash/tasks/RedHat.yml

@@ -3,7 +3,7 @@
   block:
     - name: RedHat/CentOS/Fedora | download Oracle Java RPM
       get_url:
-        url: https://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jre-8u181-linux-x64.rpm
+        url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm
         dest: /tmp/jre-8-linux-x64.rpm
         headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
       register: oracle_java_task_rpm_download
@@ -42,3 +42,10 @@
   when:
     - logstash_input_beats == false
     - wazuh_manager_check_rpm.rc == 0
+
+- name: Amazon Linux change startup group
+  shell: sed -i 's/.*LS_GROUP=logstash.*/LS_GROUP=ossec/' /etc/logstash/startup.options
+  when:
+    - logstash_input_beats == false
+    - wazuh_manager_check_rpm.rc == 0
+    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"

roles/elastic-stack/ansible-logstash/tasks/main.yml

@@ -11,6 +11,11 @@
 - name: Reload systemd
   systemd: daemon_reload=yes
   ignore_errors: yes
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
+
+- name: Amazon Linux create service
+  shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options
+  when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
 
 - name: Ensure Logstash started and enabled
   service:
@@ -18,6 +23,13 @@
     enabled: yes
     state: started
 
+- name: Amazon Linux start Logstash
+  service:
+    name: logstash
+    enabled: yes
+    state: started
+  when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
 - import_tasks: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 

roles/wazuh/ansible-filebeat/tasks/RedHat.yml

@@ -1,5 +1,5 @@
 ---
-- name: RedHat/CentOS/Fedora | Install Filebeats repo
+- name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo
   yum_repository:
     name: elastic_repo
     description: Elastic repository for 6.x packages

roles/wazuh/ansible-filebeat/tasks/main.yml

@@ -16,6 +16,7 @@
 - name: Reload systemd
   systemd: daemon_reload=yes
   ignore_errors: yes
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: Ensure Filebeat is started and enabled at boot.
   service:

roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml

@@ -19,6 +19,16 @@
   when:
     - ansible_distribution_major_version|int == 5
 
+- name: AmazonLinux | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: Wazuh repository
+    baseurl: https://packages.wazuh.com/3.x/yum/
+    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    gpgcheck: yes
+  when:
+    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
 - name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:
     url: http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jre-8u171-linux-x64.rpm
@@ -53,7 +63,7 @@
 - name: Set Distribution CIS filename for RHEL7
   set_fact:
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
+  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7") or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: RedHat/CentOS/RedHat | Install openscap
   package: name=openscap-scanner state=present

roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml

@@ -18,6 +18,20 @@
     gpgcheck: yes
   when: ansible_distribution == 'Fedora'
 
+- name: AmazonLinux | Get Nodejs
+  shell: curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -
+  args:
+    warn: no
+  when:
+    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
+- name: AmazonLinux | Install Nodejs repo
+  yum:
+    name: nodejs
+    state: present
+  when:
+    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+
 - name: RedHat/CentOS/Fedora | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
@@ -26,7 +40,7 @@
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
   when:
-    - ansible_distribution_major_version|int > 5
+    - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: RedHat/CentOS 5 | Install Wazuh repo
   yum_repository:
@@ -36,12 +50,13 @@
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
   when:
-    - ansible_distribution_major_version|int < 6
+    - ansible_distribution_major_version|int == 5
 
 - name: RedHat/CentOS/Fedora | Install openscap
   package: name=openscap-scanner state=present
   tags:
     - init
+  when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
 - name: CentOS 6 | Install Software Collections (SCL) Repository
   package: name=centos-release-scl state=present
@@ -113,4 +128,4 @@
 - name: Set Distribution CIS filename for RHEL7/CentOS-7
   set_fact:
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'
+    when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7') or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - import_tasks: "RedHat.yml"
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5
+  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family  == "RedHat" and ansible_distribution == "Amazon")
 
 - import_tasks: "Debian.yml"
   when: ansible_os_family == "Debian"