From 2deb53272a6cae54643e8c6299492e73655341b6 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 25 Aug 2020 16:02:06 +0200 Subject: [PATCH] Adaptation to Wazuh 4.0 and fixes --- .../ansible-kibana/defaults/main.yml | 6 +- .../ansible-kibana/templates/wazuh.yml.j2 | 2 +- .../defaults/main.yml | 2 +- .../opendistro-kibana/templates/wazuh.yml.j2 | 2 +- .../ansible-wazuh-manager/handlers/main.yml | 6 ++ .../ansible-wazuh-manager/tasks/main.yml | 89 +++++++++++++++---- .../templates/api.yaml.j2 | 40 ++++----- 7 files changed, 103 insertions(+), 44 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 434dabc2..e252cc4a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -19,10 +19,10 @@ elasticrepo: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # Xpack Security kibana_xpack_security: false diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..aa1305ee 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index d9e4641a..d5b3a04f 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -56,7 +56,7 @@ opendistro_http_port: 9200 certs_gen_tool_version: 1.7 # Url of Search Guard certificates generator tool -certs_gen_tool_url: "https://releases.floragunn.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" +certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' diff --git a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 index 1cbc9e2d..aa1305ee 100644 --- a/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/wazuh.yml.j2 @@ -129,6 +129,6 @@ hosts: - {{ api['id'] }}: url: {{ api['url'] }} port: {{ api['port'] }} - user: {{ api['user'] }} + username: {{ api['username'] }} password: {{ api['password'] }} {% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 29641392..faf885b0 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -4,3 +4,9 @@ name: wazuh-manager state: restarted enabled: true + +- name: restart wazuh-api + service: + name: wazuh-api + state: restarted + enabled: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 96c55d79..f7445982 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -166,12 +166,12 @@ when: - shared_agent_config is defined -- name: Installing the config.js (api configuration) - template: src=var-ossec-api-configuration-config.js.j2 - dest=/var/ossec/api/configuration/config.js +- name: Installing the api.yaml (api configuration) + template: src=api.yaml.j2 + dest=/var/ossec/api/configuration/api.yaml owner=root group=ossec - mode=0740 + mode=0640 notify: restart wazuh-api when: - wazuh_manager_config.cluster.node_type == "master" @@ -301,20 +301,73 @@ tags: - config -- name: Wazuh-API User - template: - src: api_user.j2 - dest: "/var/ossec/api/configuration/auth/user" - owner: root - group: root - mode: 0750 - no_log: true - notify: restart wazuh-api - when: - - wazuh_api_user is defined - - wazuh_manager_config.cluster.node_type == "master" - tags: - - config +# - name: Get API auth token +# uri: +# url: "https://{{ inventory_hostname }}:55000/security/user/authenticate?raw=true" +# method: GET +# user: wazuh +# password: wazuh +# validate_certs: no +# force_basic_auth: yes +# return_content: yes +# status_code: 200 +# retries: 10 +# delay: 5 +# until: token.status == 200 +# register: token +# tags: +# - config_api_users +# when: +# - wazuh_api_users is defined +# - wazuh_manager_config.cluster.node_type == "master" + +# - name: Create Wazuh-API Users +# block: +# - name: Create new user +# uri: +# url: "https://{{ inventory_hostname }}:55000/security/users" +# method: POST +# body_format: json +# body: +# username: "{{ item.username }}" +# password: "{{ item.password }}" +# validate_certs: no +# status_code: 200 +# headers: +# Authorization: "Bearer {{ token.content }}" +# with_items: +# - "{{ wazuh_api_users }}" +# register: user_creation + +# - name: Get new users IDs +# uri: +# url: "https://{{ inventory_hostname }}:5500/security/users" +# method: GET +# validate_certs: no +# status_code: 200 +# headers: +# Authorization: "Bearer {{ token.content }}" +# register: new_users_id + + # - name: Join new users into administrator role + # uri: + # url: "https://{{ inventory_hostname }}:55000/security/users/3/roles" + # method: POST + # force_basic_auth: yes + # body_format: form-urlencoded + # body: "role_ids=1" + # validate_certs: no + # status_code: 200 + # headers: + # Authorization: "Bearer {{ token.content }}" + # with_items: + # - "{{ wazuh_api_users }}" + # register: user_creation + # tags: + # - config_api_users + # when: + # - wazuh_api_users is defined + # - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 index 570bd4de..638c4750 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 @@ -1,44 +1,44 @@ # USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION -host: "{{ wazuh_manager_config.api.bind_addr }}" -port: "{{ wazuh_manager_config.api.port }}" + host: {{ wazuh_manager_config.api.bind_addr }} + port: {{ wazuh_manager_config.api.port }} # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no -behind_proxy_server: "{{ wazuh_manager_config.api.behind_proxy_server }}" + behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }} #Advanced configuration -https: - enabled: "{{ wazuh_manager_config.api.https }}" + https: + enabled: {{ wazuh_manager_config.api.https }} key: "{{ wazuh_manager_config.api.https_key }}" cert: "{{ wazuh_manager_config.api.https_cert }}" - use_ca: "{{ wazuh_manager_config.api.https_use_ca }}" + use_ca: {{ wazuh_manager_config.api.https_use_ca }} ca: "{{ wazuh_manager_config.api.https_ca }}" # Logging configuration # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). -logs: + logs: level: "{{ wazuh_manager_config.api.logging_level }}" path: "{{ wazuh_manager_config.api.logging_path }}" # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage -cors: - enabled: "{{ wazuh_manager_config.api.cors }}" + cors: + enabled: {{ wazuh_manager_config.api.cors }} source_route: "{{ wazuh_manager_config.api.cors_source_route }}" expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}" allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}" - allow_credentials: "{{ wazuh_manager_config.api.cors_allow_credentials }}" + allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }} # Cache (time in seconds) -cache: - enabled: "{{ wazuh_manager_config.api.cache }}" - time: "{{ wazuh_manager_config.api.cache_time }}" + cache: + enabled: {{ wazuh_manager_config.api.cache }} + time: {{ wazuh_manager_config.api.cache_time }} # Access parameters -access: - max_login_attempts: "{{ wazuh_manager_config.api.access_max_login_attempts }}" - block_time: "{{ wazuh_manager_config.api.access_block_time }}" - max_request_per_minute: "{{ wazuh_manager_config.api.access_max_request_per_minute }}" + access: + max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }} + block_time: {{ wazuh_manager_config.api.access_block_time }} + max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }} # Force the use of authd when adding and removing agents. Values: yes, no -use_only_authd: "{{ wazuh_manager_config.api.use_only_authd }}" + use_only_authd: {{ wazuh_manager_config.api.use_only_authd }} # Drop privileges (Run as ossec user) -drop_privileges: "{{ wazuh_manager_config.api.drop_privileges }}" + drop_privileges: {{ wazuh_manager_config.api.drop_privileges }} # Enable features under development -experimental_features: "{{ wazuh_manager_config.api.experimental_features }}" \ No newline at end of file + experimental_features: {{ wazuh_manager_config.api.experimental_features }} \ No newline at end of file