diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 34184a9e..48c8bf6a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,67 +35,6 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - scenario-distributed-wazuh-elk: - name: Distributed ELK + Wazuh - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install poetry - run: pip3 install poetry - - - name: Install dependencies - run: poetry install - - - - name: Run Molecule tests. - run: poetry run molecule test -s distributed-wazuh-elk - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - - scenario-distributed-wazuh-elk-xpack: - name: Distributed ELK + XPack + Wazuh - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install poetry - run: pip3 install poetry - - - name: Install dependencies - run: poetry install - - - name: Run Molecule tests. - run: poetry run molecule test -s distributed-wazuh-elk-xpack - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - scenario-distributed-wazuh-odfe: name: Distributed ODFE + Wazuh runs-on: ubuntu-latest diff --git a/README.md b/README.md index f0c775c6..b006f0de 100644 --- a/README.md +++ b/README.md @@ -37,19 +37,12 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb ├── wazuh-ansible │ ├── roles - │ │ ├── elastic-stack - │ │ │ ├── ansible-elasticsearch - │ │ │ ├── ansible-kibana - │ │ - │ │ ├── opensearch - │ │ │ ├── wazuh-dashboard - │ │ │ ├── wazuh-indexer - │ │ │ │ ├── wazuh - │ │ │ ├── ansible-filebeat │ │ │ ├── ansible-filebeat-oss │ │ │ ├── ansible-wazuh-manager │ │ │ ├── ansible-wazuh-agent + │ │ │ ├── wazuh-dashboard + │ │ │ ├── wazuh-indexer │ │ │ │ ├── ansible-galaxy │ │ │ ├── meta @@ -57,13 +50,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb │ ├── playbooks │ │ ├── wazuh-agent.yml │ │ ├── wazuh-dashboard.yml - │ │ ├── wazuh-elastic.yml - │ │ ├── wazuh-elastic_stack-distributed.yml - │ │ ├── wazuh-elastic_stack-single.yml │ │ ├── wazuh-indexer.yml - │ │ ├── wazuh-kibana.yml │ │ ├── wazuh-manager-oss.yml - │ │ ├── wazuh-manager.yml | | ├── wazuh-production-ready │ │ ├── wazuh-single.yml │ diff --git a/molecule/distributed-wazuh-elk-xpack/INSTALL.rst b/molecule/distributed-wazuh-elk-xpack/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/distributed-wazuh-elk-xpack/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh-elk-xpack/converge.yml b/molecule/distributed-wazuh-elk-xpack/converge.yml deleted file mode 100644 index 36186c89..00000000 --- a/molecule/distributed-wazuh-elk-xpack/converge.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- - - -- name: Generate certificates prior to converging - hosts: all - become: true - become_user: root - vars: - endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' - roles: - - role: ../../roles/elastic-stack/ansible-elasticsearch - vars: - node_certs_generator: true - instances: '{{ elk_endpoint_list }}' - when: - - inventory_hostname in groups['elastic'] - - ansible_hostname == 'wazuh-es01' - pre_tasks: - - name: (converge) build instances list dynamically for cert generator consumption - set_fact: - elk_endpoint_list: "{{ elk_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" - vars: - instance_hostname: '{{ item.ansible_facts.hostname }}' - instance_item: - name: '{{ item.private_ip}}' - ip: '{{ item.private_ip }}' - loop: '{{ endpoints_hostvars }}' - no_log: true - - name: overview of cert configuration - debug: - var: elk_endpoint_list - -- name: Converge - hosts: all - become: true - become_user: root - vars: - endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' - # arguments common to all managers - wazuh_managers_common: - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - max_retries: 5 - retry_interval: 5 - roles: - # 1. Elasticsearch - - role: ../../roles/elastic-stack/ansible-elasticsearch - vars: - instances: '{{ elk_endpoint_list }}' - when: inventory_hostname in groups['elastic'] - # 2. Managers - - role: ../../roles/wazuh/ansible-wazuh-manager - when: inventory_hostname in groups['managers'] - - role: ../../roles/wazuh/ansible-filebeat - when: inventory_hostname in groups['managers'] - # 3. Kibana - - role: ../../roles/elastic-stack/ansible-kibana - when: inventory_hostname in groups['kibana'] - # 4. Agents: - - role: ../../roles/wazuh/ansible-wazuh-agent - vars: - wazuh_managers: '{{ wazuh_managers_list }}' - when: inventory_hostname in groups['agents'] - pre_tasks: - - - name: (converge) build wazuh_managers list dynamically for agents to consume - set_fact: - wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}' - vars: - manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}' - loop: '{{ manager_addresses }}' - - - name: (converge) build instances list dynamically for cert generator consumption - set_fact: - elk_endpoint_list: "{{ elk_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" - vars: - instance_hostname: '{{ item.ansible_facts.hostname }}' - instance_item: - name: '{{ item.private_ip}}' - ip: '{{ item.private_ip }}' - loop: '{{ endpoints_hostvars }}' - no_log: true - - - name: (converge) fix ubuntu repository key task in thin images where gpg-agent is missing - apt: - name: gpg-agent - state: present - update_cache: yes - when: - - ansible_distribution == "Ubuntu" - - inventory_hostname in groups['agents'] \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml deleted file mode 100644 index 6d8ffeef..00000000 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -wazuh_agent_config: - enrollment: - enabled: 'yes' - #manager_address: '' - #port: 1515 - agent_name: '{{ ansible_hostname }}' - #groups: '' - #agent_address: '' - #server_ca_path: '' - #agent_certificate_path: '' - #agent_key_path: '' - #authorization_pass_path : /var/ossec/etc/authd.pass - #auto_method: 'no' - #delay_after_enrollment: 20 - #use_source_ip: 'no' - -wazuh_agent_authd: - registration_address: '{{ manager_addresses | random }}' - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml deleted file mode 100644 index 3730410d..00000000 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" -kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" -kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" - -######################################################## -# Versions -elastic_stack_version: 7.10.2 -filebeat_version: 7.10.2 - -# Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.0-1 -wazuh_agent_version: 4.3.0-1 - -# Kibana role appends it automatically. -wazuh_version: 4.3.0 - -######################################################## -# General ELK stack variables - -# Xpack Security: autogenerate CA -generate_CA: true -filebeat_xpack_security: true -kibana_xpack_security: true -elasticsearch_xpack_security: true -elasticsearch_xpack_security_user: elastic -elasticsearch_xpack_security_password: elastic_pass diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml deleted file mode 100644 index 1490dff3..00000000 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' -elasticsearch_node_name: '{{ private_ip }}' - -elasticsearch_reachable_host: '{{ private_ip }}' -elasticsearch_http_port: 9200 - -elasticsearch_bootstrap_node: true -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - -elasticsearch_jvm_xms: 1024 \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml deleted file mode 100644 index 4d9142b4..00000000 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -kibana_server_name: '{{ ansible_hostname }}' -kibana_node_name: '{{ private_ip }}' - -elasticsearch_network_host: "{{ elastic_addresses[0] }}" -#elasticsearch_http_port: 9200 - -elasticsearch_node_master: false -elasticsearch_node_ingest: false -elasticsearch_node_data: false - -wazuh_api_credentials: - - id: default - url: 'https://{{ manager_addresses[0] }}' - port: 55000 - #port: 1514 - username: wazuh - password: wazuh diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml deleted file mode 100644 index 6f9c9af3..00000000 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -wazuh_manager_fqdn: '{{ ansible_hostname }}' - -filebeat_node_name: '{{ private_ip }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' - -wazuh_manager_config: - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - api: - https: 'yes' - cluster: - disable: 'no' - node_name: '{{ ansible_hostname }}' - node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" - nodes: '{{ manager_addresses }}' - hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/molecule.yml b/molecule/distributed-wazuh-elk-xpack/molecule.yml deleted file mode 100644 index 6ed46105..00000000 --- a/molecule/distributed-wazuh-elk-xpack/molecule.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Distributed scenario: clustered manager scenario + connected agents -# 2-core CPU -# 7 GB of RAM memory -# 14 GB of SSD disk space -# -# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners - -dependency: - name: galaxy -driver: - name: docker -lint: | - yamllint . - ansible-lint roles - flake8 molecule -platforms: - ################################################ - # Wazuh Managers - ################################################ - - name: molecule_xpack_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_xpack_manager_debian9 - hostname: wazuh-mgr02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Elastic Cluster - ################################################ - - name: molecule_xpack_elasticsearch_centos7 - hostname: wazuh-es01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_xpack_elasticsearch_debian9 - hostname: wazuh-es02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Wazuh Agents - ################################################ - - name: molecule_xpack_agent_centos7 - hostname: wazuh-agent01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_xpack_agent_debian9 - hostname: wazuh-agent02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Kibana - ################################################ - - - name: molecule_xpack_kibana_centos7 - hostname: wazuh-kib01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 2048m - memory_reservation: 512m - groups: - - kibana - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - ansible_args: - - -vv - inventory: - links: - group_vars: group_vars - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: distributed-wazuh-elk-xpack - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py deleted file mode 100644 index 75940cf0..00000000 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.3.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), - ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh-elk/INSTALL.rst b/molecule/distributed-wazuh-elk/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/distributed-wazuh-elk/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh-elk/converge.yml b/molecule/distributed-wazuh-elk/converge.yml deleted file mode 100644 index be8c903d..00000000 --- a/molecule/distributed-wazuh-elk/converge.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- - -- name: Converge - hosts: all - become: true - become_user: root - vars: - # arguments common to all managers - wazuh_managers_common: - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - max_retries: 5 - retry_interval: 5 - roles: - # 1. Elasticsearch - - role: ../../roles/elastic-stack/ansible-elasticsearch - when: inventory_hostname in groups['elastic'] - # 2. Managers - - role: ../../roles/wazuh/ansible-wazuh-manager - when: inventory_hostname in groups['managers'] - - role: ../../roles/wazuh/ansible-filebeat - when: inventory_hostname in groups['managers'] - # 3. Kibana - - role: ../../roles/elastic-stack/ansible-kibana - when: inventory_hostname in groups['kibana'] - # 4. Agents: - - role: ../../roles/wazuh/ansible-wazuh-agent - vars: - wazuh_managers: '{{ wazuh_managers_list }}' - when: inventory_hostname in groups['agents'] - pre_tasks: - - - name: (converge) build wazuh_managers list dynamically for agents to consume - set_fact: - wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([merged_dict]) }}' - vars: - merged_dict: '{{ wazuh_managers_common | combine({"address": item}) }}' - loop: '{{ manager_addresses }}' - - - name: (converge) fix ubuntu repository key task in thin images where gpg-agent is missing - apt: - name: gpg-agent - state: present - update_cache: yes - when: - - ansible_distribution == "Ubuntu" - - inventory_hostname in groups['agents'] - - - debug: - msg: | - ----------------------------------------- - managers: {{ managers_hostvars | length }} - addresses: {{ manager_addresses }} - ----------------------------------------- - elastic: {{ elastic_hostvars | length }} - addresses: {{ elastic_addresses }} - ----------------------------------------- diff --git a/molecule/distributed-wazuh-elk/group_vars/agents.yml b/molecule/distributed-wazuh-elk/group_vars/agents.yml deleted file mode 100644 index d2341230..00000000 --- a/molecule/distributed-wazuh-elk/group_vars/agents.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -wazuh_agent_config: - enrollment: - enabled: 'yes' - #manager_address: '' - #port: 1515 - agent_name: '{{ ansible_hostname }}' - #groups: '' - #agent_address: '' - #server_ca_path: '' - #agent_certificate_path: '' - #agent_key_path: '' - #authorization_pass_path : /var/ossec/etc/authd.pass - #auto_method: 'no' - #delay_after_enrollment: 20 - #use_source_ip: 'no' diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml deleted file mode 100644 index 3124a9c9..00000000 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" - -######################################################## -# Versions -elastic_stack_version: 7.10.2 -filebeat_version: 7.10.2 - -# Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.0-1 -wazuh_agent_version: 4.3.0-1 - -# Kibana role appends it automatically. -wazuh_version: 4.3.0 diff --git a/molecule/distributed-wazuh-elk/group_vars/elastic.yml b/molecule/distributed-wazuh-elk/group_vars/elastic.yml deleted file mode 100644 index f53be2a7..00000000 --- a/molecule/distributed-wazuh-elk/group_vars/elastic.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' -elasticsearch_node_name: '{{ ansible_hostname }}' - -elasticsearch_reachable_host: '{{ private_ip }}' -elasticsearch_http_port: 9200 - -# This scenario runs without xpack-security -elasticsearch_xpack_security: false -node_certs_generator: false - -elasticsearch_bootstrap_node: true -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - -elasticsearch_jvm_xms: 1024 diff --git a/molecule/distributed-wazuh-elk/group_vars/kibana.yml b/molecule/distributed-wazuh-elk/group_vars/kibana.yml deleted file mode 100644 index 1c0861a2..00000000 --- a/molecule/distributed-wazuh-elk/group_vars/kibana.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -kibana_node_name: '{{ ansible_hostname }}' -kibana_server_name: '{{ ansible_hostname }}' - -elasticsearch_network_host: "{{ elastic_addresses | random }}" -#elasticsearch_http_port: 9200 - -elasticsearch_node_master: false -elasticsearch_node_ingest: false -elasticsearch_node_data: false - -wazuh_api_credentials: - - id: default - url: 'https://{{ manager_addresses[0] }}' - port: 55000 - #port: 1514 - username: wazuh - password: wazuh \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/group_vars/managers.yml b/molecule/distributed-wazuh-elk/group_vars/managers.yml deleted file mode 100644 index e191ad10..00000000 --- a/molecule/distributed-wazuh-elk/group_vars/managers.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' - -wazuh_manager_config: - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - api: - https: 'yes' - cluster: - disable: 'no' - node_name: '{{ ansible_hostname }}' - node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" - nodes: '{{ manager_addresses }}' - hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml deleted file mode 100644 index b4b37153..00000000 --- a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -wazuh_agent_authd: - registration_address: '{{ manager_addresses | random }}' - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/molecule.yml b/molecule/distributed-wazuh-elk/molecule.yml deleted file mode 100644 index cb2cc95b..00000000 --- a/molecule/distributed-wazuh-elk/molecule.yml +++ /dev/null @@ -1,163 +0,0 @@ ---- -# Distributed scenario: clustered manager scenario + connected agents -# 2-core CPU -# 7 GB of RAM memory -# 14 GB of SSD disk space -# -# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners - -dependency: - name: galaxy -driver: - name: docker -lint: | - yamllint . - ansible-lint roles - flake8 molecule -platforms: - ################################################ - # Wazuh Managers - ################################################ - - name: wazuh_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_debian9 - hostname: wazuh-mgr02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Elastic Cluster - ################################################ - - name: wazuh_elasticsearch_centos7 - hostname: wazuh-es01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_elasticsearch_debian9 - hostname: wazuh-es02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Wazuh Agents - ################################################ - - name: wazuh_agent_centos7 - hostname: wazuh-agent01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_agent_debian9 - hostname: wazuh-agent01 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Kibana - ################################################ - - - name: wazuh_kibana_centos7 - hostname: wazuh-kib01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 2048m - memory_reservation: 512m - groups: - - kibana - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - ansible_args: - - -vv - inventory: - links: - group_vars: group_vars - host_vars: host_vars - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: distributed-wazuh-elk - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py deleted file mode 100644 index 75940cf0..00000000 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.3.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), - ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.10.2') diff --git a/roles/wazuh/wazuh-indexer/templates/jvm.options.j2 b/roles/wazuh/wazuh-indexer/templates/jvm.options.j2 index 68119527..74c01054 100644 --- a/roles/wazuh/wazuh-indexer/templates/jvm.options.j2 +++ b/roles/wazuh/wazuh-indexer/templates/jvm.options.j2 @@ -88,7 +88,7 @@ # JDK 9+ GC logging 9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m -## OpenDistro Performance Analyzer +## Opensearch Performance Analyzer -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy