From 6e3b92bcc4f955348d92b902e5e860c9ee9e1428 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Tue, 30 Apr 2019 19:17:56 +0200 Subject: [PATCH 01/75] Added Molecule test for the Elasticsearch role --- .circleci/config.yml | 5 +- .travis.yml | 2 + Pipfile | 1 + molecule/default/prepare.yml | 10 ++++ molecule/elasticsearch/Dockerfile.j2 | 14 +++++ molecule/elasticsearch/INSTALL.rst | 22 +++++++ molecule/elasticsearch/molecule.yml | 59 +++++++++++++++++++ molecule/elasticsearch/playbook.yml | 6 ++ molecule/elasticsearch/tests/test_default.py | 19 ++++++ .../ansible-elasticsearch/tasks/Debian.yml | 16 ++++- .../ansible-elasticsearch/tasks/RMDebian.yml | 1 + .../ansible-elasticsearch/tasks/RMRedHat.yml | 1 + .../ansible-elasticsearch/tasks/RedHat.yml | 4 ++ .../ansible-elasticsearch/tasks/main.yml | 9 ++- 14 files changed, 163 insertions(+), 6 deletions(-) create mode 100644 molecule/elasticsearch/Dockerfile.j2 create mode 100644 molecule/elasticsearch/INSTALL.rst create mode 100644 molecule/elasticsearch/molecule.yml create mode 100644 molecule/elasticsearch/playbook.yml create mode 100644 molecule/elasticsearch/tests/test_default.py diff --git a/.circleci/config.yml b/.circleci/config.yml index 08b3ff16..d665e8e6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,3 +1,4 @@ +--- version: 2 jobs: test: @@ -6,7 +7,7 @@ jobs: version: 2.7 services: - docker - working_directory: ~/wazuh-ansible + working_directory: ~/wazuh-ansible steps: - checkout - run: @@ -22,4 +23,4 @@ workflows: version: 2 test_molecule: jobs: - - test \ No newline at end of file + - test diff --git a/.travis.yml b/.travis.yml index 97c0427b..937de0ab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +--- language: python services: docker before_script: @@ -6,3 +7,4 @@ before_script: script: - pipenv run test - pipenv run agent + - pipenv run elasticsearch diff --git a/Pipfile b/Pipfile index 2bc7a896..bf6931c6 100644 --- a/Pipfile +++ b/Pipfile @@ -16,3 +16,4 @@ python_version = "2.7" [scripts] test ="molecule test" agent ="molecule test -s wazuh-agent" +elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 1aa45e29..f3dc9aac 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -24,3 +24,13 @@ state: latest register: wazuh_manager_dependencies_packages_installed until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/elasticsearch/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/elasticsearch/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml new file mode 100644 index 00000000..f673f502 --- /dev/null +++ b/molecule/elasticsearch/molecule.yml @@ -0,0 +1,59 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: True + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty + image: ubuntu:trusty + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 512 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml new file mode 100644 index 00000000..f6bf45f9 --- /dev/null +++ b/molecule/elasticsearch/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py new file mode 100644 index 00000000..f25c299d --- /dev/null +++ b/molecule/elasticsearch/tests/test_default.py @@ -0,0 +1,19 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_elasticsearch_is_installed(host): + elasticsearch = host.package("elasticsearch") + assert elasticsearch.is_installed + assert elasticsearch.version.startswith('6.7.1') + + +def test_elasticsearch_is_running(host): + """Test if the services are enabled and running.""" + elasticsearch = host.service("elasticsearch") + assert elasticsearch.is_enabled + assert elasticsearch.is_running diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index f786d2a3..f8baac55 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -1,13 +1,25 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present + register: elasticsearch_ca_packages_installed + until: elasticsearch_ca_packages_installed is succeeded + +- name: "Install Java Repo for Trusty" + apt_repository: repo='ppa:openjdk-r/ppa' + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 - when: elasticsearch_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 apt: name=openjdk-8-jre state=present cache_valid_time=3600 + register: elasticsearch_jre_packages_installed + until: elasticsearch_jre_packages_installed is succeeded tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. @@ -27,4 +39,6 @@ name: "elasticsearch={{ elastic_stack_version }}" state: present cache_valid_time: 3600 + register: elasticsearch_main_packages_installed + until: elasticsearch_main_packages_installed is succeeded tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index 8f99b1e5..bdf667bc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 79632b31..4c25c31b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,6 +4,7 @@ - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed + until: oracle_java_task_rpm_installed is succeeded tags: install - name: RedHat/CentOS/Fedora | Install Elastic repo @@ -13,8 +14,11 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present + register: elasticsearch_main_packages_installed + until: elasticsearch_main_packages_installed is succeeded when: not elasticsearch_install_java or oracle_java_task_rpm_installed is defined tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index a1f44f88..f0d88581 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -76,9 +76,9 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Ensure Elasticsearch started and enabled - ignore_errors: true service: name: elasticsearch enabled: true @@ -92,19 +92,22 @@ - name: Check for Wazuh Alerts template uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: GET status_code: 200, 404 register: wazuh_alerts_template_exits + until: wazuh_alerts_template_exits is succeeded tags: init - name: Installing Wazuh Alerts template uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: PUT status_code: 200 body_format: json body: "{{ lookup('template','wazuh-elastic6-template-alerts.json.j2') }}" + register: installing_wazuh_template + until: installing_wazuh_template is succeeded when: wazuh_alerts_template_exits.status != 200 tags: init From e5b0e2b40e85136d18ded312067f11d10510ee31 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Fri, 3 May 2019 16:34:09 +0200 Subject: [PATCH 02/75] Added tests for Logstash --- molecule/logstash/Dockerfile.j2 | 14 +++++ molecule/logstash/INSTALL.rst | 22 ++++++++ molecule/logstash/molecule.yml | 56 +++++++++++++++++++ molecule/logstash/playbook.yml | 5 ++ molecule/logstash/prepare.yml | 41 ++++++++++++++ molecule/logstash/tests/test_default.py | 30 ++++++++++ .../ansible-logstash/tasks/Debian.yml | 10 +++- .../ansible-logstash/tasks/RMDebian.yml | 1 + .../ansible-logstash/tasks/RMRedHat.yml | 1 + .../ansible-logstash/tasks/RedHat.yml | 10 +++- .../ansible-logstash/tasks/main.yml | 13 +++++ 11 files changed, 197 insertions(+), 6 deletions(-) create mode 100644 molecule/logstash/Dockerfile.j2 create mode 100644 molecule/logstash/INSTALL.rst create mode 100644 molecule/logstash/molecule.yml create mode 100644 molecule/logstash/playbook.yml create mode 100644 molecule/logstash/prepare.yml create mode 100644 molecule/logstash/tests/test_default.py diff --git a/molecule/logstash/Dockerfile.j2 b/molecule/logstash/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/logstash/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/logstash/INSTALL.rst b/molecule/logstash/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/logstash/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml new file mode 100644 index 00000000..6246d33c --- /dev/null +++ b/molecule/logstash/molecule.yml @@ -0,0 +1,56 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: True + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: centos6 + image: geerlingguy/docker-centos6-ansible + privileged: true + memory_reservation: 1024m + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/logstash/playbook.yml b/molecule/logstash/playbook.yml new file mode 100644 index 00000000..d077bd8e --- /dev/null +++ b/molecule/logstash/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-logstash diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml new file mode 100644 index 00000000..7e5ca29d --- /dev/null +++ b/molecule/logstash/prepare.yml @@ -0,0 +1,41 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + pre_tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' + + roles: + - role: wazuh/ansible-wazuh-manager + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py new file mode 100644 index 00000000..36e948e0 --- /dev/null +++ b/molecule/logstash/tests/test_default.py @@ -0,0 +1,30 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_installed(host): + logstash = host.package("logstash") + assert logstash.is_installed + + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert logstash.version.startswith('1:6.7.1') + else: + assert logstash.version.startswith('6.7.1') + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + logstash = host.service("logstash") + assert logstash.is_enabled + assert logstash.is_running + + +def test_find_correct_logentry(host): + logfile = host.file("//var/log/logstash/logstash-plain.log") + assert logfile.contains("Successfully started Logstash API endpoint") + assert logfile.contains("Restored connection to ES instance") diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 403ee88f..621b02d1 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -1,7 +1,9 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present - when: logstash_install_java @@ -20,6 +22,7 @@ repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' state: present filename: 'elastic_repo' + changed_when: false - name: Debian/Ubuntu | Install Logstash apt: @@ -31,7 +34,8 @@ - name: Debian/Ubuntu | Checking if wazuh-manager is installed command: dpkg -l wazuh-manager register: wazuh_manager_check_deb - when: logstash_input_beats == false + when: not logstash_input_beats + changed_when: false args: warn: false @@ -41,5 +45,5 @@ groups: ossec append: true when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_deb.rc == 0 diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml index 78538fe9..e770b4e6 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index ed16fbc5..1c11926c 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -13,6 +13,7 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Logstash package: name=logstash-{{ elastic_stack_version }} state=present @@ -22,7 +23,8 @@ - name: RedHat/CentOS/Fedora | Checking if wazuh-manager is installed command: rpm -q wazuh-manager register: wazuh_manager_check_rpm - when: logstash_input_beats == false + when: not logstash_input_beats + changed_when: false args: warn: false @@ -32,12 +34,14 @@ groups: ossec append: true when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_rpm.rc == 0 - name: Amazon Linux change startup group shell: sed -i 's/.*LS_GROUP=logstash.*/LS_GROUP=ossec/' /etc/logstash/startup.options + tags: + - skip_ansible_lint when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_rpm.rc == 0 - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/elastic-stack/ansible-logstash/tasks/main.yml b/roles/elastic-stack/ansible-logstash/tasks/main.yml index e114a82f..d1f07d70 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/main.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/main.yml @@ -15,10 +15,23 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Amazon Linux create service shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + args: + creates: /etc/default/logstash + tags: + - skip_ansible_lint + +- name: Amazon Linux create service + shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "6" + args: + creates: /etc/default/logstash + tags: + - skip_ansible_lint - name: Ensure Logstash started and enabled service: From 35c9ef3fe89ac077e7e988e1e7535f38c4012596 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Fri, 3 May 2019 16:36:36 +0200 Subject: [PATCH 03/75] Added command for pipenv --- .travis.yml | 1 + Pipfile | 1 + 2 files changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 937de0ab..d93ba6ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,3 +8,4 @@ script: - pipenv run test - pipenv run agent - pipenv run elasticsearch + - pipenv run logstash diff --git a/Pipfile b/Pipfile index bf6931c6..0f2d931d 100644 --- a/Pipfile +++ b/Pipfile @@ -17,3 +17,4 @@ python_version = "2.7" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" +logstash ="molecule test -s logstash" From c0e60a1a5a1f0713e89feeaed19dfe5507cdbebc Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Mon, 6 May 2019 18:55:48 +0200 Subject: [PATCH 04/75] Added tests for Kibana --- molecule/kibana/Dockerfile.j2 | 14 +++++++ molecule/kibana/INSTALL.rst | 22 ++++++++++ molecule/kibana/molecule.yml | 59 +++++++++++++++++++++++++++ molecule/kibana/playbook.yml | 5 +++ molecule/kibana/prepare.yml | 41 +++++++++++++++++++ molecule/kibana/tests/test_default.py | 31 ++++++++++++++ 6 files changed, 172 insertions(+) create mode 100644 molecule/kibana/Dockerfile.j2 create mode 100644 molecule/kibana/INSTALL.rst create mode 100644 molecule/kibana/molecule.yml create mode 100644 molecule/kibana/playbook.yml create mode 100644 molecule/kibana/prepare.yml create mode 100644 molecule/kibana/tests/test_default.py diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/kibana/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/kibana/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml new file mode 100644 index 00000000..a1e0e3f9 --- /dev/null +++ b/molecule/kibana/molecule.yml @@ -0,0 +1,59 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty + image: ubuntu:trusty + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 + kibana_plugin_install_ignore_error: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml new file mode 100644 index 00000000..74fc1038 --- /dev/null +++ b/molecule/kibana/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-kibana diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml new file mode 100644 index 00000000..7e5ca29d --- /dev/null +++ b/molecule/kibana/prepare.yml @@ -0,0 +1,41 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + pre_tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' + + roles: + - role: wazuh/ansible-wazuh-manager + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py new file mode 100644 index 00000000..dfcf8ad0 --- /dev/null +++ b/molecule/kibana/tests/test_default.py @@ -0,0 +1,31 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + kibana = host.service("kibana") + assert kibana.is_enabled + assert kibana.is_running + + +def test_port_kibana_is_open(host): + """Test if the port 5601 is open and listening to connections.""" + host.socket("tcp://0.0.0.0:5601").is_listening + + +def test_find_correct_elasticsearch_version(host): + """Test if we find the kibana/elasticsearch version in package.json""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") + assert kibana.contains("6.7.1") + + +def test_wazuh_plugin_installed(host): + """Make sure there is a plugin wazuh directory.""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/") + + assert kibana.is_directory From a3425d04acbde9f2927ad363454ff827f08c32ad Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Mon, 6 May 2019 18:56:14 +0200 Subject: [PATCH 05/75] Added comments in tests;Added some skip tasks --- .travis.yml | 2 + Pipfile | 2 + molecule/elasticsearch/molecule.yml | 2 +- molecule/elasticsearch/tests/test_default.py | 1 + molecule/filebeat/Dockerfile.j2 | 14 +++++++ molecule/filebeat/INSTALL.rst | 22 ++++++++++ molecule/filebeat/molecule.yml | 42 +++++++++++++++++++ molecule/filebeat/playbook.yml | 5 +++ molecule/filebeat/prepare.yml | 36 ++++++++++++++++ molecule/filebeat/tests/test_default.py | 19 +++++++++ molecule/logstash/molecule.yml | 2 +- molecule/logstash/tests/test_default.py | 4 +- .../ansible-kibana/defaults/main.yml | 1 + .../ansible-kibana/tasks/Debian.yml | 9 +++- .../ansible-kibana/tasks/RMDebian.yml | 1 + .../ansible-kibana/tasks/RMRedHat.yml | 1 + .../ansible-kibana/tasks/RedHat.yml | 3 ++ .../ansible-kibana/tasks/main.yml | 12 +++++- .../ansible-kibana/templates/kibana.yml.j2 | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 8 +++- .../wazuh/ansible-filebeat/tasks/RMDebian.yml | 1 + .../wazuh/ansible-filebeat/tasks/RMRedHat.yml | 1 + roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 3 ++ 24 files changed, 185 insertions(+), 9 deletions(-) create mode 100644 molecule/filebeat/Dockerfile.j2 create mode 100644 molecule/filebeat/INSTALL.rst create mode 100644 molecule/filebeat/molecule.yml create mode 100644 molecule/filebeat/playbook.yml create mode 100644 molecule/filebeat/prepare.yml create mode 100644 molecule/filebeat/tests/test_default.py diff --git a/.travis.yml b/.travis.yml index d93ba6ac..c8e8ca95 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,3 +9,5 @@ script: - pipenv run agent - pipenv run elasticsearch - pipenv run logstash + - pipenv run filebeat + - pipenv run kibana diff --git a/Pipfile b/Pipfile index 0f2d931d..2d1d13e0 100644 --- a/Pipfile +++ b/Pipfile @@ -18,3 +18,5 @@ test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" logstash ="molecule test -s logstash" +filebeat ="molecule test -s filebeat" +kibana ="molecule test -s kibana" diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index f673f502..9897fe56 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -11,7 +11,7 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - privileged: True + privileged: true memory_reservation: 1024m - name: xenial image: solita/ubuntu-systemd:xenial diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index f25c299d..8b453255 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -7,6 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_elasticsearch_is_installed(host): + """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed assert elasticsearch.version.startswith('6.7.1') diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/filebeat/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/filebeat/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml new file mode 100644 index 00000000..4f0bffb6 --- /dev/null +++ b/molecule/filebeat/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: trusty + image: ubuntu:trusty + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + privileged: true + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + command: /sbin/init + - name: centos6 + image: geerlingguy/docker-centos6-ansible + privileged: true + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos7 + image: milcom/centos7-systemd + privileged: true +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml new file mode 100644 index 00000000..3ff917f6 --- /dev/null +++ b/molecule/filebeat/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-filebeat diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml new file mode 100644 index 00000000..f3dc9aac --- /dev/null +++ b/molecule/filebeat/prepare.yml @@ -0,0 +1,36 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py new file mode 100644 index 00000000..8c4fd609 --- /dev/null +++ b/molecule/filebeat/tests/test_default.py @@ -0,0 +1,19 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_installed(host): + """Test if the filebeat package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + filebeat = host.service("filebeat") + assert filebeat.is_enabled + assert filebeat.is_running diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml index 6246d33c..12103767 100644 --- a/molecule/logstash/molecule.yml +++ b/molecule/logstash/molecule.yml @@ -11,7 +11,7 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - privileged: True + privileged: true memory_reservation: 1024m - name: xenial image: solita/ubuntu-systemd:xenial diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py index 36e948e0..bc5fe999 100644 --- a/molecule/logstash/tests/test_default.py +++ b/molecule/logstash/tests/test_default.py @@ -7,6 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_logstash_is_installed(host): + """Test if logstash is installed with correct version.""" logstash = host.package("logstash") assert logstash.is_installed @@ -25,6 +26,7 @@ def test_logstash_is_running(host): def test_find_correct_logentry(host): - logfile = host.file("//var/log/logstash/logstash-plain.log") + """See if logstash is started and is connected to Elasticsearch.""" + logfile = host.file("/var/log/logstash/logstash-plain.log") assert logfile.contains("Successfully started Logstash API endpoint") assert logfile.contains("Restored connection to ES instance") diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 4d02fb77..4d4848ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,3 +5,4 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.7.1 wazuh_version: 3.8.2 +kibana_plugin_install_ignore_error: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 097b19db..90e52a8b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -1,8 +1,12 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present + register: kibana_installing_ca_package + until: kibana_installing_ca_package is succeeded - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: @@ -15,10 +19,13 @@ state: present filename: 'elastic_repo' update_cache: true + changed_when: false - name: Debian/Ubuntu | Install Kibana apt: name: "kibana={{ elastic_stack_version }}" state: present cache_valid_time: 3600 + register: installing_kibana_package + until: installing_kibana_package is succeeded tags: install diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 8f66f9a7..1ae7df57 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index f5fe2935..760e841b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -6,7 +6,10 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Kibana package: name=kibana-{{ elastic_stack_version }} state=present + register: installing_kibana_package + until: installing_kibana_package is succeeded tags: install diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43e369c8..e87b87b0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -17,6 +17,7 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Kibana configuration template: @@ -29,8 +30,11 @@ tags: configure - name: Checking Wazuh-APP version - shell: "grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" + shell: | + set -o pipefail + grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo args: + executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false @@ -51,9 +55,13 @@ environment: NODE_OPTIONS: "--max-old-space-size=3072" args: + executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - tags: install + ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + tags: + - install + - skip_ansible_lint - name: Ensure Kibana started and enabled service: diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 9b29f17a..edd1b4b4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,7 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 455034d6..23b685eb 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -1,9 +1,12 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present - + register: filebeat_ca_packages_install + until: filebeat_ca_packages_install is succeeded - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: @@ -15,3 +18,4 @@ repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' state: present update_cache: true + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 580e6d86..c2727ee1 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index c9bceab0..519121b3 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 80798897..8745ea7e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -6,3 +6,4 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 94cd5765..da6d7178 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -7,6 +7,8 @@ - name: Install Filebeat. package: name=filebeat state=present + register: filebeat_installing_package + until: filebeat_installing_package is succeeded tags: - install @@ -20,6 +22,7 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Ensure Filebeat is started and enabled at boot. service: From 11721ebe147f27ce33b921ce52f2a950ea375a94 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:00:40 +0200 Subject: [PATCH 06/75] Added new tasks for xpack security --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index bd7bc0d4..35c30aa9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -112,6 +112,16 @@ - wazuh_alerts_template_exits.status != 200 tags: init +- name: Check that the instances.yml file exists + stat: + path: /usr/share/elasticsearch/instances.yml + register: instances_exists + +- name: Generating certificates for Elasticsearch security + shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" + when: instances_exists + tags: xpack-security + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From a18a235b139df92433cf10887d9da081ff4dfea9 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:00:54 +0200 Subject: [PATCH 07/75] Modifying template for allowing xpack.security --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 595dd58a..02b1872d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -22,3 +22,9 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% endif %} + +# XPACK Security + +{% if elasticsearch_xpack_security %} +xpack.security.enabled: true +{% endif %} \ No newline at end of file From 0e9996b47285cc2e70eeec1a310ec3b328b262af Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:01:06 +0200 Subject: [PATCH 08/75] Added new variable for enabling xpack security --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5d380b6b..fc0e9551 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -9,4 +9,5 @@ single_node: false elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - - 127.0.0.1 \ No newline at end of file + - 127.0.0.1 +elasticsearch_xpack_security: false \ No newline at end of file From dda93ebd15ff017115d1347445960e0c12dd90d4 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 18:52:58 +0200 Subject: [PATCH 09/75] Added new conditions and variables to tasks --- .../ansible-elasticsearch/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index fc0e9551..5d04e5ee 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -10,4 +10,5 @@ elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - 127.0.0.1 -elasticsearch_xpack_security: false \ No newline at end of file +elasticsearch_xpack_security: false +node_generate_certs: false \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 35c30aa9..84271d15 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -115,11 +115,16 @@ - name: Check that the instances.yml file exists stat: path: /usr/share/elasticsearch/instances.yml - register: instances_exists + register: instances_file_exists + when: + - node_generate_certs + - elasticsearch_xpack_security - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" - when: instances_exists + when: + - instances_file_exists + - elasticsearch_xpack_security tags: xpack-security - import_tasks: "RMRedHat.yml" From 7194675f028edfb235e95abc45b5511c645efb18 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:05:17 +0200 Subject: [PATCH 10/75] Added new template for instances.yml file --- .../ansible-elasticsearch/templates/instances.yml.j2 | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 new file mode 100644 index 00000000..ce4c287b --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -0,0 +1,11 @@ + +# {{ ansible_managed }} +# TO-DO + +{% if node_generate_certs %} +instances: +{% for item in elasticsearch_cluster_nodes %} + ip: {{ item.ip }} + - "{{ item.name }}" +{% endfor %} +{% endif %} \ No newline at end of file From 090514b9c5e2c3b6cc6873ed627f4adb04afa938 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:05:46 +0200 Subject: [PATCH 11/75] New tasks for checking instances.yml file --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 84271d15..55ef924d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -119,7 +119,15 @@ when: - node_generate_certs - elasticsearch_xpack_security - + +- name: Check that the instances.yml file exists + stat: + path: /usr/share/elasticsearch/instances.yml + register: instances_file_exists + when: + - node_generate_certs + - elasticsearch_xpack_security + - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: From 48746b9f5a7e689e54506fefb099aa47cdfe247e Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:37:02 +0200 Subject: [PATCH 12/75] New task for generating instances.yml file --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 55ef924d..f9cb07c4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -120,10 +120,12 @@ - node_generate_certs - elasticsearch_xpack_security -- name: Check that the instances.yml file exists - stat: - path: /usr/share/elasticsearch/instances.yml - register: instances_file_exists +- name: Write the instances.yml file in the selected node + instances_file: + src: instances.yml.j2 + dest: "/usr/share/elasticsearch/instances.yml" + tags: + - config when: - node_generate_certs - elasticsearch_xpack_security From f0c6d0fcac2e3958daf42ae222e44c2c0c43af4e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:09:39 +0200 Subject: [PATCH 13/75] Add elasticsearch_discover_nodes parameter --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5d04e5ee..95dd2737 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -10,5 +10,7 @@ elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - 127.0.0.1 +elasticsearch_discovery_nodes: + - 127.0.0.1 elasticsearch_xpack_security: false node_generate_certs: false \ No newline at end of file From 4b1c7d76e8a4174b543957b49eab49265e181bb6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:09:51 +0200 Subject: [PATCH 14/75] Customize playbook. --- playbooks/wazuh-elastic_stack-distributed.yml | 45 ++++++++++++++++--- 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 887cafbd..5348c876 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -1,9 +1,42 @@ --- -- hosts: + +- hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your elastic stack server IP'} -- hosts: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + node_generate_certs: true + node_name: node-1 + + vars: + instances: + node_1: + name: node-1 + ip: 172.16.0.161 + node_2: + name: node-2 + ip: 172.16.0.162 + node_3: + name: node-3 + ip: 172.16.0.163 + +- hosts: 172.16.0.162 roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.162 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + +- hosts: 172.16.0.163 + roles: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.163 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + From ed9b411b63f4277495dc42cfb1927cfc0bdfba79 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:10:22 +0200 Subject: [PATCH 15/75] Add 'node_generate_certs' condition to shell block --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index f9cb07c4..90201893 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -121,7 +121,7 @@ - elasticsearch_xpack_security - name: Write the instances.yml file in the selected node - instances_file: + template: src: instances.yml.j2 dest: "/usr/share/elasticsearch/instances.yml" tags: @@ -133,6 +133,7 @@ - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: + - node_generate_certs - instances_file_exists - elasticsearch_xpack_security tags: xpack-security From 42fb6bf937e78b937f648d439195f1cd0acbf57c Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:11:16 +0200 Subject: [PATCH 16/75] Get node master value for template. Rename cluster to discovery block. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 02b1872d..cf2b0121 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -15,10 +15,10 @@ cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} -{% elif elasticsearch_master_candidate %} -node.master: true +{% else %} +node.master: {{ elasticsearch_master_candidate }} discovery.seed_hosts: -{% for item in elasticsearch_cluster_nodes %} +{% for item in elasticsearch_discovery_nodes %} - {{ item }} {% endfor %} {% endif %} From 4473c01032155ad9b1c2cf6e4207577287ec80ea Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:11:36 +0200 Subject: [PATCH 17/75] Changed format of instances template. Name is required --- .../ansible-elasticsearch/templates/instances.yml.j2 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index ce4c287b..365da8c4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,8 +4,11 @@ {% if node_generate_certs %} instances: -{% for item in elasticsearch_cluster_nodes %} - ip: {{ item.ip }} - - "{{ item.name }}" + +{% for node in instances %} +- name: "{{node.value.name}}" + ip: + - "{{ node.value.ip }}" {% endfor %} + {% endif %} \ No newline at end of file From 2f8b3a3a4df4b8cfae3fdd1e2f7e2ac3535534c0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:40:15 +0200 Subject: [PATCH 18/75] Modify nodes list format. --- playbooks/wazuh-elastic_stack-distributed.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 5348c876..b94840b9 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -9,17 +9,17 @@ - 172.16.0.161 node_generate_certs: true node_name: node-1 + elasticsearch_xpack_security: true vars: instances: - node_1: - name: node-1 + - name: node1 ip: 172.16.0.161 - node_2: - name: node-2 + + - name: node2 ip: 172.16.0.162 - node_3: - name: node-3 + + - name: node3 ip: 172.16.0.163 - hosts: 172.16.0.162 From 071e354fbdc6bd433dd8f724f1515eb389ae9cd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:40:30 +0200 Subject: [PATCH 19/75] Adapted template to render nodes. --- .../ansible-elasticsearch/templates/instances.yml.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 365da8c4..85cb2b14 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,11 +4,10 @@ {% if node_generate_certs %} instances: - {% for node in instances %} -- name: "{{node.value.name}}" - ip: - - "{{ node.value.ip }}" +- name: "{{ node.name }}" + ip: + - "{{ node.ip }}" {% endfor %} {% endif %} \ No newline at end of file From e76dc5dcab606a256cccad39ac08e0b89d463ef7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:50:19 +0200 Subject: [PATCH 20/75] Update main.yml to add rsync --- .../ansible-elasticsearch/tasks/main.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 90201893..b67687c9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -126,6 +126,7 @@ dest: "/usr/share/elasticsearch/instances.yml" tags: - config + - xpack-security when: - node_generate_certs - elasticsearch_xpack_security @@ -138,6 +139,27 @@ - elasticsearch_xpack_security tags: xpack-security +# - name: Importing certificates generated previously +# synchronize: +# mode: push +# src: /usr/share/elasticsearch/certs.zip +# dest: /usr/share/elasticsearch/certs.zip +# rsync_opts: +# - "--rsync-path='sudo rsync'" +# - "-v" +# delegate_to: "{{groups['elk'][0]}}" +# when: +# - not node_generate_certs +# - elasticsearch_xpack_security +# tags: xpack-security + +- name: Importing certificate generated previously + shell: "/usr/bin/rsync -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' vagrant@172.16.0.161:/usr/share/elasticsearch/{{elasticsearch_node_name}}/ /home/es_certificates/" + when: + - not node_generate_certs + - elasticsearch_xpack_security + tags: xpack-security + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 7580b547c9c67d3fc66412dc92e640a3ef2d1f76 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:50:44 +0200 Subject: [PATCH 21/75] Update playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index b94840b9..c0695c9b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -13,19 +13,21 @@ vars: instances: - - name: node1 - ip: 172.16.0.161 + - name: node-1 # Important: must be equal to node name. + ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. - - name: node2 + - name: node-2 ip: 172.16.0.162 - - name: node3 + - name: node-3 ip: 172.16.0.163 - hosts: 172.16.0.162 roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 + elasticsearch_xpack_security: true + elasticsearch_node_name: node-2 elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 @@ -35,8 +37,9 @@ roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 + elasticsearch_xpack_security: true + elasticsearch_node_name: node-3 elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 - - 172.16.0.163 - + - 172.16.0.163 \ No newline at end of file From d3170139a0df4d8fa8cbcdee1446fab197a0bb48 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:51:01 +0200 Subject: [PATCH 22/75] Add xpack parameters to elasticsearch.yml --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index cf2b0121..e8cefff1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate }} +node.master: "{{ elasticsearch_master_candidate }}" discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} @@ -26,5 +26,10 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -xpack.security.enabled: true +#xpack.security.enabled: false +#xpack.security.transport.ssl.enabled: true +#xpack.security.transport.ssl.verification_mode: certificate +#xpack.security.transport.ssl.key: /home/es_certificates/{{ elasticsearch_node_name }}.key +#xpack.security.transport.ssl.certificate: /home/es_certificates/{{ elasticsearch_node_name }}.crt +#xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] {% endif %} \ No newline at end of file From 19622360b16b48fdfab0d1f8c810371fe6922661 Mon Sep 17 00:00:00 2001 From: mohamed-aziz Date: Fri, 28 Jun 2019 12:51:02 +0100 Subject: [PATCH 23/75] Fix elasticsearch config bug requiring lowercase boolean value --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index e8cefff1..6ca12c6f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: "{{ elasticsearch_master_candidate }}" +node.master: "{{ elasticsearch_master_candidate|lower }}" discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 7fe831d6eeccd74abfe821b98ee5de4aa39d918e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 14:56:43 +0200 Subject: [PATCH 24/75] Remove quotes from node master option. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 6ca12c6f..e4bd4b16 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: "{{ elasticsearch_master_candidate|lower }}" +node.master: {{ elasticsearch_master_candidate|lower }} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 868cf75ca754e28d73bf56fec626a0f7632f3d1e Mon Sep 17 00:00:00 2001 From: manuasir Date: Fri, 28 Jun 2019 15:20:06 +0200 Subject: [PATCH 25/75] Develop mode playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index c0695c9b..494d55a9 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,7 +2,7 @@ - hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.161 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: @@ -10,7 +10,6 @@ node_generate_certs: true node_name: node-1 elasticsearch_xpack_security: true - vars: instances: - name: node-1 # Important: must be equal to node name. @@ -24,7 +23,7 @@ - hosts: 172.16.0.162 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 elasticsearch_xpack_security: true elasticsearch_node_name: node-2 @@ -35,7 +34,7 @@ - hosts: 172.16.0.163 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 elasticsearch_xpack_security: true elasticsearch_node_name: node-3 From 02e4bd951bcbfff012a1618d9858d087046670df Mon Sep 17 00:00:00 2001 From: manuasir Date: Fri, 28 Jun 2019 15:20:14 +0200 Subject: [PATCH 26/75] Check if the certificates exist or not --- .../ansible-elasticsearch/tasks/main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index b67687c9..3d540fac 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -131,12 +131,21 @@ - node_generate_certs - elasticsearch_xpack_security +- name: Check that the certificates ZIP file exists + stat: + path: /usr/share/elasticsearch/certs.zip + register: xpack_certs_zip + when: + - node_generate_certs + - elasticsearch_xpack_security + - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: - node_generate_certs - instances_file_exists - elasticsearch_xpack_security + - not xpack_certs_zip tags: xpack-security # - name: Importing certificates generated previously @@ -153,13 +162,6 @@ # - elasticsearch_xpack_security # tags: xpack-security -- name: Importing certificate generated previously - shell: "/usr/bin/rsync -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' vagrant@172.16.0.161:/usr/share/elasticsearch/{{elasticsearch_node_name}}/ /home/es_certificates/" - when: - - not node_generate_certs - - elasticsearch_xpack_security - tags: xpack-security - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 3a5f06e0adb31e275306c733250b999f2f5ef460 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:13:49 +0200 Subject: [PATCH 27/75] Rename node_generate_certs to node_certs_generator --- playbooks/wazuh-elastic_stack-distributed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 494d55a9..4057096e 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -7,7 +7,7 @@ elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - 172.16.0.161 - node_generate_certs: true + node_certs_generator: true node_name: node-1 elasticsearch_xpack_security: true vars: From 1d718f55d32cbd9956067c22245e14ec3ee03f64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:01 +0200 Subject: [PATCH 28/75] Add default variables for Xpack and Rsync --- .../ansible-elasticsearch/defaults/main.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 95dd2737..9578895a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -12,5 +12,20 @@ elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 + +# X-Pack Security elasticsearch_xpack_security: false -node_generate_certs: false \ No newline at end of file +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/elasticsearch/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + + + + + From 40b6979a29533af53c630f4d0ec4782b8dad7744 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:36 +0200 Subject: [PATCH 29/75] Reorganized main.yml. Acded task to copy certs locally. --- .../ansible-elasticsearch/tasks/main.yml | 121 ++++++++++-------- 1 file changed, 68 insertions(+), 53 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 3d540fac..c0abc731 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -69,6 +69,70 @@ tags: configure # fix in new PR (ignore_errors) + +- name: Check that the instances.yml file exists + stat: + path: "{{node_certs_source}}/instances.yml" + register: instances_file_exists + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Write the instances.yml file in the selected node + template: + src: instances.yml.j2 + dest: "{{node_certs_source}}/instances.yml" + tags: + - config + - xpack-security + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Check that the certificates ZIP file exists + stat: + path: "{{node_certs_source}}/certs.zip" + register: xpack_certs_zip + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Generating certificates for Elasticsearch security + shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" + when: + - node_certs_generator + - instances_file_exists.stat.exists + - elasticsearch_xpack_security + - not xpack_certs_zip.stat.exists + tags: xpack-security + +- name: Unzip generated certs.zip + unarchive: + src: "{{node_certs_source}}/certs.zip" + dest: "{{node_certs_source}}" + remote_src: yes + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Copy local certificate for generator node + synchronize: + src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Importing certificate generated previously + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -112,58 +176,9 @@ - wazuh_alerts_template_exits.status != 200 tags: init -- name: Check that the instances.yml file exists - stat: - path: /usr/share/elasticsearch/instances.yml - register: instances_file_exists - when: - - node_generate_certs - - elasticsearch_xpack_security +# - import_tasks: "RMRedHat.yml" +# when: ansible_os_family == "RedHat" -- name: Write the instances.yml file in the selected node - template: - src: instances.yml.j2 - dest: "/usr/share/elasticsearch/instances.yml" - tags: - - config - - xpack-security - when: - - node_generate_certs - - elasticsearch_xpack_security -- name: Check that the certificates ZIP file exists - stat: - path: /usr/share/elasticsearch/certs.zip - register: xpack_certs_zip - when: - - node_generate_certs - - elasticsearch_xpack_security - -- name: Generating certificates for Elasticsearch security - shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" - when: - - node_generate_certs - - instances_file_exists - - elasticsearch_xpack_security - - not xpack_certs_zip - tags: xpack-security - -# - name: Importing certificates generated previously -# synchronize: -# mode: push -# src: /usr/share/elasticsearch/certs.zip -# dest: /usr/share/elasticsearch/certs.zip -# rsync_opts: -# - "--rsync-path='sudo rsync'" -# - "-v" -# delegate_to: "{{groups['elk'][0]}}" -# when: -# - not node_generate_certs -# - elasticsearch_xpack_security -# tags: xpack-security - -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" +# - import_tasks: "RMDebian.yml" +# when: ansible_os_family == "Debian" From c27c3c16abaa29c8d4683acc2b1202c912c4f56e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:48 +0200 Subject: [PATCH 30/75] Enabled xpack security fields --- .../templates/elasticsearch.yml.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index e4bd4b16..8f60c368 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -26,10 +26,10 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -#xpack.security.enabled: false -#xpack.security.transport.ssl.enabled: true -#xpack.security.transport.ssl.verification_mode: certificate -#xpack.security.transport.ssl.key: /home/es_certificates/{{ elasticsearch_node_name }}.key -#xpack.security.transport.ssl.certificate: /home/es_certificates/{{ elasticsearch_node_name }}.crt -#xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] +xpack.security.enabled: false +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +#xpack.security.transport.ssl.certificate_authorities: [ "{{node_certs_destination}}/ca.crt" ] {% endif %} \ No newline at end of file From a1e6dec7b4a445d90c7365bb78f644247aad57a9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:15:00 +0200 Subject: [PATCH 31/75] Rename node_generate_certs in instances template. --- .../ansible-elasticsearch/templates/instances.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 85cb2b14..6279c380 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -2,7 +2,7 @@ # {{ ansible_managed }} # TO-DO -{% if node_generate_certs %} +{% if node_certs_generator %} instances: {% for node in instances %} - name: "{{ node.name }}" From 2525dbd2af0db4831090e4c62eb161b55891f92b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:52:25 +0200 Subject: [PATCH 32/75] Copy .key and .crt in generator node (locally) --- .../ansible-elasticsearch/tasks/main.yml | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index c0abc731..82572055 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,14 +109,14 @@ - name: Unzip generated certs.zip unarchive: src: "{{node_certs_source}}/certs.zip" - dest: "{{node_certs_source}}" + dest: "{{node_certs_source}}/" remote_src: yes when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security -- name: Copy local certificate for generator node +- name: Copy .key & .crt files in generator node synchronize: src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" dest: "{{node_certs_destination}}/" @@ -126,7 +126,17 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Importing certificate generated previously +- name: Copy ca .crt file in generator node + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Importing node .key & .crt files shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: - not node_certs_generator @@ -176,9 +186,9 @@ - wazuh_alerts_template_exits.status != 200 tags: init -# - import_tasks: "RMRedHat.yml" -# when: ansible_os_family == "RedHat" +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" -# - import_tasks: "RMDebian.yml" -# when: ansible_os_family == "Debian" +- import_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian" From 5d8286f0deb525baa29673db1c0a7e9c95578bb3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:53:19 +0200 Subject: [PATCH 33/75] Import ca certificate in remote nodes. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 82572055..d9925969 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -143,6 +143,14 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Importing node ca .crt file + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true From 54885a9e0d122bf4bc573540f83c656b77145a1c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:57:15 +0200 Subject: [PATCH 34/75] Remove deprecated import of wazuh template. --- .../ansible-elasticsearch/tasks/main.yml | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index d9925969..52e7babc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -172,28 +172,6 @@ - configure - init -- name: Check for Wazuh Alerts template - uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" - method: GET - status_code: 200, 404 - when: not elasticsearch_bootstrap_node or single_node - poll: 30 - register: wazuh_alerts_template_exits - tags: init - -- name: Installing Wazuh Alerts template - uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" - method: PUT - status_code: 200 - body_format: json - body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: - - wazuh_alerts_template_exits.status is defined - - wazuh_alerts_template_exits.status != 200 - tags: init - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From bd32839f27db43749bc3473a552db3b5828137fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 12:00:48 +0200 Subject: [PATCH 35/75] Add Xpack http security to elasticsearch template. --- .../templates/elasticsearch.yml.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 8f60c368..2d62f025 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -26,10 +26,16 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -xpack.security.enabled: false +xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt -#xpack.security.transport.ssl.certificate_authorities: [ "{{node_certs_destination}}/ca.crt" ] +xpack.security.transport.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] + +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.verification_mode: certificate +xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ] {% endif %} \ No newline at end of file From db6f69cfb8dfe990500f62de987b501413594b5c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 12:31:03 +0200 Subject: [PATCH 36/75] Rename importing blocks --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 52e7babc..385b860c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -116,7 +116,7 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Copy .key & .crt files in generator node +- name: Copy key & certificate files in generator node (locally) synchronize: src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" dest: "{{node_certs_destination}}/" @@ -126,7 +126,7 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Copy ca .crt file in generator node +- name: Copy ca certificate file in generator node (locally) synchronize: src: "{{node_certs_source}}/ca/" dest: "{{node_certs_destination}}/" @@ -136,14 +136,14 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Importing node .key & .crt files +- name: Importing key & certificate files from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: - not node_certs_generator - elasticsearch_xpack_security tags: xpack-security -- name: Importing node ca .crt file +- name: Importing ca certificate file from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" when: - not node_certs_generator From f6efcc017117290bc28974482acc2d332538085f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:48:46 +0200 Subject: [PATCH 37/75] Make comment about nodes name clearer --- playbooks/wazuh-elastic_stack-distributed.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 4057096e..9c0d667a 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,17 +2,18 @@ - hosts: 172.16.0.161 roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 - elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: - - 172.16.0.161 - node_certs_generator: true - node_name: node-1 - elasticsearch_xpack_security: true + - ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + node_certs_generator: true + node_name: node-1 + elasticsearch_xpack_security: true + vars: instances: - - name: node-1 # Important: must be equal to node name. + - name: node-1 # Important: must be equal to elasticsearch_node_name. ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. - name: node-2 From d78393115fd84c6f5893a13f294e89f3661dd027 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:49:38 +0200 Subject: [PATCH 38/75] Add default ' elasticsearch_xpack_security_password' variable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 9578895a..36b8aefb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -15,6 +15,8 @@ elasticsearch_discovery_nodes: # X-Pack Security elasticsearch_xpack_security: false +elasticsearch_xpack_security_password: elastic_pass + node_certs_generator: false node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch From fdb1113a193c34a1537175e6ed92924f7a9385d6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:50:06 +0200 Subject: [PATCH 39/75] Add task to configure ES bootstrap password. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 385b860c..5689394c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -150,6 +150,11 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Set elasticsearch bootstrap password + shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + when: + - node_certs_generator + - elasticsearch_xpack_security - name: Reload systemd systemd: daemon_reload=true From 6cffed9218b78721edcb0e95bce1944b0227e09e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:50:48 +0200 Subject: [PATCH 40/75] Add required default attributes XPack in Filebeat. --- roles/wazuh/ansible-filebeat/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index a00cbbb4..b01dfad7 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -10,6 +10,8 @@ filebeat_prospectors: json.keys_under_root: true json.overwrite_keys: true +filebeat_node_name: node-1 + filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" @@ -23,3 +25,10 @@ filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" + +# Xpack Security +filebeat_xpack_security: false + +elasticsearch_user: elastic +elasticsearch_password: elastic_pass +node_certs_destination: /etc/elasticsearch/certs From 3ff5a194df017f6153b3fa3c1f47f863f16a5432 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:51:23 +0200 Subject: [PATCH 41/75] Update Filebeat for XPack Security --- roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 8e6287ec..202af578 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -53,6 +53,15 @@ output.elasticsearch: #pipeline: geoip indices: - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' +{% if filebeat_xpack_security %} + username: {{ elasticsearch_user }} + password: {{ elasticsearch_password }} + protocol: https + ssl.certificate_authorities: + - {{node_certs_destination}}/ca.crt + ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key" +{% endif %} # Optional. Send events to Logstash instead of Elasticsearch #output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] \ No newline at end of file From ab8cdd13c63500a369f25139fe377b41f41a68a8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 16:07:10 +0200 Subject: [PATCH 42/75] Added task to remove certs file after propagation. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5689394c..dac73d85 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -136,6 +136,13 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Remove generated certs file + shell: /bin/rm -f {{node_certs_source}}/certs.zip* + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + - name: Importing key & certificate files from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: @@ -153,7 +160,6 @@ - name: Set elasticsearch bootstrap password shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - - node_certs_generator - elasticsearch_xpack_security - name: Reload systemd From ddc01dcc238acf138de9839618e5434860e7e8e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:03 +0200 Subject: [PATCH 43/75] Add 'elasticsearch_xpack_security_user' to elasticsearth defaults --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 36b8aefb..df1f9ad4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -15,6 +15,7 @@ elasticsearch_discovery_nodes: # X-Pack Security elasticsearch_xpack_security: false +elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false From 2656d89933d398e577fa30d3a9675e59eb4aa333 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:26 +0200 Subject: [PATCH 44/75] Add XPack default variables for Kibana --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 298e6bd7..e0f00141 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -1,7 +1,16 @@ --- +kibana_node_name: node-1 + elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.1.1 -wazuh_version: 3.9.2 \ No newline at end of file +wazuh_version: 3.9.2 + +# Xpack Security +kibana_xpack_security: false + +kibana_user: kibana +kibana_password: elastic_pass +node_certs_destination: /etc/kibana/certs \ No newline at end of file From 2b18745cd0f32d457aa3ed8d535e40ecfa922bd4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:40 +0200 Subject: [PATCH 45/75] Add XPack settings to Kibana template --- .../ansible-kibana/templates/kibana.yml.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index edd1b4b4..bb630933 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,11 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. +{% if kibana_xpack_security %} +elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% else %} elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% endif %} # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host @@ -98,3 +102,13 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 5000. #ops.interval: 5000 + +# Xpack Security +{% if kibana_xpack_security %} +elasticsearch.username: "{{ kibana_user }}" +elasticsearch.password: "{{ kibana_password }}" +server.ssl.enabled: true +server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" +server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] +{% endif %} \ No newline at end of file From e3cd8731f35d07a0ecfbba82dd2ff3e53fddf0e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 10:47:32 +0200 Subject: [PATCH 46/75] Fix instances and certs.zip checks and generation. --- .../ansible-elasticsearch/tasks/main.yml | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index dac73d85..5a60e6d8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -70,7 +70,19 @@ # fix in new PR (ignore_errors) -- name: Check that the instances.yml file exists +- name: Write the instances.yml file in the selected node (force = no) + template: + src: instances.yml.j2 + dest: "{{node_certs_source}}/instances.yml" + force: no + tags: + - config + - xpack-security + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Update instances.yml status after generation stat: path: "{{node_certs_source}}/instances.yml" register: instances_file_exists @@ -78,18 +90,7 @@ - node_certs_generator - elasticsearch_xpack_security -- name: Write the instances.yml file in the selected node - template: - src: instances.yml.j2 - dest: "{{node_certs_source}}/instances.yml" - tags: - - config - - xpack-security - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Check that the certificates ZIP file exists +- name: Check if the certificates ZIP file exists stat: path: "{{node_certs_source}}/certs.zip" register: xpack_certs_zip From 1ddcf3a60c7a1dfc3f6c6f77f3253bbe21a6ace9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:05:35 +0200 Subject: [PATCH 47/75] Update elastic distributed playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 64 +++++++++++++++---- 1 file changed, 53 insertions(+), 11 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 9c0d667a..c0853a11 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,14 +2,20 @@ - hosts: 172.16.0.161 roles: - - ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 - elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: - - 172.16.0.161 - node_certs_generator: true - node_name: node-1 - elasticsearch_xpack_security: true + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + node_name: node-1 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + elasticsearch_xpack_security: true + node_certs_generator: true vars: instances: @@ -26,8 +32,9 @@ roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 - elasticsearch_xpack_security: true elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 @@ -37,9 +44,44 @@ roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 - elasticsearch_xpack_security: true elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 - - 172.16.0.163 \ No newline at end of file + - 172.16.0.163 + + +# - hosts: 172.16.0.162 +# roles: +# - role: ../roles/wazuh/ansible-wazuh-manager + +# - role: ../roles/wazuh/ansible-filebeat +# filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 +# filebeat_xpack_security: true +# filebeat_node_name: node-2 +# node_certs_generator: false + +# - role: ../roles/elastic-stack/ansible-elasticsearch +# elasticsearch_network_host: 172.16.0.162 +# node_name: node-2 +# elasticsearch_bootstrap_node: false +# elasticsearch_master_candidate: true +# elasticsearch_discovery_nodes: +# - 172.16.0.161 +# - 172.16.0.162 +# elasticsearch_xpack_security: true +# node_certs_generator: false + + +# - hosts: 172.16.0.163 +# roles: +# - role: ../roles/elastic-stack/ansible-kibana +# kibana_xpack_security: true +# kibana_user: elastic +# kibana_password: elastic_pass +# kibana_node_name: node-3 +# elasticsearch_network_host: 172.16.0.161 +# node_certs_generator: false + From 5787b348fe5c57bc77e658a49824af590043a557 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:07:37 +0200 Subject: [PATCH 48/75] Upgrade elasticsearch tasks. Fix permissions. --- .../ansible-elasticsearch/tasks/main.yml | 94 +++++++++++++++---- 1 file changed, 76 insertions(+), 18 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5a60e6d8..8ed1c926 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -48,16 +48,6 @@ - ansible_service_mgr != "systemd" - ansible_os_family == "RedHat" -- name: Configure Elasticsearch. - template: - src: elasticsearch.yml.j2 - dest: /etc/elasticsearch/elasticsearch.yml - owner: root - group: elasticsearch - mode: 0660 - notify: restart elasticsearch - tags: configure - - name: Configure Elasticsearch JVM memmory. template: src: jvm.options.j2 @@ -70,17 +60,29 @@ # fix in new PR (ignore_errors) +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ elasticsearch_node_name }}.crt" + register: certificate_file_exists + when: + - elasticsearch_xpack_security + - name: Write the instances.yml file in the selected node (force = no) template: src: instances.yml.j2 dest: "{{node_certs_source}}/instances.yml" force: no + register: instances_file_exists tags: - config - xpack-security when: - node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists - name: Update instances.yml status after generation stat: @@ -105,6 +107,8 @@ - instances_file_exists.stat.exists - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists + - not certificate_file_exists.stat.exists + register: certs_file_generated tags: xpack-security - name: Unzip generated certs.zip @@ -115,6 +119,8 @@ when: - node_certs_generator - elasticsearch_xpack_security + - certs_file_generated is defined + - not certificate_file_exists.stat.exists tags: xpack-security - name: Copy key & certificate files in generator node (locally) @@ -132,13 +138,7 @@ src: "{{node_certs_source}}/ca/" dest: "{{node_certs_destination}}/" delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - elasticsearch_xpack_security - tags: xpack-security - -- name: Remove generated certs file - shell: /bin/rm -f {{node_certs_source}}/certs.zip* + register: check_certs_permissions when: - node_certs_generator - elasticsearch_xpack_security @@ -149,6 +149,7 @@ when: - not node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists tags: xpack-security - name: Importing ca certificate file from generator node @@ -156,13 +157,45 @@ when: - not node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions tags: xpack-security +- name: Ensuring certificates folder owner + shell: "chown -R elasticsearch: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + + +- name: Remove generated certs file + shell: /bin/rm -f {{node_certs_source}}/certs.zip* + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Configure Elasticsearch. + template: + src: elasticsearch.yml.j2 + dest: /etc/elasticsearch/elasticsearch.yml + owner: root + group: elasticsearch + mode: 0660 + notify: restart elasticsearch + tags: configure + - name: Set elasticsearch bootstrap password shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - elasticsearch_xpack_security - + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -184,6 +217,31 @@ - configure - init +- name: Check for Wazuh Alerts template (http) + uri: + url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + method: GET + status_code: 200, 404 + when: + - elasticsearch_bootstrap_node or single_node + - not elasticsearch_xpack_security + poll: 30 + register: wazuh_alerts_template_exits + tags: init + +- name: Installing Wazuh Alerts template (http) + uri: + url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + method: PUT + status_code: 200 + body_format: json + body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" + when: + - wazuh_alerts_template_exits.status is defined + - wazuh_alerts_template_exits.status != 200 + - not elasticsearch_xpack_security + tags: init + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 7998f034b8165fdb79172629588d76cfdcabd08b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:08:09 +0200 Subject: [PATCH 49/75] Include discovery seed hosts on boostraper node. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 2d62f025..f851e900 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -15,6 +15,10 @@ cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} +discovery.seed_hosts: +{% for item in elasticsearch_discovery_nodes %} + - {{ item }} +{% endfor %} {% else %} node.master: {{ elasticsearch_master_candidate|lower }} discovery.seed_hosts: @@ -37,5 +41,5 @@ xpack.security.http.ssl.enabled: true xpack.security.http.ssl.verification_mode: certificate xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt -xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ] +xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] {% endif %} \ No newline at end of file From f52fb8cb9aef7d3b00c3fcb741965be4f24cf936 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:08:31 +0200 Subject: [PATCH 50/75] Add kibana default variables --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e0f00141..ae274da0 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,4 +13,13 @@ kibana_xpack_security: false kibana_user: kibana kibana_password: elastic_pass -node_certs_destination: /etc/kibana/certs \ No newline at end of file + +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/kibana/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' \ No newline at end of file From 3f6226297b5fbfb4c34c2e81e0f47384bc2112dd Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:01 +0200 Subject: [PATCH 51/75] Add copy of certificates and folder permissions fix to Kibana. --- .../ansible-kibana/tasks/main.yml | 63 +++++++++++++++++-- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43e369c8..d82d9176 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -5,11 +5,6 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Make sure Elasticsearch is running before proceeding. - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 - tags: configure - ignore_errors: true - - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -18,6 +13,64 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" + register: certificate_file_exists + when: + - kibana_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{kibana_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chown -R kibana: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + - name: Kibana configuration template: src: kibana.yml.j2 From 7924f89dc297b6e4f59592e7fd6c82796db1b0bd Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:17 +0200 Subject: [PATCH 52/75] Update filebeat default variables --- roles/wazuh/ansible-filebeat/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index b01dfad7..69220a0d 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -31,4 +31,13 @@ filebeat_xpack_security: false elasticsearch_user: elastic elasticsearch_password: elastic_pass -node_certs_destination: /etc/elasticsearch/certs + +node_certs_generator : false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/filebeat/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' From 4539f368b6c445831d1e72f54e839003cf860ccb Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:36 +0200 Subject: [PATCH 53/75] Add certificate imports and fix folder permissions to filebeat --- roles/wazuh/ansible-filebeat/tasks/main.yml | 54 +++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 94cd5765..23022589 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -10,8 +10,62 @@ tags: - install +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + register: certificate_file_exists + when: + - filebeat_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{filebeat_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{filebeat_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + - import_tasks: config.yml when: filebeat_create_config + notify: restart filebeat - name: Reload systemd systemd: daemon_reload=yes From 5c8febd38431f0b031dd59218effa71c60c77869 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:11:02 +0200 Subject: [PATCH 54/75] Kibana playbook update to show an example of parameters. --- playbooks/wazuh-kibana.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index e2418200..2fc5cc1d 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,4 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.162 roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'your elasticsearch IP'} + - role: ../roles/elastic-stack/ansible-kibana + kibana_xpack_security: true + kibana_user: elastic + kibana_password: elastic_pass + kibana_node_name: node-2 + elasticsearch_network_host: 172.16.0.161 + node_certs_generator: false From 2c14392e74cb3b1b85d5c3c1a7cf69e5ea36c69d Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:11:17 +0200 Subject: [PATCH 55/75] Wazuh-Manager playbook update to show an example of parameters. --- playbooks/wazuh-manager.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index d9cc667d..93fb9e9d 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,5 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'your elasticsearch IP'} + - role: ../roles/wazuh/ansible-wazuh-manager + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 + filebeat_xpack_security: true + filebeat_node_name: node-1 + node_certs_generator: true + From 72894d4a25b80d2e4be9c06a71909789dc023db1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 3 Jul 2019 14:09:46 +0200 Subject: [PATCH 56/75] Fix conditions error on ES, Kibana and Filebeat --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8ed1c926..f53fab61 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -104,7 +104,6 @@ shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" when: - node_certs_generator - - instances_file_exists.stat.exists - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists - not certificate_file_exists.stat.exists @@ -165,12 +164,14 @@ shell: "chown -R elasticsearch: {{node_certs_destination}}/" when: - check_certs_permissions is defined + - elasticsearch_xpack_security tags: xpack-security - name: Ensuring certificates folder owner shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - elasticsearch_xpack_security tags: xpack-security diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d82d9176..338eabcd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -63,12 +63,14 @@ shell: "chown -R kibana: {{node_certs_destination}}/" when: - check_certs_permissions is defined + - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - kibana_xpack_security tags: xpack-security - name: Kibana configuration diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 23022589..80d7cd61 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -61,6 +61,7 @@ shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - filebeat_xpack_security tags: xpack-security - import_tasks: config.yml From 70f04803c9e3e8d0f719723acd82a1b48290859a Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 4 Jul 2019 11:10:45 +0200 Subject: [PATCH 57/75] Updated playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index c0853a11..848cea4e 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -1,69 +1,69 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: node_name: node-1 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - elasticsearch_xpack_security: true node_certs_generator: true vars: instances: - name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. + ip: # When unzipping, node will search for his node name folder to get the cert. - name: node-2 - ip: 172.16.0.162 + ip: - name: node-3 - ip: 172.16.0.163 + ip: -- hosts: 172.16.0.162 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.162 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: elasticsearch_node_name: node-2 elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - -- hosts: 172.16.0.163 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.163 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: elasticsearch_node_name: node-3 elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - # - hosts: 172.16.0.162 # roles: -# - role: ../roles/wazuh/ansible-wazuh-manager +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager -# - role: ../roles/wazuh/ansible-filebeat +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat # filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false -# - role: ../roles/elastic-stack/ansible-elasticsearch +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 # node_name: node-2 # elasticsearch_bootstrap_node: false @@ -77,7 +77,7 @@ # - hosts: 172.16.0.163 # roles: -# - role: ../roles/elastic-stack/ansible-kibana +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana # kibana_xpack_security: true # kibana_user: elastic # kibana_password: elastic_pass From 6609cc9aa70ac168f6c3e1ebd2b20ca8d16aa0cd Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 4 Jul 2019 12:05:37 +0200 Subject: [PATCH 58/75] Modifying variable names --- playbooks/wazuh-elastic_stack-distributed.yml | 8 ++++---- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- .../elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 848cea4e..a422e50b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -16,11 +16,12 @@ - elasticsearch_xpack_security: true node_certs_generator: true + elasticsearch_xpack_security_password: elastic_pass vars: instances: - name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: # When unzipping, node will search for his node name folder to get the cert. + ip: # When unzipping, the node will search for its node name folder to get the cert. - name: node-2 ip: @@ -62,6 +63,7 @@ # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false +# elasticsearch_xpack_security_password: elastic_pass # - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 @@ -79,9 +81,7 @@ # roles: # - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana # kibana_xpack_security: true -# kibana_user: elastic -# kibana_password: elastic_pass # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 # node_certs_generator: false - +# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ae274da0..77da5a9c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -11,8 +11,8 @@ wazuh_version: 3.9.2 # Xpack Security kibana_xpack_security: false -kibana_user: kibana -kibana_password: elastic_pass +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false node_certs_generator_ip: 172.16.0.161 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index bb630933..76a3c2c4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -105,8 +105,8 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h # Xpack Security {% if kibana_xpack_security %} -elasticsearch.username: "{{ kibana_user }}" -elasticsearch.password: "{{ kibana_password }}" +elasticsearch.username: "{{ elasticsearch_xpack_security_user }}" +elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" server.ssl.enabled: true server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 69220a0d..cfb892bd 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -29,8 +29,8 @@ filebeat_ssl_insecure: "false" # Xpack Security filebeat_xpack_security: false -elasticsearch_user: elastic -elasticsearch_password: elastic_pass +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass node_certs_generator : false node_certs_generator_ip: 172.16.0.161 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 202af578..0a47af9d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -54,8 +54,8 @@ output.elasticsearch: indices: - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' {% if filebeat_xpack_security %} - username: {{ elasticsearch_user }} - password: {{ elasticsearch_password }} + username: {{ elasticsearch_xpack_security_user }} + password: {{ elasticsearch_xpack_security_password }} protocol: https ssl.certificate_authorities: - {{node_certs_destination}}/ca.crt From 148e94459ea28b9fcd42106fa15496c92a4a2d34 Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 5 Jul 2019 14:36:37 +0000 Subject: [PATCH 59/75] fixed testinfra error which was related to the incompatibility between ansible and molecule packages' versions --- .gitignore | 3 ++- Pipfile | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 04c7b54b..5b26bcf3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ wazuh-elastic_stack-single.yml wazuh-elastic.yml wazuh-kibana.yml wazuh-manager.yml -*.pyc \ No newline at end of file +*.pyc +Pipfile.lock diff --git a/Pipfile b/Pipfile index 2d1d13e0..4658d513 100644 --- a/Pipfile +++ b/Pipfile @@ -4,9 +4,9 @@ verify_ssl = true name = "pypi" [packages] -molecule = "*" docker-py = "*" -ansible = "*" +ansible = "==2.7.11" +molecule = "*" [dev-packages] From 4fd696bb9a4952c8cfb6768139541d1eee55fbf4 Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 8 Jul 2019 11:20:32 +0200 Subject: [PATCH 60/75] Updated tests --- Pipfile | 1 - molecule/filebeat/tests/test_default.py | 13 ------ molecule/kibana/tests/test_default.py | 7 ---- molecule/logstash/Dockerfile.j2 | 14 ------- molecule/logstash/INSTALL.rst | 22 ---------- molecule/logstash/molecule.yml | 56 ------------------------- molecule/logstash/playbook.yml | 5 --- molecule/logstash/prepare.yml | 41 ------------------ molecule/logstash/tests/test_default.py | 32 -------------- 9 files changed, 191 deletions(-) delete mode 100644 molecule/logstash/Dockerfile.j2 delete mode 100644 molecule/logstash/INSTALL.rst delete mode 100644 molecule/logstash/molecule.yml delete mode 100644 molecule/logstash/playbook.yml delete mode 100644 molecule/logstash/prepare.yml delete mode 100644 molecule/logstash/tests/test_default.py diff --git a/Pipfile b/Pipfile index 2d1d13e0..90998f2e 100644 --- a/Pipfile +++ b/Pipfile @@ -17,6 +17,5 @@ python_version = "2.7" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" -logstash ="molecule test -s logstash" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 8c4fd609..72ac55d4 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -4,16 +4,3 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_logstash_is_installed(host): - """Test if the filebeat package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - - -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - filebeat = host.service("filebeat") - assert filebeat.is_enabled - assert filebeat.is_running diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index dfcf8ad0..936f6cfc 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -6,13 +6,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - kibana = host.service("kibana") - assert kibana.is_enabled - assert kibana.is_running - - def test_port_kibana_is_open(host): """Test if the port 5601 is open and listening to connections.""" host.socket("tcp://0.0.0.0:5601").is_listening diff --git a/molecule/logstash/Dockerfile.j2 b/molecule/logstash/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/logstash/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/logstash/INSTALL.rst b/molecule/logstash/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/logstash/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml deleted file mode 100644 index 12103767..00000000 --- a/molecule/logstash/molecule.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint -platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - memory_reservation: 1024m - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - ulimits: - - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/logstash/playbook.yml b/molecule/logstash/playbook.yml deleted file mode 100644 index d077bd8e..00000000 --- a/molecule/logstash/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-logstash diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml deleted file mode 100644 index 7e5ca29d..00000000 --- a/molecule/logstash/prepare.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - pre_tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' - - roles: - - role: wazuh/ansible-wazuh-manager - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py deleted file mode 100644 index bc5fe999..00000000 --- a/molecule/logstash/tests/test_default.py +++ /dev/null @@ -1,32 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_logstash_is_installed(host): - """Test if logstash is installed with correct version.""" - logstash = host.package("logstash") - assert logstash.is_installed - - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert logstash.version.startswith('1:6.7.1') - else: - assert logstash.version.startswith('6.7.1') - - -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - logstash = host.service("logstash") - assert logstash.is_enabled - assert logstash.is_running - - -def test_find_correct_logentry(host): - """See if logstash is started and is connected to Elasticsearch.""" - logfile = host.file("/var/log/logstash/logstash-plain.log") - assert logfile.contains("Successfully started Logstash API endpoint") - assert logfile.contains("Restored connection to ES instance") From a48169d53f76794160c32c01efc6292952f1db48 Mon Sep 17 00:00:00 2001 From: rshad Date: Mon, 8 Jul 2019 09:27:01 +0000 Subject: [PATCH 61/75] modified molecule.yml for wazuh-agent and elasticsearch - Lint --- .swp | Bin 0 -> 12288 bytes molecule/elasticsearch/molecule.yml | 7 ++++++- molecule/wazuh-agent/molecule.yml | 6 +++++- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 .swp diff --git a/.swp b/.swp new file mode 100644 index 0000000000000000000000000000000000000000..3cc197e09a7cc13ae44c3cb176cce131024a3112 GIT binary patch literal 12288 zcmeI%Jqp4w6u|LU!NEz<3sl{u>LP*%aB!@nl9C`oKctO^+g`)lB(ENOSMtO*)<4F?LHd_AkYPYfxliY%d0-0 zP2I`Z??O@3fB*srAbLmC7SKmY**5I_I{1Q0*~ z0R#|eKtO4c_fX`M_u~J*djFU62J&$v0tg_000IagfB*srAbD|Z|jm{a* literal 0 HcmV?d00001 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 9897fe56..6d6e962a 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -3,8 +3,13 @@ dependency: name: galaxy driver: name: docker +#lint: +# name: yamllint lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: bionic image: solita/ubuntu-systemd:bionic @@ -48,7 +53,7 @@ provisioner: ANSIBLE_ROLES_PATH: ../../roles lint: name: ansible-lint - enabled: true + enabled: false inventory: group_vars: all: diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index f64bc114..47c0012f 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -3,8 +3,13 @@ dependency: name: galaxy driver: name: docker + #lint: + # name: yamllint lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: wazuh_server_centos7 image: milcom/centos7-systemd @@ -72,7 +77,6 @@ provisioner: ssl_agent_cert: null ssl_agent_key: null ssl_auto_negotiate: 'no' - lint: name: ansible-lint enabled: true diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 76721362..2b644bde 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -8,7 +8,7 @@ - name: Linux | Install wazuh-agent package: name=wazuh-agent state=present async: 90 - poll: 15 + poll: 30 tags: - init From 5d006cbc3a5300fb8c42c9efa4e8eb75f7100ca9 Mon Sep 17 00:00:00 2001 From: rshad Date: Tue, 9 Jul 2019 15:31:38 +0000 Subject: [PATCH 62/75] adapted wazuh-manager installation so it takes into account the package version - Differentiating between CentOS/RedHat and Debian --- .gitignore | 0 .swp | Bin .yamllint | 0 CHANGELOG.md | 0 LICENSE | 0 Pipfile | 0 README.md | 0 VERSION | 0 molecule/default/Dockerfile.j2 | 0 molecule/default/INSTALL.rst | 0 molecule/default/create.yml | 0 molecule/default/destroy.yml | 0 molecule/default/molecule.yml | 0 molecule/default/playbook.yml | 0 molecule/default/prepare.yml | 0 molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/Dockerfile.j2 | 0 molecule/elasticsearch/INSTALL.rst | 0 molecule/elasticsearch/molecule.yml | 48 +++---- molecule/elasticsearch/playbook.yml | 0 molecule/elasticsearch/tests/test_default.py | 0 .../external_packages/jdk-8u211-linux-x64.rpm | 117 ++++++++++++++++++ molecule/filebeat/Dockerfile.j2 | 0 molecule/filebeat/INSTALL.rst | 0 molecule/filebeat/molecule.yml | 0 molecule/filebeat/playbook.yml | 0 molecule/filebeat/prepare.yml | 0 molecule/filebeat/tests/test_default.py | 0 molecule/kibana/Dockerfile.j2 | 0 molecule/kibana/INSTALL.rst | 0 molecule/kibana/molecule.yml | 0 molecule/kibana/playbook.yml | 0 molecule/kibana/prepare.yml | 0 molecule/kibana/tests/test_default.py | 0 molecule/wazuh-agent/Dockerfile.j2 | 0 molecule/wazuh-agent/INSTALL.rst | 0 molecule/wazuh-agent/molecule.yml | 0 molecule/wazuh-agent/playbook.yml | 0 molecule/wazuh-agent/prepare.yml | 0 molecule/wazuh-agent/tests/test_agents.py | 0 molecule/wazuh-agent/tests/test_manager.py | 0 playbooks/wazuh-agent.yml | 0 playbooks/wazuh-elastic.yml | 0 playbooks/wazuh-elastic_stack-distributed.yml | 0 playbooks/wazuh-elastic_stack-single.yml | 0 playbooks/wazuh-kibana.yml | 0 playbooks/wazuh-manager.yml | 0 roles/ansible-galaxy/meta/main.yml | 0 .../ansible-elasticsearch/README.md | 0 .../ansible-elasticsearch/defaults/main.yml | 0 .../ansible-elasticsearch/handlers/main.yml | 0 .../ansible-elasticsearch/meta/main.yml | 0 .../ansible-elasticsearch/tasks/Debian.yml | 0 .../ansible-elasticsearch/tasks/RMDebian.yml | 0 .../ansible-elasticsearch/tasks/RMRedHat.yml | 0 .../ansible-elasticsearch/tasks/RedHat.yml | 0 .../ansible-elasticsearch/tasks/main.yml | 27 +++- .../templates/elasticsearch.yml.j2 | 0 .../templates/elasticsearch_nonsystemd.j2 | 0 .../templates/elasticsearch_systemd.conf.j2 | 0 .../templates/instances.yml.j2 | 0 .../templates/jvm.options.j2 | 0 .../wazuh-elastic6-template-alerts.json.j2 | 0 .../wazuh-elastic7-template-alerts.json.j2 | 0 roles/elastic-stack/ansible-kibana/README.md | 0 .../ansible-kibana/defaults/main.yml | 0 .../ansible-kibana/handlers/main.yml | 0 .../ansible-kibana/meta/main.yml | 0 .../ansible-kibana/tasks/Debian.yml | 0 .../ansible-kibana/tasks/RMDebian.yml | 0 .../ansible-kibana/tasks/RMRedHat.yml | 0 .../ansible-kibana/tasks/RedHat.yml | 0 .../ansible-kibana/tasks/main.yml | 0 .../ansible-kibana/templates/kibana.yml.j2 | 0 roles/wazuh/ansible-filebeat/README.md | 0 .../wazuh/ansible-filebeat/defaults/main.yml | 0 .../wazuh/ansible-filebeat/handlers/main.yml | 0 roles/wazuh/ansible-filebeat/meta/main.yml | 0 roles/wazuh/ansible-filebeat/tasks/Debian.yml | 0 .../wazuh/ansible-filebeat/tasks/RMDebian.yml | 0 .../wazuh/ansible-filebeat/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/config.yml | 0 roles/wazuh/ansible-filebeat/tasks/main.yml | 0 .../templates/elasticsearch.yml.j2 | 0 .../templates/filebeat.yml.j2 | 0 .../ansible-filebeat/tests/requirements.yml | 0 roles/wazuh/ansible-filebeat/tests/test.yml | 0 roles/wazuh/ansible-wazuh-agent/README.md | 0 .../ansible-wazuh-agent/defaults/main.yml | 0 .../ansible-wazuh-agent/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-agent/meta/main.yml | 0 .../ansible-wazuh-agent/tasks/Debian.yml | 0 .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 0 .../ansible-wazuh-agent/tasks/RMDebian.yml | 0 .../ansible-wazuh-agent/tasks/RMRedHat.yml | 0 .../ansible-wazuh-agent/tasks/RedHat.yml | 0 .../ansible-wazuh-agent/tasks/Windows.yml | 0 .../wazuh/ansible-wazuh-agent/tasks/main.yml | 0 ...r-ossec-etc-local-internal-options.conf.j2 | 0 .../var-ossec-etc-ossec-agent.conf.j2 | 0 .../ansible-wazuh-agent/vars/api_pass.yml | 0 .../ansible-wazuh-agent/vars/authd_pass.yml | 0 roles/wazuh/ansible-wazuh-manager/README.md | 0 .../ansible-wazuh-manager/defaults/main.yml | 2 + .../decoders/sample_custom_decoders.xml | 0 .../rules/sample_custom_rules.xml | 0 .../ansible-wazuh-manager/handlers/main.yml | 0 .../wazuh/ansible-wazuh-manager/meta/main.yml | 0 .../ansible-wazuh-manager/tasks/Debian.yml | 0 .../ansible-wazuh-manager/tasks/RMDebian.yml | 0 .../ansible-wazuh-manager/tasks/RMRedHat.yml | 0 .../ansible-wazuh-manager/tasks/RedHat.yml | 0 .../ansible-wazuh-manager/tasks/main.yml | 29 ++++- .../templates/agentless.j2 | 0 .../templates/api_user.j2 | 0 .../templates/authd_pass.j2 | 0 .../templates/cdb_lists.j2 | 0 .../var-ossec-api-configuration-config.js.j2 | 0 ...r-ossec-etc-local-internal-options.conf.j2 | 0 .../var-ossec-etc-ossec-server.conf.j2 | 0 .../var-ossec-etc-shared-agent.conf.j2 | 0 .../var-ossec-rules-local_decoder.xml.j2 | 0 .../var-ossec-rules-local_rules.xml.j2 | 0 .../vars/agentless_creds.yml | 0 .../ansible-wazuh-manager/vars/authd_pass.yml | 0 .../ansible-wazuh-manager/vars/cdb_lists.yml | 0 .../vars/wazuh_api_creds.yml | 0 128 files changed, 194 insertions(+), 31 deletions(-) mode change 100644 => 100755 .gitignore mode change 100644 => 100755 .swp mode change 100644 => 100755 .yamllint mode change 100644 => 100755 CHANGELOG.md mode change 100644 => 100755 LICENSE mode change 100644 => 100755 Pipfile mode change 100644 => 100755 README.md mode change 100644 => 100755 VERSION mode change 100644 => 100755 molecule/default/Dockerfile.j2 mode change 100644 => 100755 molecule/default/INSTALL.rst mode change 100644 => 100755 molecule/default/create.yml mode change 100644 => 100755 molecule/default/destroy.yml mode change 100644 => 100755 molecule/default/molecule.yml mode change 100644 => 100755 molecule/default/playbook.yml mode change 100644 => 100755 molecule/default/prepare.yml mode change 100644 => 100755 molecule/default/tests/test_default.py mode change 100644 => 100755 molecule/elasticsearch/Dockerfile.j2 mode change 100644 => 100755 molecule/elasticsearch/INSTALL.rst mode change 100644 => 100755 molecule/elasticsearch/molecule.yml mode change 100644 => 100755 molecule/elasticsearch/playbook.yml mode change 100644 => 100755 molecule/elasticsearch/tests/test_default.py create mode 100755 molecule/external_packages/jdk-8u211-linux-x64.rpm mode change 100644 => 100755 molecule/filebeat/Dockerfile.j2 mode change 100644 => 100755 molecule/filebeat/INSTALL.rst mode change 100644 => 100755 molecule/filebeat/molecule.yml mode change 100644 => 100755 molecule/filebeat/playbook.yml mode change 100644 => 100755 molecule/filebeat/prepare.yml mode change 100644 => 100755 molecule/filebeat/tests/test_default.py mode change 100644 => 100755 molecule/kibana/Dockerfile.j2 mode change 100644 => 100755 molecule/kibana/INSTALL.rst mode change 100644 => 100755 molecule/kibana/molecule.yml mode change 100644 => 100755 molecule/kibana/playbook.yml mode change 100644 => 100755 molecule/kibana/prepare.yml mode change 100644 => 100755 molecule/kibana/tests/test_default.py mode change 100644 => 100755 molecule/wazuh-agent/Dockerfile.j2 mode change 100644 => 100755 molecule/wazuh-agent/INSTALL.rst mode change 100644 => 100755 molecule/wazuh-agent/molecule.yml mode change 100644 => 100755 molecule/wazuh-agent/playbook.yml mode change 100644 => 100755 molecule/wazuh-agent/prepare.yml mode change 100644 => 100755 molecule/wazuh-agent/tests/test_agents.py mode change 100644 => 100755 molecule/wazuh-agent/tests/test_manager.py mode change 100644 => 100755 playbooks/wazuh-agent.yml mode change 100644 => 100755 playbooks/wazuh-elastic.yml mode change 100644 => 100755 playbooks/wazuh-elastic_stack-distributed.yml mode change 100644 => 100755 playbooks/wazuh-elastic_stack-single.yml mode change 100644 => 100755 playbooks/wazuh-kibana.yml mode change 100644 => 100755 playbooks/wazuh-manager.yml mode change 100644 => 100755 roles/ansible-galaxy/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/README.md mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/defaults/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/handlers/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/README.md mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/defaults/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/handlers/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/Debian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/README.md mode change 100644 => 100755 roles/wazuh/ansible-filebeat/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/config.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tests/requirements.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tests/test.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/README.md mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/README.md mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/.swp b/.swp old mode 100644 new mode 100755 diff --git a/.yamllint b/.yamllint old mode 100644 new mode 100755 diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/Pipfile b/Pipfile old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/VERSION b/VERSION old mode 100644 new mode 100755 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/default/create.yml b/molecule/default/create.yml old mode 100644 new mode 100755 diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml old mode 100644 new mode 100755 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py old mode 100644 new mode 100755 index 16a32b85..4e6e25d6 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.2" + return "3.9.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml old mode 100644 new mode 100755 index 6d6e962a..585614b2 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -11,36 +11,36 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 + # - name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + # privileged: true + # memory_reservation: 1024m + # - name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 1024m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #memory_reservation: 1024m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true memory_reservation: 1024m ulimits: - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: + # - name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 1024m + # privileged: true + # ulimits: - nofile:262144:262144 provisioner: name: ansible diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm new file mode 100755 index 00000000..f0fccd61 --- /dev/null +++ b/molecule/external_packages/jdk-8u211-linux-x64.rpm @@ -0,0 +1,117 @@ + + +Unauthorized Request + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Sorry!

In order to download products from Oracle Technology + Network you must agree to the OTN license terms.
Be sure that...
+ Your browser has "cookies" and JavaScript enabled.
+ You clicked on "Accept License" for the product you wish to download.
+ You attempt the download within 30 minutes of accepting the license.
From here you can go...
+ + + + + + + + + + + + + +
Back to Previous Page
Site Map
OTN Homepage
+ +
+ +
+ + + diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml old mode 100644 new mode 100755 diff --git a/roles/ansible-galaxy/meta/main.yml b/roles/ansible-galaxy/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml b/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/meta/main.yml b/roles/elastic-stack/ansible-elasticsearch/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml old mode 100644 new mode 100755 index 776f8b36..5ca11b67 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -197,7 +197,7 @@ when: - elasticsearch_xpack_security -- name: Reload systemd +- name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd systemd: daemon_reload=true ignore_errors: true when: @@ -205,12 +205,37 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) +- name: Get Java version + shell: java -version |& awk -F'"' '{print $2}' + register: java_version + +- debug: msg="{{ java_version.stdout_lines }}" + +- name: "Install Java Repo for Trusty" + yum_repository: repo='ppa:openjdk-r/ppa' + when: + - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 + +- name: Distribution is centos 6.* | Enable Elasticsearch + service: name=elasticsearch enabled=yes + +- name: Distribution is centos 6.* | Reload Elasticsearch + service: name=elasticsearch state=reloaded + +- name: Distribution is centos 6.* | Start Elasticsearch + service: name=elasticsearch state=started - name: Ensure Elasticsearch started and enabled service: name: elasticsearch enabled: true state: started + # ignore_errors: true + # when: + # - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") + # - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) + # - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + # - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Make sure Elasticsearch is running before proceeding wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/handlers/main.yml b/roles/elastic-stack/ansible-kibana/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/meta/main.yml b/roles/elastic-stack/ansible-kibana/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/handlers/main.yml b/roles/wazuh/ansible-filebeat/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/meta/main.yml b/roles/wazuh/ansible-filebeat/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/meta/main.yml b/roles/wazuh/ansible-wazuh-agent/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml old mode 100644 new mode 100755 index 8cf7ef58..ffa9bef2 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,4 +1,6 @@ --- +wazuh_manager_api_version: 3.9.0 + wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/meta/main.yml b/roles/wazuh/ansible-wazuh-manager/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml old mode 100644 new mode 100755 index 2715bba0..7064ba41 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,19 +5,38 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Install wazuh-manager, wazuh-api and expect - package: pkg={{ item }} state={{ wazuh_manager_package_state }} +- name: CentOS/RedHat | Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager - wazuh-api - - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - ansible_distribution in ['CentOS','RedHat'] tags: - init +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api and expect + apt: + name: "{{ item }}={{ wazuh_manager_api_version }}-1" + state: present + cache_valid_time: 3600 + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - not (ansible_distribution in ['CentOS','RedHat']) + tags: init + +- name: Install expect + package: pkg=expect state={{ wazuh_manager_package_state }} + when: + - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + tags: init + - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager @@ -30,7 +49,7 @@ - name: Install wazuh-manager and expect (EL5) package: pkg={{ item }} state={{ wazuh_manager_package_state }} with_items: - - wazuh-manager + - wazuh-manager-{{ wazuh_manager_api_version }} - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded diff --git a/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 b/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 b/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml old mode 100644 new mode 100755 From 873e9759ae0b250a1a19d415dd26e7f1d1bb700d Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 12 Jul 2019 13:06:02 +0000 Subject: [PATCH 63/75] Versioning and Ansible-Linting fixes are introduced to wazuh-agent and filebeat installations and testings --- molecule/filebeat/molecule.yml | 3 ++ molecule/filebeat/tests/test_default.py | 7 +++ molecule/wazuh-agent/tests/test_agents.py | 5 ++ .../wazuh/ansible-filebeat/defaults/main.yml | 2 + roles/wazuh/ansible-filebeat/tasks/main.yml | 50 +++++++++++++------ .../ansible-wazuh-agent/defaults/main.yml | 5 +- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++- .../ansible-wazuh-manager/tasks/main.yml | 4 +- 8 files changed, 72 insertions(+), 20 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 4f0bffb6..e456c4ae 100755 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -5,6 +5,9 @@ driver: name: docker lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: trusty image: ubuntu:trusty diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 72ac55d4..a959e48b 100755 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -4,3 +4,10 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.1.1') diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 5867dc2f..657cc9ee 100755 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -7,6 +7,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent') +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.0" + + def test_ossec_package_installed(Package): ossec = Package('wazuh-agent') assert ossec.is_installed diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index cfb892bd..541c0214 100755 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,4 +1,6 @@ --- +filebeat_version: 7.1.1 + filebeat_create_config: true filebeat_prospectors: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 2dfa3ecd..7bafcc79 100755 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -5,26 +5,40 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Install Filebeat. - package: name=filebeat state=present +- name: CentOS/RedHat | Install Filebeat. + package: name=filebeat-{{ filebeat_version }} state=present register: filebeat_installing_package until: filebeat_installing_package is succeeded + when: + - ansible_distribution in ['CentOS','RedHat'] tags: - install +- name: Debian/Ubuntu | Install Filebeat. + apt: + name: filebeat={{ filebeat_version }} + state: present + cache_valid_time: 3600 + register: filebeat_installing_package_debian + until: filebeat_installing_package_debian is succeeded + when: + - not (ansible_distribution in ['CentOS','RedHat']) + tags: + - init + - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ filebeat_node_name }}.crt" register: certificate_file_exists when: - filebeat_xpack_security - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{filebeat_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ filebeat_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists @@ -32,26 +46,30 @@ - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists register: check_certs_permissions tags: xpack-security - + - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{filebeat_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ filebeat_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - filebeat_xpack_security @@ -60,7 +78,11 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes + when: - check_certs_permissions is defined - filebeat_xpack_security diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e95707e6..ded6d5b9 100755 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,4 +1,5 @@ --- +wazuh_agent_version: 3.9.0 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -23,10 +24,10 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.2' + version: '3.9.3' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 43936e7bc7eb51bd186f47dac4a6f477 + md5: c3fdbd6c121ca371b8abcd477ed4e8a4 wazuh_agent_config: active_response: ar_disabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 2b644bde..faa28b57 100755 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -5,10 +5,22 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Linux | Install wazuh-agent - package: name=wazuh-agent state=present +- name: Linux CentOS/RedHat | Install wazuh-agent + package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present async: 90 poll: 30 + when: + - ansible_distribution in ['CentOS','RedHat'] + tags: + - init + +- name: Linux Debian | Install wazuh-agent + apt: + name: "wazuh-agent={{ wazuh_agent_version }}-1" + state: present + cache_valid_time: 3600 + when: + - not (ansible_distribution in ['CentOS','RedHat']) tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 7064ba41..30e5ec87 100755 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,7 +5,7 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat | Install wazuh-manager, wazuh-api and expect +- name: CentOS/RedHat | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager @@ -17,7 +17,7 @@ tags: - init -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api and expect +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: name: "{{ item }}={{ wazuh_manager_api_version }}-1" state: present From d08b013224db9041b141a92c5880f62736019dee Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 12 Jul 2019 14:24:31 +0000 Subject: [PATCH 64/75] Kibana test is probably fixed, saving changes ... --- molecule/kibana/molecule.yml | 3 ++ molecule/kibana/tests/test_default.py | 2 +- .../ansible-kibana/tasks/main.yml | 40 ++++++++++++------- 3 files changed, 30 insertions(+), 15 deletions(-) diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index a1e0e3f9..c1191c07 100755 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -5,6 +5,9 @@ driver: name: docker lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: bionic image: solita/ubuntu-systemd:bionic diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index 936f6cfc..f510aed9 100755 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("6.7.1") + assert kibana.contains("7.1.1") def test_wazuh_plugin_installed(host): diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43dfd57e..4e12b1b2 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -16,17 +16,17 @@ - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ kibana_node_name }}.crt" register: certificate_file_exists when: - - kibana_xpack_security + - kibana_xpack_security - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{kibana_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ kibana_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists @@ -34,25 +34,29 @@ - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security - + - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ kibana_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security @@ -61,14 +65,22 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chown -R kibana: {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + state: directory + recurse: yes + owner: kibana + group: kibana when: - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes when: - check_certs_permissions is defined - kibana_xpack_security From df428f5f52632bb3cf0d7163f2c05346cefae95d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 15 Jul 2019 14:04:13 +0200 Subject: [PATCH 65/75] fixed elasticsearch installation for Centos 6.* - Adding Java Installation --- molecule/elasticsearch/molecule.yml | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- .../ansible-elasticsearch/tasks/RedHat.yml | 5 ++++ .../ansible-elasticsearch/tasks/main.yml | 24 +++++++++++-------- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 585614b2..a7e3c26f 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -41,7 +41,7 @@ platforms: # memory_reservation: 1024m # privileged: true # ulimits: - - nofile:262144:262144 + # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 8b453255..34fce3b3 100755 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('6.7.1') + assert elasticsearch.version.startswith('7.1.1') def test_elasticsearch_is_running(host): diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 16366dfc..fbefe51e 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,6 +9,11 @@ gpgcheck: true changed_when: false +- name: CentOS x.x => x.x < 7.0 | Installing Java + yum: + name: java-1.8.0-openjdk.x86_64 + state: present + - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5ca11b67..c29dc760 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -205,22 +205,26 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Get Java version - shell: java -version |& awk -F'"' '{print $2}' - register: java_version -- debug: msg="{{ java_version.stdout_lines }}" +#- name: Get Java version +# shell: java -version |& awk -F'"' '{print $2}' +# register: java_version +# ignore_errors: true -- name: "Install Java Repo for Trusty" - yum_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 +# - debug: msg="{{ java_version.stdout_lines }}" + +#- name: "Install Java Repo for Trusty" +# yum_repository: repo='ppa:openjdk-r/ppa' +# when: +# - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - name: Distribution is centos 6.* | Enable Elasticsearch service: name=elasticsearch enabled=yes -- name: Distribution is centos 6.* | Reload Elasticsearch - service: name=elasticsearch state=reloaded + +#- name: Distribution is centos 6.* | Reload Elasticsearch +# service: name=elasticsearch state=reloaded +# state: "{{ elasticsearch_state | default('reloaded') }}" - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started From eb70809add79d1159db57f587dbad7a5c837c616 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 15 Jul 2019 17:06:13 +0200 Subject: [PATCH 66/75] fixed Elasticsearch installation's issues caused by the absense of Java in Ubuntu Trusty --- molecule/elasticsearch/molecule.yml | 16 ++++----- .../ansible-elasticsearch/tasks/Debian.yml | 36 +++++++++++++++++++ .../ansible-elasticsearch/tasks/RedHat.yml | 2 ++ .../ansible-elasticsearch/tasks/main.yml | 23 ------------ 4 files changed, 46 insertions(+), 31 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index a7e3c26f..fbb06add 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -25,17 +25,17 @@ platforms: # command: /sbin/init # ulimits: # - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #memory_reservation: 1024m - #ulimits: - #- nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true + - name: trusty + image: ubuntu:trusty memory_reservation: 1024m ulimits: - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 # - name: centos7 # image: milcom/centos7-systemd # memory_reservation: 1024m diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 1555f443..17b968cc 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -14,6 +14,42 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 +- name: Update and upgrade apt packages + become: true + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + +- name: Install Oracle Java 8 + become: yes + apt: name=openjdk-8-jdk state=latest + + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + +- name: Set the default Java version + become: yes + shell: update-alternatives --config java + +- name: Set the default Javac version + become: yes + shell: update-alternatives --config javac + +- name: Update and upgrade apt packages + become: true + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index fbefe51e..81176ee0 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -13,6 +13,8 @@ yum: name: java-1.8.0-openjdk.x86_64 state: present + when: + - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index c29dc760..56a3157b 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -206,26 +206,9 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -#- name: Get Java version -# shell: java -version |& awk -F'"' '{print $2}' -# register: java_version -# ignore_errors: true - -# - debug: msg="{{ java_version.stdout_lines }}" - -#- name: "Install Java Repo for Trusty" -# yum_repository: repo='ppa:openjdk-r/ppa' -# when: -# - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: Distribution is centos 6.* | Enable Elasticsearch service: name=elasticsearch enabled=yes - -#- name: Distribution is centos 6.* | Reload Elasticsearch -# service: name=elasticsearch state=reloaded -# state: "{{ elasticsearch_state | default('reloaded') }}" - - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started @@ -234,12 +217,6 @@ name: elasticsearch enabled: true state: started - # ignore_errors: true - # when: - # - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - # - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - # - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - # - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Make sure Elasticsearch is running before proceeding wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 From fc38d565d9d9e6839dbe1ad6f3b641a8865534f3 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 16 Jul 2019 12:29:07 +0200 Subject: [PATCH 67/75] fixed Elasticsearch installation's issues related to Idempotence test - Test passed successfully --- molecule/elasticsearch/molecule.yml | 46 +++++++++---------- .../ansible-elasticsearch/tasks/Debian.yml | 20 +++++--- .../ansible-elasticsearch/tasks/main.yml | 1 - 3 files changed, 36 insertions(+), 31 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index fbb06add..6860b0f3 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -3,45 +3,43 @@ dependency: name: galaxy driver: name: docker -#lint: -# name: yamllint lint: name: yamllint options: config-data: ignore: .virtualenv platforms: - # - name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - # privileged: true - # memory_reservation: 1024m - # - name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 1024m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 +# - name: bionic +# image: solita/ubuntu-systemd:bionic +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 +# privileged: true +# memory_reservation: 2048m +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 2048m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 - name: trusty image: ubuntu:trusty - memory_reservation: 1024m + memory_reservation: 2048m ulimits: - nofile:262144:262144 # - name: centos6 # image: centos:6 # privileged: true -# memory_reservation: 1024m +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 2048m +# privileged: true # ulimits: # - nofile:262144:262144 - # - name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 1024m - # privileged: true - # ulimits: - # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 17b968cc..642e2ee9 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,13 +32,19 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Set the default Java version - become: yes - shell: update-alternatives --config java +#- name: Set the default Java version +# become: yes +# shell: update-alternatives --config java +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14# -- name: Set the default Javac version - become: yes - shell: update-alternatives --config javac +#- name: Set the default Javac version +# become: yes +# shell: update-alternatives --config javac +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14 - name: Update and upgrade apt packages become: true @@ -55,12 +61,14 @@ url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" state: present + - name: Debian/Ubuntu | Install Elastic repo apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present filename: 'elastic_repo' update_cache: true + changed_when: false - name: Debian/Ubuntu | Install Elasticsarch apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 56a3157b..2d446798 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -253,6 +253,5 @@ - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" - - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From 687797a66cd7d7aff3a3b36916182f1950a25453 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 16 Jul 2019 17:23:09 +0200 Subject: [PATCH 68/75] ignored Ubuntu Trusty in Testing --- molecule/elasticsearch/molecule.yml | 57 ++++++++++--------- molecule/kibana/molecule.yml | 10 ++-- .../ansible-elasticsearch/tasks/Debian.yml | 14 ----- .../ansible-elasticsearch/tasks/main.yml | 23 ++++++++ 4 files changed, 57 insertions(+), 47 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 6860b0f3..20d68047 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,37 +9,38 @@ lint: config-data: ignore: .virtualenv platforms: -# - name: bionic -# image: solita/ubuntu-systemd:bionic -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 -# privileged: true -# memory_reservation: 2048m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true memory_reservation: 2048m ulimits: - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index c1191c07..2017a6bd 100755 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -23,11 +23,11 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 642e2ee9..f6c0e6cc 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,20 +32,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -#- name: Set the default Java version -# become: yes -# shell: update-alternatives --config java -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14# - -#- name: Set the default Javac version -# become: yes -# shell: update-alternatives --config javac -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 2d446798..9678f8cb 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -197,6 +197,28 @@ when: - elasticsearch_xpack_security +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf + lineinfile: + path: /etc/security/limits.conf + line: elasticsearch - memlock unlimited + create: yes + become: yes + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + changed_when: false + +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf + lineinfile: + path: /etc/security/limits.d/elasticsearch.conf + line: elasticsearch - memlock unlimited + create: yes + become: yes + changed_when: false + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -211,6 +233,7 @@ - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started + ignore_errors: true - name: Ensure Elasticsearch started and enabled service: From f30f620350b8a25d5fb4a347fa985b50189098c9 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:09:12 +0200 Subject: [PATCH 69/75] disabled core.filemode in git --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af79a017..f8e65905 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.9.2 +- Update to Wazuh v3.9.2 - Support for Elastic 7 - Ability to deploy an Elasticsearch cluster [#6b95e3](https://github.com/wazuh/wazuh-ansible/commit/6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c) From 2150d71a60ffb7f5ab7651311ed729df7b7bca69 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:21:19 +0200 Subject: [PATCH 70/75] changing permissions --- .gitignore | 0 .swp | Bin .yamllint | 0 CHANGELOG.md | 0 LICENSE | 0 Pipfile | 0 README.md | 0 VERSION | 0 molecule/default/Dockerfile.j2 | 0 molecule/default/INSTALL.rst | 0 molecule/default/create.yml | 0 molecule/default/destroy.yml | 0 molecule/default/molecule.yml | 0 molecule/default/playbook.yml | 0 molecule/default/prepare.yml | 0 molecule/default/tests/test_default.py | 0 molecule/elasticsearch/Dockerfile.j2 | 0 molecule/elasticsearch/INSTALL.rst | 0 molecule/elasticsearch/molecule.yml | 0 molecule/elasticsearch/playbook.yml | 0 molecule/elasticsearch/tests/test_default.py | 0 molecule/external_packages/jdk-8u211-linux-x64.rpm | 0 molecule/filebeat/Dockerfile.j2 | 0 molecule/filebeat/INSTALL.rst | 0 molecule/filebeat/molecule.yml | 0 molecule/filebeat/playbook.yml | 0 molecule/filebeat/prepare.yml | 0 molecule/filebeat/tests/test_default.py | 0 molecule/kibana/Dockerfile.j2 | 0 molecule/kibana/INSTALL.rst | 0 molecule/kibana/molecule.yml | 0 molecule/kibana/playbook.yml | 0 molecule/kibana/prepare.yml | 0 molecule/kibana/tests/test_default.py | 0 molecule/wazuh-agent/Dockerfile.j2 | 0 molecule/wazuh-agent/INSTALL.rst | 0 molecule/wazuh-agent/molecule.yml | 0 molecule/wazuh-agent/playbook.yml | 0 molecule/wazuh-agent/prepare.yml | 0 molecule/wazuh-agent/tests/test_agents.py | 0 molecule/wazuh-agent/tests/test_manager.py | 0 playbooks/wazuh-agent.yml | 0 playbooks/wazuh-elastic.yml | 0 playbooks/wazuh-elastic_stack-distributed.yml | 0 playbooks/wazuh-elastic_stack-single.yml | 0 playbooks/wazuh-kibana.yml | 0 playbooks/wazuh-manager.yml | 0 roles/ansible-galaxy/meta/main.yml | 0 roles/elastic-stack/ansible-elasticsearch/README.md | 0 .../ansible-elasticsearch/defaults/main.yml | 0 .../ansible-elasticsearch/handlers/main.yml | 0 .../ansible-elasticsearch/meta/main.yml | 0 .../ansible-elasticsearch/tasks/Debian.yml | 0 .../ansible-elasticsearch/tasks/RMDebian.yml | 0 .../ansible-elasticsearch/tasks/RMRedHat.yml | 0 .../ansible-elasticsearch/tasks/RedHat.yml | 0 .../ansible-elasticsearch/tasks/main.yml | 0 .../templates/elasticsearch.yml.j2 | 0 .../templates/elasticsearch_nonsystemd.j2 | 0 .../templates/elasticsearch_systemd.conf.j2 | 0 .../templates/instances.yml.j2 | 0 .../ansible-elasticsearch/templates/jvm.options.j2 | 0 .../wazuh-elastic6-template-alerts.json.j2 | 0 .../wazuh-elastic7-template-alerts.json.j2 | 0 roles/elastic-stack/ansible-kibana/README.md | 0 .../elastic-stack/ansible-kibana/defaults/main.yml | 0 .../elastic-stack/ansible-kibana/handlers/main.yml | 0 roles/elastic-stack/ansible-kibana/meta/main.yml | 0 roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 0 .../elastic-stack/ansible-kibana/tasks/RMDebian.yml | 0 .../elastic-stack/ansible-kibana/tasks/RMRedHat.yml | 0 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 0 roles/elastic-stack/ansible-kibana/tasks/main.yml | 0 .../ansible-kibana/templates/kibana.yml.j2 | 0 roles/wazuh/ansible-filebeat/README.md | 0 roles/wazuh/ansible-filebeat/defaults/main.yml | 0 roles/wazuh/ansible-filebeat/handlers/main.yml | 0 roles/wazuh/ansible-filebeat/meta/main.yml | 0 roles/wazuh/ansible-filebeat/tasks/Debian.yml | 0 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml | 0 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/config.yml | 0 roles/wazuh/ansible-filebeat/tasks/main.yml | 0 .../ansible-filebeat/templates/elasticsearch.yml.j2 | 0 .../ansible-filebeat/templates/filebeat.yml.j2 | 0 roles/wazuh/ansible-filebeat/tests/requirements.yml | 0 roles/wazuh/ansible-filebeat/tests/test.yml | 0 roles/wazuh/ansible-wazuh-agent/README.md | 0 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 0 roles/wazuh/ansible-wazuh-agent/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-agent/meta/main.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 0 .../var-ossec-etc-local-internal-options.conf.j2 | 0 .../templates/var-ossec-etc-ossec-agent.conf.j2 | 0 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml | 0 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml | 0 roles/wazuh/ansible-wazuh-manager/README.md | 0 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 0 .../decoders/sample_custom_decoders.xml | 0 .../custom_ruleset/rules/sample_custom_rules.xml | 0 roles/wazuh/ansible-wazuh-manager/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-manager/meta/main.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 0 .../wazuh/ansible-wazuh-manager/tasks/RMDebian.yml | 0 .../wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 0 .../ansible-wazuh-manager/templates/agentless.j2 | 0 .../ansible-wazuh-manager/templates/api_user.j2 | 0 .../ansible-wazuh-manager/templates/authd_pass.j2 | 0 .../ansible-wazuh-manager/templates/cdb_lists.j2 | 0 .../var-ossec-api-configuration-config.js.j2 | 0 .../var-ossec-etc-local-internal-options.conf.j2 | 0 .../templates/var-ossec-etc-ossec-server.conf.j2 | 0 .../templates/var-ossec-etc-shared-agent.conf.j2 | 0 .../templates/var-ossec-rules-local_decoder.xml.j2 | 0 .../templates/var-ossec-rules-local_rules.xml.j2 | 0 .../ansible-wazuh-manager/vars/agentless_creds.yml | 0 .../wazuh/ansible-wazuh-manager/vars/authd_pass.yml | 0 .../wazuh/ansible-wazuh-manager/vars/cdb_lists.yml | 0 .../ansible-wazuh-manager/vars/wazuh_api_creds.yml | 0 128 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 .gitignore mode change 100755 => 100644 .swp mode change 100755 => 100644 .yamllint mode change 100755 => 100644 CHANGELOG.md mode change 100755 => 100644 LICENSE mode change 100755 => 100644 Pipfile mode change 100755 => 100644 README.md mode change 100755 => 100644 VERSION mode change 100755 => 100644 molecule/default/Dockerfile.j2 mode change 100755 => 100644 molecule/default/INSTALL.rst mode change 100755 => 100644 molecule/default/create.yml mode change 100755 => 100644 molecule/default/destroy.yml mode change 100755 => 100644 molecule/default/molecule.yml mode change 100755 => 100644 molecule/default/playbook.yml mode change 100755 => 100644 molecule/default/prepare.yml mode change 100755 => 100644 molecule/default/tests/test_default.py mode change 100755 => 100644 molecule/elasticsearch/Dockerfile.j2 mode change 100755 => 100644 molecule/elasticsearch/INSTALL.rst mode change 100755 => 100644 molecule/elasticsearch/molecule.yml mode change 100755 => 100644 molecule/elasticsearch/playbook.yml mode change 100755 => 100644 molecule/elasticsearch/tests/test_default.py mode change 100755 => 100644 molecule/external_packages/jdk-8u211-linux-x64.rpm mode change 100755 => 100644 molecule/filebeat/Dockerfile.j2 mode change 100755 => 100644 molecule/filebeat/INSTALL.rst mode change 100755 => 100644 molecule/filebeat/molecule.yml mode change 100755 => 100644 molecule/filebeat/playbook.yml mode change 100755 => 100644 molecule/filebeat/prepare.yml mode change 100755 => 100644 molecule/filebeat/tests/test_default.py mode change 100755 => 100644 molecule/kibana/Dockerfile.j2 mode change 100755 => 100644 molecule/kibana/INSTALL.rst mode change 100755 => 100644 molecule/kibana/molecule.yml mode change 100755 => 100644 molecule/kibana/playbook.yml mode change 100755 => 100644 molecule/kibana/prepare.yml mode change 100755 => 100644 molecule/kibana/tests/test_default.py mode change 100755 => 100644 molecule/wazuh-agent/Dockerfile.j2 mode change 100755 => 100644 molecule/wazuh-agent/INSTALL.rst mode change 100755 => 100644 molecule/wazuh-agent/molecule.yml mode change 100755 => 100644 molecule/wazuh-agent/playbook.yml mode change 100755 => 100644 molecule/wazuh-agent/prepare.yml mode change 100755 => 100644 molecule/wazuh-agent/tests/test_agents.py mode change 100755 => 100644 molecule/wazuh-agent/tests/test_manager.py mode change 100755 => 100644 playbooks/wazuh-agent.yml mode change 100755 => 100644 playbooks/wazuh-elastic.yml mode change 100755 => 100644 playbooks/wazuh-elastic_stack-distributed.yml mode change 100755 => 100644 playbooks/wazuh-elastic_stack-single.yml mode change 100755 => 100644 playbooks/wazuh-kibana.yml mode change 100755 => 100644 playbooks/wazuh-manager.yml mode change 100755 => 100644 roles/ansible-galaxy/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/README.md mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/defaults/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/handlers/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/README.md mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/defaults/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/handlers/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/Debian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/README.md mode change 100755 => 100644 roles/wazuh/ansible-filebeat/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/config.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tests/requirements.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tests/test.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/README.md mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/README.md mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/.swp b/.swp old mode 100755 new mode 100644 diff --git a/.yamllint b/.yamllint old mode 100755 new mode 100644 diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100755 new mode 100644 diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/Pipfile b/Pipfile old mode 100755 new mode 100644 diff --git a/README.md b/README.md old mode 100755 new mode 100644 diff --git a/VERSION b/VERSION old mode 100755 new mode 100644 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/default/create.yml b/molecule/default/create.yml old mode 100755 new mode 100644 diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml old mode 100755 new mode 100644 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm old mode 100755 new mode 100644 diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml old mode 100755 new mode 100644 diff --git a/roles/ansible-galaxy/meta/main.yml b/roles/ansible-galaxy/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml b/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/meta/main.yml b/roles/elastic-stack/ansible-elasticsearch/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/handlers/main.yml b/roles/elastic-stack/ansible-kibana/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/meta/main.yml b/roles/elastic-stack/ansible-kibana/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/handlers/main.yml b/roles/wazuh/ansible-filebeat/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/meta/main.yml b/roles/wazuh/ansible-filebeat/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/meta/main.yml b/roles/wazuh/ansible-wazuh-agent/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/meta/main.yml b/roles/wazuh/ansible-wazuh-manager/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 b/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 b/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml old mode 100755 new mode 100644 From f6fc17bcc971e2023515922bcfc728e628c55abc Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:40:14 +0200 Subject: [PATCH 71/75] implemented the requested changes for PR #206 --- CHANGELOG.md | 2 +- molecule/elasticsearch/molecule.yml | 2 +- .../external_packages/jdk-8u211-linux-x64.rpm | 117 ------------------ 3 files changed, 2 insertions(+), 119 deletions(-) delete mode 100644 molecule/external_packages/jdk-8u211-linux-x64.rpm diff --git a/CHANGELOG.md b/CHANGELOG.md index f8e65905..af79a017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.9.2 +- Update to Wazuh v3.9.2 - Support for Elastic 7 - Ability to deploy an Elasticsearch cluster [#6b95e3](https://github.com/wazuh/wazuh-ansible/commit/6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 20d68047..5d6d3075 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -52,7 +52,7 @@ provisioner: ANSIBLE_ROLES_PATH: ../../roles lint: name: ansible-lint - enabled: false + enabled: true inventory: group_vars: all: diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm deleted file mode 100644 index f0fccd61..00000000 --- a/molecule/external_packages/jdk-8u211-linux-x64.rpm +++ /dev/null @@ -1,117 +0,0 @@ - - -Unauthorized Request - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sorry!

In order to download products from Oracle Technology - Network you must agree to the OTN license terms.
Be sure that...
- Your browser has "cookies" and JavaScript enabled.
- You clicked on "Accept License" for the product you wish to download.
- You attempt the download within 30 minutes of accepting the license.
From here you can go...
- - - - - - - - - - - - - -
Back to Previous Page
Site Map
OTN Homepage
- -
- -
- - - From 9847b6b003e74798a4027ce97bd2d1f1cfdd6a1e Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:52:14 +0200 Subject: [PATCH 72/75] deleted .swp --- .gitignore | 1 + .swp | Bin 12288 -> 0 bytes 2 files changed, 1 insertion(+) delete mode 100644 .swp diff --git a/.gitignore b/.gitignore index 5b26bcf3..107a85d0 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ wazuh-kibana.yml wazuh-manager.yml *.pyc Pipfile.lock +*.swp diff --git a/.swp b/.swp deleted file mode 100644 index 3cc197e09a7cc13ae44c3cb176cce131024a3112..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI%Jqp4w6u|LU!NEz<3sl{u>LP*%aB!@nl9C`oKctO^+g`)lB(ENOSMtO*)<4F?LHd_AkYPYfxliY%d0-0 zP2I`Z??O@3fB*srAbLmC7SKmY**5I_I{1Q0*~ z0R#|eKtO4c_fX`M_u~J*djFU62J&$v0tg_000IagfB*srAbD|Z|jm{a* From 84c0df02dc9a6f5cab42f26ed981cb948afce540 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:58:44 +0200 Subject: [PATCH 73/75] Adapted: become: yes -> become:true --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index f6c0e6cc..2c7dba73 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -25,7 +25,7 @@ - ansible_distribution_major_version | int == 14 - name: Install Oracle Java 8 - become: yes + become: true apt: name=openjdk-8-jdk state=latest when: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 9678f8cb..48c25b98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -202,7 +202,7 @@ path: /etc/security/limits.conf line: elasticsearch - memlock unlimited create: yes - become: yes + become: true when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 @@ -213,7 +213,7 @@ path: /etc/security/limits.d/elasticsearch.conf line: elasticsearch - memlock unlimited create: yes - become: yes + become: true changed_when: false when: - ansible_distribution == "Ubuntu" From 14cd09a0343dd3ee6c4424e44395383bff4dde78 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 13:27:43 +0200 Subject: [PATCH 74/75] version bumping .. --- CHANGELOG.md | 10 ++++++++++ VERSION | 2 +- molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/filebeat/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- .../ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 12 files changed, 22 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af79a017..b4961a77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.3_7.2.0] + +### Added +- Update to Wazuh v3.9.3 ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Fixes for Wazuh components installations' related issues. Such issues were related to determined OS distributions such as `Ubuntu Trusty` and `CetOS 6`. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Created Ansible playbook and role in order to automate the uninstallation of already installed Wazuh components. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) + + ## [v3.9.2_7.1.1] ### Added diff --git a/VERSION b/VERSION index 36af7bee..933ac2d7 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.1" +WAZUH-ANSIBLE_VERSION="v3.9.3" REVISION="3901" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 4e6e25d6..4be45b4e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.0" + return "3.9.3" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 34fce3b3..c8be3ed2 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.1.1') + assert elasticsearch.version.startswith('7.2.0') def test_elasticsearch_is_running(host): diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index a959e48b..106e949d 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -10,4 +10,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.1.1') + assert filebeat.version.startswith('7.2.0') diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index f510aed9..b09e8e20 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.1.1") + assert kibana.contains("7.2.0") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 657cc9ee..48fdfc6e 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.0" + return "3.9.3" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index df1f9ad4..1340dabb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.1.1 +elastic_stack_version: 7.2.0 single_node: false elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ce0c7c40..dcaa0f59 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.1.1 -wazuh_version: 3.9.2 +elastic_stack_version: 7.2.0 +wazuh_version: 3.9.3 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 541c0214..103d61eb 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.1.1 +filebeat_version: 7.2.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ded6d5b9..7d6135ad 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.0 +wazuh_agent_version: 3.9.3 wazuh_managers: - address: 127.0.0.1 port: 1514 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ffa9bef2..a49a059c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.0 +wazuh_manager_api_version: 3.9.3 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 860f398a7c6be2d57482c866a959a9c79d9485b3 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 17 Jul 2019 13:39:29 +0200 Subject: [PATCH 75/75] Bump revision --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 933ac2d7..fe2acb96 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.9.3" -REVISION="3901" +REVISION="3930"