afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Conflicts resolved

Browse Source
This commit is contained in:
Gonzalo Acuña 2023-02-01 09:08:19 -03:00
commit 49d1205e7f
No known key found for this signature in database
GPG Key ID: 646BA79A313A2270
33 changed files with 799 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,12 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "pip" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "daily"
target-branch: "4.4"

12
CHANGELOG.md Executable file → Normal file
View File

@ -1,6 +1,12 @@
# Change Log
All notable changes to this project will be documented in this file.
## [v4.4.0]
### Added
- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
## [v4.3.10]
### Added
@ -67,6 +73,12 @@ All notable changes to this project will be documented in this file.
- Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
## [v4.2.6]
### Added
- Update to [Wazuh v4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
## [v4.2.5]
### Added

120
README.md
View File

@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| Wazuh version | Elastic | ODFE |
|---------------|---------|--------|
| v4.4.0 | | |
| v4.3.10 | | |
| v4.3.9 | | |
| v4.3.8 | | |
@ -27,6 +28,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| v4.3.2 | | |
| v4.3.1 | | |
| v4.3.0 | | |
| v4.2.6 | 7.10.2 | 1.13.2 |
| v4.2.5 | 7.10.2 | 1.13.2 |
| v4.2.4 | 7.10.2 | 1.13.2 |
| v4.2.3 | 7.10.2 | 1.13.2 |
@ -394,6 +396,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory
After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>`
## Example: Wazuh server cluster (without Filebeat)
### Playbook
The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes.
```yaml
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
### Inventory file
```ini
[manager]
<your manager master server host>
[worker01]
<your manager worker01 server host>
[all:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=/path/to/ssh/key.pem
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
```
### Adding additional workers
Add the following block at the end of the playbook
```yaml
- hosts: worker02
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_02'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration.
Add the following lines to the inventory file:
```ini
[worker02]
<your manager worker02 server host>
```
### Launching the playbook
```bash
sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory
```
## Contribute
If you want to contribute to our repository, please fork our Github repository and submit a pull request.

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v4.3.10"
REVISION="40323"
WAZUH-ANSIBLE_VERSION="v4.4.0"
REVISION="40400"

2
molecule/default/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.3.10"
return "4.4.0"

36
molecule/distributed-wazuh-elk-xpack/group_vars/all.yml Normal file
View File

@ -0,0 +1,36 @@
---
########################################################
# Helper variables
private_ip: '{{ ansible_default_ipv4.address }}'
managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}"
elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}"
kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}"
manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
########################################################
# Versions
elastic_stack_version: 7.10.2
filebeat_version: 7.10.2
# Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.4.0-1
wazuh_agent_version: 4.4.0-1
# Kibana role appends it automatically.
wazuh_version: 4.4.0
########################################################
# General ELK stack variables
# Xpack Security: autogenerate CA
generate_CA: true
filebeat_xpack_security: true
kibana_xpack_security: true
elasticsearch_xpack_security: true
elasticsearch_xpack_security_user: elastic
elasticsearch_xpack_security_password: elastic_pass

64
molecule/distributed-wazuh-elk-xpack/tests/test_default.py Normal file
View File

@ -0,0 +1,64 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.4.0"
def test_wazuh_packages_are_installed(host):
"""Test the main packages are installed."""
manager = host.package("wazuh-manager")
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test the services are enabled and running.
When assert commands are commented, this means that the service command has
a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
"""
# This currently doesn't work with out current Docker base images
# manager = host.service("wazuh-manager")
# api = host.service("wazuh-api")
# assert manager.is_running
# assert api.is_running
output = host.check_output(
'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
)
assert 'ossec-authd' in output
assert 'wazuh-modulesd' in output
assert 'wazuh-db' in output
assert 'ossec-execd' in output
assert 'ossec-monitord' in output
assert 'ossec-remoted' in output
assert 'ossec-logcollector' in output
assert 'ossec-analysisd' in output
assert 'ossec-syscheckd' in output
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.10.2')

23
molecule/distributed-wazuh-elk/group_vars/all.yml Normal file
View File

@ -0,0 +1,23 @@
---
########################################################
# Helper variables
private_ip: '{{ ansible_default_ipv4.address }}'
managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}"
elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}"
manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
########################################################
# Versions
elastic_stack_version: 7.10.2
filebeat_version: 7.10.2
# Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.4.0-1
wazuh_agent_version: 4.4.0-1
# Kibana role appends it automatically.
wazuh_version: 4.4.0

47
molecule/distributed-wazuh-odfe/group_vars/all.yml Normal file
View File

@ -0,0 +1,47 @@
---
########################################################
# Helper variables
private_ip: '{{ ansible_default_ipv4.address }}'
managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}"
elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}"
kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}"
manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
########################################################
# General ELK stack variables
# OpenDistro
kibana_opendistro_security: true
opendistro_kibana_user: kibanaserver
opendistro_security_user: elastic
opendistro_kibana_password: changeme
opendistro_security_password: admin
opendistro_admin_password: changeme
# All nodes are called by IP name
elasticsearch_node_name: '{{ ansible_hostname }}'
kibana_node_name: '{{ ansible_hostname }}'
filebeat_node_name: '{{ ansible_hostname }}'
########################################################
# Versions
# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/
elastic_stack_version: 7.10.2
opendistro_version: 1.13.2
filebeat_version: 7.10.2
kibana_opendistro_version: 1.13.2-1
# Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.4.0-1
wazuh_agent_version: 4.4.0-1
# Kibana role appends it automatically.
wazuh_version: 4.4.0

64
molecule/distributed-wazuh-odfe/tests/test_default.py Normal file
View File

@ -0,0 +1,64 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.4.0"
def test_wazuh_packages_are_installed(host):
"""Test the main packages are installed."""
manager = host.package("wazuh-manager")
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test the services are enabled and running.
When assert commands are commented, this means that the service command has
a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
"""
# This currently doesn't work with out current Docker base images
# manager = host.service("wazuh-manager")
# api = host.service("wazuh-api")
# assert manager.is_running
# assert api.is_running
output = host.check_output(
'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
)
assert 'ossec-authd' in output
assert 'wazuh-modulesd' in output
assert 'wazuh-db' in output
assert 'ossec-execd' in output
assert 'ossec-monitord' in output
assert 'ossec-remoted' in output
assert 'ossec-logcollector' in output
assert 'ossec-analysisd' in output
assert 'ossec-syscheckd' in output
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.10.2')

8
molecule/distributed-wazuh/group_vars/all.yml
View File

@ -30,10 +30,10 @@ indexer_node_name: '{{ ansible_facts.hostname }}'
dashboard_node_name: '{{ ansible_facts.hostname }}'
filebeat_node_name: '{{ ansible_facts.hostname }}'
indexer_version: 4.3.10
indexer_version: 4.4.0
filebeat_version: 7.10.2
wazuh_version: 4.3.10
wazuh_version: 4.4.0
# Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.3.10
wazuh_agent_version: 4.3.10
wazuh_manager_version: 4.4.0
wazuh_agent_version: 4.4.0

2
molecule/distributed-wazuh/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.3.10"
return "4.4.0"
def test_wazuh_packages_are_installed(host):

50
playbooks/wazuh-manager-oss-cluster.yml Normal file
View File

@ -0,0 +1,50 @@
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'

2
poetry.lock generated
View File

@ -49,7 +49,7 @@ wcmatch = ">=7.0"
community = ["ansible (>=2.10)"]
core = ["ansible-core (>=2.11.4)"]
test = ["coverage (>=6.2,<6.3)", "tomli (>=1.2.3,<2.0.0)", "flaky (>=3.7.0)", "pytest (>=6.0.1)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=2.1.0)", "psutil"]
yamllint = ["yamllint (>=1.25.0)"]
cyamllint = ["yamllint (>=1.25.0)"]
[[package]]
name = "arrow"

2
pyproject.toml
View File

@ -1,6 +1,6 @@
[tool.poetry]
name = "wazuh-ansible"
version = "4.3.10"
version = "4.4.0"
description = ""
authors = ["neonmei <neonmei@pm.me>"]

53
roles/elastic-stack/ansible-kibana/defaults/main.yml Normal file
View File

@ -0,0 +1,53 @@
---
kibana_node_name: node-1
elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
kibana_conf_path: /etc/kibana
elastic_stack_version: 7.10.2
wazuh_version: 4.4.0
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
# API credentials
wazuh_api_credentials:
- id: "default"
url: "https://localhost"
port: 55000
username: "wazuh"
password: "wazuh"
# Xpack Security
kibana_xpack_security: false
kibana_ssl_verification_mode: "full"
elasticsearch_xpack_security_user: elastic
elasticsearch_xpack_security_password: elastic_pass
node_certs_destination: /etc/kibana/certs
# CA Generation
master_certs_path: "{{ playbook_dir }}/es_certs"
generate_CA: true
ca_cert_name: ""
# Nodejs
nodejs:
repo_dict:
debian: "deb"
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

57
roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: Update cache
apt:
update_cache: yes
- name: Debian 9 (Stretch)
when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
block:
- name: Install OpenDistro dependencies
apt:
name: [
'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
]
state: present
- name: Add the repository key for Debian's Stretch Backports repository
ansible.builtin.apt_key:
keyserver: keyserver.ubuntu.com
id: 648ACFD622F3D138
- name: Add openjdk repository
apt_repository:
repo: "{{ package_repos.apt.openjdk.baseurl }}"
state: present
update_cache: yes
filename: 'wazuh-openjdk'
- name: Install openjdk-11-jdk
apt:
name: openjdk-11-jdk
state: present
environment:
JAVA_HOME: /usr
- name: Add Opendistro repository
block:
- name: Add apt repository signing key
apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}"
state: present
- name: Add Opendistro repository
apt_repository:
repo: "{{ package_repos.apt.opendistro.baseurl }}"
state: present
filename: 'wazuh-opendistro'
update_cache: yes
- name: Install OpenDistro
apt:
name: opendistroforelasticsearch={{ opendistro_version }}-1
state: present
register: install
tags: install

60
roles/opendistro/opendistro-kibana/defaults/main.yml Normal file
View File

@ -0,0 +1,60 @@
---
# Kibana configuration
elasticsearch_http_port: 9200
elastic_api_protocol: https
kibana_conf_path: /etc/kibana
kibana_node_name: node-1
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
kibana_server_name: "kibana"
kibana_max_payload_bytes: 1048576
elastic_stack_version: 7.10.2
wazuh_version: 4.4.0
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
# The OpenDistro package repository
kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
package_repos:
yum:
opendistro:
baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
# API credentials
wazuh_api_credentials:
- id: "default"
url: "https://localhost"
port: 55000
username: "wazuh"
password: "wazuh"
# opendistro Security
kibana_opendistro_security: true
kibana_newsfeed_enabled: "false"
kibana_telemetry_optin: "false"
kibana_telemetry_enabled: "false"
opendistro_admin_password: changeme
opendistro_kibana_user: kibanaserver
opendistro_kibana_password: changeme
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
# Nodejs
nodejs:
repo_dict:
debian: "deb"
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

124
roles/opendistro/opendistro-kibana/tasks/main.yml Executable file
View File

@ -0,0 +1,124 @@
---
- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
fail:
msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
when:
- build_from_sources
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "10"
- import_tasks: RedHat.yml
when: ansible_os_family == 'RedHat'
- import_tasks: Debian.yml
when: ansible_os_family == 'Debian'
- name: Remove Kibana configuration file
file:
# noqa 503
path: "{{ kibana_conf_path }}/kibana.yml"
state: absent
tags: install
- import_tasks: security_actions.yml
- name: Copy Configuration File
blockinfile:
block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}"
dest: "{{ kibana_conf_path }}/kibana.yml"
create: true
group: kibana
owner: kibana
mode: 0640
marker: "## {mark} Kibana general settings ##"
notify: restart kibana
tags:
- install
- configure
- name: Ensuring Kibana directory owner
file:
# noqa 208
path: "/usr/share/kibana"
state: directory
owner: kibana
group: kibana
recurse: yes
- name: Build and Install Wazuh Kibana Plugin from sources
import_tasks: build_wazuh_plugin.yml
when:
- build_from_sources is defined
- build_from_sources
- name: Install Wazuh Plugin (can take a while)
shell: >-
NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
args:
executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json
chdir: /usr/share/kibana
become: yes
become_user: kibana
notify: restart kibana
tags:
- install
- skip_ansible_lint
when:
- not build_from_sources
- name: Kibana optimization (can take a while)
shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
args:
executable: /bin/bash
become: yes
become_user: kibana
changed_when: false
tags:
- skip_ansible_lint
- name: Wait for Elasticsearch port
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
- name: Select correct API protocol
set_fact:
elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}"
- name: Attempting to delete legacy Wazuh index if exists
uri:
url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
method: DELETE
user: "admin"
password: "{{ opendistro_admin_password }}"
validate_certs: no
status_code: 200, 404
- name: Create wazuh plugin config directory
file:
path: /usr/share/kibana/data/wazuh/config/
state: directory
recurse: yes
owner: kibana
group: kibana
mode: 0751
changed_when: False
- name: Configure Wazuh Kibana Plugin
template:
src: wazuh.yml.j2
dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
owner: kibana
group: kibana
mode: 0751
changed_when: False
- name: Ensure Kibana started and enabled
service:
name: kibana
enabled: true
state: started
- import_tasks: RMRedHat.yml
when: ansible_os_family == 'RedHat'

13
roles/opendistro/opendistro-kibana/tasks/security_actions.yml Normal file
View File

@ -0,0 +1,13 @@
- block:
- name: Copy the certificates from local to the Kibana instance
copy:
src: "{{ local_certs_path }}/certs/{{ item }}"
dest: /usr/share/kibana
mode: 0644
with_items:
- "root-ca.pem"
- "{{ kibana_node_name }}_http.key"
- "{{ kibana_node_name }}_http.pem"
tags:
- security

2
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
filebeat_version: 7.10.2
wazuh_template_branch: 4.3
wazuh_template_branch: 4.4
filebeat_node_name: node-1

2
roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2
View File

@ -16,7 +16,7 @@ setup.ilm.enabled: false
output.elasticsearch:
hosts:
{% for item in filebeat_output_indexer_hosts %}
- {{ item }}:9200
- {{ item }}
{% endfor %}
{% if filebeat_security %}

36
roles/wazuh/ansible-filebeat/defaults/main.yml Normal file
View File

@ -0,0 +1,36 @@
---
filebeat_version: 7.10.2
wazuh_template_branch: v4.4.0
filebeat_create_config: true
filebeat_node_name: node-1
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module
filebeat_module_folder: /usr/share/filebeat/module/wazuh
# Xpack Security
filebeat_xpack_security: false
elasticsearch_xpack_security_user: elastic
elasticsearch_xpack_security_password: elastic_pass
node_certs_destination: /etc/filebeat/certs
# CA Generation
master_certs_path: "{{ playbook_dir }}/es_certs"
generate_CA: true
ca_cert_name: ""
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'

6
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
wazuh_agent_version: 4.3.10
wazuh_agent_version: 4.4.0
# Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
wazuh_agent_sources_installation:
enabled: false
branch: "v4.3.10"
branch: "v4.4.0"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
@ -54,7 +54,7 @@ wazuh_winagent_config:
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_md5: True
md5: eee54087d25a42ceb27ecf8ad562143f
md5: 8ffa75d13280f1aa6ffca54f4273df4d
wazuh_dir: "/var/ossec"

2
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -125,7 +125,7 @@
- name: Linux | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: GET
method: POST
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200

4
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
wazuh_manager_version: 4.3.10
wazuh_manager_version: 4.4.0
wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present
@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
# Sources installation
wazuh_manager_sources_installation:
enabled: false
branch: "v4.3.10"
branch: "v4.4.0"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"

2
roles/wazuh/check-packages/defaults/main.yml
View File

@ -1,2 +1,2 @@
---
wazuh_version: 4.3.10
wazuh_version: 4.4.0

2
roles/wazuh/vars/repo.yml
View File

@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
certs_gen_tool_version: 4.3
certs_gen_tool_version: 4.4
# Url of certificates generator tool
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

2
roles/wazuh/vars/repo_pre-release.yml
View File

@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
certs_gen_tool_version: 4.3
certs_gen_tool_version: 4.4
# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

4
roles/wazuh/wazuh-dashboard/defaults/main.yml
View File

@ -8,12 +8,12 @@ dashboard_node_name: node-1
dashboard_server_host: "0.0.0.0"
dashboard_server_port: "443"
dashboard_server_name: "dashboard"
wazuh_version: 4.3.10
wazuh_version: 4.4.0
indexer_cluster_nodes:
- 127.0.0.1
# The Wazuh dashboard package repository
dashboard_version: "4.3.10"
dashboard_version: "4.4.0"
# API credentials
wazuh_api_credentials:

3
roles/wazuh/wazuh-dashboard/vars/debian.yml
View File

@ -1,3 +1,2 @@
---
dashboard_version: 4.3.10
dashboard_version: 4.4.0

6
roles/wazuh/wazuh-indexer/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
# Cluster Settings
indexer_version: 4.3.10
indexer_version: 4.4.0
single_node: false
indexer_node_name: node-1
@ -26,9 +26,9 @@ minimum_master_nodes: 2
# Example es1.example.com, es2.example.com
domain_name: wazuh.com
indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security
indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
indexer_conf_path: /etc/wazuh-indexer/
indexer_conf_path: /etc/wazuh-indexer
indexer_index_path: /var/lib/wazuh-indexer/
# Security password

2
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -83,7 +83,7 @@
JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/securityadmin.sh
-cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9200 -cd {{ indexer_sec_plugin_conf_path }}/
-nhnv
-cacert {{ indexer_conf_path }}/certs/root-ca.pem
-cert {{ indexer_conf_path }}/certs/admin.pem