diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index a1c61666..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,12 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "daily" - target-branch: "4.5" diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml new file mode 100644 index 00000000..099f5876 --- /dev/null +++ b/.github/playbooks/aio-wazuh.yml @@ -0,0 +1,67 @@ +- name: Generate certificates prior to converging + hosts: localhost + become: true + become_user: root + roles: + - role: ../../roles/wazuh/wazuh-indexer + vars: + generate_certs: true + perform_installation: false + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node3: + name: wazuh-mgr01 + ip: "127.0.0.1" + role: wazuh + node5: + name: wazuh-dash01 + ip: "127.0.0.1" + role: dashboard + pre_tasks: + - name: overview of cert configuration + debug: + var: wazuh_endpoint_list + +- name: Converge + hosts: localhost + become: true + become_user: root + roles: + # 1. Check packages + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true + # 2. Wazuh indexer + - role: ../../roles/wazuh/wazuh-indexer + vars: + indexer_node_name: "wazuh-es01" + single_node: true + # 3. Managers + - role: ../../roles/wazuh/ansible-wazuh-manager + - role: ../../roles/wazuh/ansible-filebeat-oss + vars: + filebeat_node_name: "wazuh-mgr01" + filebeat_output_indexer_hosts: + - "localhost:9200" + # 4. Wazuh dashboard + - role: ../../roles/wazuh/wazuh-dashboard + vars: + dashboard_node_name: "wazuh-dash01" + vars: + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node3: + name: wazuh-mgr01 + ip: "127.0.0.1" + role: wazuh + node5: + name: wazuh-dash01 + ip: "127.0.0.1" + role: dashboard \ No newline at end of file diff --git a/molecule/default/converge.yml b/.github/playbooks/single-wazuh.yml similarity index 63% rename from molecule/default/converge.yml rename to .github/playbooks/single-wazuh.yml index 62c15859..5f55a22b 100644 --- a/molecule/default/converge.yml +++ b/.github/playbooks/single-wazuh.yml @@ -13,11 +13,20 @@ tags: - generate-certs - name: ConvergeInstall - hosts: all + hosts: localhost roles: + # 1. Check packages + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true + # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager vars: - - { role: ../../roles/wazuh/ansible-filebeat-oss, filebeat_output_indexer_hosts: "indexer_centos7:9200" } + - role: ../../roles/wazuh/ansible-filebeat-oss + vars: + filebeat_output_indexer_hosts: + - "indexer_centos7:9200" pre_tasks: - name: (converge) fix missing packages in cloud images apt: diff --git a/.github/workflows/al_aio.yml b/.github/workflows/al_aio.yml new file mode 100644 index 00000000..cd121303 --- /dev/null +++ b/.github/workflows/al_aio.yml @@ -0,0 +1,67 @@ +--- +name: AIO-AL-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.AL2_AMI_ID }} + ec2-instance-type: t3a.large + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-aio-single-instance: + name: Installs AIO single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Ansible Playbook run Wazuh AIO Single instance + run: ansible-playbook ./.github/playbooks/aio-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-aio-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/al_wazuh.yml b/.github/workflows/al_wazuh.yml new file mode 100644 index 00000000..8200e866 --- /dev/null +++ b/.github/workflows/al_wazuh.yml @@ -0,0 +1,67 @@ +--- +name: Wazuh-AL-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.AL2_AMI_ID }} + ec2-instance-type: t3.small + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-wazuh-single-instance: + name: Installs Wazuh server single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Ansible Playbook run Wazuh Single instance + run: ansible-playbook ./.github/playbooks/single-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-wazuh-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/centos_aio.yml b/.github/workflows/centos_aio.yml new file mode 100644 index 00000000..0d03a168 --- /dev/null +++ b/.github/workflows/centos_aio.yml @@ -0,0 +1,76 @@ +--- +name: AIO-CentOS-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }} + ec2-instance-type: t3a.large + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-aio-single-instance: + name: Installs AIO single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Ansible Playbook run Wazuh AIO Single instance + run: ansible-playbook ./.github/playbooks/aio-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-aio-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/centos_wazuh.yml b/.github/workflows/centos_wazuh.yml new file mode 100644 index 00000000..17e90e39 --- /dev/null +++ b/.github/workflows/centos_wazuh.yml @@ -0,0 +1,76 @@ +--- +name: Wazuh-CentOS-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }} + ec2-instance-type: t3.small + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-wazuh-single-instance: + name: Installs Wazuh server single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Ansible Playbook run Wazuh Single instance + run: ansible-playbook ./.github/playbooks/single-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-wazuh-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index b13122b2..00000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -name: Molecule tests for Wazuh Ansible -on: [pull_request, workflow_dispatch, release] - -jobs: - - scenario-default: - name: Default scenario (smoke) - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - # Hack to get setup-python to work on act - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install poetry - run: pip3 install poetry - - - name: Install dependencies - run: poetry install - - - name: Run Molecule tests. - run: poetry run molecule test -s default - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - - scenario-distributed-wazuh: - name: Distributed Wazuh - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install poetry - run: pip3 install poetry - - - name: Install dependencies - run: poetry install - - - name: Run Molecule tests. - run: poetry run molecule test -s distributed-wazuh - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' diff --git a/.github/workflows/ubuntu_aio.yml b/.github/workflows/ubuntu_aio.yml new file mode 100644 index 00000000..05eb3778 --- /dev/null +++ b/.github/workflows/ubuntu_aio.yml @@ -0,0 +1,76 @@ +--- +name: AIO-Ubuntu-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }} + ec2-instance-type: t3a.large + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-aio-single-instance: + name: Installs AIO single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Ansible Playbook run Wazuh AIO Single instance + run: ansible-playbook ./.github/playbooks/aio-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-aio-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/ubuntu_wazuh.yml b/.github/workflows/ubuntu_wazuh.yml new file mode 100644 index 00000000..64db955e --- /dev/null +++ b/.github/workflows/ubuntu_wazuh.yml @@ -0,0 +1,76 @@ +--- +name: Wazuh-Ubuntu-Single-Instance +on: [pull_request, workflow_dispatch, release] +jobs: + start-runner: + name: Start self-hosted EC2 runner + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }} + ec2-instance-type: t3.small + subnet-id: ${{ secrets.SUBNET_ID }} + security-group-id: ${{ secrets.SG_ID }} + aws-resource-tags: > # optional, requires additional permissions + [ + {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, + {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, + {"Key": "team", "Value": "CICD"}, + {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} + ] + install-wazuh-single-instance: + name: Installs Wazuh server single instance + needs: start-runner # required to start the main job when the runner is ready + runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Ansible Playbook run Wazuh Single instance + run: ansible-playbook ./.github/playbooks/single-wazuh.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + stop-runner: + name: Stop self-hosted EC2 runner + needs: + - start-runner # required to get output from the start-runner job + - install-wazuh-single-instance # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + label: ${{ needs.start-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ab311dc..3413f7d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,12 @@ All notable changes to this project will be documented in this file. - Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440) +## [v4.3.10] + +### Added + +- Update to [Wazuh v4.3.10](https://github.com/wazuh/wazuh/blob/v4.3.10/CHANGELOG.md#v4310) + ## [v4.3.9] ### Added @@ -140,7 +146,7 @@ All notable changes to this project will be documented in this file. - Update to [Wazuh v4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411) - Apply changes in ossec.conf file - Modify jvm.options to [v7.10](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/jvm-options.html) -- Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key +- Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key ## [v4.0.4] diff --git a/README.md b/README.md index 4bb87955..cd9745fe 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,9 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashboard. ## Branches -* `master` branch contains the latest code, be aware of possible bugs on this branch. -* `stable` branch on correspond to the last Wazuh stable version. + +- `master` branch contains the latest code, be aware of possible bugs on this branch. +- `stable` branch on correspond to the last Wazuh stable version. ## Compatibility Matrix @@ -17,6 +18,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb |---------------|---------|--------| | v4.5.0 | | | | v4.4.0 | | | +| v4.3.10 | | | +| v4.4.0 | | | | v4.3.9 | | | | v4.3.8 | | | | v4.3.7 | | | @@ -42,8 +45,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb ## Documentation -* [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) -* [Full documentation](http://documentation.wazuh.com) +- [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) +- [Full documentation](http://documentation.wazuh.com) ## Directory structure @@ -71,10 +74,10 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb │ ├── VERSION │ ├── CHANGELOG.md - ## Example: production-ready distributed environment ### Playbook + The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh indexer nodes and a mixed Wazuh dashboard node (Wazuh indexer data node + Wazuh dashboard). ```yaml @@ -329,6 +332,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https:// ## Example: single-host environment ### Playbook + The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node. ```yaml @@ -394,6 +398,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory After the playbook execution, the Wazuh UI should be reachable through `https://` +## Example: Wazuh server cluster (without Filebeat) + +### Playbook + +The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes. + +```yaml +--- +# Wazuh cluster without Filebeat + - hosts: manager + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + + - hosts: worker01 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' +``` + +### Inventory file + +```ini +[manager] + + +[worker01] + + +[all:vars] +ansible_ssh_user=vagrant +ansible_ssh_private_key_file=/path/to/ssh/key.pem +ansible_ssh_extra_args='-o StrictHostKeyChecking=no' +``` + +### Adding additional workers + +Add the following block at the end of the playbook + +```yaml + - hosts: worker02 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_02' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' +``` + +NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration. + +Add the following lines to the inventory file: + +```ini +[worker02] + +``` + +### Launching the playbook + +```bash +sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory +``` + ## Contribute If you want to contribute to our repository, please fork our Github repository and submit a pull request. @@ -417,4 +539,4 @@ Copyright (C) 2016, Wazuh Inc. (License GPLv2) ## Web references -* [Wazuh website](http://wazuh.com) +- [Wazuh website](http://wazuh.com) diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index 3e21dce2..00000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Smoke test: basic manager run -dependency: - name: galaxy -driver: - name: docker -lint: | - yamllint . - ansible-lint roles - flake8 molecule -platforms: - - name: wazuh_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_debian9 - hostname: wazuh-mgr02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - ansible_args: - - -vv - config_options: - defaults: - hash_behaviour: merge - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: default - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py deleted file mode 100644 index 3368c15f..00000000 --- a/molecule/default/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.5.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), - ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh/INSTALL.rst b/molecule/distributed-wazuh/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/distributed-wazuh/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh/converge.yml b/molecule/distributed-wazuh/converge.yml deleted file mode 100644 index 8ff42c37..00000000 --- a/molecule/distributed-wazuh/converge.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- - -- name: Build Facts - hosts: all - become: true - become_user: root - vars: - endpoints_hostvars: '{{ managers_hostvars | union(indexer_hostvars) | union(dashboard_hostvars) }}' - wazuh_managers_common: - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - max_retries: 5 - retry_interval: 5 - pre_tasks: - - name: (converge) build instances list dynamically for cert generator consumption - set_fact: - wazuh_endpoint_list: "{{ wazuh_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" - vars: - instance_hostname: '{{ item.ansible_facts.hostname }}' - instance_item: - name: '{{ instance_hostname }}' - ip: '{{ item.private_ip }}' - loop: '{{ endpoints_hostvars }}' - no_log: true - - - name: (converge) build wazuh_managers list dynamically for agents to consume - set_fact: - wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}' - vars: - manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}' - loop: '{{ manager_addresses }}' - - - name: overview of cert configuration - debug: - var: wazuh_endpoint_list - -- name: Generate certificates prior to converging - hosts: molecule_wazuh_indexer_centos7 - become: true - become_user: root - roles: - - role: ../../roles/wazuh/wazuh-indexer - vars: - generate_certs: true - perform_installation: false - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node2: - name: wazuh-es02 - ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" - role: indexer - node3: - name: wazuh-mgr01 - ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" - role: wazuh - node_type: master - node4: - name: wazuh-mgr02 - ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" - role: wazuh - node_type: worker - node5: - name: wazuh-dash01 - ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" - role: dashboard - pre_tasks: - - name: overview of cert configuration - debug: - var: wazuh_endpoint_list - -- name: Converge - hosts: all - become: true - become_user: root - roles: - # 1. Wazuh indexer - - role: ../../roles/wazuh/wazuh-indexer - when: inventory_hostname in groups['indexer'] - # 2. Managers - - role: ../../roles/wazuh/ansible-wazuh-manager - when: inventory_hostname in groups['managers'] - - role: ../../roles/wazuh/ansible-filebeat-oss - when: inventory_hostname in groups['managers'] - # 3. Wazuh dashboard - - role: ../../roles/wazuh/wazuh-dashboard - when: inventory_hostname in groups['dashboard'] - # 4. Agents: - - role: ../../roles/wazuh/ansible-wazuh-agent - vars: - wazuh_managers: '{{ wazuh_managers_list }}' - when: inventory_hostname in groups['agents'] - vars: - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node2: - name: wazuh-es02 - ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}" - role: indexer - node3: - name: wazuh-mgr01 - ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}" - role: wazuh - node_type: master - node4: - name: wazuh-mgr02 - ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}" - role: wazuh - node_type: worker - node5: - name: wazuh-dash01 - ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}" - role: dashboard \ No newline at end of file diff --git a/molecule/distributed-wazuh/group_vars/agents.yml b/molecule/distributed-wazuh/group_vars/agents.yml deleted file mode 100644 index e912b255..00000000 --- a/molecule/distributed-wazuh/group_vars/agents.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -wazuh_agent_config: - enrollment: - enabled: 'yes' - #manager_address: '' - #port: 1515 - agent_name: '{{ ansible_hostname }}' - #groups: '' - #agent_address: '' - #server_ca_path: '' - #agent_certificate_path: '' - #agent_key_path: '' - #authorization_pass_path : /var/ossec/etc/authd.pass - #auto_method: 'no' - #delay_after_enrollment: 20 - #use_source_ip: 'no' - -wazuh_agent_authd: - registration_address: '{{ manager_addresses[0] }}' - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh/group_vars/all.yml b/molecule/distributed-wazuh/group_vars/all.yml deleted file mode 100644 index e722ae8c..00000000 --- a/molecule/distributed-wazuh/group_vars/all.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -indexer_hostvars: "{{ groups['indexer'] | map('extract', hostvars) | list }}" -dashboard_hostvars: "{{ groups['dashboard'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -indexer_addresses: "{{ indexer_hostvars | map(attribute='private_ip') | list }}" -dashboard_addresses: "{{ dashboard_hostvars | map(attribute='private_ip') | list }}" - -######################################################## -# General Wazuh stack variables - -# Wazuh indexer/dashboard -dashboard_security: true - -dashboard_user: kibanaserver -indexer_security_user: admin - -dashboard_password: changeme -indexer_security_password: changeme -indexer_admin_password: changeme - -# All nodes are called by IP name -indexer_node_name: '{{ ansible_facts.hostname }}' -dashboard_node_name: '{{ ansible_facts.hostname }}' -filebeat_node_name: '{{ ansible_facts.hostname }}' - -indexer_version: 4.5.0 -filebeat_version: 7.10.2 -wazuh_version: 4.5.0 - -# Debian packages need the ${VERSION} -wazuh_manager_version: 4.5.0 -wazuh_agent_version: 4.5.0 diff --git a/molecule/distributed-wazuh/group_vars/dashboard.yml b/molecule/distributed-wazuh/group_vars/dashboard.yml deleted file mode 100644 index 16f48959..00000000 --- a/molecule/distributed-wazuh/group_vars/dashboard.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -dashboard_server_name: '{{ ansible_hostname }}' -indexer_network_host: "{{ indexer_addresses[0] }}" - -indexer_node_master: false -indexer_node_ingest: false -indexer_node_data: false -role: 'dashboard' - -wazuh_api_credentials: - - id: default - url: 'https://{{ manager_addresses[0] }}' - port: 55000 - username: wazuh - password: wazuh diff --git a/molecule/distributed-wazuh/group_vars/indexer.yml b/molecule/distributed-wazuh/group_vars/indexer.yml deleted file mode 100644 index f8804629..00000000 --- a/molecule/distributed-wazuh/group_vars/indexer.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -single_node: false -indexer_node_master: true -minimum_master_nodes: 1 -role: 'indexer' - -indexer_network_host: '{{ private_ip }}' - -indexer_http_port: 9200 - -indexer_cluster_nodes: '{{ indexer_addresses }}' -indexer_discovery_nodes: '{{ indexer_addresses }}' diff --git a/molecule/distributed-wazuh/group_vars/managers.yml b/molecule/distributed-wazuh/group_vars/managers.yml deleted file mode 100644 index 354136c7..00000000 --- a/molecule/distributed-wazuh/group_vars/managers.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_output_indexer_hosts: '{{ indexer_addresses }}' -node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" -role: 'wazuh' - -wazuh_manager_config: - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - api: - https: 'yes' - cluster: - disable: 'no' - node_name: '{{ ansible_hostname }}' - node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" - nodes: '{{ manager_addresses }}' - hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh/molecule.yml b/molecule/distributed-wazuh/molecule.yml deleted file mode 100644 index d6f1d90b..00000000 --- a/molecule/distributed-wazuh/molecule.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Distributed scenario: clustered manager scenario + connected agents -# 2-core CPU -# 7 GB of RAM memory -# 14 GB of SSD disk space -# -# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners - -dependency: - name: galaxy -driver: - name: docker -lint: | - yamllint . - ansible-lint roles - flake8 molecule -platforms: - ################################################ - # Wazuh Managers - ################################################ - - name: molecule_wazuh_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_wazuh_manager_debian9 - hostname: wazuh-mgr02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Wazuh indexer Cluster - ################################################ - - name: molecule_wazuh_indexer_centos7 - hostname: wazuh-es01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - indexer - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_wazuh_indexer_centos7_2 - hostname: wazuh-es02 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - groups: - - indexer - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Wazuh Agents - ################################################ - - name: molecule_wazuh_agent_centos7 - hostname: wazuh-agent01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: molecule_wazuh_agent_debian9 - hostname: wazuh-agent02 - image: geerlingguy/docker-debian9-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 1024m - memory_reservation: 512m - groups: - - agents - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Wazuh dashboard - ################################################ - - - name: molecule_wazuh_dashboard_centos7 - hostname: wazuh-dash01 - image: geerlingguy/docker-centos7-ansible - command: /sbin/init - pre_build_image: true - privileged: true - memory: 2048m - memory_reservation: 512m - groups: - - dashboard - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - ansible_args: - - -vv - inventory: - links: - group_vars: group_vars - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: distributed-wazuh - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh/tests/test_default.py b/molecule/distributed-wazuh/tests/test_default.py deleted file mode 100644 index 3368c15f..00000000 --- a/molecule/distributed-wazuh/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.5.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), - ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.10.2') diff --git a/playbooks/wazuh-manager-oss-cluster.yml b/playbooks/wazuh-manager-oss-cluster.yml new file mode 100644 index 00000000..57109581 --- /dev/null +++ b/playbooks/wazuh-manager-oss-cluster.yml @@ -0,0 +1,50 @@ +--- +# Wazuh cluster without Filebeat + - hosts: manager + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + + - hosts: worker01 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' diff --git a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 index aeeab17d..a9da9dbd 100644 --- a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 @@ -16,7 +16,7 @@ setup.ilm.enabled: false output.elasticsearch: hosts: {% for item in filebeat_output_indexer_hosts %} - - {{ item }}:9200 + - {{ item }} {% endfor %} {% if filebeat_security %} diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 37ab9afd..1c9af638 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,15 +1,23 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates, gnupg and acl +- name: Debian/Ubuntu | Install ca-certificates and gnupg apt: name: - - apt-transport-https - ca-certificates - - acl - gnupg state: present register: wazuh_agent_ca_package_install until: wazuh_agent_ca_package_install is succeeded +- name: Debian/Ubuntu | Install apt-transport-https and acl + apt: + name: + - apt-transport-https + - acl + state: present + register: wazuh_agent_ca_package_install + until: wazuh_agent_ca_package_install is succeeded + when: not (ansible_distribution == "Debian" and ansible_distribution_major_version in ['11']) + - name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) become: true shell: | diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 1348f3e1..99913e7b 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -125,7 +125,7 @@ - name: Linux | Obtain JWT Token uri: url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' - method: GET + method: POST url_username: '{{ target_manager.api_user }}' url_password: '{{ api_pass }}' status_code: 200 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index f84d3748..d12446b1 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,16 +1,15 @@ --- -- name: Get latest Wazuh release - become: false - shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" - register: wazuh_latest_release - delegate_to: localhost +- include_vars: ../../vars/repo_vars.yml - include_vars: ../../vars/repo.yml - when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge')" + when: packages_repository == 'production' -- include_vars: ../../vars/repo_dev.yml - when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt')" +- include_vars: ../../vars/repo_pre-release.yml + when: packages_repository == 'pre-release' + +- include_vars: ../../vars/repo_staging.yml + when: packages_repository == 'staging' - name: Overlay wazuh_agent_config on top of defaults set_fact: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e27784ca..57ee132d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -9,15 +9,16 @@ - curl state: present -- name: Get latest wazuh release - shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" - register: wazuh_latest_release +- include_vars: ../../vars/repo_vars.yml - include_vars: ../../vars/repo.yml - when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge')" + when: packages_repository == 'production' -- include_vars: ../../vars/repo_dev.yml - when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt')" +- include_vars: ../../vars/repo_pre-release.yml + when: packages_repository == 'pre-release' + +- include_vars: ../../vars/repo_staging.yml + when: packages_repository == 'staging' - name: Overlay wazuh_manager_config on top of defaults set_fact: diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml new file mode 100644 index 00000000..4cfb06cc --- /dev/null +++ b/roles/wazuh/check-packages/defaults/main.yml @@ -0,0 +1,2 @@ +--- +wazuh_version: 4.4.0 diff --git a/roles/wazuh/check-packages/files/packages_uri.txt b/roles/wazuh/check-packages/files/packages_uri.txt new file mode 100644 index 00000000..bd59e004 --- /dev/null +++ b/roles/wazuh/check-packages/files/packages_uri.txt @@ -0,0 +1,6 @@ +yum/wazuh-manager-VERSION-1.x86_64.rpm +apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-1_amd64.deb +yum/wazuh-dashboard-VERSION-1.x86_64.rpm +yum/wazuh-indexer-VERSION-1.x86_64.rpm +apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-1_amd64.deb +yum/wazuh-agent-VERSION-1.x86_64.rpm \ No newline at end of file diff --git a/roles/wazuh/check-packages/scripts/check_packages.sh b/roles/wazuh/check-packages/scripts/check_packages.sh new file mode 100755 index 00000000..20c62047 --- /dev/null +++ b/roles/wazuh/check-packages/scripts/check_packages.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +VERSION=$1 +#echo $VERSION +## Replace VERSION with $VERSION in packages_uri.txt and save it as packages_uri_new.txt +sed 's,VERSION,'$VERSION',g' ../files/packages_uri.txt > ../files/packages_uri_new.txt + +checkPackages(){ + ## Set S3 Bucket URL + if [ $1 == "production" ]; then + echo "production" + PACKAGES_URL=https://packages.wazuh.com/4.x/ + elif [ $1 == "pre-release" ]; then + echo "pre-release" + PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/ + elif [ $1 == "staging" ]; then + echo "staging" + PACKAGES_URL=https://packages-dev.wazuh.com/staging/ + CHECK_WIN_PACKAGE=$(grep windows ../files/packages_uri_new.txt) + echo $CHECK_WIN_PACKAGE + if [ -n "$CHECK_WIN_PACKAGE" ]; then + WIN_AGENT_NAME=$(aws s3 ls s3://packages-dev.wazuh.com/staging/windows/wazuh-agent-$VERSION --region=us-west-1 | tail -1 | awk '{printf $4}') + if [ -z $WIN_AGENT_NAME ]; then + echo "Windows agent package for version " $VERSION " does not exist in the staging repository" + exit 1 + fi + WIN_AGENT_URI="windows/"$WIN_AGENT_NAME + echo $PACKAGES_URL$WIN_AGENT_URI "check" + sed -i 's,windows/.*,'$WIN_AGENT_URI',g' ../files/packages_uri_new.txt + sed -i 's,wazuh_winagent_config_url.*,wazuh_winagent_config_url: \"'$PACKAGES_URL$WIN_AGENT_URI'\",g' ../../vars/repo_staging.yml + sed -i 's,wazuh_winagent_package_name.*,wazuh_winagent_package_name: \"'$WIN_AGENT_NAME'\",g' ../../vars/repo_staging.yml + fi + fi + + ## Set EXISTS to 0 (true) + EXISTS=0 + + ## Loop through the packages_uri_new.txt file + while IFS= read -r URI + do + echo "$URI" + ## Check if the package exists + PACKAGE=$(curl --silent -I $PACKAGES_URL$URI | grep -E "^HTTP" | awk '{print $2}') + ## If it does not exist set EXISTS to 1 (false) + if [ "$PACKAGE" != "200" ]; then + EXISTS=1 + #echo $PACKAGES_URL$URI "does not exist" + return $EXISTS + fi + done < ../files/packages_uri_new.txt + + return $EXISTS +} + +replaceVars(){ + sed -i "s|packages_repository:.*|packages_repository: $1|g" ../../vars/repo_vars.yml + +} + +## Call the checkPackages function for each repository +if checkPackages "production"; then + echo "production" + replaceVars "production" + exit 0 +elif checkPackages "pre-release"; then + echo "pre-release" + replaceVars "pre-release" + exit 0 +elif checkPackages "production"; then + echo "production" + replaceVars "production" + exit 0 +elif checkPackages "staging"; then + echo "staging" + replaceVars "staging" + exit 0 +else + echo "Failed" + exit 1 +fi \ No newline at end of file diff --git a/roles/wazuh/check-packages/tasks/main.yml b/roles/wazuh/check-packages/tasks/main.yml new file mode 100644 index 00000000..bbee623b --- /dev/null +++ b/roles/wazuh/check-packages/tasks/main.yml @@ -0,0 +1,11 @@ +--- + - name: Check packages + shell: | + ./check_packages.sh {{ wazuh_version }} + args: + warn: false + executable: /bin/bash + chdir: "{{ role_path }}/scripts/" + delegate_to: localhost + become: no + diff --git a/roles/wazuh/vars/repo_dev.yml b/roles/wazuh/vars/repo_pre-release.yml similarity index 100% rename from roles/wazuh/vars/repo_dev.yml rename to roles/wazuh/vars/repo_pre-release.yml diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml new file mode 100644 index 00000000..2c2b4966 --- /dev/null +++ b/roles/wazuh/vars/repo_staging.yml @@ -0,0 +1,12 @@ +wazuh_repo: + apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main' + yum: 'https://packages-dev.wazuh.com/staging/yum/' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' +wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" +wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" + +certs_gen_tool_version: 4.4 + +# Url of certificates generator tool +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_vars.yml b/roles/wazuh/vars/repo_vars.yml new file mode 100644 index 00000000..53157764 --- /dev/null +++ b/roles/wazuh/vars/repo_vars.yml @@ -0,0 +1 @@ +packages_repository: production \ No newline at end of file diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index b221bf8a..6ec50215 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -11,7 +11,7 @@ dashboard_server_name: "dashboard" wazuh_version: 4.5.0 indexer_cluster_nodes: - 127.0.0.1 - + # The Wazuh dashboard package repository dashboard_version: "4.5.0" diff --git a/roles/wazuh/wazuh-dashboard/tasks/main.yml b/roles/wazuh/wazuh-dashboard/tasks/main.yml index 44bcaa1c..3f3fa665 100755 --- a/roles/wazuh/wazuh-dashboard/tasks/main.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/main.yml @@ -1,13 +1,14 @@ --- -- name: Get latest wazuh release - shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" - register: wazuh_latest_release +- include_vars: ../../vars/repo_vars.yml - include_vars: ../../vars/repo.yml - when: "wazuh_latest_release.stdout is version(dashboard_version, operator='ge')" + when: packages_repository == 'production' -- include_vars: ../../vars/repo_dev.yml - when: "wazuh_latest_release.stdout is version(dashboard_version, operator='lt')" +- include_vars: ../../vars/repo_pre-release.yml + when: packages_repository == 'pre-release' + +- include_vars: ../../vars/repo_staging.yml + when: packages_repository == 'staging' - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 138ae114..ba2c69a5 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -26,9 +26,9 @@ minimum_master_nodes: 2 # Example es1.example.com, es2.example.com domain_name: wazuh.com -indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig +indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools -indexer_conf_path: /etc/wazuh-indexer/ +indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ # Security password diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index f3afe7f8..48034ae6 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -1,13 +1,14 @@ --- -- name: Get latest wazuh release - shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" - register: wazuh_latest_release +- include_vars: ../../vars/repo_vars.yml - include_vars: ../../vars/repo.yml - when: "wazuh_latest_release.stdout is version(indexer_version, operator='ge')" + when: packages_repository == 'production' -- include_vars: ../../vars/repo_dev.yml - when: "wazuh_latest_release.stdout is version(indexer_version, operator='lt')" +- include_vars: ../../vars/repo_pre-release.yml + when: packages_repository == 'pre-release' + +- include_vars: ../../vars/repo_staging.yml + when: packages_repository == 'staging' - import_tasks: local_actions.yml when: diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 2b481cc2..26b83fd7 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -83,7 +83,7 @@ JAVA_HOME=/usr/share/wazuh-indexer/jdk {{ indexer_sec_plugin_tools_path }}/securityadmin.sh -cd {{ indexer_sec_plugin_conf_path }}/ - -icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/ + -icl -p 9200 -cd {{ indexer_sec_plugin_conf_path }}/ -nhnv -cacert {{ indexer_conf_path }}/certs/root-ca.pem -cert {{ indexer_conf_path }}/certs/admin.pem