afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #887 from wazuh/master

Browse Source 
Merge master into 4.5
This commit is contained in:
Gonzalo Acuña 2023-02-01 11:17:21 -03:00 committed by GitHub
commit 5186a00993
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 858 additions and 2117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/dependabot.yml vendored
View File

@ -1,12 +0,0 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "pip" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "daily"
target-branch: "4.5"

67
.github/playbooks/aio-wazuh.yml vendored Normal file
View File

@ -0,0 +1,67 @@
- name: Generate certificates prior to converging
hosts: localhost
become: true
become_user: root
roles:
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Converge
hosts: localhost
become: true
become_user: root
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# 2. Wazuh indexer
- role: ../../roles/wazuh/wazuh-indexer
vars:
indexer_node_name: "wazuh-es01"
single_node: true
# 3. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager
- role: ../../roles/wazuh/ansible-filebeat-oss
vars:
filebeat_node_name: "wazuh-mgr01"
filebeat_output_indexer_hosts:
- "localhost:9200"
# 4. Wazuh dashboard
- role: ../../roles/wazuh/wazuh-dashboard
vars:
dashboard_node_name: "wazuh-dash01"
vars:
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard

13
molecule/default/converge.yml → .github/playbooks/single-wazuh.yml vendored
View File

@ -13,11 +13,20 @@
tags: tags:
- generate-certs - generate-certs
- name: ConvergeInstall - name: ConvergeInstall
hosts: all hosts: localhost
roles: roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# 2. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager - role: ../../roles/wazuh/ansible-wazuh-manager
vars: vars:
- { role: ../../roles/wazuh/ansible-filebeat-oss, filebeat_output_indexer_hosts: "indexer_centos7:9200" } - role: ../../roles/wazuh/ansible-filebeat-oss
vars:
filebeat_output_indexer_hosts:
- "indexer_centos7:9200"
pre_tasks: pre_tasks:
- name: (converge) fix missing packages in cloud images - name: (converge) fix missing packages in cloud images
apt: apt:

67
.github/workflows/al_aio.yml vendored Normal file
View File

@ -0,0 +1,67 @@
---
name: AIO-AL-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.AL2_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

67
.github/workflows/al_wazuh.yml vendored Normal file
View File

@ -0,0 +1,67 @@
---
name: Wazuh-AL-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.AL2_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/centos_aio.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: AIO-CentOS-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/centos_wazuh.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: Wazuh-CentOS-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

66
.github/workflows/main.yml vendored
View File

@ -1,66 +0,0 @@
---
name: Molecule tests for Wazuh Ansible
on: [pull_request, workflow_dispatch, release]
jobs:
scenario-default:
name: Default scenario (smoke)
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
# Hack to get setup-python to work on act
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install poetry
run: pip3 install poetry
- name: Install dependencies
run: poetry install
- name: Run Molecule tests.
run: poetry run molecule test -s default
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
scenario-distributed-wazuh:
name: Distributed Wazuh
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install poetry
run: pip3 install poetry
- name: Install dependencies
run: poetry install
- name: Run Molecule tests.
run: poetry run molecule test -s distributed-wazuh
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'

76
.github/workflows/ubuntu_aio.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: AIO-Ubuntu-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/ubuntu_wazuh.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: Wazuh-Ubuntu-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

8
CHANGELOG.md
View File

@ -13,6 +13,12 @@ All notable changes to this project will be documented in this file.
- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440) - Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
## [v4.3.10]
### Added
- Update to [Wazuh v4.3.10](https://github.com/wazuh/wazuh/blob/v4.3.10/CHANGELOG.md#v4310)
## [v4.3.9] ## [v4.3.9]
### Added ### Added
@ -140,7 +146,7 @@ All notable changes to this project will be documented in this file.
- Update to [Wazuh v4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411) - Update to [Wazuh v4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411)
- Apply changes in ossec.conf file - Apply changes in ossec.conf file
- Modify jvm.options to [v7.10](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/jvm-options.html) - Modify jvm.options to [v7.10](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/jvm-options.html)
- Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key - Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key
## [v4.0.4] ## [v4.0.4]

134
README.md
View File

@ -8,8 +8,9 @@
These playbooks install and configure Wazuh agent, manager and indexer and dashboard. These playbooks install and configure Wazuh agent, manager and indexer and dashboard.
## Branches ## Branches
* `master` branch contains the latest code, be aware of possible bugs on this branch.
* `stable` branch on correspond to the last Wazuh stable version. - `master` branch contains the latest code, be aware of possible bugs on this branch.
- `stable` branch on correspond to the last Wazuh stable version.
## Compatibility Matrix ## Compatibility Matrix
@ -17,6 +18,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
|---------------|---------|--------| |---------------|---------|--------|
| v4.5.0 | | | | v4.5.0 | | |
| v4.4.0 | | | | v4.4.0 | | |
| v4.3.10 | | |
| v4.4.0 | | |
| v4.3.9 | | | | v4.3.9 | | |
| v4.3.8 | | | | v4.3.8 | | |
| v4.3.7 | | | | v4.3.7 | | |
@ -42,8 +45,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
## Documentation ## Documentation
* [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) - [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
* [Full documentation](http://documentation.wazuh.com) - [Full documentation](http://documentation.wazuh.com)
## Directory structure ## Directory structure
@ -71,10 +74,10 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
│ ├── VERSION │ ├── VERSION
│ ├── CHANGELOG.md │ ├── CHANGELOG.md
## Example: production-ready distributed environment ## Example: production-ready distributed environment
### Playbook ### Playbook
The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh indexer nodes and a mixed Wazuh dashboard node (Wazuh indexer data node + Wazuh dashboard). The hereunder example playbook uses the `wazuh-ansible` role to provision a production-ready Wazuh environment. The architecture includes 2 Wazuh nodes, 3 Wazuh indexer nodes and a mixed Wazuh dashboard node (Wazuh indexer data node + Wazuh dashboard).
```yaml ```yaml
@ -329,6 +332,7 @@ After the playbook execution, the Wazuh UI should be reachable through `https://
## Example: single-host environment ## Example: single-host environment
### Playbook ### Playbook
The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node. The hereunder example playbook uses the `wazuh-ansible` role to provision a single-host Wazuh environment. This architecture includes all the Wazuh and Opensearch components in a single node.
```yaml ```yaml
@ -394,6 +398,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory
After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>` After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>`
## Example: Wazuh server cluster (without Filebeat)
### Playbook
The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes.
```yaml
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
### Inventory file
```ini
[manager]
<your manager master server host>
[worker01]
<your manager worker01 server host>
[all:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=/path/to/ssh/key.pem
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
```
### Adding additional workers
Add the following block at the end of the playbook
```yaml
- hosts: worker02
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_02'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration.
Add the following lines to the inventory file:
```ini
[worker02]
<your manager worker02 server host>
```
### Launching the playbook
```bash
sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory
```
## Contribute ## Contribute
If you want to contribute to our repository, please fork our Github repository and submit a pull request. If you want to contribute to our repository, please fork our Github repository and submit a pull request.
@ -417,4 +539,4 @@ Copyright (C) 2016, Wazuh Inc. (License GPLv2)
## Web references ## Web references
* [Wazuh website](http://wazuh.com) - [Wazuh website](http://wazuh.com)

16
molecule/default/INSTALL.rst
View File

@ -1,16 +0,0 @@
*******
Install
*******
Requirements
============
* Docker Engine
* docker-py
Install
=======
.. code-block:: bash
$ sudo pip install docker-py

69
molecule/default/molecule.yml
View File

@ -1,69 +0,0 @@
---
# Smoke test: basic manager run
dependency:
name: galaxy
driver:
name: docker
lint: |
yamllint .
ansible-lint roles
flake8 molecule
platforms:
- name: wazuh_manager_centos7
hostname: wazuh-mgr01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: wazuh_manager_debian9
hostname: wazuh-mgr02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
provisioner:
name: ansible
ansible_args:
- -vv
config_options:
defaults:
hash_behaviour: merge
playbooks:
create: create.yml
converge: converge.yml
#destroy: destroy.yml
env:
ANSIBLE_ROLES_PATH: ./roles
lint:
name: ansible-lint
enabled: false
scenario:
name: default
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
#- idempotence
#- verify
- cleanup
- destroy
verifier:
name: testinfra

64
molecule/default/tests/test_default.py
View File

@ -1,64 +0,0 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.5.0"
def test_wazuh_packages_are_installed(host):
"""Test the main packages are installed."""
manager = host.package("wazuh-manager")
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test the services are enabled and running.
When assert commands are commented, this means that the service command has
a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
"""
# This currently doesn't work with out current Docker base images
# manager = host.service("wazuh-manager")
# api = host.service("wazuh-api")
# assert manager.is_running
# assert api.is_running
output = host.check_output(
'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
)
assert 'ossec-authd' in output
assert 'wazuh-modulesd' in output
assert 'wazuh-db' in output
assert 'ossec-execd' in output
assert 'ossec-monitord' in output
assert 'ossec-remoted' in output
assert 'ossec-logcollector' in output
assert 'ossec-analysisd' in output
assert 'ossec-syscheckd' in output
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.10.2')

16
molecule/distributed-wazuh/INSTALL.rst
View File

@ -1,16 +0,0 @@
*******
Install
*******
Requirements
============
* Docker Engine
* docker-py
Install
=======
.. code-block:: bash
$ sudo pip install docker-py

121
molecule/distributed-wazuh/converge.yml
View File

@ -1,121 +0,0 @@
---
- name: Build Facts
hosts: all
become: true
become_user: root
vars:
endpoints_hostvars: '{{ managers_hostvars | union(indexer_hostvars) | union(dashboard_hostvars) }}'
wazuh_managers_common:
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
max_retries: 5
retry_interval: 5
pre_tasks:
- name: (converge) build instances list dynamically for cert generator consumption
set_fact:
wazuh_endpoint_list: "{{ wazuh_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}"
vars:
instance_hostname: '{{ item.ansible_facts.hostname }}'
instance_item:
name: '{{ instance_hostname }}'
ip: '{{ item.private_ip }}'
loop: '{{ endpoints_hostvars }}'
no_log: true
- name: (converge) build wazuh_managers list dynamically for agents to consume
set_fact:
wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}'
vars:
manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}'
loop: '{{ manager_addresses }}'
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Generate certificates prior to converging
hosts: molecule_wazuh_indexer_centos7
become: true
become_user: root
roles:
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: wazuh-es02
ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}"
role: indexer
node3:
name: wazuh-mgr01
ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}"
role: wazuh
node_type: master
node4:
name: wazuh-mgr02
ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}"
role: wazuh
node_type: worker
node5:
name: wazuh-dash01
ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Converge
hosts: all
become: true
become_user: root
roles:
# 1. Wazuh indexer
- role: ../../roles/wazuh/wazuh-indexer
when: inventory_hostname in groups['indexer']
# 2. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager
when: inventory_hostname in groups['managers']
- role: ../../roles/wazuh/ansible-filebeat-oss
when: inventory_hostname in groups['managers']
# 3. Wazuh dashboard
- role: ../../roles/wazuh/wazuh-dashboard
when: inventory_hostname in groups['dashboard']
# 4. Agents:
- role: ../../roles/wazuh/ansible-wazuh-agent
vars:
wazuh_managers: '{{ wazuh_managers_list }}'
when: inventory_hostname in groups['agents']
vars:
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: wazuh-es02
ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}"
role: indexer
node3:
name: wazuh-mgr01
ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}"
role: wazuh
node_type: master
node4:
name: wazuh-mgr02
ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}"
role: wazuh
node_type: worker
node5:
name: wazuh-dash01
ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}"
role: dashboard

24
molecule/distributed-wazuh/group_vars/agents.yml
View File

@ -1,24 +0,0 @@
---
wazuh_agent_config:
enrollment:
enabled: 'yes'
#manager_address: ''
#port: 1515
agent_name: '{{ ansible_hostname }}'
#groups: ''
#agent_address: ''
#server_ca_path: ''
#agent_certificate_path: ''
#agent_key_path: ''
#authorization_pass_path : /var/ossec/etc/authd.pass
#auto_method: 'no'
#delay_after_enrollment: 20
#use_source_ip: 'no'
wazuh_agent_authd:
registration_address: '{{ manager_addresses[0] }}'
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

39
molecule/distributed-wazuh/group_vars/all.yml
View File

@ -1,39 +0,0 @@
---
########################################################
# Helper variables
private_ip: '{{ ansible_default_ipv4.address }}'
managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}"
indexer_hostvars: "{{ groups['indexer'] | map('extract', hostvars) | list }}"
dashboard_hostvars: "{{ groups['dashboard'] | map('extract', hostvars) | list }}"
manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
indexer_addresses: "{{ indexer_hostvars | map(attribute='private_ip') | list }}"
dashboard_addresses: "{{ dashboard_hostvars | map(attribute='private_ip') | list }}"
########################################################
# General Wazuh stack variables
# Wazuh indexer/dashboard
dashboard_security: true
dashboard_user: kibanaserver
indexer_security_user: admin
dashboard_password: changeme
indexer_security_password: changeme
indexer_admin_password: changeme
# All nodes are called by IP name
indexer_node_name: '{{ ansible_facts.hostname }}'
dashboard_node_name: '{{ ansible_facts.hostname }}'
filebeat_node_name: '{{ ansible_facts.hostname }}'
indexer_version: 4.5.0
filebeat_version: 7.10.2
wazuh_version: 4.5.0
# Debian packages need the ${VERSION}
wazuh_manager_version: 4.5.0
wazuh_agent_version: 4.5.0

16
molecule/distributed-wazuh/group_vars/dashboard.yml
View File

@ -1,16 +0,0 @@
---
dashboard_server_name: '{{ ansible_hostname }}'
indexer_network_host: "{{ indexer_addresses[0] }}"
indexer_node_master: false
indexer_node_ingest: false
indexer_node_data: false
role: 'dashboard'
wazuh_api_credentials:
- id: default
url: 'https://{{ manager_addresses[0] }}'
port: 55000
username: wazuh
password: wazuh

13
molecule/distributed-wazuh/group_vars/indexer.yml
View File

@ -1,13 +0,0 @@
---
single_node: false
indexer_node_master: true
minimum_master_nodes: 1
role: 'indexer'
indexer_network_host: '{{ private_ip }}'
indexer_http_port: 9200
indexer_cluster_nodes: '{{ indexer_addresses }}'
indexer_discovery_nodes: '{{ indexer_addresses }}'

21
molecule/distributed-wazuh/group_vars/managers.yml
View File

@ -1,21 +0,0 @@
---
wazuh_manager_fqdn: '{{ ansible_hostname }}'
filebeat_output_indexer_hosts: '{{ indexer_addresses }}'
node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}"
role: 'wazuh'
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: '{{ ansible_hostname }}'
node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}"
nodes: '{{ manager_addresses }}'
hidden: 'no'

162
molecule/distributed-wazuh/molecule.yml
View File

@ -1,162 +0,0 @@
---
# Distributed scenario: clustered manager scenario + connected agents
# 2-core CPU
# 7 GB of RAM memory
# 14 GB of SSD disk space
#
# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners
dependency:
name: galaxy
driver:
name: docker
lint: |
yamllint .
ansible-lint roles
flake8 molecule
platforms:
################################################
# Wazuh Managers
################################################
- name: molecule_wazuh_manager_centos7
hostname: wazuh-mgr01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_manager_debian9
hostname: wazuh-mgr02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh indexer Cluster
################################################
- name: molecule_wazuh_indexer_centos7
hostname: wazuh-es01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 4096m
memory_reservation: 2048m
groups:
- indexer
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_indexer_centos7_2
hostname: wazuh-es02
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 4096m
memory_reservation: 2048m
groups:
- indexer
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh Agents
################################################
- name: molecule_wazuh_agent_centos7
hostname: wazuh-agent01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 1024m
memory_reservation: 512m
groups:
- agents
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_agent_debian9
hostname: wazuh-agent02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 1024m
memory_reservation: 512m
groups:
- agents
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh dashboard
################################################
- name: molecule_wazuh_dashboard_centos7
hostname: wazuh-dash01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 2048m
memory_reservation: 512m
groups:
- dashboard
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
provisioner:
name: ansible
ansible_args:
- -vv
inventory:
links:
group_vars: group_vars
playbooks:
create: create.yml
converge: converge.yml
#destroy: destroy.yml
config_options:
defaults:
hash_behaviour: merge
env:
ANSIBLE_ROLES_PATH: ./roles
lint:
name: ansible-lint
enabled: false
scenario:
name: distributed-wazuh
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
#- idempotence
#- verify
- cleanup
- destroy
verifier:
name: testinfra

64
molecule/distributed-wazuh/tests/test_default.py
View File

@ -1,64 +0,0 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This return the version of Wazuh."""
return "4.5.0"
def test_wazuh_packages_are_installed(host):
"""Test the main packages are installed."""
manager = host.package("wazuh-manager")
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test the services are enabled and running.
When assert commands are commented, this means that the service command has
a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
"""
# This currently doesn't work with out current Docker base images
# manager = host.service("wazuh-manager")
# api = host.service("wazuh-api")
# assert manager.is_running
# assert api.is_running
output = host.check_output(
'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
)
assert 'ossec-authd' in output
assert 'wazuh-modulesd' in output
assert 'wazuh-db' in output
assert 'ossec-execd' in output
assert 'ossec-monitord' in output
assert 'ossec-remoted' in output
assert 'ossec-logcollector' in output
assert 'ossec-analysisd' in output
assert 'ossec-syscheckd' in output
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.10.2')

50
playbooks/wazuh-manager-oss-cluster.yml Normal file
View File

@ -0,0 +1,50 @@
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'

1342
poetry.lock generated
View File

File diff suppressed because it is too large Load Diff

28
pyproject.toml
View File

@ -1,28 +0,0 @@
[tool.poetry]
name = "wazuh-ansible"
version = "4.5.0"
description = ""
authors = ["neonmei <neonmei@pm.me>"]
[tool.poetry.dependencies]
python = "^3.6"
# Pin ansible version to that currently present on awx
ansible = "==4.10.0"
jinja2 = "^3.0.3"
[tool.poetry.dev-dependencies]
pytest = "^7.0"
ansible-lint = "^5.4.0"
flake8 = "^4.0.1"
selinux = "^0.2.1"
yamllint = "^1.26.3"
# minimum version is 3.0.3, because we need docker memory limitation
# https://github.com/ansible-community/molecule/pull/2615
molecule = {extras = ["docker"], version = "==3.3.4"}
testinfra = "^6.0.0"
[build-system]
requires = ["poetry>=1.1.8"]
build-backend = "poetry.masonry.api"

2
roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2
View File

@ -16,7 +16,7 @@ setup.ilm.enabled: false
output.elasticsearch: output.elasticsearch:
hosts: hosts:
{% for item in filebeat_output_indexer_hosts %} {% for item in filebeat_output_indexer_hosts %}
- {{ item }}:9200 - {{ item }}
{% endfor %} {% endfor %}
{% if filebeat_security %} {% if filebeat_security %}

14
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -1,15 +1,23 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates, gnupg and acl - name: Debian/Ubuntu | Install ca-certificates and gnupg
apt: apt:
name: name:
- apt-transport-https
- ca-certificates - ca-certificates
- acl
- gnupg - gnupg
state: present state: present
register: wazuh_agent_ca_package_install register: wazuh_agent_ca_package_install
until: wazuh_agent_ca_package_install is succeeded until: wazuh_agent_ca_package_install is succeeded
- name: Debian/Ubuntu | Install apt-transport-https and acl
apt:
name:
- apt-transport-https
- acl
state: present
register: wazuh_agent_ca_package_install
until: wazuh_agent_ca_package_install is succeeded
when: not (ansible_distribution == "Debian" and ansible_distribution_major_version in ['11'])
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) - name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
become: true become: true
shell: | shell: |

2
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -125,7 +125,7 @@
- name: Linux | Obtain JWT Token - name: Linux | Obtain JWT Token
uri: uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: GET method: POST
url_username: '{{ target_manager.api_user }}' url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}' url_password: '{{ api_pass }}'
status_code: 200 status_code: 200

15
roles/wazuh/ansible-wazuh-agent/tasks/main.yml
View File

@ -1,16 +1,15 @@
--- ---
- name: Get latest Wazuh release - include_vars: ../../vars/repo_vars.yml
become: false
shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
register: wazuh_latest_release
delegate_to: localhost
- include_vars: ../../vars/repo.yml - include_vars: ../../vars/repo.yml
when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge')" when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml - include_vars: ../../vars/repo_pre-release.yml
when: "wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt')" when: packages_repository == 'pre-release'
- include_vars: ../../vars/repo_staging.yml
when: packages_repository == 'staging'
- name: Overlay wazuh_agent_config on top of defaults - name: Overlay wazuh_agent_config on top of defaults
set_fact: set_fact:

13
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -9,15 +9,16 @@
- curl - curl
state: present state: present
- name: Get latest wazuh release - include_vars: ../../vars/repo_vars.yml
shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
register: wazuh_latest_release
- include_vars: ../../vars/repo.yml - include_vars: ../../vars/repo.yml
when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge')" when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml - include_vars: ../../vars/repo_pre-release.yml
when: "wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt')" when: packages_repository == 'pre-release'
- include_vars: ../../vars/repo_staging.yml
when: packages_repository == 'staging'
- name: Overlay wazuh_manager_config on top of defaults - name: Overlay wazuh_manager_config on top of defaults
set_fact: set_fact:

2
roles/wazuh/check-packages/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
wazuh_version: 4.4.0

6
roles/wazuh/check-packages/files/packages_uri.txt Normal file
View File

@ -0,0 +1,6 @@
yum/wazuh-manager-VERSION-1.x86_64.rpm
apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-1_amd64.deb
yum/wazuh-dashboard-VERSION-1.x86_64.rpm
yum/wazuh-indexer-VERSION-1.x86_64.rpm
apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-1_amd64.deb
yum/wazuh-agent-VERSION-1.x86_64.rpm

80
roles/wazuh/check-packages/scripts/check_packages.sh Executable file
View File

@ -0,0 +1,80 @@
#!/bin/bash
VERSION=$1
#echo $VERSION
## Replace VERSION with $VERSION in packages_uri.txt and save it as packages_uri_new.txt
sed 's,VERSION,'$VERSION',g' ../files/packages_uri.txt > ../files/packages_uri_new.txt
checkPackages(){
## Set S3 Bucket URL
if [ $1 == "production" ]; then
echo "production"
PACKAGES_URL=https://packages.wazuh.com/4.x/
elif [ $1 == "pre-release" ]; then
echo "pre-release"
PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/
elif [ $1 == "staging" ]; then
echo "staging"
PACKAGES_URL=https://packages-dev.wazuh.com/staging/
CHECK_WIN_PACKAGE=$(grep windows ../files/packages_uri_new.txt)
echo $CHECK_WIN_PACKAGE
if [ -n "$CHECK_WIN_PACKAGE" ]; then
WIN_AGENT_NAME=$(aws s3 ls s3://packages-dev.wazuh.com/staging/windows/wazuh-agent-$VERSION --region=us-west-1 | tail -1 | awk '{printf $4}')
if [ -z $WIN_AGENT_NAME ]; then
echo "Windows agent package for version " $VERSION " does not exist in the staging repository"
exit 1
fi
WIN_AGENT_URI="windows/"$WIN_AGENT_NAME
echo $PACKAGES_URL$WIN_AGENT_URI "check"
sed -i 's,windows/.*,'$WIN_AGENT_URI',g' ../files/packages_uri_new.txt
sed -i 's,wazuh_winagent_config_url.*,wazuh_winagent_config_url: \"'$PACKAGES_URL$WIN_AGENT_URI'\",g' ../../vars/repo_staging.yml
sed -i 's,wazuh_winagent_package_name.*,wazuh_winagent_package_name: \"'$WIN_AGENT_NAME'\",g' ../../vars/repo_staging.yml
fi
fi
## Set EXISTS to 0 (true)
EXISTS=0
## Loop through the packages_uri_new.txt file
while IFS= read -r URI
do
echo "$URI"
## Check if the package exists
PACKAGE=$(curl --silent -I $PACKAGES_URL$URI | grep -E "^HTTP" | awk '{print $2}')
## If it does not exist set EXISTS to 1 (false)
if [ "$PACKAGE" != "200" ]; then
EXISTS=1
#echo $PACKAGES_URL$URI "does not exist"
return $EXISTS
fi
done < ../files/packages_uri_new.txt
return $EXISTS
}
replaceVars(){
sed -i "s|packages_repository:.*|packages_repository: $1|g" ../../vars/repo_vars.yml
}
## Call the checkPackages function for each repository
if checkPackages "production"; then
echo "production"
replaceVars "production"
exit 0
elif checkPackages "pre-release"; then
echo "pre-release"
replaceVars "pre-release"
exit 0
elif checkPackages "production"; then
echo "production"
replaceVars "production"
exit 0
elif checkPackages "staging"; then
echo "staging"
replaceVars "staging"
exit 0
else
echo "Failed"
exit 1
fi

11
roles/wazuh/check-packages/tasks/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Check packages
shell: |
./check_packages.sh {{ wazuh_version }}
args:
warn: false
executable: /bin/bash
chdir: "{{ role_path }}/scripts/"
delegate_to: localhost
become: no

0
roles/wazuh/vars/repo_dev.yml → roles/wazuh/vars/repo_pre-release.yml
View File

12
roles/wazuh/vars/repo_staging.yml Normal file
View File

@ -0,0 +1,12 @@
wazuh_repo:
apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main'
yum: 'https://packages-dev.wazuh.com/staging/yum/'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
certs_gen_tool_version: 4.4
# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

1
roles/wazuh/vars/repo_vars.yml Normal file
View File

@ -0,0 +1 @@
packages_repository: production

2
roles/wazuh/wazuh-dashboard/defaults/main.yml
View File

@ -11,7 +11,7 @@ dashboard_server_name: "dashboard"
wazuh_version: 4.5.0 wazuh_version: 4.5.0
indexer_cluster_nodes: indexer_cluster_nodes:
- 127.0.0.1 - 127.0.0.1
# The Wazuh dashboard package repository # The Wazuh dashboard package repository
dashboard_version: "4.5.0" dashboard_version: "4.5.0"

13
roles/wazuh/wazuh-dashboard/tasks/main.yml
View File

@ -1,13 +1,14 @@
--- ---
- name: Get latest wazuh release - include_vars: ../../vars/repo_vars.yml
shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
register: wazuh_latest_release
- include_vars: ../../vars/repo.yml - include_vars: ../../vars/repo.yml
when: "wazuh_latest_release.stdout is version(dashboard_version, operator='ge')" when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml - include_vars: ../../vars/repo_pre-release.yml
when: "wazuh_latest_release.stdout is version(dashboard_version, operator='lt')" when: packages_repository == 'pre-release'
- include_vars: ../../vars/repo_staging.yml
when: packages_repository == 'staging'
- import_tasks: RedHat.yml - import_tasks: RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'

4
roles/wazuh/wazuh-indexer/defaults/main.yml
View File

@ -26,9 +26,9 @@ minimum_master_nodes: 2
# Example es1.example.com, es2.example.com # Example es1.example.com, es2.example.com
domain_name: wazuh.com domain_name: wazuh.com
indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security
indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
indexer_conf_path: /etc/wazuh-indexer/ indexer_conf_path: /etc/wazuh-indexer
indexer_index_path: /var/lib/wazuh-indexer/ indexer_index_path: /var/lib/wazuh-indexer/
# Security password # Security password

13
roles/wazuh/wazuh-indexer/tasks/main.yml
View File

@ -1,13 +1,14 @@
--- ---
- name: Get latest wazuh release - include_vars: ../../vars/repo_vars.yml
shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-"
register: wazuh_latest_release
- include_vars: ../../vars/repo.yml - include_vars: ../../vars/repo.yml
when: "wazuh_latest_release.stdout is version(indexer_version, operator='ge')" when: packages_repository == 'production'
- include_vars: ../../vars/repo_dev.yml - include_vars: ../../vars/repo_pre-release.yml
when: "wazuh_latest_release.stdout is version(indexer_version, operator='lt')" when: packages_repository == 'pre-release'
- include_vars: ../../vars/repo_staging.yml
when: packages_repository == 'staging'
- import_tasks: local_actions.yml - import_tasks: local_actions.yml
when: when:

2
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -83,7 +83,7 @@
JAVA_HOME=/usr/share/wazuh-indexer/jdk JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/securityadmin.sh {{ indexer_sec_plugin_tools_path }}/securityadmin.sh
-cd {{ indexer_sec_plugin_conf_path }}/ -cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/ -icl -p 9200 -cd {{ indexer_sec_plugin_conf_path }}/
-nhnv -nhnv
-cacert {{ indexer_conf_path }}/certs/root-ca.pem -cacert {{ indexer_conf_path }}/certs/root-ca.pem
-cert {{ indexer_conf_path }}/certs/admin.pem -cert {{ indexer_conf_path }}/certs/admin.pem