afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: auto-enrollment implementation

Browse Source
This commit is contained in:
Manuel J. Bernal 2020-09-01 22:55:53 +02:00
parent b117407c16
commit 54443102f7
10 changed files with 82 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
playbooks/wazuh-agent.yml
View File

@ -1,10 +1,10 @@
--- ---
- hosts: <your wazuh agents hosts> - hosts: agents
roles: roles:
- ../roles/wazuh/ansible-wazuh-agent - ../roles/wazuh/ansible-wazuh-agent
vars: vars:
wazuh_managers: wazuh_managers:
- address: <your manager IP> - address: 172.16.0.111
port: 1514 port: 1514
protocol: tcp protocol: tcp
api_port: 55000 api_port: 55000
@ -12,9 +12,3 @@
api_user: ansible api_user: ansible
max_retries: 5 max_retries: 5
retry_interval: 5 retry_interval: 5
wazuh_agent_authd:
registration_address: <registration IP>
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

4
playbooks/wazuh-manager.yml
View File

@ -1,8 +1,8 @@
--- ---
- hosts: <WAZUH_MANAGER_HOST> - hosts: managers
roles: roles:
- role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-wazuh-manager
- role: ../roles/wazuh/ansible-filebeat - role: ../roles/wazuh/ansible-filebeat
filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200 filebeat_output_elasticsearch_hosts: 172.16.0.161:9200

14
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -4,9 +4,9 @@ wazuh_agent_version: 3.13.1-1
# Custom packages installation # Custom packages installation
wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_enabled: true
wazuh_custom_packages_installation_agent_deb_url: "" wazuh_custom_packages_installation_agent_deb_url: ""
wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/staging/yum/wazuh-agent-4.0.0-0.40000.20200901.x86_64.rpm"
# Sources installation # Sources installation
@ -295,18 +295,18 @@ wazuh_agent_config:
- key: Env - key: Env
value: Production value: Production
enrollment: enrollment:
enabled: no enabled: ''
manager_address: '' manager_address: ''
port: 1515 port: 1515
agent_name: '' agent_name: 'testname'
groups: '' groups: ''
agent_address: '' agent_address: ''
ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
server_ca_path: '' server_ca_path: ''
agent_certificate_path: '' agent_certificate_path: ''
agent_key_path: '' agent_key_path: ''
authorization_pass: ChangeMe authorization_pass_path : /var/ossec/etc/authd.pass
auto_method: no auto_method: 'no'
delay_after_enrollment: 20 delay_after_enrollment: 20
use_source_ip: no use_source_ip: 'no'
wazuh_agent_nat: false wazuh_agent_nat: false

24
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -1,4 +1,9 @@
--- ---
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
tags:
- config
- include_tasks: "RedHat.yml" - include_tasks: "RedHat.yml"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
@ -42,6 +47,7 @@
- name: Linux | Check if client.keys exists - name: Linux | Check if client.keys exists
stat: path=/var/ossec/etc/client.keys stat: path=/var/ossec/etc/client.keys
register: check_keys register: check_keys
when: wazuh_agent_config.enrollment.enabled == 'yes'
tags: tags:
- config - config
@ -108,7 +114,9 @@
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_agent_authd.registration_address is not none - wazuh_agent_authd.registration_address is not none
when: wazuh_agent_authd.enable when:
- wazuh_agent_authd.enable
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no'
tags: tags:
- config - config
- authd - authd
@ -181,6 +189,7 @@
when: when:
- not wazuh_agent_authd.enable - not wazuh_agent_authd.enable
- not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no'
tags: tags:
- config - config
- api - api
@ -220,6 +229,19 @@
- init - init
- config - config
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "/var/ossec/etc/authd.pass"
owner: ossec
group: ossec
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path | length > 0
tags:
- config
- name: Linux | Ensure Wazuh Agent service is started and enabled - name: Linux | Ensure Wazuh Agent service is started and enabled
service: service:
name: wazuh-agent name: wazuh-agent

1
roles/wazuh/ansible-wazuh-agent/templates/authd_pass.j2 Normal file
View File

@ -0,0 +1 @@
{{ authd_pass }}

63
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -36,6 +36,49 @@
{% endif %} {% endif %}
<auto_restart>{{ wazuh_auto_restart }}</auto_restart> <auto_restart>{{ wazuh_auto_restart }}</auto_restart>
<crypto_method>{{ wazuh_crypto_method }}</crypto_method> <crypto_method>{{ wazuh_crypto_method }}</crypto_method>
{% if wazuh_agent_config.enrollment.enabled | length > 0 %}
<enrollment>
<enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled>
{% if wazuh_agent_config.enrollment.manager_address | length > 0 %}
<manager_address>{{ wazuh_agent_config.enrollment.manager_address }}</manager_address>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_name | length > 0 %}
<agent_name>{{ wazuh_agent_config.enrollment.agent_name }}</agent_name>
{% endif %}
{% if wazuh_agent_config.enrollment.port is defined > 0 %}
<port>{{ wazuh_agent_config.enrollment.port }}</port>
{% endif %}
{% if wazuh_agent_config.enrollment.groups | length > 0 %}
<groups>{{ wazuh_agent_config.enrollment.groups }}</groups>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_address | length > 0 %}
<agent_address>{{ wazuh_agent_config.enrollment.agent_address }}</agent_address>
{% endif %}
{% if wazuh_agent_config.enrollment.server_ca_path | length > 0 %}
<server_ca_path>{{ wazuh_agent_config.enrollment.server_ca_path }}</server_ca_path>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_certificate_path | length > 0 %}
<agent_certificate_path>{{ wazuh_agent_config.enrollment.agent_certificate_path }}</agent_certificate_path>
{% endif %}
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
{% endif %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %}
<authorization_pass>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass>
{% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
{% endif %}
{% if wazuh_agent_config.enrollment.delay_after_enrollment is defined > 0 %}
<delay_after_enrollment>{{ wazuh_agent_config.enrollment.delay_after_enrollment }}</delay_after_enrollment>
{% endif %}
{% if wazuh_agent_config.enrollment.use_source_ip | length > 0 %}
<use_source_ip>{{ wazuh_agent_config.enrollment.use_source_ip }}</use_source_ip>
{% endif %}
</enrollment>
{% endif %}
</client> </client>
<client_buffer> <client_buffer>
@ -45,26 +88,6 @@
<events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second> <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
</client_buffer> </client_buffer>
{% if wazuh_agent_config.enrollment is defined and wazuh_agent_config.enrollment.enabled == 'yes' %}
<enrollment>
<enabled>{{ wazuh_agent_config.enrollment.enabled }}</enabled>
<manager_address>{{ wazuh_agent_config.enrollment.manager_address }}</manager_address>
<port>{{ wazuh_agent_config.enrollment.port }}</port>
<agent_name>{{ wazuh_agent_config.enrollment.agent_name }}</agent_name>
<groups>{{ wazuh_agent_config.enrollment.groups }}</groups>
<agent_address>{{ wazuh_agent_config.enrollment.agent_address }}</agent_address>
<ssl_cipher>{{ wazuh_agent_config.enrollment.ssl_cipher }}</ssl_cipher>
<server_ca_path>{{ wazuh_agent_config.enrollment.server_ca_path }}</server_ca_path>
<agent_certificate_path>{{ wazuh_agent_config.enrollment.agent_certificate_path }}</agent_certificate_path>
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
<authorization_pass>{{ wazuh_agent_config.enrollment.authorization_pass }}</authorization_pass>
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
<delay_after_enrollment>{{ wazuh_agent_config.enrollment.delay_after_enrollment }}</delay_after_enrollment>
<use_source_ip>{{ wazuh_agent_config.enrollment.use_source_ip }}</use_source_ip>
</enrollment>
{% endif %}
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>

1
roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml
View File

@ -1,3 +1,4 @@
--- ---
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. # We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
# authd_pass: 'foobar' # authd_pass: 'foobar'
authd_pass: ultrasecret

2
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -7,7 +7,7 @@ wazuh_manager_package_state: present
# Custom packages installation # Custom packages installation
wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: " +´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
# Sources installation # Sources installation
wazuh_manager_sources_installation: wazuh_manager_sources_installation:

21
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -29,17 +29,6 @@
- not node_service_status.stat.exists - not node_service_status.stat.exists
- wazuh_manager_config.cluster.node_type == "master" - wazuh_manager_config.cluster.node_type == "master"
- name: Installing NodeJS
package:
name: nodejs
state: present
register: nodejs_service_is_installed
until: nodejs_service_is_installed is succeeded
when:
- wazuh_manager_config.cluster.node_type == "master"
tags: init
- include_tasks: "RedHat.yml" - include_tasks: "RedHat.yml"
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
@ -200,7 +189,6 @@
tags: tags:
- config - config
- name: Check if syslog output is enabled - name: Check if syslog output is enabled
set_fact: syslog_output=true set_fact: syslog_output=true
when: item.server is not none when: item.server is not none
@ -368,15 +356,6 @@
tags: tags:
- config - config
- name: Ensure Wazuh API service is started and enabled.
service:
name: "wazuh-api"
enabled: true
state: started
when: wazuh_manager_config.cluster.node_type == "master"
tags:
- config
- name: Create agent groups - name: Create agent groups
command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q"
with_items: with_items: