From 949aa7f043c8e9f72c3ceaf8f23f972abadd6b74 Mon Sep 17 00:00:00 2001 From: cadoming Date: Thu, 17 Jan 2019 15:42:11 +0000 Subject: [PATCH 1/4] adapt new version (3.8.0-6.5.4) --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/main.yml | 3 +- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-agent/tasks/Debian.yml | 4 +- .../ansible-wazuh-agent/tasks/RedHat.yml | 12 +- .../ansible-wazuh-agent/tasks/Windows.yml | 3 +- .../ansible-wazuh-manager/tasks/Debian.yml | 4 +- .../ansible-wazuh-manager/tasks/RedHat.yml | 8 +- .../ansible-wazuh-manager/tasks/main.yml | 19 - .../ansible-wazuh-manager/tasks/main.yml.save | 383 ++++++++++++++++++ 10 files changed, 403 insertions(+), 37 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 5ccbdbab..e4a61c07 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 -wazuh_version: 3.7.2 +wazuh_version: 3.8.0 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index db85a112..c0dc824b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,7 +46,8 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + #shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 42e13eec..52521a7d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.7.0' + version: '3.8.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..22a4210d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8aebbda8..29b0b632 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int > 5 @@ -13,8 +13,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 @@ -23,8 +23,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 913f2453..08bf1f14 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -23,7 +23,8 @@ - name: Windows | Downloading windows Wazuh agent installer win_get_url: dest: C:\wazuh-agent-installer.msi - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi when: - correct_version is not defined diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..6d8de4f0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 27eea91b..c83d3388 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -36,8 +36,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") @@ -46,8 +46,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b1c6fcf2..f5c8ba3d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -235,25 +235,6 @@ tags: - config -- name: Check if ossec-authd is enabled - shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: authd_enabled - tags: - - config - -- name: Enable ossec-authd - command: /var/ossec/bin/ossec-control enable auth - notify: restart wazuh-manager - when: - - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout - - wazuh_manager_config.authd.enable == true - tags: - - config - - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save new file mode 100644 index 00000000..26b5f5ac --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save @@ -0,0 +1,383 @@ +--- +- import_tasks: "RedHat.yml" + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") + +- import_tasks: "Debian.yml" + when: ansible_os_family == "Debian" + +- name: Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - wazuh-api + - expect + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6' + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install wazuh-manager and expect (EL5) + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - expect + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + tags: + - init + +- name: Generate SSL files for authd + command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" + args: + creates: sslmanager.cert + chdir: /var/ossec/etc/ + tags: + - config + when: not wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Copy CA, SSL key and cert for authd + copy: + src: "{{ item }}" + dest: "/var/ossec/etc/{{ item | basename }}" + mode: 0644 + with_items: + - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" + - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" + - "{{ wazuh_manager_config.authd.ssl_manager_key }}" + tags: + - config + when: wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Verifying for old init authd service + stat: path=/etc/init.d/ossec-authd + register: old_authd_service + tags: + - config + +- name: Verifying for old systemd authd service + stat: path=/lib/systemd/system/ossec-authd.service + register: old_authd_service + tags: + - config + +- name: Ensure ossec-authd service is disabled + service: name=ossec-authd enabled=no state=stopped + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Removing old init authd services + file: path="{{ item }}" state=absent + with_items: + - "/etc/init.d/ossec-authd" + - "/lib/systemd/system/ossec-authd.service" + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Installing the local_rules.xml (default local_rules.xml) + template: src=var-ossec-rules-local_rules.xml.j2 + dest=/var/ossec/etc/rules/local_rules.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local rules files + copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" + dest=/var/ossec/etc/rules/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Installing the local_decoder.xml + template: src=var-ossec-rules-local_decoder.xml.j2 + dest=/var/ossec/etc/decoders/local_decoder.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local decoders files + copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" + dest=/var/ossec/etc/decoders/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Configure the shared-agent.conf + template: + src: var-ossec-etc-shared-agent.conf.j2 + dest: /var/ossec/etc/shared/default/agent.conf + owner: ossec + group: ossec + mode: 0640 + validate: '/var/ossec/bin/verify-agent-conf -f %s' + notify: restart wazuh-manager + tags: + - init + - config + +- name: Installing the config.js (api configuration) + template: src=var-ossec-api-configuration-config.js.j2 + dest=/var/ossec/api/configuration/config.js + owner=root + group=ossec + mode=0740 + notify: restart wazuh-api + tags: + - init + - config + +- name: Installing the local_internal_options.conf + template: src=var-ossec-etc-local-internal-options.conf.j2 + dest=/var/ossec/etc/local_internal_options.conf + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Retrieving Agentless Credentials + include_vars: agentless_creds.yml + tags: + - config + +- name: Retrieving authd Credentials + include_vars: authd_pass.yml + tags: + - config + +- name: Retrieving Wazuh-API User Credentials + include_vars: wazuh_api_creds.yml + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Retrieving CDB lists + include_vars: cdb_lists.yml + tags: + - config + +- name: Check if syslog output is enabled + set_fact: syslog_output=true + when: item.server is not none + with_items: + - "{{ wazuh_manager_config.syslog_outputs }}" + tags: + - config + +- name: Check if client-syslog is enabled + shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: csyslog_enabled + tags: + - config + +- name: Enable client-syslog + command: /var/ossec/bin/ossec-control enable client-syslog + notify: restart wazuh-manager + when: + - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout + - syslog_output is defined and syslog_output == true + tags: + - config + +- name: Check if ossec-agentlessd is enabled + shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: agentlessd_enabled + tags: + - config + +- name: Enable ossec-agentlessd + command: /var/ossec/bin/ossec-control enable agentless + notify: restart wazuh-manager + when: + - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout + - agentless_creds is defined + tags: + - config + +#- name: Check if ossec-authd is enabled +# shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" + args: + @# removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: authd_enabled + tags: + - config + +#- name: Enable ossec-authd +# command: /var/ossec/bin/ossec-control enable auth +# notify: restart wazuh-manager +# when: +# - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout +# - wazuh_manager_config.authd.enable == true +# tags: +# - config + +- name: Checking alert log output settings + fail: msg="Please enable json_output or alerts_log options." + when: + - wazuh_manager_config.json_output == 'no' + - wazuh_manager_config.alerts_log == 'no' + tags: + - init + - config + +- name: Linux | Vuls integration deploy (runs in background, can take a while) + command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} + args: + creates: /var/ossec/wodles/vuls/config.toml + async: 3600 + poll: 0 + when: + - wazuh_manager_config.vuls.disable != 'yes' + - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle' + tags: + - init + +- name: Configure ossec.conf + template: src=var-ossec-etc-ossec-server.conf.j2 + dest=/var/ossec/etc/ossec.conf + owner=root + group=ossec + mode=0644 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Ossec-authd password + template: + src: authd_pass.j2 + dest: "/var/ossec/etc/authd.pass" + owner: ossec + group: ossec + mode: 0640 + no_log: true + notify: restart wazuh-manager + when: + - wazuh_manager_config.authd.use_password is defined + - wazuh_manager_config.authd.use_password == 'yes' + tags: + - config + +- name: Wazuh-API User + template: + src: api_user.j2 + dest: "/var/ossec/api/configuration/auth/user" + owner: root + group: root + mode: 0750 + no_log: true + notify: restart wazuh-api + when: + - wazuh_api_user is defined + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Agentless Hosts & Passwd + template: + src: agentless.j2 + dest: "/var/ossec/agentless/.passlist_tmp" + owner: root + group: root + mode: 0644 + no_log: true + when: agentless_creds is defined + tags: + - config + +- name: Encode the secret + shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp + when: agentless_creds is defined + tags: + - config + +- name: CDB Lists + template: + src: cdb_lists.j2 + dest: "/var/ossec/etc/lists/{{ item.name }}" + owner: root + group: ossec + mode: 0640 + no_log: true + notify: + - rebuild cdb_lists + - restart wazuh-manager + with_items: + - "{{ cdb_lists }}" + when: cdb_lists is defined + tags: + - config + +- name: Ensure Wazuh Manager, wazuh API service is started and enabled + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - wazuh-manager + - wazuh-api + tags: + - config + environment: + LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + +- name: Ensure Wazuh Manager is started and enabled (EL5) + service: + name: wazuh-manager + enabled: yes + state: started + tags: + - config + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- import_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian" From d4b2de38de35a6cecd396b6f899f11ba77be1eb1 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Thu, 17 Jan 2019 17:03:17 +0100 Subject: [PATCH 2/4] delete save file --- .../ansible-wazuh-manager/tasks/main.yml.save | 383 ------------------ 1 file changed, 383 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save deleted file mode 100644 index 26b5f5ac..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save +++ /dev/null @@ -1,383 +0,0 @@ ---- -- import_tasks: "RedHat.yml" - when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - -- import_tasks: "Debian.yml" - when: ansible_os_family == "Debian" - -- name: Install wazuh-manager, wazuh-api and expect - package: pkg={{ item }} state=latest - with_items: - - wazuh-manager - - wazuh-api - - expect - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - init - -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6' - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install wazuh-manager and expect (EL5) - package: pkg={{ item }} state=latest - with_items: - - wazuh-manager - - expect - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 - tags: - - init - -- name: Generate SSL files for authd - command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" - args: - creates: sslmanager.cert - chdir: /var/ossec/etc/ - tags: - - config - when: not wazuh_manager_config.authd.ssl_agent_ca is not none - -- name: Copy CA, SSL key and cert for authd - copy: - src: "{{ item }}" - dest: "/var/ossec/etc/{{ item | basename }}" - mode: 0644 - with_items: - - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - - "{{ wazuh_manager_config.authd.ssl_manager_key }}" - tags: - - config - when: wazuh_manager_config.authd.ssl_agent_ca is not none - -- name: Verifying for old init authd service - stat: path=/etc/init.d/ossec-authd - register: old_authd_service - tags: - - config - -- name: Verifying for old systemd authd service - stat: path=/lib/systemd/system/ossec-authd.service - register: old_authd_service - tags: - - config - -- name: Ensure ossec-authd service is disabled - service: name=ossec-authd enabled=no state=stopped - when: old_authd_service.stat.exists == True - tags: - - config - -- name: Removing old init authd services - file: path="{{ item }}" state=absent - with_items: - - "/etc/init.d/ossec-authd" - - "/lib/systemd/system/ossec-authd.service" - when: old_authd_service.stat.exists == True - tags: - - config - -- name: Installing the local_rules.xml (default local_rules.xml) - template: src=var-ossec-rules-local_rules.xml.j2 - dest=/var/ossec/etc/rules/local_rules.xml - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Adding local rules files - copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" - dest=/var/ossec/etc/rules/ - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Installing the local_decoder.xml - template: src=var-ossec-rules-local_decoder.xml.j2 - dest=/var/ossec/etc/decoders/local_decoder.xml - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Adding local decoders files - copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" - dest=/var/ossec/etc/decoders/ - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Configure the shared-agent.conf - template: - src: var-ossec-etc-shared-agent.conf.j2 - dest: /var/ossec/etc/shared/default/agent.conf - owner: ossec - group: ossec - mode: 0640 - validate: '/var/ossec/bin/verify-agent-conf -f %s' - notify: restart wazuh-manager - tags: - - init - - config - -- name: Installing the config.js (api configuration) - template: src=var-ossec-api-configuration-config.js.j2 - dest=/var/ossec/api/configuration/config.js - owner=root - group=ossec - mode=0740 - notify: restart wazuh-api - tags: - - init - - config - -- name: Installing the local_internal_options.conf - template: src=var-ossec-etc-local-internal-options.conf.j2 - dest=/var/ossec/etc/local_internal_options.conf - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - -- name: Retrieving Agentless Credentials - include_vars: agentless_creds.yml - tags: - - config - -- name: Retrieving authd Credentials - include_vars: authd_pass.yml - tags: - - config - -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - config - -- name: Retrieving CDB lists - include_vars: cdb_lists.yml - tags: - - config - -- name: Check if syslog output is enabled - set_fact: syslog_output=true - when: item.server is not none - with_items: - - "{{ wazuh_manager_config.syslog_outputs }}" - tags: - - config - -- name: Check if client-syslog is enabled - shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: csyslog_enabled - tags: - - config - -- name: Enable client-syslog - command: /var/ossec/bin/ossec-control enable client-syslog - notify: restart wazuh-manager - when: - - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - - syslog_output is defined and syslog_output == true - tags: - - config - -- name: Check if ossec-agentlessd is enabled - shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: agentlessd_enabled - tags: - - config - -- name: Enable ossec-agentlessd - command: /var/ossec/bin/ossec-control enable agentless - notify: restart wazuh-manager - when: - - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - - agentless_creds is defined - tags: - - config - -#- name: Check if ossec-authd is enabled -# shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" - args: - @# removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: authd_enabled - tags: - - config - -#- name: Enable ossec-authd -# command: /var/ossec/bin/ossec-control enable auth -# notify: restart wazuh-manager -# when: -# - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout -# - wazuh_manager_config.authd.enable == true -# tags: -# - config - -- name: Checking alert log output settings - fail: msg="Please enable json_output or alerts_log options." - when: - - wazuh_manager_config.json_output == 'no' - - wazuh_manager_config.alerts_log == 'no' - tags: - - init - - config - -- name: Linux | Vuls integration deploy (runs in background, can take a while) - command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} - args: - creates: /var/ossec/wodles/vuls/config.toml - async: 3600 - poll: 0 - when: - - wazuh_manager_config.vuls.disable != 'yes' - - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle' - tags: - - init - -- name: Configure ossec.conf - template: src=var-ossec-etc-ossec-server.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 - notify: restart wazuh-manager - tags: - - init - - config - -- name: Ossec-authd password - template: - src: authd_pass.j2 - dest: "/var/ossec/etc/authd.pass" - owner: ossec - group: ossec - mode: 0640 - no_log: true - notify: restart wazuh-manager - when: - - wazuh_manager_config.authd.use_password is defined - - wazuh_manager_config.authd.use_password == 'yes' - tags: - - config - -- name: Wazuh-API User - template: - src: api_user.j2 - dest: "/var/ossec/api/configuration/auth/user" - owner: root - group: root - mode: 0750 - no_log: true - notify: restart wazuh-api - when: - - wazuh_api_user is defined - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - config - -- name: Agentless Hosts & Passwd - template: - src: agentless.j2 - dest: "/var/ossec/agentless/.passlist_tmp" - owner: root - group: root - mode: 0644 - no_log: true - when: agentless_creds is defined - tags: - - config - -- name: Encode the secret - shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp - when: agentless_creds is defined - tags: - - config - -- name: CDB Lists - template: - src: cdb_lists.j2 - dest: "/var/ossec/etc/lists/{{ item.name }}" - owner: root - group: ossec - mode: 0640 - no_log: true - notify: - - rebuild cdb_lists - - restart wazuh-manager - with_items: - - "{{ cdb_lists }}" - when: cdb_lists is defined - tags: - - config - -- name: Ensure Wazuh Manager, wazuh API service is started and enabled - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - wazuh-manager - - wazuh-api - tags: - - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - -- name: Ensure Wazuh Manager is started and enabled (EL5) - service: - name: wazuh-manager - enabled: yes - state: started - tags: - - config - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 - -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" From c20c6952072fdb8771b21abecb82c77a8da819ac Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Thu, 17 Jan 2019 17:19:37 +0100 Subject: [PATCH 3/4] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7abe1a71..8b262e06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file. - Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116)) - move redundant tags to the outer block ([#133](https://github.com/wazuh/wazuh-ansible/pull/133)) +- Adapt new version (3.8.0-6.5.4) ([#144](https://github.com/wazuh/wazuh-ansible/pull/144)) ### Fixed From 37bfa5be179b45d611c29b86b94f593ea62e526c Mon Sep 17 00:00:00 2001 From: cadoming Date: Fri, 18 Jan 2019 15:11:40 +0000 Subject: [PATCH 4/4] 3.8 release --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 3 +-- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 12 ++++++------ roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++---- 6 files changed, 16 insertions(+), 18 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0dc824b..db85a112 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,8 +46,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - #shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - shell: "/usr/share/kibana/bin/kibana-plugin install https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 22a4210d..d8affe84 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing repository key - apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' + repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 29b0b632..8aebbda8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int > 5 @@ -13,8 +13,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ - gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/5/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 gpgcheck: yes when: - ansible_distribution_major_version|int == 5 @@ -23,8 +23,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 08bf1f14..913f2453 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -23,8 +23,7 @@ - name: Windows | Downloading windows Wazuh agent installer win_get_url: dest: C:\wazuh-agent-installer.msi - #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi + url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" when: - correct_version is not defined diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6d8de4f0..f2885345 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' + repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c83d3388..27eea91b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -36,8 +36,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") @@ -46,8 +46,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ - gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/5/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5