From 82693e34f1e1475fdb9213d92c33fedd580b8b8f Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 08:42:57 +0100 Subject: [PATCH 001/559] debian repo keys with pgp keyserver --- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-logstash/defaults/main.yml | 2 ++ roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 ++ roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 6 ++++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++++-- 12 files changed, 29 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 677517a9..078fcca1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,3 +8,4 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index ae4e717f..cb6156d1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,8 +32,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e4a61c07..54165327 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,4 +5,4 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 - +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 9cb809d2..6e3f1f16 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,8 +10,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 955fcf6f..51a3e9ad 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -17,3 +17,5 @@ logstash_ssl_certificate_file: "" logstash_ssl_key_file: "" logstash_install_java: yes + +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 628fd8e4..1e9fceb4 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -31,8 +31,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elasticsearch repo apt_repository: diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 0f9b5c5a..e7ebe216 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -27,3 +27,5 @@ filebeat_ssl_dir: /etc/pki/logstash filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" + +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 45494c26..afa76227 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,8 +10,8 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: - url: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 52521a7d..7e20b6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -305,3 +305,5 @@ wazuh_agent_config: list: - key: Env value: Production + +wauzhrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..bbd6f8fe 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -8,8 +8,10 @@ - apt-transport-https - ca-certificates -- name: Debian/Ubuntu | Installing repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH +- name: Debian/Ubuntu | Installing Wazuh repository key + apt_key: + keyserver: "{{ wauzhrepo_gpg_keyserver }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b9817a3a..9d69fe0d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -329,3 +329,6 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' + +wauzhrepo_gpg_keyserver: pgp.mit.edu +nodejsrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..539ad4e1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,7 +9,9 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + keyserver: "{{ wauzhrepo_gpg_keyserver }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -18,7 +20,9 @@ update_cache: yes - name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key + apt_key: + keyserver: "{{ nodejsrepo_gpg_keyserver }}" + id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280 - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: From 59c3fe0e4bf2c4844a5a4a647675d5dd0a9d78dd Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:01:16 +0100 Subject: [PATCH 002/559] make debian repos customizable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-logstash/defaults/main.yml | 1 + roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 ++ roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 12 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 078fcca1..82a2b0ce 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -9,3 +9,4 @@ elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index cb6156d1..895a2897 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -37,7 +37,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' update_cache: yes diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 54165327..1d41a025 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,3 +6,4 @@ kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 6e3f1f16..bb773faf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' update_cache: yes diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 51a3e9ad..662aa80a 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -19,3 +19,4 @@ logstash_ssl_key_file: "" logstash_install_java: yes elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 1e9fceb4..0814ed77 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -36,7 +36,7 @@ - name: Debian/Ubuntu | Install Elasticsearch repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index e7ebe216..d71dd489 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -29,3 +29,4 @@ filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index afa76227..c1566aeb 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -15,6 +15,6 @@ - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7e20b6ce..3677d48b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -307,3 +307,4 @@ wazuh_agent_config: value: Production wauzhrepo_gpg_keyserver: pgp.mit.edu +wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index bbd6f8fe..220ea98a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuhrepo_server }} stable main" state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9d69fe0d..104aa971 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -332,3 +332,5 @@ wazuh_agent_configs: wauzhrepo_gpg_keyserver: pgp.mit.edu nodejsrepo_gpg_keyserver: pgp.mit.edu +wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ +nodejsrepo_server: https://deb.nodesource.com/node_6.x diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 539ad4e1..23e1c08f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuhrepo_server }} stable main" state: present update_cache: yes @@ -26,7 +26,7 @@ - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" + repo: "deb {{ nodejsrepo_server }} {{ ansible_distribution_release }} main" state: present update_cache: yes From 9a7814213754448ff8de1cc5d2423b262fbb8d12 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:08:44 +0100 Subject: [PATCH 003/559] changed keyserver for better performance --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-logstash/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 82a2b0ce..ef5e02cd 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,5 +8,5 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 1d41a025..3796a67f 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,5 +5,5 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 662aa80a..0be1cc56 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,5 +18,5 @@ logstash_ssl_key_file: "" logstash_install_java: yes -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d71dd489..5f3023c1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,5 +28,5 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3677d48b..b043d1a4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,5 +306,5 @@ wazuh_agent_config: - key: Env value: Production -wauzhrepo_gpg_keyserver: pgp.mit.edu +wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 104aa971..66f46837 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,7 +330,7 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -wauzhrepo_gpg_keyserver: pgp.mit.edu -nodejsrepo_gpg_keyserver: pgp.mit.edu +wauzhrepo_gpg_keyserver: pool.sks-keyservers.net +nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x From fe109526b6cfc5e6faddf692d9af82c9364b090d Mon Sep 17 00:00:00 2001 From: joschneid Date: Fri, 25 Jan 2019 08:35:41 +0100 Subject: [PATCH 004/559] custom wazuh app location --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 3796a67f..bdf8d314 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,3 +7,4 @@ elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +wazuhapp_location: https://packages.wazuh.com/wazuhapp diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index db85a112..fa105045 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,7 +46,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install {{wazuhapp_location}}/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: From 6e880f7dabbb398e26ffd9a5dc8d15feeab593f5 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 7 Feb 2019 15:21:33 +0100 Subject: [PATCH 005/559] wrong fact for possible syscheck directories --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6327441a..c62318b9 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -99,7 +99,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %} + {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% for directory in wazuh_agent_config.syscheck.directories %} {{ directory.dirs }} {% endfor %} From 6f1632690551da7118d4856389c0c033c7d15ce0 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 08:42:57 +0100 Subject: [PATCH 006/559] debian repo keys with pgp keyserver --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 4 ++++ roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++++ roles/elastic-stack/ansible-logstash/defaults/main.yml | 4 ++++ roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++++ roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 5 +++++ 6 files changed, 25 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index ef5e02cd..c36a9ef1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,5 +8,9 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 2b02b8b4..88893f0c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,11 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.2 +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 0be1cc56..fdc11b82 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,5 +18,9 @@ logstash_ssl_key_file: "" logstash_install_java: yes +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 5f3023c1..c41838a1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,5 +28,9 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 069d1905..77b38746 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,5 +306,9 @@ wazuh_agent_config: - key: Env value: Production +<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ +======= +wauzhrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 66f46837..9f05f727 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,7 +330,12 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' +<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x +======= +wauzhrepo_gpg_keyserver: pgp.mit.edu +nodejsrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver From 0256b529f13179e81acfbe3e30f183f7dbead135 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:01:16 +0100 Subject: [PATCH 007/559] make debian repos customizable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 4 ---- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ---- roles/elastic-stack/ansible-logstash/defaults/main.yml | 4 ---- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 5 ----- 6 files changed, 25 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index c36a9ef1..ef5e02cd 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,9 +8,5 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 88893f0c..2b02b8b4 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,11 +5,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.2 -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index fdc11b82..0be1cc56 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,9 +18,5 @@ logstash_ssl_key_file: "" logstash_install_java: yes -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c41838a1..5f3023c1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,9 +28,5 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 77b38746..069d1905 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,9 +306,5 @@ wazuh_agent_config: - key: Env value: Production -<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ -======= -wauzhrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9f05f727..66f46837 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,12 +330,7 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x -======= -wauzhrepo_gpg_keyserver: pgp.mit.edu -nodejsrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver From 1a73b8e8a1a9ffca879bced081c97a6073662b22 Mon Sep 17 00:00:00 2001 From: joschneid Date: Fri, 25 Jan 2019 08:35:41 +0100 Subject: [PATCH 008/559] custom wazuh app location --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 2b02b8b4..c14b41bd 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -8,4 +8,3 @@ wazuh_version: 3.8.2 elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp - From 6e3b92bcc4f955348d92b902e5e860c9ee9e1428 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Tue, 30 Apr 2019 19:17:56 +0200 Subject: [PATCH 009/559] Added Molecule test for the Elasticsearch role --- .circleci/config.yml | 5 +- .travis.yml | 2 + Pipfile | 1 + molecule/default/prepare.yml | 10 ++++ molecule/elasticsearch/Dockerfile.j2 | 14 +++++ molecule/elasticsearch/INSTALL.rst | 22 +++++++ molecule/elasticsearch/molecule.yml | 59 +++++++++++++++++++ molecule/elasticsearch/playbook.yml | 6 ++ molecule/elasticsearch/tests/test_default.py | 19 ++++++ .../ansible-elasticsearch/tasks/Debian.yml | 16 ++++- .../ansible-elasticsearch/tasks/RMDebian.yml | 1 + .../ansible-elasticsearch/tasks/RMRedHat.yml | 1 + .../ansible-elasticsearch/tasks/RedHat.yml | 4 ++ .../ansible-elasticsearch/tasks/main.yml | 9 ++- 14 files changed, 163 insertions(+), 6 deletions(-) create mode 100644 molecule/elasticsearch/Dockerfile.j2 create mode 100644 molecule/elasticsearch/INSTALL.rst create mode 100644 molecule/elasticsearch/molecule.yml create mode 100644 molecule/elasticsearch/playbook.yml create mode 100644 molecule/elasticsearch/tests/test_default.py diff --git a/.circleci/config.yml b/.circleci/config.yml index 08b3ff16..d665e8e6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,3 +1,4 @@ +--- version: 2 jobs: test: @@ -6,7 +7,7 @@ jobs: version: 2.7 services: - docker - working_directory: ~/wazuh-ansible + working_directory: ~/wazuh-ansible steps: - checkout - run: @@ -22,4 +23,4 @@ workflows: version: 2 test_molecule: jobs: - - test \ No newline at end of file + - test diff --git a/.travis.yml b/.travis.yml index 97c0427b..937de0ab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +--- language: python services: docker before_script: @@ -6,3 +7,4 @@ before_script: script: - pipenv run test - pipenv run agent + - pipenv run elasticsearch diff --git a/Pipfile b/Pipfile index 2bc7a896..bf6931c6 100644 --- a/Pipfile +++ b/Pipfile @@ -16,3 +16,4 @@ python_version = "2.7" [scripts] test ="molecule test" agent ="molecule test -s wazuh-agent" +elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 1aa45e29..f3dc9aac 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -24,3 +24,13 @@ state: latest register: wazuh_manager_dependencies_packages_installed until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/elasticsearch/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/elasticsearch/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml new file mode 100644 index 00000000..f673f502 --- /dev/null +++ b/molecule/elasticsearch/molecule.yml @@ -0,0 +1,59 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: True + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty + image: ubuntu:trusty + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 512 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml new file mode 100644 index 00000000..f6bf45f9 --- /dev/null +++ b/molecule/elasticsearch/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py new file mode 100644 index 00000000..f25c299d --- /dev/null +++ b/molecule/elasticsearch/tests/test_default.py @@ -0,0 +1,19 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_elasticsearch_is_installed(host): + elasticsearch = host.package("elasticsearch") + assert elasticsearch.is_installed + assert elasticsearch.version.startswith('6.7.1') + + +def test_elasticsearch_is_running(host): + """Test if the services are enabled and running.""" + elasticsearch = host.service("elasticsearch") + assert elasticsearch.is_enabled + assert elasticsearch.is_running diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index f786d2a3..f8baac55 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -1,13 +1,25 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present + register: elasticsearch_ca_packages_installed + until: elasticsearch_ca_packages_installed is succeeded + +- name: "Install Java Repo for Trusty" + apt_repository: repo='ppa:openjdk-r/ppa' + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 - when: elasticsearch_install_java block: - name: Debian/Ubuntu | Install OpenJDK 1.8 apt: name=openjdk-8-jre state=present cache_valid_time=3600 + register: elasticsearch_jre_packages_installed + until: elasticsearch_jre_packages_installed is succeeded tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. @@ -27,4 +39,6 @@ name: "elasticsearch={{ elastic_stack_version }}" state: present cache_valid_time: 3600 + register: elasticsearch_main_packages_installed + until: elasticsearch_main_packages_installed is succeeded tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index 8f99b1e5..bdf667bc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 79632b31..4c25c31b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,6 +4,7 @@ - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 yum: name=java-1.8.0-openjdk state=present register: oracle_java_task_rpm_installed + until: oracle_java_task_rpm_installed is succeeded tags: install - name: RedHat/CentOS/Fedora | Install Elastic repo @@ -13,8 +14,11 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present + register: elasticsearch_main_packages_installed + until: elasticsearch_main_packages_installed is succeeded when: not elasticsearch_install_java or oracle_java_task_rpm_installed is defined tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index a1f44f88..f0d88581 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -76,9 +76,9 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Ensure Elasticsearch started and enabled - ignore_errors: true service: name: elasticsearch enabled: true @@ -92,19 +92,22 @@ - name: Check for Wazuh Alerts template uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: GET status_code: 200, 404 register: wazuh_alerts_template_exits + until: wazuh_alerts_template_exits is succeeded tags: init - name: Installing Wazuh Alerts template uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: PUT status_code: 200 body_format: json body: "{{ lookup('template','wazuh-elastic6-template-alerts.json.j2') }}" + register: installing_wazuh_template + until: installing_wazuh_template is succeeded when: wazuh_alerts_template_exits.status != 200 tags: init From e5b0e2b40e85136d18ded312067f11d10510ee31 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Fri, 3 May 2019 16:34:09 +0200 Subject: [PATCH 010/559] Added tests for Logstash --- molecule/logstash/Dockerfile.j2 | 14 +++++ molecule/logstash/INSTALL.rst | 22 ++++++++ molecule/logstash/molecule.yml | 56 +++++++++++++++++++ molecule/logstash/playbook.yml | 5 ++ molecule/logstash/prepare.yml | 41 ++++++++++++++ molecule/logstash/tests/test_default.py | 30 ++++++++++ .../ansible-logstash/tasks/Debian.yml | 10 +++- .../ansible-logstash/tasks/RMDebian.yml | 1 + .../ansible-logstash/tasks/RMRedHat.yml | 1 + .../ansible-logstash/tasks/RedHat.yml | 10 +++- .../ansible-logstash/tasks/main.yml | 13 +++++ 11 files changed, 197 insertions(+), 6 deletions(-) create mode 100644 molecule/logstash/Dockerfile.j2 create mode 100644 molecule/logstash/INSTALL.rst create mode 100644 molecule/logstash/molecule.yml create mode 100644 molecule/logstash/playbook.yml create mode 100644 molecule/logstash/prepare.yml create mode 100644 molecule/logstash/tests/test_default.py diff --git a/molecule/logstash/Dockerfile.j2 b/molecule/logstash/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/logstash/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/logstash/INSTALL.rst b/molecule/logstash/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/logstash/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml new file mode 100644 index 00000000..6246d33c --- /dev/null +++ b/molecule/logstash/molecule.yml @@ -0,0 +1,56 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: True + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: centos6 + image: geerlingguy/docker-centos6-ansible + privileged: true + memory_reservation: 1024m + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/logstash/playbook.yml b/molecule/logstash/playbook.yml new file mode 100644 index 00000000..d077bd8e --- /dev/null +++ b/molecule/logstash/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-logstash diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml new file mode 100644 index 00000000..7e5ca29d --- /dev/null +++ b/molecule/logstash/prepare.yml @@ -0,0 +1,41 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + pre_tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' + + roles: + - role: wazuh/ansible-wazuh-manager + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py new file mode 100644 index 00000000..36e948e0 --- /dev/null +++ b/molecule/logstash/tests/test_default.py @@ -0,0 +1,30 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_installed(host): + logstash = host.package("logstash") + assert logstash.is_installed + + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert logstash.version.startswith('1:6.7.1') + else: + assert logstash.version.startswith('6.7.1') + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + logstash = host.service("logstash") + assert logstash.is_enabled + assert logstash.is_running + + +def test_find_correct_logentry(host): + logfile = host.file("//var/log/logstash/logstash-plain.log") + assert logfile.contains("Successfully started Logstash API endpoint") + assert logfile.contains("Restored connection to ES instance") diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 403ee88f..621b02d1 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -1,7 +1,9 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present - when: logstash_install_java @@ -20,6 +22,7 @@ repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' state: present filename: 'elastic_repo' + changed_when: false - name: Debian/Ubuntu | Install Logstash apt: @@ -31,7 +34,8 @@ - name: Debian/Ubuntu | Checking if wazuh-manager is installed command: dpkg -l wazuh-manager register: wazuh_manager_check_deb - when: logstash_input_beats == false + when: not logstash_input_beats + changed_when: false args: warn: false @@ -41,5 +45,5 @@ groups: ossec append: true when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_deb.rc == 0 diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml index 78538fe9..e770b4e6 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index ed16fbc5..1c11926c 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -13,6 +13,7 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Logstash package: name=logstash-{{ elastic_stack_version }} state=present @@ -22,7 +23,8 @@ - name: RedHat/CentOS/Fedora | Checking if wazuh-manager is installed command: rpm -q wazuh-manager register: wazuh_manager_check_rpm - when: logstash_input_beats == false + when: not logstash_input_beats + changed_when: false args: warn: false @@ -32,12 +34,14 @@ groups: ossec append: true when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_rpm.rc == 0 - name: Amazon Linux change startup group shell: sed -i 's/.*LS_GROUP=logstash.*/LS_GROUP=ossec/' /etc/logstash/startup.options + tags: + - skip_ansible_lint when: - - logstash_input_beats == false + - not logstash_input_beats - wazuh_manager_check_rpm.rc == 0 - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/elastic-stack/ansible-logstash/tasks/main.yml b/roles/elastic-stack/ansible-logstash/tasks/main.yml index e114a82f..d1f07d70 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/main.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/main.yml @@ -15,10 +15,23 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Amazon Linux create service shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + args: + creates: /etc/default/logstash + tags: + - skip_ansible_lint + +- name: Amazon Linux create service + shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "6" + args: + creates: /etc/default/logstash + tags: + - skip_ansible_lint - name: Ensure Logstash started and enabled service: From 35c9ef3fe89ac077e7e988e1e7535f38c4012596 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Fri, 3 May 2019 16:36:36 +0200 Subject: [PATCH 011/559] Added command for pipenv --- .travis.yml | 1 + Pipfile | 1 + 2 files changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 937de0ab..d93ba6ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,3 +8,4 @@ script: - pipenv run test - pipenv run agent - pipenv run elasticsearch + - pipenv run logstash diff --git a/Pipfile b/Pipfile index bf6931c6..0f2d931d 100644 --- a/Pipfile +++ b/Pipfile @@ -17,3 +17,4 @@ python_version = "2.7" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" +logstash ="molecule test -s logstash" From c0e60a1a5a1f0713e89feeaed19dfe5507cdbebc Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Mon, 6 May 2019 18:55:48 +0200 Subject: [PATCH 012/559] Added tests for Kibana --- molecule/kibana/Dockerfile.j2 | 14 +++++++ molecule/kibana/INSTALL.rst | 22 ++++++++++ molecule/kibana/molecule.yml | 59 +++++++++++++++++++++++++++ molecule/kibana/playbook.yml | 5 +++ molecule/kibana/prepare.yml | 41 +++++++++++++++++++ molecule/kibana/tests/test_default.py | 31 ++++++++++++++ 6 files changed, 172 insertions(+) create mode 100644 molecule/kibana/Dockerfile.j2 create mode 100644 molecule/kibana/INSTALL.rst create mode 100644 molecule/kibana/molecule.yml create mode 100644 molecule/kibana/playbook.yml create mode 100644 molecule/kibana/prepare.yml create mode 100644 molecule/kibana/tests/test_default.py diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/kibana/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/kibana/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml new file mode 100644 index 00000000..a1e0e3f9 --- /dev/null +++ b/molecule/kibana/molecule.yml @@ -0,0 +1,59 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty + image: ubuntu:trusty + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true + memory_reservation: 1024m + ulimits: + - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 + kibana_plugin_install_ignore_error: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml new file mode 100644 index 00000000..74fc1038 --- /dev/null +++ b/molecule/kibana/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-kibana diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml new file mode 100644 index 00000000..7e5ca29d --- /dev/null +++ b/molecule/kibana/prepare.yml @@ -0,0 +1,41 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + pre_tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' + + roles: + - role: wazuh/ansible-wazuh-manager + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'localhost' diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py new file mode 100644 index 00000000..dfcf8ad0 --- /dev/null +++ b/molecule/kibana/tests/test_default.py @@ -0,0 +1,31 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + kibana = host.service("kibana") + assert kibana.is_enabled + assert kibana.is_running + + +def test_port_kibana_is_open(host): + """Test if the port 5601 is open and listening to connections.""" + host.socket("tcp://0.0.0.0:5601").is_listening + + +def test_find_correct_elasticsearch_version(host): + """Test if we find the kibana/elasticsearch version in package.json""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") + assert kibana.contains("6.7.1") + + +def test_wazuh_plugin_installed(host): + """Make sure there is a plugin wazuh directory.""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/") + + assert kibana.is_directory From a3425d04acbde9f2927ad363454ff827f08c32ad Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Mon, 6 May 2019 18:56:14 +0200 Subject: [PATCH 013/559] Added comments in tests;Added some skip tasks --- .travis.yml | 2 + Pipfile | 2 + molecule/elasticsearch/molecule.yml | 2 +- molecule/elasticsearch/tests/test_default.py | 1 + molecule/filebeat/Dockerfile.j2 | 14 +++++++ molecule/filebeat/INSTALL.rst | 22 ++++++++++ molecule/filebeat/molecule.yml | 42 +++++++++++++++++++ molecule/filebeat/playbook.yml | 5 +++ molecule/filebeat/prepare.yml | 36 ++++++++++++++++ molecule/filebeat/tests/test_default.py | 19 +++++++++ molecule/logstash/molecule.yml | 2 +- molecule/logstash/tests/test_default.py | 4 +- .../ansible-kibana/defaults/main.yml | 1 + .../ansible-kibana/tasks/Debian.yml | 9 +++- .../ansible-kibana/tasks/RMDebian.yml | 1 + .../ansible-kibana/tasks/RMRedHat.yml | 1 + .../ansible-kibana/tasks/RedHat.yml | 3 ++ .../ansible-kibana/tasks/main.yml | 12 +++++- .../ansible-kibana/templates/kibana.yml.j2 | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 8 +++- .../wazuh/ansible-filebeat/tasks/RMDebian.yml | 1 + .../wazuh/ansible-filebeat/tasks/RMRedHat.yml | 1 + roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 3 ++ 24 files changed, 185 insertions(+), 9 deletions(-) create mode 100644 molecule/filebeat/Dockerfile.j2 create mode 100644 molecule/filebeat/INSTALL.rst create mode 100644 molecule/filebeat/molecule.yml create mode 100644 molecule/filebeat/playbook.yml create mode 100644 molecule/filebeat/prepare.yml create mode 100644 molecule/filebeat/tests/test_default.py diff --git a/.travis.yml b/.travis.yml index d93ba6ac..c8e8ca95 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,3 +9,5 @@ script: - pipenv run agent - pipenv run elasticsearch - pipenv run logstash + - pipenv run filebeat + - pipenv run kibana diff --git a/Pipfile b/Pipfile index 0f2d931d..2d1d13e0 100644 --- a/Pipfile +++ b/Pipfile @@ -18,3 +18,5 @@ test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" logstash ="molecule test -s logstash" +filebeat ="molecule test -s filebeat" +kibana ="molecule test -s kibana" diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index f673f502..9897fe56 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -11,7 +11,7 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - privileged: True + privileged: true memory_reservation: 1024m - name: xenial image: solita/ubuntu-systemd:xenial diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index f25c299d..8b453255 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -7,6 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_elasticsearch_is_installed(host): + """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed assert elasticsearch.version.startswith('6.7.1') diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/filebeat/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst new file mode 100644 index 00000000..6a44bde9 --- /dev/null +++ b/molecule/filebeat/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml new file mode 100644 index 00000000..4f0bffb6 --- /dev/null +++ b/molecule/filebeat/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: trusty + image: ubuntu:trusty + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + privileged: true + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + command: /sbin/init + - name: centos6 + image: geerlingguy/docker-centos6-ansible + privileged: true + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos7 + image: milcom/centos7-systemd + privileged: true +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml new file mode 100644 index 00000000..3ff917f6 --- /dev/null +++ b/molecule/filebeat/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-filebeat diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml new file mode 100644 index 00000000..f3dc9aac --- /dev/null +++ b/molecule/filebeat/prepare.yml @@ -0,0 +1,36 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py new file mode 100644 index 00000000..8c4fd609 --- /dev/null +++ b/molecule/filebeat/tests/test_default.py @@ -0,0 +1,19 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_logstash_is_installed(host): + """Test if the filebeat package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + + +def test_logstash_is_running(host): + """Test if the services are enabled and running.""" + filebeat = host.service("filebeat") + assert filebeat.is_enabled + assert filebeat.is_running diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml index 6246d33c..12103767 100644 --- a/molecule/logstash/molecule.yml +++ b/molecule/logstash/molecule.yml @@ -11,7 +11,7 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - privileged: True + privileged: true memory_reservation: 1024m - name: xenial image: solita/ubuntu-systemd:xenial diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py index 36e948e0..bc5fe999 100644 --- a/molecule/logstash/tests/test_default.py +++ b/molecule/logstash/tests/test_default.py @@ -7,6 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_logstash_is_installed(host): + """Test if logstash is installed with correct version.""" logstash = host.package("logstash") assert logstash.is_installed @@ -25,6 +26,7 @@ def test_logstash_is_running(host): def test_find_correct_logentry(host): - logfile = host.file("//var/log/logstash/logstash-plain.log") + """See if logstash is started and is connected to Elasticsearch.""" + logfile = host.file("/var/log/logstash/logstash-plain.log") assert logfile.contains("Successfully started Logstash API endpoint") assert logfile.contains("Restored connection to ES instance") diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 4d02fb77..4d4848ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,3 +5,4 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.7.1 wazuh_version: 3.8.2 +kibana_plugin_install_ignore_error: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 097b19db..90e52a8b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -1,8 +1,12 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present + register: kibana_installing_ca_package + until: kibana_installing_ca_package is succeeded - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: @@ -15,10 +19,13 @@ state: present filename: 'elastic_repo' update_cache: true + changed_when: false - name: Debian/Ubuntu | Install Kibana apt: name: "kibana={{ elastic_stack_version }}" state: present cache_valid_time: 3600 + register: installing_kibana_package + until: installing_kibana_package is succeeded tags: install diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index 74c59c37..cf229655 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 8f66f9a7..1ae7df57 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index f5fe2935..760e841b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -6,7 +6,10 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false - name: RedHat/CentOS/Fedora | Install Kibana package: name=kibana-{{ elastic_stack_version }} state=present + register: installing_kibana_package + until: installing_kibana_package is succeeded tags: install diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43e369c8..e87b87b0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -17,6 +17,7 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Kibana configuration template: @@ -29,8 +30,11 @@ tags: configure - name: Checking Wazuh-APP version - shell: "grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" + shell: | + set -o pipefail + grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo args: + executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false @@ -51,9 +55,13 @@ environment: NODE_OPTIONS: "--max-old-space-size=3072" args: + executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - tags: install + ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + tags: + - install + - skip_ansible_lint - name: Ensure Kibana started and enabled service: diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 9b29f17a..edd1b4b4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,7 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 455034d6..23b685eb 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -1,9 +1,12 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: ['apt-transport-https', 'ca-certificates'] + name: + - apt-transport-https + - ca-certificates state: present - + register: filebeat_ca_packages_install + until: filebeat_ca_packages_install is succeeded - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: @@ -15,3 +18,4 @@ repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' state: present update_cache: true + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 580e6d86..c2727ee1 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -3,3 +3,4 @@ apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index c9bceab0..519121b3 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -3,3 +3,4 @@ yum_repository: name: elastic_repo state: absent + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 80798897..8745ea7e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -6,3 +6,4 @@ baseurl: https://artifacts.elastic.co/packages/6.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true + changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 94cd5765..da6d7178 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -7,6 +7,8 @@ - name: Install Filebeat. package: name=filebeat state=present + register: filebeat_installing_package + until: filebeat_installing_package is succeeded tags: - install @@ -20,6 +22,7 @@ - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Ensure Filebeat is started and enabled at boot. service: From 11721ebe147f27ce33b921ce52f2a950ea375a94 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:00:40 +0200 Subject: [PATCH 014/559] Added new tasks for xpack security --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index bd7bc0d4..35c30aa9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -112,6 +112,16 @@ - wazuh_alerts_template_exits.status != 200 tags: init +- name: Check that the instances.yml file exists + stat: + path: /usr/share/elasticsearch/instances.yml + register: instances_exists + +- name: Generating certificates for Elasticsearch security + shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" + when: instances_exists + tags: xpack-security + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From a18a235b139df92433cf10887d9da081ff4dfea9 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:00:54 +0200 Subject: [PATCH 015/559] Modifying template for allowing xpack.security --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 595dd58a..02b1872d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -22,3 +22,9 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% endif %} + +# XPACK Security + +{% if elasticsearch_xpack_security %} +xpack.security.enabled: true +{% endif %} \ No newline at end of file From 0e9996b47285cc2e70eeec1a310ec3b328b262af Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 17:01:06 +0200 Subject: [PATCH 016/559] Added new variable for enabling xpack security --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5d380b6b..fc0e9551 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -9,4 +9,5 @@ single_node: false elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - - 127.0.0.1 \ No newline at end of file + - 127.0.0.1 +elasticsearch_xpack_security: false \ No newline at end of file From dda93ebd15ff017115d1347445960e0c12dd90d4 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 18:52:58 +0200 Subject: [PATCH 017/559] Added new conditions and variables to tasks --- .../ansible-elasticsearch/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index fc0e9551..5d04e5ee 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -10,4 +10,5 @@ elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - 127.0.0.1 -elasticsearch_xpack_security: false \ No newline at end of file +elasticsearch_xpack_security: false +node_generate_certs: false \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 35c30aa9..84271d15 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -115,11 +115,16 @@ - name: Check that the instances.yml file exists stat: path: /usr/share/elasticsearch/instances.yml - register: instances_exists + register: instances_file_exists + when: + - node_generate_certs + - elasticsearch_xpack_security - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" - when: instances_exists + when: + - instances_file_exists + - elasticsearch_xpack_security tags: xpack-security - import_tasks: "RMRedHat.yml" From 7194675f028edfb235e95abc45b5511c645efb18 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:05:17 +0200 Subject: [PATCH 018/559] Added new template for instances.yml file --- .../ansible-elasticsearch/templates/instances.yml.j2 | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 new file mode 100644 index 00000000..ce4c287b --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -0,0 +1,11 @@ + +# {{ ansible_managed }} +# TO-DO + +{% if node_generate_certs %} +instances: +{% for item in elasticsearch_cluster_nodes %} + ip: {{ item.ip }} + - "{{ item.name }}" +{% endfor %} +{% endif %} \ No newline at end of file From 090514b9c5e2c3b6cc6873ed627f4adb04afa938 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:05:46 +0200 Subject: [PATCH 019/559] New tasks for checking instances.yml file --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 84271d15..55ef924d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -119,7 +119,15 @@ when: - node_generate_certs - elasticsearch_xpack_security - + +- name: Check that the instances.yml file exists + stat: + path: /usr/share/elasticsearch/instances.yml + register: instances_file_exists + when: + - node_generate_certs + - elasticsearch_xpack_security + - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: From 48746b9f5a7e689e54506fefb099aa47cdfe247e Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Jun 2019 19:37:02 +0200 Subject: [PATCH 020/559] New task for generating instances.yml file --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 55ef924d..f9cb07c4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -120,10 +120,12 @@ - node_generate_certs - elasticsearch_xpack_security -- name: Check that the instances.yml file exists - stat: - path: /usr/share/elasticsearch/instances.yml - register: instances_file_exists +- name: Write the instances.yml file in the selected node + instances_file: + src: instances.yml.j2 + dest: "/usr/share/elasticsearch/instances.yml" + tags: + - config when: - node_generate_certs - elasticsearch_xpack_security From f0c6d0fcac2e3958daf42ae222e44c2c0c43af4e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:09:39 +0200 Subject: [PATCH 021/559] Add elasticsearch_discover_nodes parameter --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5d04e5ee..95dd2737 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -10,5 +10,7 @@ elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - 127.0.0.1 +elasticsearch_discovery_nodes: + - 127.0.0.1 elasticsearch_xpack_security: false node_generate_certs: false \ No newline at end of file From 4b1c7d76e8a4174b543957b49eab49265e181bb6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:09:51 +0200 Subject: [PATCH 022/559] Customize playbook. --- playbooks/wazuh-elastic_stack-distributed.yml | 45 ++++++++++++++++--- 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 887cafbd..5348c876 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -1,9 +1,42 @@ --- -- hosts: + +- hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your elastic stack server IP'} -- hosts: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + node_generate_certs: true + node_name: node-1 + + vars: + instances: + node_1: + name: node-1 + ip: 172.16.0.161 + node_2: + name: node-2 + ip: 172.16.0.162 + node_3: + name: node-3 + ip: 172.16.0.163 + +- hosts: 172.16.0.162 roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.162 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + +- hosts: 172.16.0.163 + roles: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.163 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + From ed9b411b63f4277495dc42cfb1927cfc0bdfba79 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:10:22 +0200 Subject: [PATCH 023/559] Add 'node_generate_certs' condition to shell block --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index f9cb07c4..90201893 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -121,7 +121,7 @@ - elasticsearch_xpack_security - name: Write the instances.yml file in the selected node - instances_file: + template: src: instances.yml.j2 dest: "/usr/share/elasticsearch/instances.yml" tags: @@ -133,6 +133,7 @@ - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: + - node_generate_certs - instances_file_exists - elasticsearch_xpack_security tags: xpack-security From 42fb6bf937e78b937f648d439195f1cd0acbf57c Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:11:16 +0200 Subject: [PATCH 024/559] Get node master value for template. Rename cluster to discovery block. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 02b1872d..cf2b0121 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -15,10 +15,10 @@ cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} -{% elif elasticsearch_master_candidate %} -node.master: true +{% else %} +node.master: {{ elasticsearch_master_candidate }} discovery.seed_hosts: -{% for item in elasticsearch_cluster_nodes %} +{% for item in elasticsearch_discovery_nodes %} - {{ item }} {% endfor %} {% endif %} From 4473c01032155ad9b1c2cf6e4207577287ec80ea Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:11:36 +0200 Subject: [PATCH 025/559] Changed format of instances template. Name is required --- .../ansible-elasticsearch/templates/instances.yml.j2 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index ce4c287b..365da8c4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,8 +4,11 @@ {% if node_generate_certs %} instances: -{% for item in elasticsearch_cluster_nodes %} - ip: {{ item.ip }} - - "{{ item.name }}" + +{% for node in instances %} +- name: "{{node.value.name}}" + ip: + - "{{ node.value.ip }}" {% endfor %} + {% endif %} \ No newline at end of file From 2f8b3a3a4df4b8cfae3fdd1e2f7e2ac3535534c0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:40:15 +0200 Subject: [PATCH 026/559] Modify nodes list format. --- playbooks/wazuh-elastic_stack-distributed.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 5348c876..b94840b9 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -9,17 +9,17 @@ - 172.16.0.161 node_generate_certs: true node_name: node-1 + elasticsearch_xpack_security: true vars: instances: - node_1: - name: node-1 + - name: node1 ip: 172.16.0.161 - node_2: - name: node-2 + + - name: node2 ip: 172.16.0.162 - node_3: - name: node-3 + + - name: node3 ip: 172.16.0.163 - hosts: 172.16.0.162 From 071e354fbdc6bd433dd8f724f1515eb389ae9cd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 10:40:30 +0200 Subject: [PATCH 027/559] Adapted template to render nodes. --- .../ansible-elasticsearch/templates/instances.yml.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 365da8c4..85cb2b14 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,11 +4,10 @@ {% if node_generate_certs %} instances: - {% for node in instances %} -- name: "{{node.value.name}}" - ip: - - "{{ node.value.ip }}" +- name: "{{ node.name }}" + ip: + - "{{ node.ip }}" {% endfor %} {% endif %} \ No newline at end of file From e76dc5dcab606a256cccad39ac08e0b89d463ef7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:50:19 +0200 Subject: [PATCH 028/559] Update main.yml to add rsync --- .../ansible-elasticsearch/tasks/main.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 90201893..b67687c9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -126,6 +126,7 @@ dest: "/usr/share/elasticsearch/instances.yml" tags: - config + - xpack-security when: - node_generate_certs - elasticsearch_xpack_security @@ -138,6 +139,27 @@ - elasticsearch_xpack_security tags: xpack-security +# - name: Importing certificates generated previously +# synchronize: +# mode: push +# src: /usr/share/elasticsearch/certs.zip +# dest: /usr/share/elasticsearch/certs.zip +# rsync_opts: +# - "--rsync-path='sudo rsync'" +# - "-v" +# delegate_to: "{{groups['elk'][0]}}" +# when: +# - not node_generate_certs +# - elasticsearch_xpack_security +# tags: xpack-security + +- name: Importing certificate generated previously + shell: "/usr/bin/rsync -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' vagrant@172.16.0.161:/usr/share/elasticsearch/{{elasticsearch_node_name}}/ /home/es_certificates/" + when: + - not node_generate_certs + - elasticsearch_xpack_security + tags: xpack-security + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 7580b547c9c67d3fc66412dc92e640a3ef2d1f76 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:50:44 +0200 Subject: [PATCH 029/559] Update playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index b94840b9..c0695c9b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -13,19 +13,21 @@ vars: instances: - - name: node1 - ip: 172.16.0.161 + - name: node-1 # Important: must be equal to node name. + ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. - - name: node2 + - name: node-2 ip: 172.16.0.162 - - name: node3 + - name: node-3 ip: 172.16.0.163 - hosts: 172.16.0.162 roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 + elasticsearch_xpack_security: true + elasticsearch_node_name: node-2 elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 @@ -35,8 +37,9 @@ roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 + elasticsearch_xpack_security: true + elasticsearch_node_name: node-3 elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 - - 172.16.0.163 - + - 172.16.0.163 \ No newline at end of file From d3170139a0df4d8fa8cbcdee1446fab197a0bb48 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 12:51:01 +0200 Subject: [PATCH 030/559] Add xpack parameters to elasticsearch.yml --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index cf2b0121..e8cefff1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate }} +node.master: "{{ elasticsearch_master_candidate }}" discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} @@ -26,5 +26,10 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -xpack.security.enabled: true +#xpack.security.enabled: false +#xpack.security.transport.ssl.enabled: true +#xpack.security.transport.ssl.verification_mode: certificate +#xpack.security.transport.ssl.key: /home/es_certificates/{{ elasticsearch_node_name }}.key +#xpack.security.transport.ssl.certificate: /home/es_certificates/{{ elasticsearch_node_name }}.crt +#xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] {% endif %} \ No newline at end of file From 19622360b16b48fdfab0d1f8c810371fe6922661 Mon Sep 17 00:00:00 2001 From: mohamed-aziz Date: Fri, 28 Jun 2019 12:51:02 +0100 Subject: [PATCH 031/559] Fix elasticsearch config bug requiring lowercase boolean value --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index e8cefff1..6ca12c6f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: "{{ elasticsearch_master_candidate }}" +node.master: "{{ elasticsearch_master_candidate|lower }}" discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 7fe831d6eeccd74abfe821b98ee5de4aa39d918e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 14:56:43 +0200 Subject: [PATCH 032/559] Remove quotes from node master option. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 6ca12c6f..e4bd4b16 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -16,7 +16,7 @@ cluster.initial_master_nodes: - {{ item }} {% endfor %} {% else %} -node.master: "{{ elasticsearch_master_candidate|lower }}" +node.master: {{ elasticsearch_master_candidate|lower }} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 868cf75ca754e28d73bf56fec626a0f7632f3d1e Mon Sep 17 00:00:00 2001 From: manuasir Date: Fri, 28 Jun 2019 15:20:06 +0200 Subject: [PATCH 033/559] Develop mode playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index c0695c9b..494d55a9 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,7 +2,7 @@ - hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.161 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: @@ -10,7 +10,6 @@ node_generate_certs: true node_name: node-1 elasticsearch_xpack_security: true - vars: instances: - name: node-1 # Important: must be equal to node name. @@ -24,7 +23,7 @@ - hosts: 172.16.0.162 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 elasticsearch_xpack_security: true elasticsearch_node_name: node-2 @@ -35,7 +34,7 @@ - hosts: 172.16.0.163 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 elasticsearch_xpack_security: true elasticsearch_node_name: node-3 From 02e4bd951bcbfff012a1618d9858d087046670df Mon Sep 17 00:00:00 2001 From: manuasir Date: Fri, 28 Jun 2019 15:20:14 +0200 Subject: [PATCH 034/559] Check if the certificates exist or not --- .../ansible-elasticsearch/tasks/main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index b67687c9..3d540fac 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -131,12 +131,21 @@ - node_generate_certs - elasticsearch_xpack_security +- name: Check that the certificates ZIP file exists + stat: + path: /usr/share/elasticsearch/certs.zip + register: xpack_certs_zip + when: + - node_generate_certs + - elasticsearch_xpack_security + - name: Generating certificates for Elasticsearch security shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" when: - node_generate_certs - instances_file_exists - elasticsearch_xpack_security + - not xpack_certs_zip tags: xpack-security # - name: Importing certificates generated previously @@ -153,13 +162,6 @@ # - elasticsearch_xpack_security # tags: xpack-security -- name: Importing certificate generated previously - shell: "/usr/bin/rsync -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' vagrant@172.16.0.161:/usr/share/elasticsearch/{{elasticsearch_node_name}}/ /home/es_certificates/" - when: - - not node_generate_certs - - elasticsearch_xpack_security - tags: xpack-security - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 3a5f06e0adb31e275306c733250b999f2f5ef460 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:13:49 +0200 Subject: [PATCH 035/559] Rename node_generate_certs to node_certs_generator --- playbooks/wazuh-elastic_stack-distributed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 494d55a9..4057096e 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -7,7 +7,7 @@ elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - 172.16.0.161 - node_generate_certs: true + node_certs_generator: true node_name: node-1 elasticsearch_xpack_security: true vars: From 1d718f55d32cbd9956067c22245e14ec3ee03f64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:01 +0200 Subject: [PATCH 036/559] Add default variables for Xpack and Rsync --- .../ansible-elasticsearch/defaults/main.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 95dd2737..9578895a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -12,5 +12,20 @@ elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 + +# X-Pack Security elasticsearch_xpack_security: false -node_generate_certs: false \ No newline at end of file +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/elasticsearch/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + + + + + From 40b6979a29533af53c630f4d0ec4782b8dad7744 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:36 +0200 Subject: [PATCH 037/559] Reorganized main.yml. Acded task to copy certs locally. --- .../ansible-elasticsearch/tasks/main.yml | 121 ++++++++++-------- 1 file changed, 68 insertions(+), 53 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 3d540fac..c0abc731 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -69,6 +69,70 @@ tags: configure # fix in new PR (ignore_errors) + +- name: Check that the instances.yml file exists + stat: + path: "{{node_certs_source}}/instances.yml" + register: instances_file_exists + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Write the instances.yml file in the selected node + template: + src: instances.yml.j2 + dest: "{{node_certs_source}}/instances.yml" + tags: + - config + - xpack-security + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Check that the certificates ZIP file exists + stat: + path: "{{node_certs_source}}/certs.zip" + register: xpack_certs_zip + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Generating certificates for Elasticsearch security + shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" + when: + - node_certs_generator + - instances_file_exists.stat.exists + - elasticsearch_xpack_security + - not xpack_certs_zip.stat.exists + tags: xpack-security + +- name: Unzip generated certs.zip + unarchive: + src: "{{node_certs_source}}/certs.zip" + dest: "{{node_certs_source}}" + remote_src: yes + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Copy local certificate for generator node + synchronize: + src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Importing certificate generated previously + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -112,58 +176,9 @@ - wazuh_alerts_template_exits.status != 200 tags: init -- name: Check that the instances.yml file exists - stat: - path: /usr/share/elasticsearch/instances.yml - register: instances_file_exists - when: - - node_generate_certs - - elasticsearch_xpack_security +# - import_tasks: "RMRedHat.yml" +# when: ansible_os_family == "RedHat" -- name: Write the instances.yml file in the selected node - template: - src: instances.yml.j2 - dest: "/usr/share/elasticsearch/instances.yml" - tags: - - config - - xpack-security - when: - - node_generate_certs - - elasticsearch_xpack_security -- name: Check that the certificates ZIP file exists - stat: - path: /usr/share/elasticsearch/certs.zip - register: xpack_certs_zip - when: - - node_generate_certs - - elasticsearch_xpack_security - -- name: Generating certificates for Elasticsearch security - shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in /usr/share/elasticsearch/instances.yml --out /usr/share/elasticsearch/certs.zip" - when: - - node_generate_certs - - instances_file_exists - - elasticsearch_xpack_security - - not xpack_certs_zip - tags: xpack-security - -# - name: Importing certificates generated previously -# synchronize: -# mode: push -# src: /usr/share/elasticsearch/certs.zip -# dest: /usr/share/elasticsearch/certs.zip -# rsync_opts: -# - "--rsync-path='sudo rsync'" -# - "-v" -# delegate_to: "{{groups['elk'][0]}}" -# when: -# - not node_generate_certs -# - elasticsearch_xpack_security -# tags: xpack-security - -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" +# - import_tasks: "RMDebian.yml" +# when: ansible_os_family == "Debian" From c27c3c16abaa29c8d4683acc2b1202c912c4f56e Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:14:48 +0200 Subject: [PATCH 038/559] Enabled xpack security fields --- .../templates/elasticsearch.yml.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index e4bd4b16..8f60c368 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -26,10 +26,10 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -#xpack.security.enabled: false -#xpack.security.transport.ssl.enabled: true -#xpack.security.transport.ssl.verification_mode: certificate -#xpack.security.transport.ssl.key: /home/es_certificates/{{ elasticsearch_node_name }}.key -#xpack.security.transport.ssl.certificate: /home/es_certificates/{{ elasticsearch_node_name }}.crt -#xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] +xpack.security.enabled: false +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +#xpack.security.transport.ssl.certificate_authorities: [ "{{node_certs_destination}}/ca.crt" ] {% endif %} \ No newline at end of file From a1e6dec7b4a445d90c7365bb78f644247aad57a9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 28 Jun 2019 18:15:00 +0200 Subject: [PATCH 039/559] Rename node_generate_certs in instances template. --- .../ansible-elasticsearch/templates/instances.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 85cb2b14..6279c380 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -2,7 +2,7 @@ # {{ ansible_managed }} # TO-DO -{% if node_generate_certs %} +{% if node_certs_generator %} instances: {% for node in instances %} - name: "{{ node.name }}" From 2525dbd2af0db4831090e4c62eb161b55891f92b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:52:25 +0200 Subject: [PATCH 040/559] Copy .key and .crt in generator node (locally) --- .../ansible-elasticsearch/tasks/main.yml | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index c0abc731..82572055 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,14 +109,14 @@ - name: Unzip generated certs.zip unarchive: src: "{{node_certs_source}}/certs.zip" - dest: "{{node_certs_source}}" + dest: "{{node_certs_source}}/" remote_src: yes when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security -- name: Copy local certificate for generator node +- name: Copy .key & .crt files in generator node synchronize: src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" dest: "{{node_certs_destination}}/" @@ -126,7 +126,17 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Importing certificate generated previously +- name: Copy ca .crt file in generator node + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Importing node .key & .crt files shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: - not node_certs_generator @@ -176,9 +186,9 @@ - wazuh_alerts_template_exits.status != 200 tags: init -# - import_tasks: "RMRedHat.yml" -# when: ansible_os_family == "RedHat" +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" -# - import_tasks: "RMDebian.yml" -# when: ansible_os_family == "Debian" +- import_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian" From 5d8286f0deb525baa29673db1c0a7e9c95578bb3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:53:19 +0200 Subject: [PATCH 041/559] Import ca certificate in remote nodes. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 82572055..d9925969 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -143,6 +143,14 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Importing node ca .crt file + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true From 54885a9e0d122bf4bc573540f83c656b77145a1c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 11:57:15 +0200 Subject: [PATCH 042/559] Remove deprecated import of wazuh template. --- .../ansible-elasticsearch/tasks/main.yml | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index d9925969..52e7babc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -172,28 +172,6 @@ - configure - init -- name: Check for Wazuh Alerts template - uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" - method: GET - status_code: 200, 404 - when: not elasticsearch_bootstrap_node or single_node - poll: 30 - register: wazuh_alerts_template_exits - tags: init - -- name: Installing Wazuh Alerts template - uri: - url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" - method: PUT - status_code: 200 - body_format: json - body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: - - wazuh_alerts_template_exits.status is defined - - wazuh_alerts_template_exits.status != 200 - tags: init - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From bd32839f27db43749bc3473a552db3b5828137fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 12:00:48 +0200 Subject: [PATCH 043/559] Add Xpack http security to elasticsearch template. --- .../templates/elasticsearch.yml.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 8f60c368..2d62f025 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -26,10 +26,16 @@ discovery.seed_hosts: # XPACK Security {% if elasticsearch_xpack_security %} -xpack.security.enabled: false +xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt -#xpack.security.transport.ssl.certificate_authorities: [ "{{node_certs_destination}}/ca.crt" ] +xpack.security.transport.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] + +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.verification_mode: certificate +xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ] {% endif %} \ No newline at end of file From db6f69cfb8dfe990500f62de987b501413594b5c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 12:31:03 +0200 Subject: [PATCH 044/559] Rename importing blocks --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 52e7babc..385b860c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -116,7 +116,7 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Copy .key & .crt files in generator node +- name: Copy key & certificate files in generator node (locally) synchronize: src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" dest: "{{node_certs_destination}}/" @@ -126,7 +126,7 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Copy ca .crt file in generator node +- name: Copy ca certificate file in generator node (locally) synchronize: src: "{{node_certs_source}}/ca/" dest: "{{node_certs_destination}}/" @@ -136,14 +136,14 @@ - elasticsearch_xpack_security tags: xpack-security -- name: Importing node .key & .crt files +- name: Importing key & certificate files from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: - not node_certs_generator - elasticsearch_xpack_security tags: xpack-security -- name: Importing node ca .crt file +- name: Importing ca certificate file from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" when: - not node_certs_generator From f6efcc017117290bc28974482acc2d332538085f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:48:46 +0200 Subject: [PATCH 045/559] Make comment about nodes name clearer --- playbooks/wazuh-elastic_stack-distributed.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 4057096e..9c0d667a 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,17 +2,18 @@ - hosts: 172.16.0.161 roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 - elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: - - 172.16.0.161 - node_certs_generator: true - node_name: node-1 - elasticsearch_xpack_security: true + - ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + node_certs_generator: true + node_name: node-1 + elasticsearch_xpack_security: true + vars: instances: - - name: node-1 # Important: must be equal to node name. + - name: node-1 # Important: must be equal to elasticsearch_node_name. ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. - name: node-2 From d78393115fd84c6f5893a13f294e89f3661dd027 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:49:38 +0200 Subject: [PATCH 046/559] Add default ' elasticsearch_xpack_security_password' variable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 9578895a..36b8aefb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -15,6 +15,8 @@ elasticsearch_discovery_nodes: # X-Pack Security elasticsearch_xpack_security: false +elasticsearch_xpack_security_password: elastic_pass + node_certs_generator: false node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch From fdb1113a193c34a1537175e6ed92924f7a9385d6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:50:06 +0200 Subject: [PATCH 047/559] Add task to configure ES bootstrap password. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 385b860c..5689394c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -150,6 +150,11 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Set elasticsearch bootstrap password + shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + when: + - node_certs_generator + - elasticsearch_xpack_security - name: Reload systemd systemd: daemon_reload=true From 6cffed9218b78721edcb0e95bce1944b0227e09e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:50:48 +0200 Subject: [PATCH 048/559] Add required default attributes XPack in Filebeat. --- roles/wazuh/ansible-filebeat/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index a00cbbb4..b01dfad7 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -10,6 +10,8 @@ filebeat_prospectors: json.keys_under_root: true json.overwrite_keys: true +filebeat_node_name: node-1 + filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" @@ -23,3 +25,10 @@ filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" + +# Xpack Security +filebeat_xpack_security: false + +elasticsearch_user: elastic +elasticsearch_password: elastic_pass +node_certs_destination: /etc/elasticsearch/certs From 3ff5a194df017f6153b3fa3c1f47f863f16a5432 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 15:51:23 +0200 Subject: [PATCH 049/559] Update Filebeat for XPack Security --- roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 8e6287ec..202af578 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -53,6 +53,15 @@ output.elasticsearch: #pipeline: geoip indices: - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' +{% if filebeat_xpack_security %} + username: {{ elasticsearch_user }} + password: {{ elasticsearch_password }} + protocol: https + ssl.certificate_authorities: + - {{node_certs_destination}}/ca.crt + ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key" +{% endif %} # Optional. Send events to Logstash instead of Elasticsearch #output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] \ No newline at end of file From ab8cdd13c63500a369f25139fe377b41f41a68a8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 16:07:10 +0200 Subject: [PATCH 050/559] Added task to remove certs file after propagation. --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5689394c..dac73d85 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -136,6 +136,13 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Remove generated certs file + shell: /bin/rm -f {{node_certs_source}}/certs.zip* + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + - name: Importing key & certificate files from generator node shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" when: @@ -153,7 +160,6 @@ - name: Set elasticsearch bootstrap password shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - - node_certs_generator - elasticsearch_xpack_security - name: Reload systemd From ddc01dcc238acf138de9839618e5434860e7e8e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:03 +0200 Subject: [PATCH 051/559] Add 'elasticsearch_xpack_security_user' to elasticsearth defaults --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 36b8aefb..df1f9ad4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -15,6 +15,7 @@ elasticsearch_discovery_nodes: # X-Pack Security elasticsearch_xpack_security: false +elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false From 2656d89933d398e577fa30d3a9675e59eb4aa333 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:26 +0200 Subject: [PATCH 052/559] Add XPack default variables for Kibana --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 298e6bd7..e0f00141 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -1,7 +1,16 @@ --- +kibana_node_name: node-1 + elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.1.1 -wazuh_version: 3.9.2 \ No newline at end of file +wazuh_version: 3.9.2 + +# Xpack Security +kibana_xpack_security: false + +kibana_user: kibana +kibana_password: elastic_pass +node_certs_destination: /etc/kibana/certs \ No newline at end of file From 2b18745cd0f32d457aa3ed8d535e40ecfa922bd4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 1 Jul 2019 18:04:40 +0200 Subject: [PATCH 053/559] Add XPack settings to Kibana template --- .../ansible-kibana/templates/kibana.yml.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index edd1b4b4..bb630933 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,11 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. +{% if kibana_xpack_security %} +elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% else %} elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% endif %} # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host @@ -98,3 +102,13 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 5000. #ops.interval: 5000 + +# Xpack Security +{% if kibana_xpack_security %} +elasticsearch.username: "{{ kibana_user }}" +elasticsearch.password: "{{ kibana_password }}" +server.ssl.enabled: true +server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" +server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] +{% endif %} \ No newline at end of file From e3cd8731f35d07a0ecfbba82dd2ff3e53fddf0e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 10:47:32 +0200 Subject: [PATCH 054/559] Fix instances and certs.zip checks and generation. --- .../ansible-elasticsearch/tasks/main.yml | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index dac73d85..5a60e6d8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -70,7 +70,19 @@ # fix in new PR (ignore_errors) -- name: Check that the instances.yml file exists +- name: Write the instances.yml file in the selected node (force = no) + template: + src: instances.yml.j2 + dest: "{{node_certs_source}}/instances.yml" + force: no + tags: + - config + - xpack-security + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Update instances.yml status after generation stat: path: "{{node_certs_source}}/instances.yml" register: instances_file_exists @@ -78,18 +90,7 @@ - node_certs_generator - elasticsearch_xpack_security -- name: Write the instances.yml file in the selected node - template: - src: instances.yml.j2 - dest: "{{node_certs_source}}/instances.yml" - tags: - - config - - xpack-security - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Check that the certificates ZIP file exists +- name: Check if the certificates ZIP file exists stat: path: "{{node_certs_source}}/certs.zip" register: xpack_certs_zip From 1ddcf3a60c7a1dfc3f6c6f77f3253bbe21a6ace9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:05:35 +0200 Subject: [PATCH 055/559] Update elastic distributed playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 64 +++++++++++++++---- 1 file changed, 53 insertions(+), 11 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 9c0d667a..c0853a11 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,14 +2,20 @@ - hosts: 172.16.0.161 roles: - - ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 - elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: - - 172.16.0.161 - node_certs_generator: true - node_name: node-1 - elasticsearch_xpack_security: true + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.161 + node_name: node-1 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + elasticsearch_discovery_nodes: + - 172.16.0.161 + - 172.16.0.162 + - 172.16.0.163 + elasticsearch_xpack_security: true + node_certs_generator: true vars: instances: @@ -26,8 +32,9 @@ roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.162 - elasticsearch_xpack_security: true elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 @@ -37,9 +44,44 @@ roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.163 - elasticsearch_xpack_security: true elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - 172.16.0.161 - 172.16.0.162 - - 172.16.0.163 \ No newline at end of file + - 172.16.0.163 + + +# - hosts: 172.16.0.162 +# roles: +# - role: ../roles/wazuh/ansible-wazuh-manager + +# - role: ../roles/wazuh/ansible-filebeat +# filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 +# filebeat_xpack_security: true +# filebeat_node_name: node-2 +# node_certs_generator: false + +# - role: ../roles/elastic-stack/ansible-elasticsearch +# elasticsearch_network_host: 172.16.0.162 +# node_name: node-2 +# elasticsearch_bootstrap_node: false +# elasticsearch_master_candidate: true +# elasticsearch_discovery_nodes: +# - 172.16.0.161 +# - 172.16.0.162 +# elasticsearch_xpack_security: true +# node_certs_generator: false + + +# - hosts: 172.16.0.163 +# roles: +# - role: ../roles/elastic-stack/ansible-kibana +# kibana_xpack_security: true +# kibana_user: elastic +# kibana_password: elastic_pass +# kibana_node_name: node-3 +# elasticsearch_network_host: 172.16.0.161 +# node_certs_generator: false + From 5787b348fe5c57bc77e658a49824af590043a557 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:07:37 +0200 Subject: [PATCH 056/559] Upgrade elasticsearch tasks. Fix permissions. --- .../ansible-elasticsearch/tasks/main.yml | 94 +++++++++++++++---- 1 file changed, 76 insertions(+), 18 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5a60e6d8..8ed1c926 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -48,16 +48,6 @@ - ansible_service_mgr != "systemd" - ansible_os_family == "RedHat" -- name: Configure Elasticsearch. - template: - src: elasticsearch.yml.j2 - dest: /etc/elasticsearch/elasticsearch.yml - owner: root - group: elasticsearch - mode: 0660 - notify: restart elasticsearch - tags: configure - - name: Configure Elasticsearch JVM memmory. template: src: jvm.options.j2 @@ -70,17 +60,29 @@ # fix in new PR (ignore_errors) +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ elasticsearch_node_name }}.crt" + register: certificate_file_exists + when: + - elasticsearch_xpack_security + - name: Write the instances.yml file in the selected node (force = no) template: src: instances.yml.j2 dest: "{{node_certs_source}}/instances.yml" force: no + register: instances_file_exists tags: - config - xpack-security when: - node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists - name: Update instances.yml status after generation stat: @@ -105,6 +107,8 @@ - instances_file_exists.stat.exists - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists + - not certificate_file_exists.stat.exists + register: certs_file_generated tags: xpack-security - name: Unzip generated certs.zip @@ -115,6 +119,8 @@ when: - node_certs_generator - elasticsearch_xpack_security + - certs_file_generated is defined + - not certificate_file_exists.stat.exists tags: xpack-security - name: Copy key & certificate files in generator node (locally) @@ -132,13 +138,7 @@ src: "{{node_certs_source}}/ca/" dest: "{{node_certs_destination}}/" delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - elasticsearch_xpack_security - tags: xpack-security - -- name: Remove generated certs file - shell: /bin/rm -f {{node_certs_source}}/certs.zip* + register: check_certs_permissions when: - node_certs_generator - elasticsearch_xpack_security @@ -149,6 +149,7 @@ when: - not node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists tags: xpack-security - name: Importing ca certificate file from generator node @@ -156,13 +157,45 @@ when: - not node_certs_generator - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions tags: xpack-security +- name: Ensuring certificates folder owner + shell: "chown -R elasticsearch: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + + +- name: Remove generated certs file + shell: /bin/rm -f {{node_certs_source}}/certs.zip* + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Configure Elasticsearch. + template: + src: elasticsearch.yml.j2 + dest: /etc/elasticsearch/elasticsearch.yml + owner: root + group: elasticsearch + mode: 0660 + notify: restart elasticsearch + tags: configure + - name: Set elasticsearch bootstrap password shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - elasticsearch_xpack_security - + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -184,6 +217,31 @@ - configure - init +- name: Check for Wazuh Alerts template (http) + uri: + url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + method: GET + status_code: 200, 404 + when: + - elasticsearch_bootstrap_node or single_node + - not elasticsearch_xpack_security + poll: 30 + register: wazuh_alerts_template_exits + tags: init + +- name: Installing Wazuh Alerts template (http) + uri: + url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" + method: PUT + status_code: 200 + body_format: json + body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" + when: + - wazuh_alerts_template_exits.status is defined + - wazuh_alerts_template_exits.status != 200 + - not elasticsearch_xpack_security + tags: init + - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 7998f034b8165fdb79172629588d76cfdcabd08b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:08:09 +0200 Subject: [PATCH 057/559] Include discovery seed hosts on boostraper node. --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 2d62f025..f851e900 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -15,6 +15,10 @@ cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} +discovery.seed_hosts: +{% for item in elasticsearch_discovery_nodes %} + - {{ item }} +{% endfor %} {% else %} node.master: {{ elasticsearch_master_candidate|lower }} discovery.seed_hosts: @@ -37,5 +41,5 @@ xpack.security.http.ssl.enabled: true xpack.security.http.ssl.verification_mode: certificate xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt -xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ] +xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] {% endif %} \ No newline at end of file From f52fb8cb9aef7d3b00c3fcb741965be4f24cf936 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:08:31 +0200 Subject: [PATCH 058/559] Add kibana default variables --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e0f00141..ae274da0 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,4 +13,13 @@ kibana_xpack_security: false kibana_user: kibana kibana_password: elastic_pass -node_certs_destination: /etc/kibana/certs \ No newline at end of file + +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/kibana/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' \ No newline at end of file From 3f6226297b5fbfb4c34c2e81e0f47384bc2112dd Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:01 +0200 Subject: [PATCH 059/559] Add copy of certificates and folder permissions fix to Kibana. --- .../ansible-kibana/tasks/main.yml | 63 +++++++++++++++++-- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43e369c8..d82d9176 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -5,11 +5,6 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Make sure Elasticsearch is running before proceeding. - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 - tags: configure - ignore_errors: true - - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -18,6 +13,64 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" + register: certificate_file_exists + when: + - kibana_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{kibana_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chown -R kibana: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + - name: Kibana configuration template: src: kibana.yml.j2 From 7924f89dc297b6e4f59592e7fd6c82796db1b0bd Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:17 +0200 Subject: [PATCH 060/559] Update filebeat default variables --- roles/wazuh/ansible-filebeat/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index b01dfad7..69220a0d 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -31,4 +31,13 @@ filebeat_xpack_security: false elasticsearch_user: elastic elasticsearch_password: elastic_pass -node_certs_destination: /etc/elasticsearch/certs + +node_certs_generator : false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/filebeat/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' From 4539f368b6c445831d1e72f54e839003cf860ccb Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:09:36 +0200 Subject: [PATCH 061/559] Add certificate imports and fix folder permissions to filebeat --- roles/wazuh/ansible-filebeat/tasks/main.yml | 54 +++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 94cd5765..23022589 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -10,8 +10,62 @@ tags: - install +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + register: certificate_file_exists + when: + - filebeat_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{filebeat_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{filebeat_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + tags: xpack-security + - import_tasks: config.yml when: filebeat_create_config + notify: restart filebeat - name: Reload systemd systemd: daemon_reload=yes From 5c8febd38431f0b031dd59218effa71c60c77869 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:11:02 +0200 Subject: [PATCH 062/559] Kibana playbook update to show an example of parameters. --- playbooks/wazuh-kibana.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index e2418200..2fc5cc1d 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,4 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.162 roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'your elasticsearch IP'} + - role: ../roles/elastic-stack/ansible-kibana + kibana_xpack_security: true + kibana_user: elastic + kibana_password: elastic_pass + kibana_node_name: node-2 + elasticsearch_network_host: 172.16.0.161 + node_certs_generator: false From 2c14392e74cb3b1b85d5c3c1a7cf69e5ea36c69d Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 2 Jul 2019 19:11:17 +0200 Subject: [PATCH 063/559] Wazuh-Manager playbook update to show an example of parameters. --- playbooks/wazuh-manager.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index d9cc667d..93fb9e9d 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,5 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'your elasticsearch IP'} + - role: ../roles/wazuh/ansible-wazuh-manager + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 + filebeat_xpack_security: true + filebeat_node_name: node-1 + node_certs_generator: true + From 72894d4a25b80d2e4be9c06a71909789dc023db1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 3 Jul 2019 14:09:46 +0200 Subject: [PATCH 064/559] Fix conditions error on ES, Kibana and Filebeat --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8ed1c926..f53fab61 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -104,7 +104,6 @@ shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" when: - node_certs_generator - - instances_file_exists.stat.exists - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists - not certificate_file_exists.stat.exists @@ -165,12 +164,14 @@ shell: "chown -R elasticsearch: {{node_certs_destination}}/" when: - check_certs_permissions is defined + - elasticsearch_xpack_security tags: xpack-security - name: Ensuring certificates folder owner shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - elasticsearch_xpack_security tags: xpack-security diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d82d9176..338eabcd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -63,12 +63,14 @@ shell: "chown -R kibana: {{node_certs_destination}}/" when: - check_certs_permissions is defined + - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - kibana_xpack_security tags: xpack-security - name: Kibana configuration diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 23022589..80d7cd61 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -61,6 +61,7 @@ shell: "chmod -R 770 {{node_certs_destination}}/" when: - check_certs_permissions is defined + - filebeat_xpack_security tags: xpack-security - import_tasks: config.yml From 70f04803c9e3e8d0f719723acd82a1b48290859a Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 4 Jul 2019 11:10:45 +0200 Subject: [PATCH 065/559] Updated playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index c0853a11..848cea4e 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -1,69 +1,69 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.161 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: node_name: node-1 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - elasticsearch_xpack_security: true node_certs_generator: true vars: instances: - name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: 172.16.0.161 # When unzipping, node will search for his node name folder to get the cert. + ip: # When unzipping, node will search for his node name folder to get the cert. - name: node-2 - ip: 172.16.0.162 + ip: - name: node-3 - ip: 172.16.0.163 + ip: -- hosts: 172.16.0.162 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.162 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: elasticsearch_node_name: node-2 elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - -- hosts: 172.16.0.163 +- hosts: roles: - - role: ../roles/elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 172.16.0.163 + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: elasticsearch_node_name: node-3 elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: - - 172.16.0.161 - - 172.16.0.162 - - 172.16.0.163 + - + - + - # - hosts: 172.16.0.162 # roles: -# - role: ../roles/wazuh/ansible-wazuh-manager +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager -# - role: ../roles/wazuh/ansible-filebeat +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat # filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false -# - role: ../roles/elastic-stack/ansible-elasticsearch +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 # node_name: node-2 # elasticsearch_bootstrap_node: false @@ -77,7 +77,7 @@ # - hosts: 172.16.0.163 # roles: -# - role: ../roles/elastic-stack/ansible-kibana +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana # kibana_xpack_security: true # kibana_user: elastic # kibana_password: elastic_pass From 6609cc9aa70ac168f6c3e1ebd2b20ca8d16aa0cd Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 4 Jul 2019 12:05:37 +0200 Subject: [PATCH 066/559] Modifying variable names --- playbooks/wazuh-elastic_stack-distributed.yml | 8 ++++---- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- .../elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 848cea4e..a422e50b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -16,11 +16,12 @@ - elasticsearch_xpack_security: true node_certs_generator: true + elasticsearch_xpack_security_password: elastic_pass vars: instances: - name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: # When unzipping, node will search for his node name folder to get the cert. + ip: # When unzipping, the node will search for its node name folder to get the cert. - name: node-2 ip: @@ -62,6 +63,7 @@ # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false +# elasticsearch_xpack_security_password: elastic_pass # - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 @@ -79,9 +81,7 @@ # roles: # - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana # kibana_xpack_security: true -# kibana_user: elastic -# kibana_password: elastic_pass # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 # node_certs_generator: false - +# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ae274da0..77da5a9c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -11,8 +11,8 @@ wazuh_version: 3.9.2 # Xpack Security kibana_xpack_security: false -kibana_user: kibana -kibana_password: elastic_pass +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false node_certs_generator_ip: 172.16.0.161 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index bb630933..76a3c2c4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -105,8 +105,8 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h # Xpack Security {% if kibana_xpack_security %} -elasticsearch.username: "{{ kibana_user }}" -elasticsearch.password: "{{ kibana_password }}" +elasticsearch.username: "{{ elasticsearch_xpack_security_user }}" +elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" server.ssl.enabled: true server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 69220a0d..cfb892bd 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -29,8 +29,8 @@ filebeat_ssl_insecure: "false" # Xpack Security filebeat_xpack_security: false -elasticsearch_user: elastic -elasticsearch_password: elastic_pass +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass node_certs_generator : false node_certs_generator_ip: 172.16.0.161 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 202af578..0a47af9d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -54,8 +54,8 @@ output.elasticsearch: indices: - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' {% if filebeat_xpack_security %} - username: {{ elasticsearch_user }} - password: {{ elasticsearch_password }} + username: {{ elasticsearch_xpack_security_user }} + password: {{ elasticsearch_xpack_security_password }} protocol: https ssl.certificate_authorities: - {{node_certs_destination}}/ca.crt From 148e94459ea28b9fcd42106fa15496c92a4a2d34 Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 5 Jul 2019 14:36:37 +0000 Subject: [PATCH 067/559] fixed testinfra error which was related to the incompatibility between ansible and molecule packages' versions --- .gitignore | 3 ++- Pipfile | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 04c7b54b..5b26bcf3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ wazuh-elastic_stack-single.yml wazuh-elastic.yml wazuh-kibana.yml wazuh-manager.yml -*.pyc \ No newline at end of file +*.pyc +Pipfile.lock diff --git a/Pipfile b/Pipfile index 2d1d13e0..4658d513 100644 --- a/Pipfile +++ b/Pipfile @@ -4,9 +4,9 @@ verify_ssl = true name = "pypi" [packages] -molecule = "*" docker-py = "*" -ansible = "*" +ansible = "==2.7.11" +molecule = "*" [dev-packages] From 4fd696bb9a4952c8cfb6768139541d1eee55fbf4 Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 8 Jul 2019 11:20:32 +0200 Subject: [PATCH 068/559] Updated tests --- Pipfile | 1 - molecule/filebeat/tests/test_default.py | 13 ------ molecule/kibana/tests/test_default.py | 7 ---- molecule/logstash/Dockerfile.j2 | 14 ------- molecule/logstash/INSTALL.rst | 22 ---------- molecule/logstash/molecule.yml | 56 ------------------------- molecule/logstash/playbook.yml | 5 --- molecule/logstash/prepare.yml | 41 ------------------ molecule/logstash/tests/test_default.py | 32 -------------- 9 files changed, 191 deletions(-) delete mode 100644 molecule/logstash/Dockerfile.j2 delete mode 100644 molecule/logstash/INSTALL.rst delete mode 100644 molecule/logstash/molecule.yml delete mode 100644 molecule/logstash/playbook.yml delete mode 100644 molecule/logstash/prepare.yml delete mode 100644 molecule/logstash/tests/test_default.py diff --git a/Pipfile b/Pipfile index 2d1d13e0..90998f2e 100644 --- a/Pipfile +++ b/Pipfile @@ -17,6 +17,5 @@ python_version = "2.7" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" -logstash ="molecule test -s logstash" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 8c4fd609..72ac55d4 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -4,16 +4,3 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_logstash_is_installed(host): - """Test if the filebeat package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - - -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - filebeat = host.service("filebeat") - assert filebeat.is_enabled - assert filebeat.is_running diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index dfcf8ad0..936f6cfc 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -6,13 +6,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - kibana = host.service("kibana") - assert kibana.is_enabled - assert kibana.is_running - - def test_port_kibana_is_open(host): """Test if the port 5601 is open and listening to connections.""" host.socket("tcp://0.0.0.0:5601").is_listening diff --git a/molecule/logstash/Dockerfile.j2 b/molecule/logstash/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/logstash/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/logstash/INSTALL.rst b/molecule/logstash/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/logstash/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml deleted file mode 100644 index 12103767..00000000 --- a/molecule/logstash/molecule.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint -platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - memory_reservation: 1024m - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - ulimits: - - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/logstash/playbook.yml b/molecule/logstash/playbook.yml deleted file mode 100644 index d077bd8e..00000000 --- a/molecule/logstash/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-logstash diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml deleted file mode 100644 index 7e5ca29d..00000000 --- a/molecule/logstash/prepare.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - pre_tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' - - roles: - - role: wazuh/ansible-wazuh-manager - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' diff --git a/molecule/logstash/tests/test_default.py b/molecule/logstash/tests/test_default.py deleted file mode 100644 index bc5fe999..00000000 --- a/molecule/logstash/tests/test_default.py +++ /dev/null @@ -1,32 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_logstash_is_installed(host): - """Test if logstash is installed with correct version.""" - logstash = host.package("logstash") - assert logstash.is_installed - - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert logstash.version.startswith('1:6.7.1') - else: - assert logstash.version.startswith('6.7.1') - - -def test_logstash_is_running(host): - """Test if the services are enabled and running.""" - logstash = host.service("logstash") - assert logstash.is_enabled - assert logstash.is_running - - -def test_find_correct_logentry(host): - """See if logstash is started and is connected to Elasticsearch.""" - logfile = host.file("/var/log/logstash/logstash-plain.log") - assert logfile.contains("Successfully started Logstash API endpoint") - assert logfile.contains("Restored connection to ES instance") From a48169d53f76794160c32c01efc6292952f1db48 Mon Sep 17 00:00:00 2001 From: rshad Date: Mon, 8 Jul 2019 09:27:01 +0000 Subject: [PATCH 069/559] modified molecule.yml for wazuh-agent and elasticsearch - Lint --- .swp | Bin 0 -> 12288 bytes molecule/elasticsearch/molecule.yml | 7 ++++++- molecule/wazuh-agent/molecule.yml | 6 +++++- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 .swp diff --git a/.swp b/.swp new file mode 100644 index 0000000000000000000000000000000000000000..3cc197e09a7cc13ae44c3cb176cce131024a3112 GIT binary patch literal 12288 zcmeI%Jqp4w6u|LU!NEz<3sl{u>LP*%aB!@nl9C`oKctO^+g`)lB(ENOSMtO*)<4F?LHd_AkYPYfxliY%d0-0 zP2I`Z??O@3fB*srAbLmC7SKmY**5I_I{1Q0*~ z0R#|eKtO4c_fX`M_u~J*djFU62J&$v0tg_000IagfB*srAbD|Z|jm{a* literal 0 HcmV?d00001 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 9897fe56..6d6e962a 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -3,8 +3,13 @@ dependency: name: galaxy driver: name: docker +#lint: +# name: yamllint lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: bionic image: solita/ubuntu-systemd:bionic @@ -48,7 +53,7 @@ provisioner: ANSIBLE_ROLES_PATH: ../../roles lint: name: ansible-lint - enabled: true + enabled: false inventory: group_vars: all: diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index f64bc114..47c0012f 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -3,8 +3,13 @@ dependency: name: galaxy driver: name: docker + #lint: + # name: yamllint lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: wazuh_server_centos7 image: milcom/centos7-systemd @@ -72,7 +77,6 @@ provisioner: ssl_agent_cert: null ssl_agent_key: null ssl_auto_negotiate: 'no' - lint: name: ansible-lint enabled: true diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 76721362..2b644bde 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -8,7 +8,7 @@ - name: Linux | Install wazuh-agent package: name=wazuh-agent state=present async: 90 - poll: 15 + poll: 30 tags: - init From 5d006cbc3a5300fb8c42c9efa4e8eb75f7100ca9 Mon Sep 17 00:00:00 2001 From: rshad Date: Tue, 9 Jul 2019 15:31:38 +0000 Subject: [PATCH 070/559] adapted wazuh-manager installation so it takes into account the package version - Differentiating between CentOS/RedHat and Debian --- .gitignore | 0 .swp | Bin .yamllint | 0 CHANGELOG.md | 0 LICENSE | 0 Pipfile | 0 README.md | 0 VERSION | 0 molecule/default/Dockerfile.j2 | 0 molecule/default/INSTALL.rst | 0 molecule/default/create.yml | 0 molecule/default/destroy.yml | 0 molecule/default/molecule.yml | 0 molecule/default/playbook.yml | 0 molecule/default/prepare.yml | 0 molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/Dockerfile.j2 | 0 molecule/elasticsearch/INSTALL.rst | 0 molecule/elasticsearch/molecule.yml | 48 +++---- molecule/elasticsearch/playbook.yml | 0 molecule/elasticsearch/tests/test_default.py | 0 .../external_packages/jdk-8u211-linux-x64.rpm | 117 ++++++++++++++++++ molecule/filebeat/Dockerfile.j2 | 0 molecule/filebeat/INSTALL.rst | 0 molecule/filebeat/molecule.yml | 0 molecule/filebeat/playbook.yml | 0 molecule/filebeat/prepare.yml | 0 molecule/filebeat/tests/test_default.py | 0 molecule/kibana/Dockerfile.j2 | 0 molecule/kibana/INSTALL.rst | 0 molecule/kibana/molecule.yml | 0 molecule/kibana/playbook.yml | 0 molecule/kibana/prepare.yml | 0 molecule/kibana/tests/test_default.py | 0 molecule/wazuh-agent/Dockerfile.j2 | 0 molecule/wazuh-agent/INSTALL.rst | 0 molecule/wazuh-agent/molecule.yml | 0 molecule/wazuh-agent/playbook.yml | 0 molecule/wazuh-agent/prepare.yml | 0 molecule/wazuh-agent/tests/test_agents.py | 0 molecule/wazuh-agent/tests/test_manager.py | 0 playbooks/wazuh-agent.yml | 0 playbooks/wazuh-elastic.yml | 0 playbooks/wazuh-elastic_stack-distributed.yml | 0 playbooks/wazuh-elastic_stack-single.yml | 0 playbooks/wazuh-kibana.yml | 0 playbooks/wazuh-manager.yml | 0 roles/ansible-galaxy/meta/main.yml | 0 .../ansible-elasticsearch/README.md | 0 .../ansible-elasticsearch/defaults/main.yml | 0 .../ansible-elasticsearch/handlers/main.yml | 0 .../ansible-elasticsearch/meta/main.yml | 0 .../ansible-elasticsearch/tasks/Debian.yml | 0 .../ansible-elasticsearch/tasks/RMDebian.yml | 0 .../ansible-elasticsearch/tasks/RMRedHat.yml | 0 .../ansible-elasticsearch/tasks/RedHat.yml | 0 .../ansible-elasticsearch/tasks/main.yml | 27 +++- .../templates/elasticsearch.yml.j2 | 0 .../templates/elasticsearch_nonsystemd.j2 | 0 .../templates/elasticsearch_systemd.conf.j2 | 0 .../templates/instances.yml.j2 | 0 .../templates/jvm.options.j2 | 0 .../wazuh-elastic6-template-alerts.json.j2 | 0 .../wazuh-elastic7-template-alerts.json.j2 | 0 roles/elastic-stack/ansible-kibana/README.md | 0 .../ansible-kibana/defaults/main.yml | 0 .../ansible-kibana/handlers/main.yml | 0 .../ansible-kibana/meta/main.yml | 0 .../ansible-kibana/tasks/Debian.yml | 0 .../ansible-kibana/tasks/RMDebian.yml | 0 .../ansible-kibana/tasks/RMRedHat.yml | 0 .../ansible-kibana/tasks/RedHat.yml | 0 .../ansible-kibana/tasks/main.yml | 0 .../ansible-kibana/templates/kibana.yml.j2 | 0 roles/wazuh/ansible-filebeat/README.md | 0 .../wazuh/ansible-filebeat/defaults/main.yml | 0 .../wazuh/ansible-filebeat/handlers/main.yml | 0 roles/wazuh/ansible-filebeat/meta/main.yml | 0 roles/wazuh/ansible-filebeat/tasks/Debian.yml | 0 .../wazuh/ansible-filebeat/tasks/RMDebian.yml | 0 .../wazuh/ansible-filebeat/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/config.yml | 0 roles/wazuh/ansible-filebeat/tasks/main.yml | 0 .../templates/elasticsearch.yml.j2 | 0 .../templates/filebeat.yml.j2 | 0 .../ansible-filebeat/tests/requirements.yml | 0 roles/wazuh/ansible-filebeat/tests/test.yml | 0 roles/wazuh/ansible-wazuh-agent/README.md | 0 .../ansible-wazuh-agent/defaults/main.yml | 0 .../ansible-wazuh-agent/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-agent/meta/main.yml | 0 .../ansible-wazuh-agent/tasks/Debian.yml | 0 .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 0 .../ansible-wazuh-agent/tasks/RMDebian.yml | 0 .../ansible-wazuh-agent/tasks/RMRedHat.yml | 0 .../ansible-wazuh-agent/tasks/RedHat.yml | 0 .../ansible-wazuh-agent/tasks/Windows.yml | 0 .../wazuh/ansible-wazuh-agent/tasks/main.yml | 0 ...r-ossec-etc-local-internal-options.conf.j2 | 0 .../var-ossec-etc-ossec-agent.conf.j2 | 0 .../ansible-wazuh-agent/vars/api_pass.yml | 0 .../ansible-wazuh-agent/vars/authd_pass.yml | 0 roles/wazuh/ansible-wazuh-manager/README.md | 0 .../ansible-wazuh-manager/defaults/main.yml | 2 + .../decoders/sample_custom_decoders.xml | 0 .../rules/sample_custom_rules.xml | 0 .../ansible-wazuh-manager/handlers/main.yml | 0 .../wazuh/ansible-wazuh-manager/meta/main.yml | 0 .../ansible-wazuh-manager/tasks/Debian.yml | 0 .../ansible-wazuh-manager/tasks/RMDebian.yml | 0 .../ansible-wazuh-manager/tasks/RMRedHat.yml | 0 .../ansible-wazuh-manager/tasks/RedHat.yml | 0 .../ansible-wazuh-manager/tasks/main.yml | 29 ++++- .../templates/agentless.j2 | 0 .../templates/api_user.j2 | 0 .../templates/authd_pass.j2 | 0 .../templates/cdb_lists.j2 | 0 .../var-ossec-api-configuration-config.js.j2 | 0 ...r-ossec-etc-local-internal-options.conf.j2 | 0 .../var-ossec-etc-ossec-server.conf.j2 | 0 .../var-ossec-etc-shared-agent.conf.j2 | 0 .../var-ossec-rules-local_decoder.xml.j2 | 0 .../var-ossec-rules-local_rules.xml.j2 | 0 .../vars/agentless_creds.yml | 0 .../ansible-wazuh-manager/vars/authd_pass.yml | 0 .../ansible-wazuh-manager/vars/cdb_lists.yml | 0 .../vars/wazuh_api_creds.yml | 0 128 files changed, 194 insertions(+), 31 deletions(-) mode change 100644 => 100755 .gitignore mode change 100644 => 100755 .swp mode change 100644 => 100755 .yamllint mode change 100644 => 100755 CHANGELOG.md mode change 100644 => 100755 LICENSE mode change 100644 => 100755 Pipfile mode change 100644 => 100755 README.md mode change 100644 => 100755 VERSION mode change 100644 => 100755 molecule/default/Dockerfile.j2 mode change 100644 => 100755 molecule/default/INSTALL.rst mode change 100644 => 100755 molecule/default/create.yml mode change 100644 => 100755 molecule/default/destroy.yml mode change 100644 => 100755 molecule/default/molecule.yml mode change 100644 => 100755 molecule/default/playbook.yml mode change 100644 => 100755 molecule/default/prepare.yml mode change 100644 => 100755 molecule/default/tests/test_default.py mode change 100644 => 100755 molecule/elasticsearch/Dockerfile.j2 mode change 100644 => 100755 molecule/elasticsearch/INSTALL.rst mode change 100644 => 100755 molecule/elasticsearch/molecule.yml mode change 100644 => 100755 molecule/elasticsearch/playbook.yml mode change 100644 => 100755 molecule/elasticsearch/tests/test_default.py create mode 100755 molecule/external_packages/jdk-8u211-linux-x64.rpm mode change 100644 => 100755 molecule/filebeat/Dockerfile.j2 mode change 100644 => 100755 molecule/filebeat/INSTALL.rst mode change 100644 => 100755 molecule/filebeat/molecule.yml mode change 100644 => 100755 molecule/filebeat/playbook.yml mode change 100644 => 100755 molecule/filebeat/prepare.yml mode change 100644 => 100755 molecule/filebeat/tests/test_default.py mode change 100644 => 100755 molecule/kibana/Dockerfile.j2 mode change 100644 => 100755 molecule/kibana/INSTALL.rst mode change 100644 => 100755 molecule/kibana/molecule.yml mode change 100644 => 100755 molecule/kibana/playbook.yml mode change 100644 => 100755 molecule/kibana/prepare.yml mode change 100644 => 100755 molecule/kibana/tests/test_default.py mode change 100644 => 100755 molecule/wazuh-agent/Dockerfile.j2 mode change 100644 => 100755 molecule/wazuh-agent/INSTALL.rst mode change 100644 => 100755 molecule/wazuh-agent/molecule.yml mode change 100644 => 100755 molecule/wazuh-agent/playbook.yml mode change 100644 => 100755 molecule/wazuh-agent/prepare.yml mode change 100644 => 100755 molecule/wazuh-agent/tests/test_agents.py mode change 100644 => 100755 molecule/wazuh-agent/tests/test_manager.py mode change 100644 => 100755 playbooks/wazuh-agent.yml mode change 100644 => 100755 playbooks/wazuh-elastic.yml mode change 100644 => 100755 playbooks/wazuh-elastic_stack-distributed.yml mode change 100644 => 100755 playbooks/wazuh-elastic_stack-single.yml mode change 100644 => 100755 playbooks/wazuh-kibana.yml mode change 100644 => 100755 playbooks/wazuh-manager.yml mode change 100644 => 100755 roles/ansible-galaxy/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/README.md mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/defaults/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/handlers/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/README.md mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/defaults/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/handlers/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/meta/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/Debian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/tasks/main.yml mode change 100644 => 100755 roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/README.md mode change 100644 => 100755 roles/wazuh/ansible-filebeat/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/config.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tests/requirements.yml mode change 100644 => 100755 roles/wazuh/ansible-filebeat/tests/test.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/README.md mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/README.md mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/defaults/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/handlers/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/meta/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/tasks/main.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml mode change 100644 => 100755 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/.swp b/.swp old mode 100644 new mode 100755 diff --git a/.yamllint b/.yamllint old mode 100644 new mode 100755 diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/Pipfile b/Pipfile old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/VERSION b/VERSION old mode 100644 new mode 100755 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/default/create.yml b/molecule/default/create.yml old mode 100644 new mode 100755 diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml old mode 100644 new mode 100755 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py old mode 100644 new mode 100755 index 16a32b85..4e6e25d6 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.2" + return "3.9.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml old mode 100644 new mode 100755 index 6d6e962a..585614b2 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -11,36 +11,36 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 + # - name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + # privileged: true + # memory_reservation: 1024m + # - name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 1024m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #memory_reservation: 1024m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true memory_reservation: 1024m ulimits: - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: + # - name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 1024m + # privileged: true + # ulimits: - nofile:262144:262144 provisioner: name: ansible diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm new file mode 100755 index 00000000..f0fccd61 --- /dev/null +++ b/molecule/external_packages/jdk-8u211-linux-x64.rpm @@ -0,0 +1,117 @@ + + +Unauthorized Request + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Sorry!

In order to download products from Oracle Technology + Network you must agree to the OTN license terms.
Be sure that...
+ Your browser has "cookies" and JavaScript enabled.
+ You clicked on "Accept License" for the product you wish to download.
+ You attempt the download within 30 minutes of accepting the license.
From here you can go...
+ + + + + + + + + + + + + +
Back to Previous Page
Site Map
OTN Homepage
+ +
+ +
+ + + diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py old mode 100644 new mode 100755 diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml old mode 100644 new mode 100755 diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml old mode 100644 new mode 100755 diff --git a/roles/ansible-galaxy/meta/main.yml b/roles/ansible-galaxy/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml b/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/meta/main.yml b/roles/elastic-stack/ansible-elasticsearch/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml old mode 100644 new mode 100755 index 776f8b36..5ca11b67 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -197,7 +197,7 @@ when: - elasticsearch_xpack_security -- name: Reload systemd +- name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd systemd: daemon_reload=true ignore_errors: true when: @@ -205,12 +205,37 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) +- name: Get Java version + shell: java -version |& awk -F'"' '{print $2}' + register: java_version + +- debug: msg="{{ java_version.stdout_lines }}" + +- name: "Install Java Repo for Trusty" + yum_repository: repo='ppa:openjdk-r/ppa' + when: + - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 + +- name: Distribution is centos 6.* | Enable Elasticsearch + service: name=elasticsearch enabled=yes + +- name: Distribution is centos 6.* | Reload Elasticsearch + service: name=elasticsearch state=reloaded + +- name: Distribution is centos 6.* | Start Elasticsearch + service: name=elasticsearch state=started - name: Ensure Elasticsearch started and enabled service: name: elasticsearch enabled: true state: started + # ignore_errors: true + # when: + # - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") + # - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) + # - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) + # - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Make sure Elasticsearch is running before proceeding wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/handlers/main.yml b/roles/elastic-stack/ansible-kibana/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/meta/main.yml b/roles/elastic-stack/ansible-kibana/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/handlers/main.yml b/roles/wazuh/ansible-filebeat/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/meta/main.yml b/roles/wazuh/ansible-filebeat/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/meta/main.yml b/roles/wazuh/ansible-wazuh-agent/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml old mode 100644 new mode 100755 index 8cf7ef58..ffa9bef2 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,4 +1,6 @@ --- +wazuh_manager_api_version: 3.9.0 + wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/meta/main.yml b/roles/wazuh/ansible-wazuh-manager/meta/main.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml old mode 100644 new mode 100755 index 2715bba0..7064ba41 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,19 +5,38 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Install wazuh-manager, wazuh-api and expect - package: pkg={{ item }} state={{ wazuh_manager_package_state }} +- name: CentOS/RedHat | Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager - wazuh-api - - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - ansible_distribution in ['CentOS','RedHat'] tags: - init +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api and expect + apt: + name: "{{ item }}={{ wazuh_manager_api_version }}-1" + state: present + cache_valid_time: 3600 + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - not (ansible_distribution in ['CentOS','RedHat']) + tags: init + +- name: Install expect + package: pkg=expect state={{ wazuh_manager_package_state }} + when: + - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + tags: init + - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager @@ -30,7 +49,7 @@ - name: Install wazuh-manager and expect (EL5) package: pkg={{ item }} state={{ wazuh_manager_package_state }} with_items: - - wazuh-manager + - wazuh-manager-{{ wazuh_manager_api_version }} - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded diff --git a/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 b/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 b/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml old mode 100644 new mode 100755 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml old mode 100644 new mode 100755 From 873e9759ae0b250a1a19d415dd26e7f1d1bb700d Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 12 Jul 2019 13:06:02 +0000 Subject: [PATCH 071/559] Versioning and Ansible-Linting fixes are introduced to wazuh-agent and filebeat installations and testings --- molecule/filebeat/molecule.yml | 3 ++ molecule/filebeat/tests/test_default.py | 7 +++ molecule/wazuh-agent/tests/test_agents.py | 5 ++ .../wazuh/ansible-filebeat/defaults/main.yml | 2 + roles/wazuh/ansible-filebeat/tasks/main.yml | 50 +++++++++++++------ .../ansible-wazuh-agent/defaults/main.yml | 5 +- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++- .../ansible-wazuh-manager/tasks/main.yml | 4 +- 8 files changed, 72 insertions(+), 20 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 4f0bffb6..e456c4ae 100755 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -5,6 +5,9 @@ driver: name: docker lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: trusty image: ubuntu:trusty diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 72ac55d4..a959e48b 100755 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -4,3 +4,10 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.1.1') diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 5867dc2f..657cc9ee 100755 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -7,6 +7,11 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent') +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.0" + + def test_ossec_package_installed(Package): ossec = Package('wazuh-agent') assert ossec.is_installed diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index cfb892bd..541c0214 100755 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,4 +1,6 @@ --- +filebeat_version: 7.1.1 + filebeat_create_config: true filebeat_prospectors: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 2dfa3ecd..7bafcc79 100755 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -5,26 +5,40 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Install Filebeat. - package: name=filebeat state=present +- name: CentOS/RedHat | Install Filebeat. + package: name=filebeat-{{ filebeat_version }} state=present register: filebeat_installing_package until: filebeat_installing_package is succeeded + when: + - ansible_distribution in ['CentOS','RedHat'] tags: - install +- name: Debian/Ubuntu | Install Filebeat. + apt: + name: filebeat={{ filebeat_version }} + state: present + cache_valid_time: 3600 + register: filebeat_installing_package_debian + until: filebeat_installing_package_debian is succeeded + when: + - not (ansible_distribution in ['CentOS','RedHat']) + tags: + - init + - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ filebeat_node_name }}.crt" register: certificate_file_exists when: - filebeat_xpack_security - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{filebeat_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ filebeat_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists @@ -32,26 +46,30 @@ - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists register: check_certs_permissions tags: xpack-security - + - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{filebeat_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ filebeat_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - filebeat_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - filebeat_xpack_security @@ -60,7 +78,11 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes + when: - check_certs_permissions is defined - filebeat_xpack_security diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e95707e6..ded6d5b9 100755 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,4 +1,5 @@ --- +wazuh_agent_version: 3.9.0 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -23,10 +24,10 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.2' + version: '3.9.3' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 43936e7bc7eb51bd186f47dac4a6f477 + md5: c3fdbd6c121ca371b8abcd477ed4e8a4 wazuh_agent_config: active_response: ar_disabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 2b644bde..faa28b57 100755 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -5,10 +5,22 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Linux | Install wazuh-agent - package: name=wazuh-agent state=present +- name: Linux CentOS/RedHat | Install wazuh-agent + package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present async: 90 poll: 30 + when: + - ansible_distribution in ['CentOS','RedHat'] + tags: + - init + +- name: Linux Debian | Install wazuh-agent + apt: + name: "wazuh-agent={{ wazuh_agent_version }}-1" + state: present + cache_valid_time: 3600 + when: + - not (ansible_distribution in ['CentOS','RedHat']) tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 7064ba41..30e5ec87 100755 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,7 +5,7 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat | Install wazuh-manager, wazuh-api and expect +- name: CentOS/RedHat | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager @@ -17,7 +17,7 @@ tags: - init -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api and expect +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: name: "{{ item }}={{ wazuh_manager_api_version }}-1" state: present From d08b013224db9041b141a92c5880f62736019dee Mon Sep 17 00:00:00 2001 From: rshad Date: Fri, 12 Jul 2019 14:24:31 +0000 Subject: [PATCH 072/559] Kibana test is probably fixed, saving changes ... --- molecule/kibana/molecule.yml | 3 ++ molecule/kibana/tests/test_default.py | 2 +- .../ansible-kibana/tasks/main.yml | 40 ++++++++++++------- 3 files changed, 30 insertions(+), 15 deletions(-) diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index a1e0e3f9..c1191c07 100755 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -5,6 +5,9 @@ driver: name: docker lint: name: yamllint + options: + config-data: + ignore: .virtualenv platforms: - name: bionic image: solita/ubuntu-systemd:bionic diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index 936f6cfc..f510aed9 100755 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("6.7.1") + assert kibana.contains("7.1.1") def test_wazuh_plugin_installed(host): diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43dfd57e..4e12b1b2 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -16,17 +16,17 @@ - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ kibana_node_name }}.crt" register: certificate_file_exists when: - - kibana_xpack_security + - kibana_xpack_security - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{kibana_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ kibana_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists @@ -34,25 +34,29 @@ - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security - + - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ kibana_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - kibana_xpack_security @@ -61,14 +65,22 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chown -R kibana: {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + state: directory + recurse: yes + owner: kibana + group: kibana when: - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes when: - check_certs_permissions is defined - kibana_xpack_security From df428f5f52632bb3cf0d7163f2c05346cefae95d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 15 Jul 2019 14:04:13 +0200 Subject: [PATCH 073/559] fixed elasticsearch installation for Centos 6.* - Adding Java Installation --- molecule/elasticsearch/molecule.yml | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- .../ansible-elasticsearch/tasks/RedHat.yml | 5 ++++ .../ansible-elasticsearch/tasks/main.yml | 24 +++++++++++-------- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 585614b2..a7e3c26f 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -41,7 +41,7 @@ platforms: # memory_reservation: 1024m # privileged: true # ulimits: - - nofile:262144:262144 + # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 8b453255..34fce3b3 100755 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('6.7.1') + assert elasticsearch.version.startswith('7.1.1') def test_elasticsearch_is_running(host): diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 16366dfc..fbefe51e 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,6 +9,11 @@ gpgcheck: true changed_when: false +- name: CentOS x.x => x.x < 7.0 | Installing Java + yum: + name: java-1.8.0-openjdk.x86_64 + state: present + - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 5ca11b67..c29dc760 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -205,22 +205,26 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Get Java version - shell: java -version |& awk -F'"' '{print $2}' - register: java_version -- debug: msg="{{ java_version.stdout_lines }}" +#- name: Get Java version +# shell: java -version |& awk -F'"' '{print $2}' +# register: java_version +# ignore_errors: true -- name: "Install Java Repo for Trusty" - yum_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 +# - debug: msg="{{ java_version.stdout_lines }}" + +#- name: "Install Java Repo for Trusty" +# yum_repository: repo='ppa:openjdk-r/ppa' +# when: +# - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - name: Distribution is centos 6.* | Enable Elasticsearch service: name=elasticsearch enabled=yes -- name: Distribution is centos 6.* | Reload Elasticsearch - service: name=elasticsearch state=reloaded + +#- name: Distribution is centos 6.* | Reload Elasticsearch +# service: name=elasticsearch state=reloaded +# state: "{{ elasticsearch_state | default('reloaded') }}" - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started From 9605280db076ac48c4cac13c731aaa2193f64121 Mon Sep 17 00:00:00 2001 From: Michael Both Date: Mon, 15 Jul 2019 14:32:19 +0200 Subject: [PATCH 074/559] Use tcp for all connections --- playbooks/wazuh-agent.yml | 2 +- roles/wazuh/ansible-wazuh-agent/README.md | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 8c7eaa69..bd85a3a6 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: ansible diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md index 703c247b..9709d9b3 100644 --- a/roles/wazuh/ansible-wazuh-agent/README.md +++ b/roles/wazuh/ansible-wazuh-agent/README.md @@ -32,7 +32,7 @@ The following is an example of how this role can be used: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: udp + protocol: tcp api_port: 55000 api_proto: 'http' api_user: 'ansible' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8cf7ef58..6550cfa8 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -40,7 +40,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'udp' + protocol: 'tcp' queue_size: 131072 authd: enable: true From eb70809add79d1159db57f587dbad7a5c837c616 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 15 Jul 2019 17:06:13 +0200 Subject: [PATCH 075/559] fixed Elasticsearch installation's issues caused by the absense of Java in Ubuntu Trusty --- molecule/elasticsearch/molecule.yml | 16 ++++----- .../ansible-elasticsearch/tasks/Debian.yml | 36 +++++++++++++++++++ .../ansible-elasticsearch/tasks/RedHat.yml | 2 ++ .../ansible-elasticsearch/tasks/main.yml | 23 ------------ 4 files changed, 46 insertions(+), 31 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index a7e3c26f..fbb06add 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -25,17 +25,17 @@ platforms: # command: /sbin/init # ulimits: # - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #memory_reservation: 1024m - #ulimits: - #- nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true + - name: trusty + image: ubuntu:trusty memory_reservation: 1024m ulimits: - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 # - name: centos7 # image: milcom/centos7-systemd # memory_reservation: 1024m diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 1555f443..17b968cc 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -14,6 +14,42 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 +- name: Update and upgrade apt packages + become: true + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + +- name: Install Oracle Java 8 + become: yes + apt: name=openjdk-8-jdk state=latest + + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + +- name: Set the default Java version + become: yes + shell: update-alternatives --config java + +- name: Set the default Javac version + become: yes + shell: update-alternatives --config javac + +- name: Update and upgrade apt packages + become: true + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index fbefe51e..81176ee0 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -13,6 +13,8 @@ yum: name: java-1.8.0-openjdk.x86_64 state: present + when: + - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index c29dc760..56a3157b 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -206,26 +206,9 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -#- name: Get Java version -# shell: java -version |& awk -F'"' '{print $2}' -# register: java_version -# ignore_errors: true - -# - debug: msg="{{ java_version.stdout_lines }}" - -#- name: "Install Java Repo for Trusty" -# yum_repository: repo='ppa:openjdk-r/ppa' -# when: -# - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: Distribution is centos 6.* | Enable Elasticsearch service: name=elasticsearch enabled=yes - -#- name: Distribution is centos 6.* | Reload Elasticsearch -# service: name=elasticsearch state=reloaded -# state: "{{ elasticsearch_state | default('reloaded') }}" - - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started @@ -234,12 +217,6 @@ name: elasticsearch enabled: true state: started - # ignore_errors: true - # when: - # - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - # - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - # - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - # - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - name: Make sure Elasticsearch is running before proceeding wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 From fc38d565d9d9e6839dbe1ad6f3b641a8865534f3 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 16 Jul 2019 12:29:07 +0200 Subject: [PATCH 076/559] fixed Elasticsearch installation's issues related to Idempotence test - Test passed successfully --- molecule/elasticsearch/molecule.yml | 46 +++++++++---------- .../ansible-elasticsearch/tasks/Debian.yml | 20 +++++--- .../ansible-elasticsearch/tasks/main.yml | 1 - 3 files changed, 36 insertions(+), 31 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index fbb06add..6860b0f3 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -3,45 +3,43 @@ dependency: name: galaxy driver: name: docker -#lint: -# name: yamllint lint: name: yamllint options: config-data: ignore: .virtualenv platforms: - # - name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - # privileged: true - # memory_reservation: 1024m - # - name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 1024m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 +# - name: bionic +# image: solita/ubuntu-systemd:bionic +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 +# privileged: true +# memory_reservation: 2048m +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 2048m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 - name: trusty image: ubuntu:trusty - memory_reservation: 1024m + memory_reservation: 2048m ulimits: - nofile:262144:262144 # - name: centos6 # image: centos:6 # privileged: true -# memory_reservation: 1024m +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 2048m +# privileged: true # ulimits: # - nofile:262144:262144 - # - name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 1024m - # privileged: true - # ulimits: - # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 17b968cc..642e2ee9 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,13 +32,19 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Set the default Java version - become: yes - shell: update-alternatives --config java +#- name: Set the default Java version +# become: yes +# shell: update-alternatives --config java +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14# -- name: Set the default Javac version - become: yes - shell: update-alternatives --config javac +#- name: Set the default Javac version +# become: yes +# shell: update-alternatives --config javac +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14 - name: Update and upgrade apt packages become: true @@ -55,12 +61,14 @@ url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" state: present + - name: Debian/Ubuntu | Install Elastic repo apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present filename: 'elastic_repo' update_cache: true + changed_when: false - name: Debian/Ubuntu | Install Elasticsarch apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 56a3157b..2d446798 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -253,6 +253,5 @@ - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" - - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From 687797a66cd7d7aff3a3b36916182f1950a25453 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 16 Jul 2019 17:23:09 +0200 Subject: [PATCH 077/559] ignored Ubuntu Trusty in Testing --- molecule/elasticsearch/molecule.yml | 57 ++++++++++--------- molecule/kibana/molecule.yml | 10 ++-- .../ansible-elasticsearch/tasks/Debian.yml | 14 ----- .../ansible-elasticsearch/tasks/main.yml | 23 ++++++++ 4 files changed, 57 insertions(+), 47 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 6860b0f3..20d68047 100755 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,37 +9,38 @@ lint: config-data: ignore: .virtualenv platforms: -# - name: bionic -# image: solita/ubuntu-systemd:bionic -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 -# privileged: true -# memory_reservation: 2048m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 + - name: centos6 + image: centos:6 + privileged: true memory_reservation: 2048m ulimits: - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index c1191c07..2017a6bd 100755 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -23,11 +23,11 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - - name: trusty - image: ubuntu:trusty - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 642e2ee9..f6c0e6cc 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,20 +32,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -#- name: Set the default Java version -# become: yes -# shell: update-alternatives --config java -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14# - -#- name: Set the default Javac version -# become: yes -# shell: update-alternatives --config javac -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 2d446798..9678f8cb 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -197,6 +197,28 @@ when: - elasticsearch_xpack_security +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf + lineinfile: + path: /etc/security/limits.conf + line: elasticsearch - memlock unlimited + create: yes + become: yes + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + changed_when: false + +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf + lineinfile: + path: /etc/security/limits.d/elasticsearch.conf + line: elasticsearch - memlock unlimited + create: yes + become: yes + changed_when: false + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -211,6 +233,7 @@ - name: Distribution is centos 6.* | Start Elasticsearch service: name=elasticsearch state=started + ignore_errors: true - name: Ensure Elasticsearch started and enabled service: From f30f620350b8a25d5fb4a347fa985b50189098c9 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:09:12 +0200 Subject: [PATCH 078/559] disabled core.filemode in git --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af79a017..f8e65905 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.9.2 +- Update to Wazuh v3.9.2 - Support for Elastic 7 - Ability to deploy an Elasticsearch cluster [#6b95e3](https://github.com/wazuh/wazuh-ansible/commit/6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c) From 2150d71a60ffb7f5ab7651311ed729df7b7bca69 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:21:19 +0200 Subject: [PATCH 079/559] changing permissions --- .gitignore | 0 .swp | Bin .yamllint | 0 CHANGELOG.md | 0 LICENSE | 0 Pipfile | 0 README.md | 0 VERSION | 0 molecule/default/Dockerfile.j2 | 0 molecule/default/INSTALL.rst | 0 molecule/default/create.yml | 0 molecule/default/destroy.yml | 0 molecule/default/molecule.yml | 0 molecule/default/playbook.yml | 0 molecule/default/prepare.yml | 0 molecule/default/tests/test_default.py | 0 molecule/elasticsearch/Dockerfile.j2 | 0 molecule/elasticsearch/INSTALL.rst | 0 molecule/elasticsearch/molecule.yml | 0 molecule/elasticsearch/playbook.yml | 0 molecule/elasticsearch/tests/test_default.py | 0 molecule/external_packages/jdk-8u211-linux-x64.rpm | 0 molecule/filebeat/Dockerfile.j2 | 0 molecule/filebeat/INSTALL.rst | 0 molecule/filebeat/molecule.yml | 0 molecule/filebeat/playbook.yml | 0 molecule/filebeat/prepare.yml | 0 molecule/filebeat/tests/test_default.py | 0 molecule/kibana/Dockerfile.j2 | 0 molecule/kibana/INSTALL.rst | 0 molecule/kibana/molecule.yml | 0 molecule/kibana/playbook.yml | 0 molecule/kibana/prepare.yml | 0 molecule/kibana/tests/test_default.py | 0 molecule/wazuh-agent/Dockerfile.j2 | 0 molecule/wazuh-agent/INSTALL.rst | 0 molecule/wazuh-agent/molecule.yml | 0 molecule/wazuh-agent/playbook.yml | 0 molecule/wazuh-agent/prepare.yml | 0 molecule/wazuh-agent/tests/test_agents.py | 0 molecule/wazuh-agent/tests/test_manager.py | 0 playbooks/wazuh-agent.yml | 0 playbooks/wazuh-elastic.yml | 0 playbooks/wazuh-elastic_stack-distributed.yml | 0 playbooks/wazuh-elastic_stack-single.yml | 0 playbooks/wazuh-kibana.yml | 0 playbooks/wazuh-manager.yml | 0 roles/ansible-galaxy/meta/main.yml | 0 roles/elastic-stack/ansible-elasticsearch/README.md | 0 .../ansible-elasticsearch/defaults/main.yml | 0 .../ansible-elasticsearch/handlers/main.yml | 0 .../ansible-elasticsearch/meta/main.yml | 0 .../ansible-elasticsearch/tasks/Debian.yml | 0 .../ansible-elasticsearch/tasks/RMDebian.yml | 0 .../ansible-elasticsearch/tasks/RMRedHat.yml | 0 .../ansible-elasticsearch/tasks/RedHat.yml | 0 .../ansible-elasticsearch/tasks/main.yml | 0 .../templates/elasticsearch.yml.j2 | 0 .../templates/elasticsearch_nonsystemd.j2 | 0 .../templates/elasticsearch_systemd.conf.j2 | 0 .../templates/instances.yml.j2 | 0 .../ansible-elasticsearch/templates/jvm.options.j2 | 0 .../wazuh-elastic6-template-alerts.json.j2 | 0 .../wazuh-elastic7-template-alerts.json.j2 | 0 roles/elastic-stack/ansible-kibana/README.md | 0 .../elastic-stack/ansible-kibana/defaults/main.yml | 0 .../elastic-stack/ansible-kibana/handlers/main.yml | 0 roles/elastic-stack/ansible-kibana/meta/main.yml | 0 roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 0 .../elastic-stack/ansible-kibana/tasks/RMDebian.yml | 0 .../elastic-stack/ansible-kibana/tasks/RMRedHat.yml | 0 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 0 roles/elastic-stack/ansible-kibana/tasks/main.yml | 0 .../ansible-kibana/templates/kibana.yml.j2 | 0 roles/wazuh/ansible-filebeat/README.md | 0 roles/wazuh/ansible-filebeat/defaults/main.yml | 0 roles/wazuh/ansible-filebeat/handlers/main.yml | 0 roles/wazuh/ansible-filebeat/meta/main.yml | 0 roles/wazuh/ansible-filebeat/tasks/Debian.yml | 0 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml | 0 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 0 roles/wazuh/ansible-filebeat/tasks/config.yml | 0 roles/wazuh/ansible-filebeat/tasks/main.yml | 0 .../ansible-filebeat/templates/elasticsearch.yml.j2 | 0 .../ansible-filebeat/templates/filebeat.yml.j2 | 0 roles/wazuh/ansible-filebeat/tests/requirements.yml | 0 roles/wazuh/ansible-filebeat/tests/test.yml | 0 roles/wazuh/ansible-wazuh-agent/README.md | 0 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 0 roles/wazuh/ansible-wazuh-agent/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-agent/meta/main.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 0 roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 0 .../var-ossec-etc-local-internal-options.conf.j2 | 0 .../templates/var-ossec-etc-ossec-agent.conf.j2 | 0 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml | 0 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml | 0 roles/wazuh/ansible-wazuh-manager/README.md | 0 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 0 .../decoders/sample_custom_decoders.xml | 0 .../custom_ruleset/rules/sample_custom_rules.xml | 0 roles/wazuh/ansible-wazuh-manager/handlers/main.yml | 0 roles/wazuh/ansible-wazuh-manager/meta/main.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 0 .../wazuh/ansible-wazuh-manager/tasks/RMDebian.yml | 0 .../wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 0 roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 0 .../ansible-wazuh-manager/templates/agentless.j2 | 0 .../ansible-wazuh-manager/templates/api_user.j2 | 0 .../ansible-wazuh-manager/templates/authd_pass.j2 | 0 .../ansible-wazuh-manager/templates/cdb_lists.j2 | 0 .../var-ossec-api-configuration-config.js.j2 | 0 .../var-ossec-etc-local-internal-options.conf.j2 | 0 .../templates/var-ossec-etc-ossec-server.conf.j2 | 0 .../templates/var-ossec-etc-shared-agent.conf.j2 | 0 .../templates/var-ossec-rules-local_decoder.xml.j2 | 0 .../templates/var-ossec-rules-local_rules.xml.j2 | 0 .../ansible-wazuh-manager/vars/agentless_creds.yml | 0 .../wazuh/ansible-wazuh-manager/vars/authd_pass.yml | 0 .../wazuh/ansible-wazuh-manager/vars/cdb_lists.yml | 0 .../ansible-wazuh-manager/vars/wazuh_api_creds.yml | 0 128 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 .gitignore mode change 100755 => 100644 .swp mode change 100755 => 100644 .yamllint mode change 100755 => 100644 CHANGELOG.md mode change 100755 => 100644 LICENSE mode change 100755 => 100644 Pipfile mode change 100755 => 100644 README.md mode change 100755 => 100644 VERSION mode change 100755 => 100644 molecule/default/Dockerfile.j2 mode change 100755 => 100644 molecule/default/INSTALL.rst mode change 100755 => 100644 molecule/default/create.yml mode change 100755 => 100644 molecule/default/destroy.yml mode change 100755 => 100644 molecule/default/molecule.yml mode change 100755 => 100644 molecule/default/playbook.yml mode change 100755 => 100644 molecule/default/prepare.yml mode change 100755 => 100644 molecule/default/tests/test_default.py mode change 100755 => 100644 molecule/elasticsearch/Dockerfile.j2 mode change 100755 => 100644 molecule/elasticsearch/INSTALL.rst mode change 100755 => 100644 molecule/elasticsearch/molecule.yml mode change 100755 => 100644 molecule/elasticsearch/playbook.yml mode change 100755 => 100644 molecule/elasticsearch/tests/test_default.py mode change 100755 => 100644 molecule/external_packages/jdk-8u211-linux-x64.rpm mode change 100755 => 100644 molecule/filebeat/Dockerfile.j2 mode change 100755 => 100644 molecule/filebeat/INSTALL.rst mode change 100755 => 100644 molecule/filebeat/molecule.yml mode change 100755 => 100644 molecule/filebeat/playbook.yml mode change 100755 => 100644 molecule/filebeat/prepare.yml mode change 100755 => 100644 molecule/filebeat/tests/test_default.py mode change 100755 => 100644 molecule/kibana/Dockerfile.j2 mode change 100755 => 100644 molecule/kibana/INSTALL.rst mode change 100755 => 100644 molecule/kibana/molecule.yml mode change 100755 => 100644 molecule/kibana/playbook.yml mode change 100755 => 100644 molecule/kibana/prepare.yml mode change 100755 => 100644 molecule/kibana/tests/test_default.py mode change 100755 => 100644 molecule/wazuh-agent/Dockerfile.j2 mode change 100755 => 100644 molecule/wazuh-agent/INSTALL.rst mode change 100755 => 100644 molecule/wazuh-agent/molecule.yml mode change 100755 => 100644 molecule/wazuh-agent/playbook.yml mode change 100755 => 100644 molecule/wazuh-agent/prepare.yml mode change 100755 => 100644 molecule/wazuh-agent/tests/test_agents.py mode change 100755 => 100644 molecule/wazuh-agent/tests/test_manager.py mode change 100755 => 100644 playbooks/wazuh-agent.yml mode change 100755 => 100644 playbooks/wazuh-elastic.yml mode change 100755 => 100644 playbooks/wazuh-elastic_stack-distributed.yml mode change 100755 => 100644 playbooks/wazuh-elastic_stack-single.yml mode change 100755 => 100644 playbooks/wazuh-kibana.yml mode change 100755 => 100644 playbooks/wazuh-manager.yml mode change 100755 => 100644 roles/ansible-galaxy/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/README.md mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/defaults/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/handlers/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/README.md mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/defaults/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/handlers/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/meta/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/Debian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/RedHat.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/tasks/main.yml mode change 100755 => 100644 roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/README.md mode change 100755 => 100644 roles/wazuh/ansible-filebeat/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/config.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tests/requirements.yml mode change 100755 => 100644 roles/wazuh/ansible-filebeat/tests/test.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/README.md mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/README.md mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/defaults/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/handlers/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/meta/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml mode change 100755 => 100644 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/.swp b/.swp old mode 100755 new mode 100644 diff --git a/.yamllint b/.yamllint old mode 100755 new mode 100644 diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100755 new mode 100644 diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/Pipfile b/Pipfile old mode 100755 new mode 100644 diff --git a/README.md b/README.md old mode 100755 new mode 100644 diff --git a/VERSION b/VERSION old mode 100755 new mode 100644 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/default/create.yml b/molecule/default/create.yml old mode 100755 new mode 100644 diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml old mode 100755 new mode 100644 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm old mode 100755 new mode 100644 diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py old mode 100755 new mode 100644 diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml old mode 100755 new mode 100644 diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml old mode 100755 new mode 100644 diff --git a/roles/ansible-galaxy/meta/main.yml b/roles/ansible-galaxy/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml b/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/meta/main.yml b/roles/elastic-stack/ansible-elasticsearch/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/handlers/main.yml b/roles/elastic-stack/ansible-kibana/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/meta/main.yml b/roles/elastic-stack/ansible-kibana/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/handlers/main.yml b/roles/wazuh/ansible-filebeat/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/meta/main.yml b/roles/wazuh/ansible-filebeat/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/meta/main.yml b/roles/wazuh/ansible-wazuh-agent/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/decoders/sample_custom_decoders.xml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/files/custom_ruleset/rules/sample_custom_rules.xml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/meta/main.yml b/roles/wazuh/ansible-wazuh-manager/meta/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 b/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 b/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-local-internal-options.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/agentless_creds.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml old mode 100755 new mode 100644 diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml old mode 100755 new mode 100644 From f6fc17bcc971e2023515922bcfc728e628c55abc Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:40:14 +0200 Subject: [PATCH 080/559] implemented the requested changes for PR #206 --- CHANGELOG.md | 2 +- molecule/elasticsearch/molecule.yml | 2 +- .../external_packages/jdk-8u211-linux-x64.rpm | 117 ------------------ 3 files changed, 2 insertions(+), 119 deletions(-) delete mode 100644 molecule/external_packages/jdk-8u211-linux-x64.rpm diff --git a/CHANGELOG.md b/CHANGELOG.md index f8e65905..af79a017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.9.2 +- Update to Wazuh v3.9.2 - Support for Elastic 7 - Ability to deploy an Elasticsearch cluster [#6b95e3](https://github.com/wazuh/wazuh-ansible/commit/6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 20d68047..5d6d3075 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -52,7 +52,7 @@ provisioner: ANSIBLE_ROLES_PATH: ../../roles lint: name: ansible-lint - enabled: false + enabled: true inventory: group_vars: all: diff --git a/molecule/external_packages/jdk-8u211-linux-x64.rpm b/molecule/external_packages/jdk-8u211-linux-x64.rpm deleted file mode 100644 index f0fccd61..00000000 --- a/molecule/external_packages/jdk-8u211-linux-x64.rpm +++ /dev/null @@ -1,117 +0,0 @@ - - -Unauthorized Request - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sorry!

In order to download products from Oracle Technology - Network you must agree to the OTN license terms.
Be sure that...
- Your browser has "cookies" and JavaScript enabled.
- You clicked on "Accept License" for the product you wish to download.
- You attempt the download within 30 minutes of accepting the license.
From here you can go...
- - - - - - - - - - - - - -
Back to Previous Page
Site Map
OTN Homepage
- -
- -
- - - From 9847b6b003e74798a4027ce97bd2d1f1cfdd6a1e Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:52:14 +0200 Subject: [PATCH 081/559] deleted .swp --- .gitignore | 1 + .swp | Bin 12288 -> 0 bytes 2 files changed, 1 insertion(+) delete mode 100644 .swp diff --git a/.gitignore b/.gitignore index 5b26bcf3..107a85d0 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ wazuh-kibana.yml wazuh-manager.yml *.pyc Pipfile.lock +*.swp diff --git a/.swp b/.swp deleted file mode 100644 index 3cc197e09a7cc13ae44c3cb176cce131024a3112..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI%Jqp4w6u|LU!NEz<3sl{u>LP*%aB!@nl9C`oKctO^+g`)lB(ENOSMtO*)<4F?LHd_AkYPYfxliY%d0-0 zP2I`Z??O@3fB*srAbLmC7SKmY**5I_I{1Q0*~ z0R#|eKtO4c_fX`M_u~J*djFU62J&$v0tg_000IagfB*srAbD|Z|jm{a* From 84c0df02dc9a6f5cab42f26ed981cb948afce540 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 12:58:44 +0200 Subject: [PATCH 082/559] Adapted: become: yes -> become:true --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index f6c0e6cc..2c7dba73 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -25,7 +25,7 @@ - ansible_distribution_major_version | int == 14 - name: Install Oracle Java 8 - become: yes + become: true apt: name=openjdk-8-jdk state=latest when: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 9678f8cb..48c25b98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -202,7 +202,7 @@ path: /etc/security/limits.conf line: elasticsearch - memlock unlimited create: yes - become: yes + become: true when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 @@ -213,7 +213,7 @@ path: /etc/security/limits.d/elasticsearch.conf line: elasticsearch - memlock unlimited create: yes - become: yes + become: true changed_when: false when: - ansible_distribution == "Ubuntu" From 14cd09a0343dd3ee6c4424e44395383bff4dde78 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 17 Jul 2019 13:27:43 +0200 Subject: [PATCH 083/559] version bumping .. --- CHANGELOG.md | 10 ++++++++++ VERSION | 2 +- molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/filebeat/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- .../ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 12 files changed, 22 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af79a017..b4961a77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.3_7.2.0] + +### Added +- Update to Wazuh v3.9.3 ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Fixes for Wazuh components installations' related issues. Such issues were related to determined OS distributions such as `Ubuntu Trusty` and `CetOS 6`. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) +- Created Ansible playbook and role in order to automate the uninstallation of already installed Wazuh components. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) + + ## [v3.9.2_7.1.1] ### Added diff --git a/VERSION b/VERSION index 36af7bee..933ac2d7 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.1" +WAZUH-ANSIBLE_VERSION="v3.9.3" REVISION="3901" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 4e6e25d6..4be45b4e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.0" + return "3.9.3" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 34fce3b3..c8be3ed2 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.1.1') + assert elasticsearch.version.startswith('7.2.0') def test_elasticsearch_is_running(host): diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index a959e48b..106e949d 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -10,4 +10,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.1.1') + assert filebeat.version.startswith('7.2.0') diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index f510aed9..b09e8e20 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.1.1") + assert kibana.contains("7.2.0") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 657cc9ee..48fdfc6e 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.0" + return "3.9.3" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index df1f9ad4..1340dabb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.1.1 +elastic_stack_version: 7.2.0 single_node: false elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ce0c7c40..dcaa0f59 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.1.1 -wazuh_version: 3.9.2 +elastic_stack_version: 7.2.0 +wazuh_version: 3.9.3 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 541c0214..103d61eb 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.1.1 +filebeat_version: 7.2.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ded6d5b9..7d6135ad 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.0 +wazuh_agent_version: 3.9.3 wazuh_managers: - address: 127.0.0.1 port: 1514 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ffa9bef2..a49a059c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.0 +wazuh_manager_api_version: 3.9.3 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 860f398a7c6be2d57482c866a959a9c79d9485b3 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 17 Jul 2019 13:39:29 +0200 Subject: [PATCH 084/559] Bump revision --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 933ac2d7..fe2acb96 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.9.3" -REVISION="3901" +REVISION="3930" From 8db9700f023fcd885a49f5b8fb2f0f70f776e000 Mon Sep 17 00:00:00 2001 From: Jani Heikkinen Date: Thu, 18 Jul 2019 09:00:39 +0000 Subject: [PATCH 085/559] added wazuh_agent_nat boolean variable for agents behind nat --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7d6135ad..ad2a93c9 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -305,3 +305,4 @@ wazuh_agent_config: list: - key: Env value: Production +wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index faa28b57..d9415ffc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -54,6 +54,7 @@ -A {{ agent_name }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_nat %}-I "any" {% endif %} {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} {% if wazuh_agent_authd.ssl_agent_ca is not none %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" @@ -128,7 +129,7 @@ environment: OSSEC_ACTION: i OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}' - OSSEC_AGENT_IP: '{{ newagentdata_api.json.data.ip }}' + OSSEC_AGENT_IP: '{% if wazuh_agent_nat %}any{% else %}{{ newagentdata_api.json.data.ip }}{% endif %}' OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}' OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}' OSSEC_ACTION_CONFIRMED: y From 8575aecc88428fe7b4e60f321cc4951b4ab2a0a9 Mon Sep 17 00:00:00 2001 From: rshad Date: Tue, 23 Jul 2019 19:36:09 +0000 Subject: [PATCH 086/559] fixed the problem by adding a new variable to test the connectivity to Elastic --- molecule/elasticsearch/molecule.yml | 12 ++++++------ .../ansible-elasticsearch/defaults/main.yml | 3 ++- .../ansible-elasticsearch/tasks/main.yml | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 5d6d3075..1ad6ef7b 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -23,12 +23,12 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 1340dabb..520e75f4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -2,7 +2,8 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 -elasticsearch_network_host: 127.0.0.1 +elasticsearch_network_host: 0.0.0.0 +elasticsearch_check_connection: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 single_node: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 48c25b98..d4015a0b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -242,7 +242,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 + wait_for: host={{ elasticsearch_check_connection }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init From fcb584ab2016a9d0e867b6748e1b13877067e3c8 Mon Sep 17 00:00:00 2001 From: rshad Date: Wed, 24 Jul 2019 10:49:17 +0000 Subject: [PATCH 087/559] fixed linting errors by refactoring ansible tests and change a variable name --- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-elasticsearch/tasks/Debian.yml | 2 +- .../ansible-elasticsearch/tasks/main.yml | 77 +++++++++++-------- 3 files changed, 49 insertions(+), 32 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 520e75f4..dfe4d3ae 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,7 +3,7 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 0.0.0.0 -elasticsearch_check_connection: 127.0.0.1 +elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 single_node: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 2c7dba73..b35f11e1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -26,7 +26,7 @@ - name: Install Oracle Java 8 become: true - apt: name=openjdk-8-jdk state=latest + apt: name=openjdk-8-jdk when: - ansible_distribution == "Ubuntu" diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index d4015a0b..99782056 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -65,7 +65,7 @@ - name: Check if certificate exists locally stat: - path: "{{node_certs_destination}}/{{ elasticsearch_node_name }}.crt" + path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" register: certificate_file_exists when: - elasticsearch_xpack_security @@ -73,7 +73,7 @@ - name: Write the instances.yml file in the selected node (force = no) template: src: instances.yml.j2 - dest: "{{node_certs_source}}/instances.yml" + dest: "{{ node_certs_source }}/instances.yml" force: no register: instances_file_exists tags: @@ -86,23 +86,25 @@ - name: Update instances.yml status after generation stat: - path: "{{node_certs_source}}/instances.yml" + path: "{{ node_certs_source }}/instances.yml" register: instances_file_exists - when: + when: - node_certs_generator - elasticsearch_xpack_security - name: Check if the certificates ZIP file exists stat: - path: "{{node_certs_source}}/certs.zip" + path: "{{ node_certs_source }}/certs.zip" register: xpack_certs_zip - when: + when: - node_certs_generator - elasticsearch_xpack_security - name: Generating certificates for Elasticsearch security - shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" - when: + command: >- + "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip" + when: - node_certs_generator - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists @@ -112,10 +114,10 @@ - name: Unzip generated certs.zip unarchive: - src: "{{node_certs_source}}/certs.zip" - dest: "{{node_certs_source}}/" + src: "{{ node_certs_source }}/certs.zip" + dest: "{{ node_certs_source }}/" remote_src: yes - when: + when: - node_certs_generator - elasticsearch_xpack_security - certs_file_generated is defined @@ -124,35 +126,39 @@ - name: Copy key & certificate files in generator node (locally) synchronize: - src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/{{ elasticsearch_node_name }}/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" - when: + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security - name: Copy ca certificate file in generator node (locally) synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" + src: "{{ node_certs_source }}/ca/" + dest: "{{ node_certs_destination }}/" delegate_to: "{{ node_certs_generator_ip }}" register: check_certs_permissions - when: + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security - name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/{{ elasticsearch_node_name }}/ {{ node_certs_destination }}/ when: - not node_certs_generator - elasticsearch_xpack_security - not certificate_file_exists.stat.exists tags: xpack-security -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" +- name: Importing ca certificate file from generator node + command: >- + {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: + {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ when: - not node_certs_generator - elasticsearch_xpack_security @@ -161,23 +167,32 @@ tags: xpack-security - name: Ensuring certificates folder owner - shell: "chown -R elasticsearch: {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + state: directory + recurse: yes + owner: elasticsearch + group: elasticsearch when: - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security - name: Ensuring certificates folder owner - shell: "chmod -R 770 {{node_certs_destination}}/" + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes when: - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security - - name: Remove generated certs file - shell: /bin/rm -f {{node_certs_source}}/certs.zip* - when: + file: + state: absent + path: "{{ node_certs_source }}/certs.zip*" + when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security @@ -193,10 +208,12 @@ tags: configure - name: Set elasticsearch bootstrap password - shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + shell: | + set -o pipefail + "echo '{{ elasticsearch_xpack_security_password }}' | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" when: - elasticsearch_xpack_security - + - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf lineinfile: path: /etc/security/limits.conf @@ -242,7 +259,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_check_connection }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init @@ -252,7 +269,7 @@ url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" method: GET status_code: 200, 404 - when: + when: - elasticsearch_bootstrap_node or single_node - not elasticsearch_xpack_security poll: 30 @@ -267,7 +284,7 @@ status_code: 200 body_format: json body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: + when: - wazuh_alerts_template_exits.status is defined - wazuh_alerts_template_exits.status != 200 - not elasticsearch_xpack_security From 31cad22de494d6d2869d10808a2da91d654b75e8 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 24 Jul 2019 14:17:46 +0200 Subject: [PATCH 088/559] Updated CHANGELOG --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4961a77..3221e38f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.4_7.2.0] + +### Added + +- Support for registring agents behind NAT [@jheikki100](https://github.com/jheikki100) [#208](https://github.com/wazuh/wazuh-ansible/pull/208) + +### Changed + +- Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204). + ## [v3.9.3_7.2.0] ### Added From 125b2114e6c77f089aac16bf4668cde2290efcbc Mon Sep 17 00:00:00 2001 From: rshad Date: Wed, 24 Jul 2019 12:41:52 +0000 Subject: [PATCH 089/559] changed elasticssearch: network.host from 0.0.0.0 to 127.0.0.1 --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index dfe4d3ae..a07f02e2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -2,7 +2,7 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 -elasticsearch_network_host: 0.0.0.0 +elasticsearch_network_host: 127.0.0.1 elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 From 337e3de09fe1f0cb2fd4161317867da6e3bc60d6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 14:26:15 +0200 Subject: [PATCH 090/559] Add master_certs_destination parameter --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 1340dabb..fa84ec81 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -23,6 +23,8 @@ node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs +master_certs_destination: /es_certs + # Rsync rsync_path: /usr/bin/rsync rsync_user: vagrant From 5d4e53b089cec4b0aa5071902dbdcda8cbd9948f Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 14:27:10 +0200 Subject: [PATCH 091/559] Modified task propagation of certificates --- .../ansible-elasticsearch/tasks/main.yml | 137 ++++++++++++------ 1 file changed, 89 insertions(+), 48 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 48c25b98..de1e4fa4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -110,55 +110,83 @@ register: certs_file_generated tags: xpack-security +# - name: Unzip generated certs.zip +# unarchive: +# src: "{{node_certs_source}}/certs.zip" +# dest: "{{node_certs_source}}/" +# remote_src: yes +# when: +# - node_certs_generator +# - elasticsearch_xpack_security +# - certs_file_generated is defined +# - not certificate_file_exists.stat.exists +# tags: xpack-security + +# - name: Copy key & certificate files in generator node (locally) +# synchronize: +# src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" +# dest: "{{node_certs_destination}}/" +# delegate_to: "{{ node_certs_generator_ip }}" +# when: +# - node_certs_generator +# - elasticsearch_xpack_security +# tags: xpack-security + +# - name: Copy ca certificate file in generator node (locally) +# synchronize: +# src: "{{node_certs_source}}/ca/" +# dest: "{{node_certs_destination}}/" +# delegate_to: "{{ node_certs_generator_ip }}" +# register: check_certs_permissions +# when: +# - node_certs_generator +# - elasticsearch_xpack_security +# tags: xpack-security + +- name: Create the certificates directory + file: + path: "{{master_certs_destination}}" + state: directory + mode: '0700' + delegate_to: "127.0.0.1" + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Copying certificates to Ansible master + fetch: + src: "{{node_certs_source}}/certs.zip" + dest: "{{master_certs_destination}}/" + flat: yes + mode: 0700 + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + - name: Unzip generated certs.zip unarchive: - src: "{{node_certs_source}}/certs.zip" - dest: "{{node_certs_source}}/" - remote_src: yes - when: - - node_certs_generator - - elasticsearch_xpack_security - - certs_file_generated is defined - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Copy key & certificate files in generator node (locally) - synchronize: - src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" - dest: "{{node_certs_destination}}/" - delegate_to: "{{ node_certs_generator_ip }}" + src: "{{master_certs_destination}}/certs.zip" + dest: "{{master_certs_destination}}/" + become: true + delegate_to: "127.0.0.1" when: - node_certs_generator - elasticsearch_xpack_security tags: xpack-security -- name: Copy ca certificate file in generator node (locally) - synchronize: - src: "{{node_certs_source}}/ca/" - dest: "{{node_certs_destination}}/" - delegate_to: "{{ node_certs_generator_ip }}" - register: check_certs_permissions - when: - - node_certs_generator - - elasticsearch_xpack_security - tags: xpack-security - -- name: Importing key & certificate files from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" - when: - - not node_certs_generator - - elasticsearch_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Importing ca certificate file from generator node - shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" - when: - - not node_certs_generator - - elasticsearch_xpack_security - - not certificate_file_exists.stat.exists - register: check_certs_permissions - tags: xpack-security +# - name: Unzip generated certs.zip +# unarchive: +# src: "/tmp/elastic_certificates/certs.zip" +# dest: "/tmp/elastic_certificates" +# become: true +# when: +# - node_certs_generator +# - elasticsearch_xpack_security +# - certs_file_generated is defined +# - not certificate_file_exists.stat.exists +# tags: xpack-security + - name: Ensuring certificates folder owner shell: "chown -R elasticsearch: {{node_certs_destination}}/" @@ -173,15 +201,28 @@ - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security - -- name: Remove generated certs file - shell: /bin/rm -f {{node_certs_source}}/certs.zip* - when: - - node_certs_generator - - elasticsearch_xpack_security + +# Importing certificates + +- name: Copying node's certificate from master + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" + - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security + +# - name: Remove generated certs file +# shell: /bin/rm -f {{node_certs_source}}/certs.zip* +# when: +# - node_certs_generator +# - elasticsearch_xpack_security +# tags: xpack-security + - name: Configure Elasticsearch. template: src: elasticsearch.yml.j2 From db44b6f450a0b56f2adf7c0b9e55f9cfb57793ab Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 14:27:33 +0200 Subject: [PATCH 092/559] Modified template to accept newly defined variables --- .../ansible-elasticsearch/templates/instances.yml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 6279c380..c74b1700 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,10 +4,10 @@ {% if node_certs_generator %} instances: -{% for node in instances %} -- name: "{{ node.name }}" +{% for (key,value) in instances.iteritems() %} +- name: "{{ value.name }}" ip: - - "{{ node.ip }}" + - "{{ value.ip }}" {% endfor %} -{% endif %} \ No newline at end of file +{% endif %} From 55635383f2a9b5b96eea3cc5df72bad38990f0a7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 14:30:23 +0200 Subject: [PATCH 093/559] Changed instances list format --- playbooks/wazuh-elastic_stack-distributed.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index a422e50b..42f4cf03 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -20,14 +20,15 @@ vars: instances: - - name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: # When unzipping, the node will search for its node name folder to get the cert. - - - name: node-2 - ip: - - - name: node-3 - ip: + node1: + name: node-1 # Important: must be equal to elasticsearch_node_name. + ip: 172.16.0.161 # When unzipping, the node will search for its node name folder to get the cert. + node2: + name: node-2 + ip: 172.16.0.162 + node3: + name: node-3 + ip: 172.16.0.163 - hosts: roles: From b1faf023df41461c8302088e4b14075e85cebc0b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 14:30:34 +0200 Subject: [PATCH 094/559] Update instances list --- playbooks/wazuh-elastic_stack-distributed.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 42f4cf03..b582df9b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -22,13 +22,13 @@ instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: 172.16.0.161 # When unzipping, the node will search for its node name folder to get the cert. + ip: # When unzipping, the node will search for its node name folder to get the cert. node2: name: node-2 - ip: 172.16.0.162 + ip: node3: name: node-3 - ip: 172.16.0.163 + ip: - hosts: roles: From d877738d45c97be4994d053eb909b84ec072a1f2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 15:18:55 +0200 Subject: [PATCH 095/559] Removing unneeded blocks and commenting latest implementation for centos and trusty --- .../ansible-elasticsearch/tasks/main.yml | 93 +++++++------------ 1 file changed, 36 insertions(+), 57 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index de1e4fa4..80f23884 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -175,19 +175,6 @@ - elasticsearch_xpack_security tags: xpack-security -# - name: Unzip generated certs.zip -# unarchive: -# src: "/tmp/elastic_certificates/certs.zip" -# dest: "/tmp/elastic_certificates" -# become: true -# when: -# - node_certs_generator -# - elasticsearch_xpack_security -# - certs_file_generated is defined -# - not certificate_file_exists.stat.exists -# tags: xpack-security - - - name: Ensuring certificates folder owner shell: "chown -R elasticsearch: {{node_certs_destination}}/" when: @@ -202,9 +189,6 @@ - elasticsearch_xpack_security tags: xpack-security - -# Importing certificates - - name: Copying node's certificate from master copy: src: "{{item}}" @@ -215,14 +199,6 @@ - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security - -# - name: Remove generated certs file -# shell: /bin/rm -f {{node_certs_source}}/certs.zip* -# when: -# - node_certs_generator -# - elasticsearch_xpack_security -# tags: xpack-security - - name: Configure Elasticsearch. template: src: elasticsearch.yml.j2 @@ -238,49 +214,52 @@ when: - elasticsearch_xpack_security -- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf - lineinfile: - path: /etc/security/limits.conf - line: elasticsearch - memlock unlimited - create: yes - become: true - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - changed_when: false +# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf +# lineinfile: +# path: /etc/security/limits.conf +# line: elasticsearch - memlock unlimited +# create: yes +# become: true +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14 +# changed_when: false -- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf - lineinfile: - path: /etc/security/limits.d/elasticsearch.conf - line: elasticsearch - memlock unlimited - create: yes - become: true - changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 +# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf +# lineinfile: +# path: /etc/security/limits.d/elasticsearch.conf +# line: elasticsearch - memlock unlimited +# create: yes +# become: true +# changed_when: false +# when: +# - ansible_distribution == "Ubuntu" +# - ansible_distribution_major_version | int == 14 -- name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd - systemd: daemon_reload=true - ignore_errors: true - when: - - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) +# - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd +# systemd: daemon_reload=true +# ignore_errors: true +# when: +# - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") +# - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) +# - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) +# - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Distribution is centos 6.* | Enable Elasticsearch - service: name=elasticsearch enabled=yes +# - name: Distribution is centos 6.* | Enable Elasticsearch +# service: name=elasticsearch enabled=yes -- name: Distribution is centos 6.* | Start Elasticsearch - service: name=elasticsearch state=started - ignore_errors: true +# - name: Distribution is centos 6.* | Start Elasticsearch +# service: name=elasticsearch state=started +# ignore_errors: true - name: Ensure Elasticsearch started and enabled service: name: elasticsearch enabled: true state: started + tags: + - configure + - init - name: Make sure Elasticsearch is running before proceeding wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 From fbbf79a15359fb34d322b96488c045d76b12084d Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:35:20 +0200 Subject: [PATCH 096/559] Remove daemon reload and centos 6 blocks --- .../ansible-elasticsearch/tasks/main.yml | 83 +++++-------------- 1 file changed, 20 insertions(+), 63 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 80f23884..904a565a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -214,44 +214,27 @@ when: - elasticsearch_xpack_security -# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf -# lineinfile: -# path: /etc/security/limits.conf -# line: elasticsearch - memlock unlimited -# create: yes -# become: true -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 -# changed_when: false - -# - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf -# lineinfile: -# path: /etc/security/limits.d/elasticsearch.conf -# line: elasticsearch - memlock unlimited -# create: yes -# become: true -# changed_when: false -# when: -# - ansible_distribution == "Ubuntu" -# - ansible_distribution_major_version | int == 14 - -# - name: Distribution != one of [ centos 6.*, trusty ] | Reload systemd -# systemd: daemon_reload=true -# ignore_errors: true -# when: -# - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") -# - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) -# - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) -# - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - -# - name: Distribution is centos 6.* | Enable Elasticsearch -# service: name=elasticsearch enabled=yes - -# - name: Distribution is centos 6.* | Start Elasticsearch -# service: name=elasticsearch state=started -# ignore_errors: true +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf + lineinfile: + path: /etc/security/limits.conf + line: elasticsearch - memlock unlimited + create: yes + become: true + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + changed_when: false +- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf + lineinfile: + path: /etc/security/limits.d/elasticsearch.conf + line: elasticsearch - memlock unlimited + create: yes + become: true + changed_when: false + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 - name: Ensure Elasticsearch started and enabled service: name: elasticsearch @@ -267,32 +250,6 @@ - configure - init -- name: Check for Wazuh Alerts template (http) - uri: - url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" - method: GET - status_code: 200, 404 - when: - - elasticsearch_bootstrap_node or single_node - - not elasticsearch_xpack_security - poll: 30 - register: wazuh_alerts_template_exits - until: wazuh_alerts_template_exits is succeeded - tags: init - -- name: Installing Wazuh Alerts template (http) - uri: - url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/_template/wazuh" - method: PUT - status_code: 200 - body_format: json - body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: - - wazuh_alerts_template_exits.status is defined - - wazuh_alerts_template_exits.status != 200 - - not elasticsearch_xpack_security - tags: init - - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 431bc16343ae59f141f3d53521cbeceb145fb9dc Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:35:39 +0200 Subject: [PATCH 097/559] Add default value master_certs_destination for kibana --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcaa0f59..4de06f9b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -19,6 +19,9 @@ node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/kibana/certs +master_certs_destination: /es_certs + + # Rsync rsync_path: /usr/bin/rsync rsync_user: vagrant From 2656feac52303962aa84a3a01fa6fba5ccbecad2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:36:09 +0200 Subject: [PATCH 098/559] Update kibana certs importing --- .../ansible-kibana/tasks/main.yml | 56 +++---------------- 1 file changed, 8 insertions(+), 48 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4e12b1b2..512d3198 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -14,54 +14,14 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Check if certificate exists locally - stat: - path: "{{ node_certs_destination }}/{{ kibana_node_name }}.crt" - register: certificate_file_exists - when: - - kibana_xpack_security - -- name: Copy key & certificate files in generator node (locally) - synchronize: - src: "{{ node_certs_source }}/{{ kibana_node_name }}/" - dest: "{{ node_certs_destination }}/" - delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - kibana_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Copy ca certificate file in generator node (locally) - synchronize: - src: "{{ node_certs_source }}/ca/" - dest: "{{ node_certs_destination }}/" - delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - kibana_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Importing key & certificate files from generator node - command: >- - {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: - {{ node_certs_source }}/{{ kibana_node_name }}/ {{ node_certs_destination }}/ - when: - - not node_certs_generator - - kibana_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Importing ca certificate file from generator node - command: >- - {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: - {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ - when: - - not node_certs_generator - - kibana_xpack_security - - not certificate_file_exists.stat.exists - register: check_certs_permissions +- name: Copying node's certificate from master + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_destination}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" + - "{{master_certs_destination}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" + - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security - name: Ensuring certificates folder owner From 229f273e275210fb44409fe27fed43ce2504f16b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:36:31 +0200 Subject: [PATCH 099/559] Fix Kibana APP installation by becoming user kibana --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 512d3198..dfec0f05 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -78,14 +78,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + become_user: kibana tags: - install - skip_ansible_lint From a305d4ff6fac2c2659e71d9689bb907df3d0937e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:37:05 +0200 Subject: [PATCH 100/559] Add Filebeat default parameter --- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 103d61eb..cf0cb5a1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -39,6 +39,8 @@ node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/filebeat/certs +master_certs_destination: /es_certs + # Rsync rsync_path: /usr/bin/rsync rsync_user: vagrant From c6e14f23a01e4c19184773b41c72d590bf058396 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:44:37 +0200 Subject: [PATCH 101/559] Update Filebeat certificate imports --- roles/wazuh/ansible-filebeat/tasks/main.yml | 57 +++------------------ 1 file changed, 8 insertions(+), 49 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7bafcc79..7b89d80d 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -26,55 +26,14 @@ tags: - init -- name: Check if certificate exists locally - stat: - path: "{{ node_certs_destination }}/{{ filebeat_node_name }}.crt" - register: certificate_file_exists - when: - - filebeat_xpack_security - -- name: Copy key & certificate files in generator node (locally) - synchronize: - src: "{{ node_certs_source }}/{{ filebeat_node_name }}/" - dest: "{{ node_certs_destination }}/" - delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - filebeat_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Copy ca certificate file in generator node (locally) - synchronize: - src: "{{ node_certs_source }}/ca/" - dest: "{{ node_certs_destination }}/" - delegate_to: "{{ node_certs_generator_ip }}" - when: - - node_certs_generator - - filebeat_xpack_security - - not certificate_file_exists.stat.exists - register: check_certs_permissions - tags: xpack-security - -- name: Importing key & certificate files from generator node - command: >- - {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: - {{ node_certs_source }}/{{ filebeat_node_name }}/ {{ node_certs_destination }}/ - when: - - not node_certs_generator - - filebeat_xpack_security - - not certificate_file_exists.stat.exists - tags: xpack-security - -- name: Importing ca certificate file from generator node - command: >- - {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}: - {{ node_certs_source }}/ca/ {{ node_certs_destination }}/ - when: - - not node_certs_generator - - filebeat_xpack_security - - not certificate_file_exists.stat.exists - register: check_certs_permissions +- name: Copying node's certificate from master + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_destination}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" + - "{{master_certs_destination}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" + - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security - name: Ensuring certificates folder owner From d027092f6368c9aeb2cdf6f67d388107d5ef126b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:45:57 +0200 Subject: [PATCH 102/559] Remove "elasticsearch_network" parameter --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index e5eb7547..fa84ec81 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,7 +3,6 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 -elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 single_node: false From ed4b2e7947f40e7745d3d057a96e1336c65724be Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:46:22 +0200 Subject: [PATCH 103/559] Add unzip dependency installation --- .../elastic-stack/ansible-elasticsearch/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index f3f2f568..07519d4f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -10,6 +10,16 @@ when: - ansible_service_mgr == "systemd" +- name: Install unzip dependency. + package: + name: unzip + state: present + delegate_to: "127.0.0.1" + when: + - node_certs_generator + - elasticsearch_xpack_security + + - name: Configure Elasticsearch System Resources. template: src: elasticsearch_systemd.conf.j2 From 45356ee3ef68bd3a3d20b578d81e2df77fd26cac Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:46:54 +0200 Subject: [PATCH 104/559] Delete certs.zip in generator node --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 07519d4f..29dbbbbf 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -143,6 +143,14 @@ - elasticsearch_xpack_security tags: xpack-security +- name: Delete certs.zip in Generator node + file: + state: absent + path: "{{ node_certs_source }}/certs.zip" + when: + - node_certs_generator + - elasticsearch_xpack_security + - name: Unzip generated certs.zip unarchive: src: "{{master_certs_destination}}/certs.zip" From 2104183cdb569a5e94f7849387fc21cbe9a7892f Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:48:20 +0200 Subject: [PATCH 105/559] Modify wait_for with previous variable --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 29dbbbbf..d9811180 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -242,7 +242,7 @@ - init - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init From 1d8f8c525364d36f4e91b6e42780e91be10d394e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:49:25 +0200 Subject: [PATCH 106/559] Fix shell comands --- .../ansible-elasticsearch/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index d9811180..0a91d94a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -111,9 +111,9 @@ - elasticsearch_xpack_security - name: Generating certificates for Elasticsearch security - command: >- - "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in - {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip" + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - elasticsearch_xpack_security @@ -205,10 +205,10 @@ tags: configure - name: Set elasticsearch bootstrap password - shell: | - set -o pipefail - "echo '{{ elasticsearch_xpack_security_password }}' | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + shell: >- + echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password when: + - node_certs_generator - elasticsearch_xpack_security - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf From 5c18d5bed554658941e3b97b1d47135fa63efcc4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:49:43 +0200 Subject: [PATCH 107/559] Update conditionals --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 0a91d94a..def0b46d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -118,7 +118,6 @@ - node_certs_generator - elasticsearch_xpack_security - not xpack_certs_zip.stat.exists - - not certificate_file_exists.stat.exists register: certs_file_generated tags: xpack-security @@ -170,7 +169,6 @@ owner: elasticsearch group: elasticsearch when: - - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security @@ -180,7 +178,6 @@ mode: '0770' recurse: yes when: - - check_certs_permissions is defined - elasticsearch_xpack_security tags: xpack-security @@ -192,6 +189,8 @@ - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - "{{master_certs_destination}}/ca/ca.crt" + when: + - elasticsearch_xpack_security tags: xpack-security - name: Configure Elasticsearch. @@ -210,7 +209,7 @@ when: - node_certs_generator - elasticsearch_xpack_security - + - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf lineinfile: path: /etc/security/limits.conf @@ -232,6 +231,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - name: Ensure Elasticsearch started and enabled service: name: elasticsearch From 9734ac23041f40b343b2602c2616357c3f06e298 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:50:17 +0200 Subject: [PATCH 108/559] Remove check_certs_permission parameter --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 -- roles/wazuh/ansible-filebeat/tasks/main.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dfec0f05..26c4f16a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -32,7 +32,6 @@ owner: kibana group: kibana when: - - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security @@ -42,7 +41,6 @@ mode: '0770' recurse: yes when: - - check_certs_permissions is defined - kibana_xpack_security tags: xpack-security diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7b89d80d..0be4be83 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -41,9 +41,7 @@ path: "{{ node_certs_destination }}/" mode: '0770' recurse: yes - when: - - check_certs_permissions is defined - filebeat_xpack_security tags: xpack-security From 0cc4838e1da6cbb651052481f1a15cacd5dd9fa4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 00:51:49 +0200 Subject: [PATCH 109/559] Copy certificates from master now depends on xpack enabled --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 26c4f16a..0f3dd7a1 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -23,6 +23,8 @@ - "{{master_certs_destination}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security + when: + - elasticsearch_xpack_security - name: Ensuring certificates folder owner file: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 0be4be83..59bc163c 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -35,6 +35,9 @@ - "{{master_certs_destination}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security + when: + - elasticsearch_xpack_security + - name: Ensuring certificates folder owner file: From 9580056b747d44144391985984ab012ba38165a7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 31 Jul 2019 01:16:36 +0200 Subject: [PATCH 110/559] Fix naming on xpack security conditionals --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 0f3dd7a1..fe91221b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -24,7 +24,7 @@ - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security when: - - elasticsearch_xpack_security + - kibana_xpack_security - name: Ensuring certificates folder owner file: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 59bc163c..2b566ed5 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -36,7 +36,7 @@ - "{{master_certs_destination}}/ca/ca.crt" tags: xpack-security when: - - elasticsearch_xpack_security + - filebeat_xpack_security - name: Ensuring certificates folder owner From 02e0ae9c861b386afd8932fb6a37c08f39520c6f Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 31 Jul 2019 11:59:34 +0200 Subject: [PATCH 111/559] Update Pipfile Updated Ansible vulnerable version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..89f86b7c 100644 --- a/Pipfile +++ b/Pipfile @@ -5,7 +5,7 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.11" +ansible = "==2.7.12" molecule = "*" [dev-packages] From f8bda2f7c7c58e9559101c8b5fd224391913ed0f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 12:34:42 +0200 Subject: [PATCH 112/559] Move xpack_security tasks from main.yml to xpack_security.yml --- .../ansible-elasticsearch/tasks/main.yml | 137 +----------------- .../tasks/xpack_security.yml | 126 ++++++++++++++++ 2 files changed, 128 insertions(+), 135 deletions(-) create mode 100644 roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index def0b46d..85706199 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -10,16 +10,6 @@ when: - ansible_service_mgr == "systemd" -- name: Install unzip dependency. - package: - name: unzip - state: present - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - elasticsearch_xpack_security - - - name: Configure Elasticsearch System Resources. template: src: elasticsearch_systemd.conf.j2 @@ -73,126 +63,10 @@ - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Check if certificate exists locally - stat: - path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" - register: certificate_file_exists +- import_tasks: "xpack_security.yml" when: - elasticsearch_xpack_security -- name: Write the instances.yml file in the selected node (force = no) - template: - src: instances.yml.j2 - dest: "{{ node_certs_source }}/instances.yml" - force: no - register: instances_file_exists - tags: - - config - - xpack-security - when: - - node_certs_generator - - elasticsearch_xpack_security - - not certificate_file_exists.stat.exists - -- name: Update instances.yml status after generation - stat: - path: "{{ node_certs_source }}/instances.yml" - register: instances_file_exists - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Check if the certificates ZIP file exists - stat: - path: "{{ node_certs_source }}/certs.zip" - register: xpack_certs_zip - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Generating certificates for Elasticsearch security - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in - {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip - when: - - node_certs_generator - - elasticsearch_xpack_security - - not xpack_certs_zip.stat.exists - register: certs_file_generated - tags: xpack-security - -- name: Create the certificates directory - file: - path: "{{master_certs_destination}}" - state: directory - mode: '0700' - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Copying certificates to Ansible master - fetch: - src: "{{node_certs_source}}/certs.zip" - dest: "{{master_certs_destination}}/" - flat: yes - mode: 0700 - when: - - node_certs_generator - - elasticsearch_xpack_security - tags: xpack-security - -- name: Delete certs.zip in Generator node - file: - state: absent - path: "{{ node_certs_source }}/certs.zip" - when: - - node_certs_generator - - elasticsearch_xpack_security - -- name: Unzip generated certs.zip - unarchive: - src: "{{master_certs_destination}}/certs.zip" - dest: "{{master_certs_destination}}/" - become: true - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - elasticsearch_xpack_security - tags: xpack-security - -- name: Ensuring certificates folder owner - file: - path: "{{ node_certs_destination }}/" - state: directory - recurse: yes - owner: elasticsearch - group: elasticsearch - when: - - elasticsearch_xpack_security - tags: xpack-security - -- name: Ensuring certificates folder owner - file: - path: "{{ node_certs_destination }}/" - mode: '0770' - recurse: yes - when: - - elasticsearch_xpack_security - tags: xpack-security - -- name: Copying node's certificate from master - copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_destination}}/ca/ca.crt" - when: - - elasticsearch_xpack_security - tags: xpack-security - - name: Configure Elasticsearch. template: src: elasticsearch.yml.j2 @@ -202,14 +76,7 @@ mode: 0660 notify: restart elasticsearch tags: configure - -- name: Set elasticsearch bootstrap password - shell: >- - echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password - when: - - node_certs_generator - - elasticsearch_xpack_security - + - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf lineinfile: path: /etc/security/limits.conf diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml new file mode 100644 index 00000000..3d9f3f7d --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -0,0 +1,126 @@ + +- name: Install unzip dependency. + package: + name: unzip + state: present + delegate_to: "127.0.0.1" + when: + - node_certs_generator + +- name: Check if certificate exists locally + stat: + path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" + register: certificate_file_exists + +- name: Write the instances.yml file in the selected node (force = no) + template: + src: instances.yml.j2 + dest: "{{ node_certs_source }}/instances.yml" + force: no + register: instances_file_exists + tags: + - config + - xpack-security + when: + - node_certs_generator + - not certificate_file_exists.stat.exists + +- name: Update instances.yml status after generation + stat: + path: "{{ node_certs_source }}/instances.yml" + register: instances_file_exists + when: + - node_certs_generator + +- name: Check if the certificates ZIP file exists + stat: + path: "{{ node_certs_source }}/certs.zip" + register: xpack_certs_zip + when: + - node_certs_generator + +- name: Generating certificates for Elasticsearch security (generating CA) + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + when: + - node_certs_generator + - not xpack_certs_zip.stat.exists + tags: xpack-security + +- name: Generating certificates for Elasticsearch security (using provided CA) + shell: /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-key /usr/share/elasticsearch/myCA.key --ca-cert /usr/share/elasticsearch/myCA.pem --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + when: + - node_certs_generator + - not xpack_certs_zip.stat.exists + tags: xpack-security + +- name: Create the certificates directory + file: + path: "{{master_certs_destination}}" + state: directory + mode: '0700' + delegate_to: "127.0.0.1" + when: + - node_certs_generator + +- name: Copying certificates to Ansible master + fetch: + src: "{{node_certs_source}}/certs.zip" + dest: "{{master_certs_destination}}/" + flat: yes + mode: 0700 + when: + - node_certs_generator + tags: xpack-security + +- name: Delete certs.zip in Generator node + file: + state: absent + path: "{{ node_certs_source }}/certs.zip" + when: + - node_certs_generator + + +- name: Unzip generated certs.zip + unarchive: + src: "{{master_certs_destination}}/certs.zip" + dest: "{{master_certs_destination}}/" + become: true + delegate_to: "127.0.0.1" + when: + - node_certs_generator + tags: xpack-security + +- name: Ensuring certificates folder owner + file: + path: "{{ node_certs_destination }}/" + state: directory + recurse: yes + owner: elasticsearch + group: elasticsearch + tags: xpack-security + +- name: Ensuring certificates folder owner + file: + path: "{{ node_certs_destination }}/" + mode: '0770' + recurse: yes + tags: xpack-security + +- name: Copying node's certificate from master + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" + - "{{master_certs_destination}}/ca/ca.crt" + tags: xpack-security + +- name: Set elasticsearch bootstrap password + shell: >- + echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password + when: + - node_certs_generator + \ No newline at end of file From 8234bb11d2ba24ac94eef7ebba1c1b76f64b7926 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:00:00 +0200 Subject: [PATCH 113/559] Add required variables to use custom CA. --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index fa84ec81..bcbcc819 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -25,6 +25,12 @@ node_certs_destination: /etc/elasticsearch/certs master_certs_destination: /es_certs +# CA generation +generate_CA: false + +ca_key_name: myCA.key +ca_cert_name: myCA.pem + # Rsync rsync_path: /usr/bin/rsync rsync_user: vagrant From 01d4cfc1288adaa0d7c2f78e7fe19ca4eba880ec Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:01:21 +0200 Subject: [PATCH 114/559] Implemented tasks to import custom key and cert from Ansible master --- .../tasks/xpack_security.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 3d9f3f7d..d84e1c31 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -39,6 +39,22 @@ when: - node_certs_generator +- name: Importing custom CA key + copy: + src: "{{ master_certs_destination }}/ca/{{ ca_key_name }}" + dest: "{{ node_certs_source }}/{{ ca_key_name }}" + when: + - not generate_CA + tags: xpack-security + +- name: Importing custom CA cert + copy: + src: "{{ master_certs_destination }}/ca/{{ ca_cert_name }}" + dest: "{{ node_certs_source }}/{{ ca_cert_name }}" + when: + - not generate_CA + tags: xpack-security + - name: Generating certificates for Elasticsearch security (generating CA) shell: >- /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in From 39d8e5978b0857b8a41207d2d26e73189ef8de9d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:01:59 +0200 Subject: [PATCH 115/559] Fix conditionals of custom CA --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index d84e1c31..5d1c528b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -62,6 +62,7 @@ when: - node_certs_generator - not xpack_certs_zip.stat.exists + - generate_CA tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA) @@ -69,6 +70,7 @@ when: - node_certs_generator - not xpack_certs_zip.stat.exists + - not generate_CA tags: xpack-security - name: Create the certificates directory From 4b8303ece281ffb3a61d9407e51484bb8686325e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:02:33 +0200 Subject: [PATCH 116/559] Fix custom CA generation command --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 5d1c528b..f8166f94 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -66,7 +66,7 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA) - shell: /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-key /usr/share/elasticsearch/myCA.key --ca-cert /usr/share/elasticsearch/myCA.pem --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + shell: /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists From c547e905027f226867667dbe1c1ede8545efd616 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:04:05 +0200 Subject: [PATCH 117/559] Add verification to ensure ca folder is created --- .../ansible-elasticsearch/tasks/xpack_security.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index f8166f94..2578b05c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -73,6 +73,14 @@ - not generate_CA tags: xpack-security +- name: Verify the Elastic certificates directory + file: + path: "{{ master_certs_destination }}" + state: directory + mode: '0700' + delegate_to: "127.0.0.1" + when: + - node_certs_generator - name: Create the certificates directory file: path: "{{master_certs_destination}}" From 101a0061784f829b3257814067342e61ffd3fdd7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:04:27 +0200 Subject: [PATCH 118/559] Add folder verification and fix linting --- .../ansible-elasticsearch/tasks/xpack_security.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 2578b05c..3825c3b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -81,9 +81,10 @@ delegate_to: "127.0.0.1" when: - node_certs_generator -- name: Create the certificates directory + +- name: Verify the Certificates Authority directory file: - path: "{{master_certs_destination}}" + path: "{{ master_certs_destination }}/ca/" state: directory mode: '0700' delegate_to: "127.0.0.1" @@ -92,8 +93,8 @@ - name: Copying certificates to Ansible master fetch: - src: "{{node_certs_source}}/certs.zip" - dest: "{{master_certs_destination}}/" + src: "{{ node_certs_source }}/certs.zip" + dest: "{{ master_certs_destination }}/" flat: yes mode: 0700 when: From 09647b731b2d2d9498040ec811c8c268b72c52a9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:05:17 +0200 Subject: [PATCH 119/559] Fix typo in task name --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 3825c3b2..8fabf6eb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -128,7 +128,7 @@ group: elasticsearch tags: xpack-security -- name: Ensuring certificates folder owner +- name: Ensuring certificates folder permissions file: path: "{{ node_certs_destination }}/" mode: '0770' From af0e2f0756ff004acb44ec7fb00b9f3c20244f9d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:05:49 +0200 Subject: [PATCH 120/559] Add copy block to import node's certificate with custom CA name --- .../tasks/xpack_security.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 8fabf6eb..890db757 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -108,7 +108,6 @@ when: - node_certs_generator - - name: Unzip generated certs.zip unarchive: src: "{{master_certs_destination}}/certs.zip" @@ -139,10 +138,24 @@ copy: src: "{{item}}" dest: "{{node_certs_destination}}/" - with_items: + with_items: - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - "{{master_certs_destination}}/ca/ca.crt" + when: + - generate_CA + tags: xpack-security + +- name: Copying node's certificate from master (Custom CA) + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" + - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" + - "{{master_certs_destination}}/ca/{{ca_cert_name}}" + when: + - not generate_CA tags: xpack-security - name: Set elasticsearch bootstrap password From 5ca223726462dc2dac77938bb2adc6059ad4803f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 5 Aug 2019 15:06:04 +0200 Subject: [PATCH 121/559] Updated template to avoid hardcoding the ca format. --- .../templates/elasticsearch.yml.j2 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index f851e900..3cd386da 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -34,12 +34,19 @@ xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key -xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +{% if generate_CA == true %} xpack.security.transport.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] - +{% elif generate_CA == false %} +xpack.security.transport.ssl.certificate_authorities: [ "{{ node_certs_destination }}/{{ca_cert_name}}" ] +{% endif %} xpack.security.http.ssl.enabled: true xpack.security.http.ssl.verification_mode: certificate xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +{% if generate_CA == true %} xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] +{% elif generate_CA == false %} +xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/{{ca_cert_name}}" ] +{% endif %} {% endif %} \ No newline at end of file From c171f3905b5c6dd5436ae81c13992f0433afc282 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 7 Aug 2019 12:00:39 +0200 Subject: [PATCH 122/559] Bump version --- CHANGELOG.md | 4 ++++ VERSION | 4 ++-- molecule/default/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3221e38f..f92b855d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ All notable changes to this project will be documented in this file. - Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204). +### Fixed + +- Fixed network.host is not localhost [@rshad](https://github.com/rshad) [#204](https://github.com/wazuh/wazuh-ansible/pull/212). + ## [v3.9.3_7.2.0] ### Added diff --git a/VERSION b/VERSION index fe2acb96..8909e7be 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.3" -REVISION="3930" +WAZUH-ANSIBLE_VERSION="v3.9.4" +REVISION="3940" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 4be45b4e..e55bc894 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_wazuh_packages_are_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 48fdfc6e..223f4198 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcaa0f59..32a194c8 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.2.0 -wazuh_version: 3.9.3 +wazuh_version: 3.9.4 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ad2a93c9..d0898cb0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.3 +wazuh_agent_version: 3.9.4 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -24,7 +24,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.3' + version: '3.9.4' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: c3fdbd6c121ca371b8abcd477ed4e8a4 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b93bd8ef..a35e3387 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.3 +wazuh_manager_api_version: 3.9.4 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 3d3b3bc1d05b3edfc8f933b8e438a1619d572b28 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:41:53 +0200 Subject: [PATCH 123/559] Fix permissions and add password option --- .../tasks/xpack_security.yml | 80 +++++++++++-------- 1 file changed, 48 insertions(+), 32 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 890db757..e64b71df 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -41,18 +41,22 @@ - name: Importing custom CA key copy: - src: "{{ master_certs_destination }}/ca/{{ ca_key_name }}" + src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" + mode: '0664' when: - not generate_CA + - node_certs_generator tags: xpack-security - name: Importing custom CA cert copy: - src: "{{ master_certs_destination }}/ca/{{ ca_cert_name }}" + src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" + mode: '0664' when: - not generate_CA + - node_certs_generator tags: xpack-security - name: Generating certificates for Elasticsearch security (generating CA) @@ -65,17 +69,34 @@ - generate_CA tags: xpack-security -- name: Generating certificates for Elasticsearch security (using provided CA) - shell: /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip +- name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists - not generate_CA - tags: xpack-security + - ca_password == "" + tags: xpack-security +- name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + --ca-pass {{ca_password}} + when: + - node_certs_generator + - not xpack_certs_zip.stat.exists + - not generate_CA + - ca_password != "" + tags: xpack-security + - name: Verify the Elastic certificates directory file: - path: "{{ master_certs_destination }}" + path: "{{ master_certs_path }}" state: directory mode: '0700' delegate_to: "127.0.0.1" @@ -84,7 +105,7 @@ - name: Verify the Certificates Authority directory file: - path: "{{ master_certs_destination }}/ca/" + path: "{{ master_certs_path }}/ca/" state: directory mode: '0700' delegate_to: "127.0.0.1" @@ -94,7 +115,7 @@ - name: Copying certificates to Ansible master fetch: src: "{{ node_certs_source }}/certs.zip" - dest: "{{ master_certs_destination }}/" + dest: "{{ master_certs_path }}/" flat: yes mode: 0700 when: @@ -110,38 +131,22 @@ - name: Unzip generated certs.zip unarchive: - src: "{{master_certs_destination}}/certs.zip" - dest: "{{master_certs_destination}}/" + src: "{{master_certs_path}}/certs.zip" + dest: "{{master_certs_path}}/" become: true delegate_to: "127.0.0.1" when: - node_certs_generator tags: xpack-security -- name: Ensuring certificates folder owner - file: - path: "{{ node_certs_destination }}/" - state: directory - recurse: yes - owner: elasticsearch - group: elasticsearch - tags: xpack-security - -- name: Ensuring certificates folder permissions - file: - path: "{{ node_certs_destination }}/" - mode: '0770' - recurse: yes - tags: xpack-security - - name: Copying node's certificate from master copy: src: "{{item}}" dest: "{{node_certs_destination}}/" with_items: - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_destination}}/ca/ca.crt" + - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" + - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" + - "{{master_certs_path}}/ca/ca.crt" when: - generate_CA tags: xpack-security @@ -151,13 +156,24 @@ src: "{{item}}" dest: "{{node_certs_destination}}/" with_items: - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_destination}}/ca/{{ca_cert_name}}" + - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" + - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" + - "{{master_certs_path}}/ca/{{ca_cert_name}}" when: - not generate_CA tags: xpack-security +- name: Ensuring folder permissions + file: + path: "{{ node_certs_destination }}/" + mode: '0774' + state: directory + recurse: yes + when: + - elasticsearch_xpack_security + - generate_CA + tags: xpack-security + - name: Set elasticsearch bootstrap password shell: >- echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password From b2876d15e453636d9c7f946bb63d7ccd8ad9aee3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:43:30 +0200 Subject: [PATCH 124/559] Update attributes, remove rsync parameters. --- .../ansible-elasticsearch/defaults/main.yml | 18 ++++++------------ .../ansible-kibana/defaults/main.yml | 12 ++++-------- roles/wazuh/ansible-filebeat/defaults/main.yml | 10 ++++------ 3 files changed, 14 insertions(+), 26 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index bcbcc819..63b953f8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -19,23 +19,17 @@ elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false -node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs -master_certs_destination: /es_certs + # CA generation -generate_CA: false - -ca_key_name: myCA.key -ca_cert_name: myCA.pem - -# Rsync -rsync_path: /usr/bin/rsync -rsync_user: vagrant -rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' - +master_certs_path: /es_certs +generate_CA: true +ca_key_name: "" +ca_cert_name: "" +ca_password: "" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 4de06f9b..f8dece59 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -15,14 +15,10 @@ elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false -node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/kibana/certs -master_certs_destination: /es_certs - - -# Rsync -rsync_path: /usr/bin/rsync -rsync_user: vagrant -rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' +# CA Generation +master_certs_path: /es_certs +generate_CA: true +ca_cert_name: "" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index cf0cb5a1..cbf8cc9d 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -35,13 +35,11 @@ elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator : false -node_certs_generator_ip: 172.16.0.161 node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/filebeat/certs -master_certs_destination: /es_certs -# Rsync -rsync_path: /usr/bin/rsync -rsync_user: vagrant -rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' +# CA Generation +master_certs_path: /es_certs +generate_CA: true +ca_cert_name: "" From 7006f99209ad8d28970f36ae5de7f318f6eded80 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:43:40 +0200 Subject: [PATCH 125/559] Add import to kibana --- .../ansible-kibana/tasks/main.yml | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index fe91221b..ada29886 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -19,12 +19,27 @@ src: "{{item}}" dest: "{{node_certs_destination}}/" with_items: - - "{{master_certs_destination}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" - - "{{master_certs_destination}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" - - "{{master_certs_destination}}/ca/ca.crt" + - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" + - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" + - "{{master_certs_path}}/ca/ca.crt" tags: xpack-security when: - kibana_xpack_security + - generate_CA + +- name: Copying node's certificate from master (Custom CA) + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + mode: '0664' + with_items: + - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" + - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" + - "{{master_certs_path}}/ca/{{ca_cert_name}}" + when: + - kibana_xpack_security + - not generate_CA + tags: xpack-security - name: Ensuring certificates folder owner file: @@ -52,7 +67,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: 0664 + mode: '0664' notify: restart kibana tags: configure From 625970675586b8544404e67b20c8cf259dadbfba Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:43:50 +0200 Subject: [PATCH 126/559] Update kibana template --- roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 76a3c2c4..0f2ef606 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -109,6 +109,10 @@ elasticsearch.username: "{{ elasticsearch_xpack_security_user }}" elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" server.ssl.enabled: true server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" -server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +{% if generate_CA == true %} elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] +{% elif generate_CA == false %} +elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/{{ca_cert_name}}"] +{% endif %} {% endif %} \ No newline at end of file From bb0c79c455cf3cd0ac1a41bce5ce950e8339fe11 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:43:57 +0200 Subject: [PATCH 127/559] Update filebeat template --- roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 0a47af9d..466d9a89 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -57,8 +57,14 @@ output.elasticsearch: username: {{ elasticsearch_xpack_security_user }} password: {{ elasticsearch_xpack_security_password }} protocol: https +{% if generate_CA == true %} ssl.certificate_authorities: - {{node_certs_destination}}/ca.crt +{% elif generate_CA == false %} + ssl.certificate_authorities: + - {{node_certs_destination}}/{{ca_cert_name}} +{% endif %} + ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key" {% endif %} From fb76622080c24a3dc626379d73fc8f898c157297 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 8 Aug 2019 17:44:08 +0200 Subject: [PATCH 128/559] Add import to --- roles/wazuh/ansible-filebeat/tasks/main.yml | 28 +++++++++++++++------ 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 2b566ed5..a968e62d 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -31,18 +31,32 @@ src: "{{item}}" dest: "{{node_certs_destination}}/" with_items: - - "{{master_certs_destination}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" - - "{{master_certs_destination}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" - - "{{master_certs_destination}}/ca/ca.crt" - tags: xpack-security + - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" + - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" + - "{{master_certs_path}}/ca/ca.crt" when: + - generate_CA - filebeat_xpack_security + tags: xpack-security + +- name: Copying node's certificate from master (Custom CA) + copy: + src: "{{item}}" + dest: "{{node_certs_destination}}/" + with_items: + - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" + - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" + - "{{master_certs_path}}/ca/{{ca_cert_name}}" + when: + - not generate_CA + - filebeat_xpack_security + tags: xpack-security - -- name: Ensuring certificates folder owner +- name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: '0774' + state: directory recurse: yes when: - filebeat_xpack_security From 69427edea6e45567212415ff57a388ddd1aa80a4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 16:45:23 +0200 Subject: [PATCH 129/559] initial changes --- roles/wazuh/ansible-filebeat/defaults/main.yml | 5 +++++ roles/wazuh/ansible-filebeat/tasks/main.yml | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 103d61eb..1fed5fb0 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -43,3 +43,8 @@ node_certs_destination: /etc/filebeat/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /root/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7bafcc79..b0e5371c 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,6 +88,19 @@ - filebeat_xpack_security tags: xpack-security +- name: Download Filebeat module package + get_url: + url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + dest: "{{ filebeat_module_package_path }}" + +- name: Unpakcaging Filebeat module package + unarchive: + src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_destination }}" + +- name: Setting 0755 permission for Filebeat module folder + file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + - import_tasks: config.yml when: filebeat_create_config notify: restart filebeat From da005fea58a33dd77e8c356de26e990f76fc27dd Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 10:27:42 +0200 Subject: [PATCH 130/559] removed Java installation tasks for SysV systems --- molecule/filebeat/molecule.yml | 34 ++++++++-------- molecule/filebeat/prepare.yml | 1 + molecule/kibana/molecule.yml | 40 +++++++++---------- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/Debian.yml | 14 ------- .../ansible-elasticsearch/tasks/RedHat.yml | 7 ---- roles/wazuh/ansible-filebeat/tasks/main.yml | 5 ++- 7 files changed, 42 insertions(+), 60 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e456c4ae..761326f3 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,23 +11,23 @@ lint: platforms: - name: trusty image: ubuntu:trusty - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - privileged: true - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + # - name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # privileged: true + # - name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + #- name: centos6 + # image: geerlingguy/docker-centos6-ansible + # privileged: true + # command: /sbin/init + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml index f3dc9aac..49325b85 100644 --- a/molecule/filebeat/prepare.yml +++ b/molecule/filebeat/prepare.yml @@ -7,6 +7,7 @@ - name: "Install Python packages for Trusty to solve trust issues" package: name: + - python-apt - python-setuptools - python-pip state: latest diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 2017a6bd..8cf21dc2 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,31 +9,31 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: bionic +# image: solita/ubuntu-systemd:bionic +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 +# privileged: true +# memory_reservation: 1024m +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 1024m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 1024m diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 74fc1038..18543dce 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,3 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana + \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index b35f11e1..67a34e7e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -8,12 +8,6 @@ register: elasticsearch_ca_packages_installed until: elasticsearch_ca_packages_installed is succeeded -- name: "Install Java Repo for Trusty" - apt_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: @@ -24,14 +18,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Install Oracle Java 8 - become: true - apt: name=openjdk-8-jdk - - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 81176ee0..16366dfc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,13 +9,6 @@ gpgcheck: true changed_when: false -- name: CentOS x.x => x.x < 7.0 | Installing Java - yum: - name: java-1.8.0-openjdk.x86_64 - state: present - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b0e5371c..7e1d408a 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -90,13 +90,14 @@ - name: Download Filebeat module package get_url: - url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" - name: Unpakcaging Filebeat module package - unarchive: + unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" + remote_src: yes - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes From 2b7bf881aebc3ba4c989d59be0180d2464291016 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 11:54:51 +0200 Subject: [PATCH 131/559] improved the tasks of filebeat module installation and fixed idempotence errors --- Pipfile | 1 + molecule/filebeat/molecule.yml | 10 +++++----- roles/wazuh/ansible-filebeat/tasks/main.yml | 22 ++++++++++++++++++++- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..e7dab50e 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +clean = "molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 761326f3..e85c687d 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -9,8 +9,8 @@ lint: config-data: ignore: .virtualenv platforms: - - name: trusty - image: ubuntu:trusty + # - name: trusty + # image: ubuntu:trusty # - name: bionic # image: solita/ubuntu-systemd:bionic # command: /sbin/init @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7e1d408a..8328e068 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,19 +88,39 @@ - filebeat_xpack_security tags: xpack-security +- name: Checking if Filebeat Module folder file exists + stat: + path: "{{ filebeat_module_folder }}" + register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" + when: not filebeat_module_folder.stat.exists -- name: Unpakcaging Filebeat module package +- name: Unpakcing Filebeat module package unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" remote_src: yes + when: not filebeat_module_folder.stat.exists - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + when: not filebeat_module_folder.stat.exists + +- name: Checking if Filebeat Module package file exists + stat: + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + register: filebeat_module_package + when: filebeat_module_package is not defined + +- name: Delete Filebeat module package file + file: + state: absent + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + when: filebeat_module_package.stat.exists - import_tasks: config.yml when: filebeat_create_config From cb5149c6290c8da765f043ae130f7c56fcbb68ef Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:36:31 +0200 Subject: [PATCH 132/559] Fix Kibana APP installation by becoming user kibana --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4e12b1b2..a32b90fd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -118,14 +118,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + become_user: kibana tags: - install - skip_ansible_lint From cae6e96be66f51596bffebfa40fa8bdee73853bf Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 14:43:29 +0200 Subject: [PATCH 133/559] changing default variables values --- molecule/filebeat/molecule.yml | 12 ++++++------ molecule/kibana/molecule.yml | 1 - playbooks/wazuh-elastic.yml | 5 +++-- playbooks/wazuh-kibana.yml | 10 +++------- playbooks/wazuh-manager.yml | 8 +++----- .../ansible-elasticsearch/defaults/main.yml | 3 +-- .../ansible-elasticsearch/tasks/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 1 + 9 files changed, 20 insertions(+), 24 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e85c687d..699495d1 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -12,9 +12,9 @@ platforms: # - name: trusty # image: ubuntu:trusty # - name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # privileged: true + image: solita/ubuntu-systemd:bionic + command: /sbin/init + privileged: true # - name: xenial # image: solita/ubuntu-systemd:xenial # privileged: true @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 8cf21dc2..42b55fd3 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -55,7 +55,6 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 256 - kibana_plugin_install_ignore_error: true verifier: name: testinfra lint: diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 0c3b0a61..36bd9b1d 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,4 +1,5 @@ --- -- hosts: +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: '' diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 2fc5cc1d..200f4891 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,10 +1,6 @@ --- -- hosts: 172.16.0.162 +- hosts: roles: - role: ../roles/elastic-stack/ansible-kibana - kibana_xpack_security: true - kibana_user: elastic - kibana_password: elastic_pass - kibana_node_name: node-2 - elasticsearch_network_host: 172.16.0.161 - node_certs_generator: false + elasticsearch_network_host: + diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 93fb9e9d..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,10 +1,8 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 - filebeat_xpack_security: true - filebeat_node_name: node-1 - node_certs_generator: true + filebeat_output_elasticsearch_hosts: :9200 + diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index a07f02e2..58b5e308 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,10 +3,9 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 -elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 -single_node: false +single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 99782056..8fb9184d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -259,7 +259,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 32a194c8..9e9367ca 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -23,3 +23,5 @@ node_certs_destination: /etc/kibana/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +kibana_plugin_install_ignore_error: true \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 8328e068..fbf8cfbf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -93,6 +93,7 @@ path: "{{ filebeat_module_folder }}" register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} From c1c5f90bc34ef1184d54b4a9cd68da820f46cace Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 16 Aug 2019 18:11:00 +0200 Subject: [PATCH 134/559] Updating tests --- molecule/default/molecule.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..97f0fef9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,37 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true + memory_reservation: 2048m command: /sbin/init - - name: trusty - image: ubuntu:trusty + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 - name: centos6 image: centos:6 + privileged: true + memory_reservation: 2048m + ulimits: + - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd + memory_reservation: 2048m privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: From 7ab3f960c84d4c3158cbbac9477fa7502d6ff7ae Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 19:23:46 +0200 Subject: [PATCH 135/559] fixed some molecule errors --- Pipfile | 2 +- molecule/default/molecule.yml | 24 +++++++++++-------- molecule/default/playbook.yml | 8 +++---- molecule/elasticsearch/molecule.yml | 12 +++++----- molecule/filebeat/molecule.yml | 2 +- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/main.yml | 7 ------ 7 files changed, 26 insertions(+), 30 deletions(-) diff --git a/Pipfile b/Pipfile index e7dab50e..77eeea6b 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" -test ="molecule test" +test ="molecule test --destroy=never" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..064b4643 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,22 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true + image: solita/ubuntu-systemd:bionic command: /sbin/init - - name: trusty - image: ubuntu:trusty - - name: centos6 - image: centos:6 - - name: centos7 - image: milcom/centos7-systemd privileged: true + ulimits: + - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# command: /sbin/init +# - name: trusty +# image: ubuntu:trusty +# - name: centos6 +# image: centos:6 +# - name: centos7 +# image: milcom/centos7-systemd +# privileged: true provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 639e6320..e692aaae 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,8 +3,6 @@ hosts: all roles: - role: wazuh/ansible-wazuh-manager - -# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' -# Elasticsearch requires too much memory to test multiple containers concurrently - To Fix -# - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} -# - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 1ad6ef7b..b252e554 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -23,12 +23,12 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 699495d1..7ad07f77 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,7 +11,7 @@ lint: platforms: # - name: trusty # image: ubuntu:trusty - # - name: bionic + - name: bionic image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 18543dce..6deac809 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,5 +2,6 @@ - name: Converge hosts: all roles: + - role: elastic-stack/ansible-kibana \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8fb9184d..7ee77beb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -245,13 +245,6 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Distribution is centos 6.* | Enable Elasticsearch - service: name=elasticsearch enabled=yes - -- name: Distribution is centos 6.* | Start Elasticsearch - service: name=elasticsearch state=started - ignore_errors: true - - name: Ensure Elasticsearch started and enabled service: name: elasticsearch From 60f58e99386d223c1ad3df1bc7724f597b78459d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 20:09:08 +0200 Subject: [PATCH 136/559] completed --- Pipfile | 1 + molecule/default/playbook.yml | 6 +-- molecule/default/tests/test_default.py | 51 +++++++++++++++++++ .../ansible-kibana/tasks/main.yml | 1 + 4 files changed, 56 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 77eeea6b..f85e6439 100644 --- a/Pipfile +++ b/Pipfile @@ -16,6 +16,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" test ="molecule test --destroy=never" +verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index e692aaae..f34d0837 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,7 @@ - name: Converge hosts: all roles: - - role: wazuh/ansible-wazuh-manager - - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + #- role: wazuh/ansible-wazuh-manager + #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..da8f772b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -78,3 +78,54 @@ def test_open_ports(host): elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening assert not host.socket("tcp://:::1514").is_listening + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.0') + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_elasticsearch_is_installed(host): + """Test if the elasticsearch package is installed.""" + elasticsearch = host.package("elasticsearch") + assert elasticsearch.is_installed + assert elasticsearch.version.startswith('7.2.0') + + +def test_elasticsearch_is_running(host): + """Test if the services are enabled and running.""" + elasticsearch = host.service("elasticsearch") + assert elasticsearch.is_enabled + assert elasticsearch.is_running + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_port_kibana_is_open(host): + """Test if the port 5601 is open and listening to connections.""" + host.socket("tcp://0.0.0.0:5601").is_listening + + +def test_find_correct_elasticsearch_version(host): + """Test if we find the kibana/elasticsearch version in package.json""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") + assert kibana.contains("7.2.0") + + +def test_wazuh_plugin_installed(host): + """Make sure there is a plugin wazuh directory.""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/") + + assert kibana.is_directory \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a32b90fd..fe0c9365 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana + become: yes become_user: kibana tags: - install From c59c0fd008d3662410333406508b7f6fb84b39b7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:07:38 +0200 Subject: [PATCH 137/559] uncommented some platforms in Molecule tests and made the default test running only for the manager --- molecule/default/molecule.yml | 26 +++++++++++++------------- molecule/default/playbook.yml | 6 ++---- molecule/elasticsearch/molecule.yml | 12 ++++++------ molecule/filebeat/molecule.yml | 14 +++++++------- molecule/kibana/molecule.yml | 28 ++++++++++++++-------------- 5 files changed, 42 insertions(+), 44 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4b1b2677..ea838971 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -#- name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 +- name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 +- name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index f34d0837..242a3777 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,5 @@ - name: Converge hosts: all roles: - #- role: wazuh/ansible-wazuh-manager - #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: wazuh/ansible-wazuh-manager + diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index b252e554..7b2bbe1f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -29,12 +29,12 @@ platforms: #memory_reservation: 2048m #ulimits: #- nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 2048m - ulimits: - - nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 2048m diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 7ad07f77..a094407a 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -15,19 +15,19 @@ platforms: image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true - # - name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + command: /sbin/init #- name: centos6 # image: geerlingguy/docker-centos6-ansible # privileged: true # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 42b55fd3..20ea5e07 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: -# - name: bionic -# image: solita/ubuntu-systemd:bionic -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 -# privileged: true -# memory_reservation: 1024m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 1024m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m From 37cd4893b3105c78b3bb35f72e156058a2fc0302 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:27:44 +0200 Subject: [PATCH 138/559] fixed some linting errors and removed the changes added to the tests --- Pipfile | 1 - molecule/default/molecule.yml | 26 ++++++------- molecule/default/tests/test_default.py | 53 +------------------------- molecule/filebeat/molecule.yml | 6 +-- 4 files changed, 17 insertions(+), 69 deletions(-) diff --git a/Pipfile b/Pipfile index f85e6439..b0784518 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,6 @@ molecule = "*" python_version = "2.7" [scripts] -clean = "molecule destroy" test ="molecule test --destroy=never" verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ea838971..ad7d7219 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -- name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -- name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index da8f772b..8e1817e3 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,55 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.2.0') - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_elasticsearch_is_installed(host): - """Test if the elasticsearch package is installed.""" - elasticsearch = host.package("elasticsearch") - assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.0') - - -def test_elasticsearch_is_running(host): - """Test if the services are enabled and running.""" - elasticsearch = host.service("elasticsearch") - assert elasticsearch.is_enabled - assert elasticsearch.is_running - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_port_kibana_is_open(host): - """Test if the port 5601 is open and listening to connections.""" - host.socket("tcp://0.0.0.0:5601").is_listening - - -def test_find_correct_elasticsearch_version(host): - """Test if we find the kibana/elasticsearch version in package.json""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.0") - - -def test_wazuh_plugin_installed(host): - """Make sure there is a plugin wazuh directory.""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/") - - assert kibana.is_directory \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index a094407a..5e055508 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: From 9d9aa9088add1fe32f0038a72fc7b33ca6618c90 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:54:34 +0200 Subject: [PATCH 139/559] fixed flake8 errors --- molecule/default/tests/test_default.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 8e1817e3..e55bc894 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening From 07172620cd31500a59c16b4f91287c5414bcbba0 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:37:58 +0200 Subject: [PATCH 140/559] fixed tests for molecule/default --- Pipfile | 1 - molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 8 ++++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index b0784518..9919f2cd 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,6 @@ python_version = "2.7" [scripts] test ="molecule test --destroy=never" -verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ad7d7219..23b9f5ce 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..45a52de1 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert not host.socket("tcp://0.0.0.0:1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening From c15a466912551704ef4d29bfc701fede1f0bcc2c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:52:54 +0200 Subject: [PATCH 141/559] fixed tests for molecule/default .. --- molecule/default/tests/test_default.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 45a52de1..6e5b3294 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://:::1515").is_listening + assert host.socket("tcp://:::1514").is_listening From 0d0032e2dced163675121ad6e2d03c5292e3e13f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:17:36 +0200 Subject: [PATCH 142/559] improved molecule/default tests --- molecule/default/tests/test_default.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 6e5b3294..7757401e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -76,5 +76,5 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file From 8fbac1af24e4bbc72a288e76e7a72a7622ab1e8f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:21:54 +0200 Subject: [PATCH 143/559] removed some additional changes from Pipefile --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 9919f2cd..9e3b448b 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" +test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" From 70e2d68cb0295a1740dc4ab260d4743e28c0e4c7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:44:47 +0200 Subject: [PATCH 144/559] reduced the memory ram for molecule/default --- Pipfile | 1 + molecule/default/molecule.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..118d47c9 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +destroy ="molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 23b9f5ce..bc49d808 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,7 +13,7 @@ platforms: ulimits: - nofile:262144:262144 privileged: true - memory_reservation: 5120m + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - - idempotence + # - idempotence - side_effect - verify - cleanup From 9582a0aacd2f7d4afb0d66a9e8ebe72f9ba357e8 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 13:16:51 +0200 Subject: [PATCH 145/559] updated ansible and molecule versions --- Pipfile | 4 ++-- molecule/default/tests/test_default.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 118d47c9..3de882c3 100644 --- a/Pipfile +++ b/Pipfile @@ -5,8 +5,8 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.11" -molecule = "*" +ansible = "==2.7.13" +molecule = "2.20" [dev-packages] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 7757401e..227f8e59 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file + assert host.socket("tcp://127.0.0.1:1514").is_listening From c295ac2ea45fa7697404edf744e8f4d03cb476eb Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 13:34:36 +0200 Subject: [PATCH 146/559] bump version for 3.9.5_7.2.1 --- CHANGELOG.md | 7 +++++++ VERSION | 4 ++-- molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/filebeat/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 13 files changed, 22 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f92b855d..87570f08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.5_7.2.1] + +### Added + +- Update to Wazuh v3.9.5 +- Update to Elastic Stack to v7.2.1 + ## [v3.9.4_7.2.0] ### Added diff --git a/VERSION b/VERSION index 8909e7be..921c9fb1 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.4" -REVISION="3940" +WAZUH-ANSIBLE_VERSION="v3.9.5" +REVISION="3950" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index bc49d808..6a54a846 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 227f8e59..c5e76d67 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.4" + return "3.9.5" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index c8be3ed2..31c5da6c 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.0') + assert elasticsearch.version.startswith('7.2.1') def test_elasticsearch_is_running(host): diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 106e949d..02638b52 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -10,4 +10,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.0') + assert filebeat.version.startswith('7.2.1') diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index b09e8e20..f57bb8f7 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.0") + assert kibana.contains("7.2.1") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 223f4198..a4845d06 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.4" + return "3.9.5" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 58b5e308..31ed74de 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.2.0 +elastic_stack_version: 7.2.1 single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9e9367ca..9ec61091 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.2.0 -wazuh_version: 3.9.4 +elastic_stack_version: 7.2.1 +wazuh_version: 3.9.5 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 1fed5fb0..632ab7e3 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.2.0 +filebeat_version: 7.2.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d0898cb0..2b3f88a4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.4 +wazuh_agent_version: 3.9.5 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -24,7 +24,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.4' + version: '3.9.5' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: c3fdbd6c121ca371b8abcd477ed4e8a4 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index a35e3387..433e00c6 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.4 +wazuh_manager_api_version: 3.9.5 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 34c098332efee83e1b5f3ca5e13db8f758a9633b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 15:01:03 +0200 Subject: [PATCH 147/559] fixed Pipefile --- Pipfile | 2 +- molecule/elasticsearch/molecule.yml | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 7b2bbe1f..ebf47ccb 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 + #- name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + # privileged: true + # memory_reservation: 2048m + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 2048m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 #- name: trusty #image: ubuntu:trusty #privileged: true From 553d76b9849af9d6349277f67825de577bea5eff Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 19 Aug 2019 15:09:47 +0200 Subject: [PATCH 148/559] Bump molecule version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] From 67f681db0d974747106917acc5a8e995666c4c86 Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 19 Aug 2019 15:10:44 +0200 Subject: [PATCH 149/559] Bump molecule version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] From cd090d63eb848132df63e6b1a268470a6c842251 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 15:18:51 +0200 Subject: [PATCH 150/559] removed basename, adapted paths, fixed Pipefile --- Pipfile | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 433e00c6..6041c64d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -54,8 +54,8 @@ wazuh_manager_config: use_password: 'no' ssl_agent_ca: null ssl_verify_host: 'no' - ssl_manager_cert: '/var/ossec/etc/sslmanager.cert' - ssl_manager_key: '/var/ossec/etc/sslmanager.key' + ssl_manager_cert: 'sslmanager.cert' + ssl_manager_key: 'sslmanager.key' ssl_auto_negotiate: 'no' email_notification: 'no' mail_to: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 30e5ec87..1dac6f0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -70,7 +70,7 @@ - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" - dest: "/var/ossec/etc/{{ item | basename }}" + dest: "/var/ossec/etc/{{ item }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" From d74e0beeecf8ffebaffa118a1a2b73f1aa96bae3 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 17:15:43 +0200 Subject: [PATCH 151/559] adapted molecule.yml - wazuh-agent - --- molecule/wazuh-agent/molecule.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 47c0012f..953fbb09 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -32,18 +32,18 @@ platforms: - name: wazuh groups: - agent - - name: wazuh_agent_trusty - image: ubuntu:trusty - networks: - - name: wazuh - groups: - - agent - - name: wazuh_agent_centos6 - image: centos:6 - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_trusty + # image: ubuntu:trusty + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos6 + # image: centos:6 + # networks: + # - name: wazuh + # groups: + # - agent - name: wazuh_agent_centos7 image: milcom/centos7-systemd privileged: true From e7614e13e86e1fb87618fe317fb6c2b28113e531 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 20 Aug 2019 15:02:37 +0200 Subject: [PATCH 152/559] added more tests types in Pipefile --- Pipfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index ce0266f2..6b444c31 100644 --- a/Pipfile +++ b/Pipfile @@ -14,9 +14,20 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -destroy ="molecule destroy" +# Normal Case test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" + +# Do Not destroy the created containers afte the test execution ends. +test_still ="molecule test --destroy=never" +agent_still ="molecule test -s wazuh-agent --destroy=never" +elasticsearch_still ="molecule test -s elasticsearch --destroy=never" +filebeat_still ="molecule test -s filebeat --destroy=never" +kibana_still ="molecule test -s kibana --destroy=never" +destroy_still ="molecule destroy --destroy=never" + +# Destroy all the existing containers ' Created by Molecule ' +destroy ="molecule destroy" From 61625f80eeb199aed791f0e52d9a46aa413a1f11 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 20 Aug 2019 15:10:17 +0200 Subject: [PATCH 153/559] adding new test /molecule/stack --- molecule/stack/Dockerfile.j2 | 14 +++++ molecule/stack/INSTALL.rst | 16 ++++++ molecule/stack/create.yml | 81 ++++++++++++++++++++++++++++ molecule/stack/destroy.yml | 32 +++++++++++ molecule/stack/molecule.yml | 69 ++++++++++++++++++++++++ molecule/stack/playbook.yml | 6 +++ molecule/stack/prepare.yml | 36 +++++++++++++ molecule/stack/tests/test_default.py | 80 +++++++++++++++++++++++++++ 8 files changed, 334 insertions(+) create mode 100644 molecule/stack/Dockerfile.j2 create mode 100644 molecule/stack/INSTALL.rst create mode 100644 molecule/stack/create.yml create mode 100644 molecule/stack/destroy.yml create mode 100644 molecule/stack/molecule.yml create mode 100644 molecule/stack/playbook.yml create mode 100644 molecule/stack/prepare.yml create mode 100644 molecule/stack/tests/test_default.py diff --git a/molecule/stack/Dockerfile.j2 b/molecule/stack/Dockerfile.j2 new file mode 100644 index 00000000..19692c20 --- /dev/null +++ b/molecule/stack/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/stack/INSTALL.rst b/molecule/stack/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/stack/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/stack/create.yml b/molecule/stack/create.yml new file mode 100644 index 00000000..25932aee --- /dev/null +++ b/molecule/stack/create.yml @@ -0,0 +1,81 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: false + tasks: + - name: Log into a Docker registry + docker_login: + username: "{{ item.registry.credentials.username }}" + password: "{{ item.registry.credentials.password }}" + email: "{{ item.registry.credentials.email | default(omit) }}" + registry: "{{ item.registry.url }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + with_items: "{{ molecule_yml.platforms }}" + when: + - item.registry is defined + - item.registry.credentials is defined + - item.registry.credentials.username is defined + + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: present + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: json-file + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + exposed_ports: "{{ item.exposed_ports | default(omit) }}" + published_ports: "{{ item.published_ports | default(omit) }}" + ulimits: "{{ item.ulimits | default(omit) }}" + networks: "{{ item.networks | default(omit) }}" + dns_servers: "{{ item.dns_servers | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/stack/destroy.yml b/molecule/stack/destroy.yml new file mode 100644 index 00000000..ddf7062b --- /dev/null +++ b/molecule/stack/destroy.yml @@ -0,0 +1,32 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: false + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + - name: Delete docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: absent + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/stack/molecule.yml b/molecule/stack/molecule.yml new file mode 100644 index 00000000..6a54a846 --- /dev/null +++ b/molecule/stack/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + enabled: false +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: default + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + enabled: true diff --git a/molecule/stack/playbook.yml b/molecule/stack/playbook.yml new file mode 100644 index 00000000..242a3777 --- /dev/null +++ b/molecule/stack/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + diff --git a/molecule/stack/prepare.yml b/molecule/stack/prepare.yml new file mode 100644 index 00000000..f3dc9aac --- /dev/null +++ b/molecule/stack/prepare.yml @@ -0,0 +1,36 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/stack/tests/test_default.py b/molecule/stack/tests/test_default.py new file mode 100644 index 00000000..c5e76d67 --- /dev/null +++ b/molecule/stack/tests/test_default.py @@ -0,0 +1,80 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.5" + + +def test_wazuh_packages_are_installed(host): + """Test if the main packages are installed.""" + manager = host.package("wazuh-manager") + api = host.package("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + if host.system_info.release == "7": + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + assert api.is_installed + assert api.version.startswith(get_wazuh_version()) + elif host.system_info.release.startswith("6"): + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + elif distribution == 'ubuntu': + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test if the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + manager = host.service("wazuh-manager") + api = host.service("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + # assert manager.is_running + assert manager.is_enabled + # assert not api.is_running + assert not api.is_enabled + elif distribution == 'ubuntu': + # assert manager.is_running + assert manager.is_enabled + # assert api.is_running + assert api.is_enabled + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test if Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_open_ports(host): + """Test if the main port is open and the agent-auth is not open.""" + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening + elif distribution == 'centos': + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening From 8bfe42cf863b80b2fb9017bf781486e2e8cca165 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 09:59:37 +0200 Subject: [PATCH 154/559] deleted a wrong test and stack folder --- Pipfile | 1 - molecule/default/create.yml | 4 +- molecule/default/molecule.yml | 26 ++++----- molecule/filebeat/molecule.yml | 16 +++--- molecule/stack/Dockerfile.j2 | 14 ----- molecule/stack/INSTALL.rst | 16 ------ molecule/stack/create.yml | 81 ---------------------------- molecule/stack/destroy.yml | 32 ----------- molecule/stack/molecule.yml | 69 ------------------------ molecule/stack/playbook.yml | 6 --- molecule/stack/prepare.yml | 36 ------------- molecule/stack/tests/test_default.py | 80 --------------------------- 12 files changed, 23 insertions(+), 358 deletions(-) delete mode 100644 molecule/stack/Dockerfile.j2 delete mode 100644 molecule/stack/INSTALL.rst delete mode 100644 molecule/stack/create.yml delete mode 100644 molecule/stack/destroy.yml delete mode 100644 molecule/stack/molecule.yml delete mode 100644 molecule/stack/playbook.yml delete mode 100644 molecule/stack/prepare.yml delete mode 100644 molecule/stack/tests/test_default.py diff --git a/Pipfile b/Pipfile index 6b444c31..4a393c5a 100644 --- a/Pipfile +++ b/Pipfile @@ -27,7 +27,6 @@ agent_still ="molecule test -s wazuh-agent --destroy=never" elasticsearch_still ="molecule test -s elasticsearch --destroy=never" filebeat_still ="molecule test -s filebeat --destroy=never" kibana_still ="molecule test -s kibana --destroy=never" -destroy_still ="molecule destroy --destroy=never" # Destroy all the existing containers ' Created by Molecule ' destroy ="molecule destroy" diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 25932aee..0fba5542 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -51,9 +51,9 @@ - name: Create molecule instance(s) docker_container: - name: "{{ item.name }}" + name: "manager" docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" + hostname: "manager" image: "molecule_local/{{ item.image }}" state: started recreate: false diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6a54a846..67c54a5b 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 2048m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 2048m +# privileged: true +# ulimits: +# - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 5e055508..c111b06e 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,14 +11,14 @@ lint: platforms: # - name: trusty # image: ubuntu:trusty - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - privileged: true - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init + #- name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # privileged: true + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init #- name: centos6 # image: geerlingguy/docker-centos6-ansible # privileged: true diff --git a/molecule/stack/Dockerfile.j2 b/molecule/stack/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/stack/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/stack/INSTALL.rst b/molecule/stack/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/stack/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/stack/create.yml b/molecule/stack/create.yml deleted file mode 100644 index 25932aee..00000000 --- a/molecule/stack/create.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Log into a Docker registry - docker_login: - username: "{{ item.registry.credentials.username }}" - password: "{{ item.registry.credentials.password }}" - email: "{{ item.registry.credentials.email | default(omit) }}" - registry: "{{ item.registry.url }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ molecule_yml.platforms }}" - when: - - item.registry is defined - - item.registry.credentials is defined - - item.registry.credentials.username is defined - - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: present - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - exposed_ports: "{{ item.exposed_ports | default(omit) }}" - published_ports: "{{ item.published_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - networks: "{{ item.networks | default(omit) }}" - dns_servers: "{{ item.dns_servers | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/molecule/stack/destroy.yml b/molecule/stack/destroy.yml deleted file mode 100644 index ddf7062b..00000000 --- a/molecule/stack/destroy.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" - - - name: Delete docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/stack/molecule.yml b/molecule/stack/molecule.yml deleted file mode 100644 index 6a54a846..00000000 --- a/molecule/stack/molecule.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/stack/playbook.yml b/molecule/stack/playbook.yml deleted file mode 100644 index 242a3777..00000000 --- a/molecule/stack/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - diff --git a/molecule/stack/prepare.yml b/molecule/stack/prepare.yml deleted file mode 100644 index f3dc9aac..00000000 --- a/molecule/stack/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/stack/tests/test_default.py b/molecule/stack/tests/test_default.py deleted file mode 100644 index c5e76d67..00000000 --- a/molecule/stack/tests/test_default.py +++ /dev/null @@ -1,80 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.9.5" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening From 0e24c57fc617d918fb7ecb0b3390b19175c2639b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 15:12:57 +0200 Subject: [PATCH 155/559] fixed communications between containers --- Pipfile | 13 +++------ molecule/default/create.yml | 14 +++++----- molecule/default/molecule.yml | 2 +- molecule/default/playbook.yml | 1 + molecule/elasticsearch/molecule.yml | 27 ++++++++++--------- molecule/elasticsearch/playbook.yml | 2 +- update-dnsmasq.sh | 41 +++++++++++++++++++++++++++++ 7 files changed, 68 insertions(+), 32 deletions(-) create mode 100644 update-dnsmasq.sh diff --git a/Pipfile b/Pipfile index 4a393c5a..e7b1b5c0 100644 --- a/Pipfile +++ b/Pipfile @@ -14,19 +14,12 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -# Normal Case -test ="molecule test" +test ="molecule test --destroy=never" agent ="molecule test -s wazuh-agent" -elasticsearch ="molecule test -s elasticsearch" +elasticsearch ="molecule test -s elasticsearch --destroy=never" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" -# Do Not destroy the created containers afte the test execution ends. -test_still ="molecule test --destroy=never" -agent_still ="molecule test -s wazuh-agent --destroy=never" -elasticsearch_still ="molecule test -s elasticsearch --destroy=never" -filebeat_still ="molecule test -s filebeat --destroy=never" -kibana_still ="molecule test -s kibana --destroy=never" - # Destroy all the existing containers ' Created by Molecule ' +destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy ="molecule destroy" diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 0fba5542..f69ab910 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -44,16 +44,15 @@ - name: Create docker network(s) docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + name: "new_network" state: present - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" + - name: Create molecule instance(s) docker_container: - name: "manager" + name: "{{ item.name }}" docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "manager" + hostname: "{{ item.name }}" image: "molecule_local/{{ item.image }}" state: started recreate: false @@ -65,7 +64,8 @@ exposed_ports: "{{ item.exposed_ports | default(omit) }}" published_ports: "{{ item.published_ports | default(omit) }}" ulimits: "{{ item.ulimits | default(omit) }}" - networks: "{{ item.networks | default(omit) }}" + networks: + - name: "new_network" dns_servers: "{{ item.dns_servers | default(omit) }}" register: server with_items: "{{ molecule_yml.platforms }}" @@ -78,4 +78,4 @@ register: docker_jobs until: docker_jobs.finished retries: 300 - with_items: "{{ server.results }}" + with_items: "{{ server.results }}" \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 67c54a5b..2e5dfa0d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ lint: name: yamllint enabled: false platforms: - - name: bionic + - name: manager image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 242a3777..f181f59a 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,4 +3,5 @@ hosts: all roles: - role: wazuh/ansible-wazuh-manager + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index ebf47ccb..109e2f4f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,13 +9,14 @@ lint: config-data: ignore: .virtualenv platforms: - #- name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - # privileged: true - # memory_reservation: 2048m + - name: elasticsearch + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + #- name: xenial # image: solita/ubuntu-systemd:xenial # privileged: true @@ -35,12 +36,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + #- name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 2048m + # privileged: true + # ulimits: + # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index f6bf45f9..75be4f34 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' + elasticsearch_network_host: 'elasticsearch' diff --git a/update-dnsmasq.sh b/update-dnsmasq.sh new file mode 100644 index 00000000..d4bee8a1 --- /dev/null +++ b/update-dnsmasq.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# 10 seconds interval time by default +INTERVAL=${INTERVAL:-10} + +# dnsmasq config directory +DNSMASQ_CONFIG=${DNSMASQ_CONFIG:-.} + +# commands used in this script +DOCKER=${DOCKER:-docker} +SLEEP=${SLEEP:-sleep} +TAIL=${TAIL:-tail} + +declare -A service_map + +while true +do + changed=false + while read line + do + name=${line##* } + ip=$(${DOCKER} inspect --format '{{.NetworkSettings.IPAddress}}' $name) + # if IP addr changed + if [ -z ${service_map[$name]} ] || [ ${service_map[$name]} != $ip ] + then + service_map[$name]=$ip + # write to file + echo $name has a new IP Address $ip >&2 + echo "host-record=$name,$ip" > "${DNSMASQ_CONFIG}/docker-$name" + changed=true + fi + done < <(${DOCKER} ps | ${TAIL} -n +2) + + # a change of IP address occured, restart dnsmasq + if [ $changed = true ] + then + systemctl restart dnsmasq + fi + + ${SLEEP} $INTERVAL +done From 40ab9eb9f2dfb7e77b91de3e705720fba23ad63d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 16:27:15 +0200 Subject: [PATCH 156/559] adapted wazuh-agent test playbook and created run.sh --- molecule/default/create.yml | 4 +-- molecule/kibana/molecule.yml | 26 +++++++++--------- molecule/kibana/playbook.yml | 1 + molecule/wazuh-agent/molecule.yml | 44 +++++++++++++++---------------- molecule/wazuh-agent/playbook.yml | 30 ++++++++++----------- update-dnsmasq.sh | 41 ---------------------------- 6 files changed, 52 insertions(+), 94 deletions(-) delete mode 100644 update-dnsmasq.sh diff --git a/molecule/default/create.yml b/molecule/default/create.yml index f69ab910..09e1a232 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -44,7 +44,7 @@ - name: Create docker network(s) docker_network: - name: "new_network" + name: "main" state: present @@ -65,7 +65,7 @@ published_ports: "{{ item.published_ports | default(omit) }}" ulimits: "{{ item.ulimits | default(omit) }}" networks: - - name: "new_network" + - name: "main" dns_servers: "{{ item.dns_servers | default(omit) }}" register: server with_items: "{{ molecule_yml.platforms }}" diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 20ea5e07..5067e088 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -16,13 +16,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 1024m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m @@ -34,12 +34,12 @@ platforms: # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 1024m +# privileged: true +# ulimits: +# - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 6deac809..c7d3acf8 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -4,4 +4,5 @@ roles: - role: elastic-stack/ansible-kibana + elasticsearch_network_host: 'elasticsearch' \ No newline at end of file diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 953fbb09..5c1082cf 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -11,27 +11,27 @@ lint: config-data: ignore: .virtualenv platforms: - - name: wazuh_server_centos7 - image: milcom/centos7-systemd - networks: - - name: wazuh - privileged: true - groups: - - manager + #- name: wazuh_server_centos7 + # image: milcom/centos7-systemd + # networks: + # - name: wazuh + # privileged: true + # groups: + # - manager - name: wazuh_agent_bionic image: ubuntu:bionic networks: - name: wazuh groups: - agent - - name: wazuh_agent_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + # networks: + # - name: wazuh + # groups: + # - agent #- name: wazuh_agent_trusty # image: ubuntu:trusty # networks: @@ -44,13 +44,13 @@ platforms: # - name: wazuh # groups: # - agent - - name: wazuh_agent_centos7 - image: milcom/centos7-systemd - privileged: true - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_centos7 + # image: milcom/centos7-systemd + # privileged: true + # networks: + # - name: wazuh + # groups: + # - agent provisioner: name: ansible playbooks: diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml index 5b869569..09413204 100644 --- a/molecule/wazuh-agent/playbook.yml +++ b/molecule/wazuh-agent/playbook.yml @@ -1,20 +1,18 @@ --- - name: Converge - hosts: agent - pre_tasks: - - name: "Get ip Wazuh Manager" - shell: | - set -o pipefail - grep $(hostname) /etc/hosts | awk '{print $1}' | sort | head -n 2 | tail -n 1 - register: wazuh_manager_ip_stdout - changed_when: false - delegate_to: wazuh_server_centos7 - args: - executable: /bin/bash - - - name: "Set fact for ip address" - set_fact: - wazuh_manager_ip: "{{ wazuh_manager_ip_stdout.stdout }}" - + hosts: all roles: - role: wazuh/ansible-wazuh-agent + vars: + wazuh_managers: + - address: 'manager' + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' diff --git a/update-dnsmasq.sh b/update-dnsmasq.sh deleted file mode 100644 index d4bee8a1..00000000 --- a/update-dnsmasq.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# 10 seconds interval time by default -INTERVAL=${INTERVAL:-10} - -# dnsmasq config directory -DNSMASQ_CONFIG=${DNSMASQ_CONFIG:-.} - -# commands used in this script -DOCKER=${DOCKER:-docker} -SLEEP=${SLEEP:-sleep} -TAIL=${TAIL:-tail} - -declare -A service_map - -while true -do - changed=false - while read line - do - name=${line##* } - ip=$(${DOCKER} inspect --format '{{.NetworkSettings.IPAddress}}' $name) - # if IP addr changed - if [ -z ${service_map[$name]} ] || [ ${service_map[$name]} != $ip ] - then - service_map[$name]=$ip - # write to file - echo $name has a new IP Address $ip >&2 - echo "host-record=$name,$ip" > "${DNSMASQ_CONFIG}/docker-$name" - changed=true - fi - done < <(${DOCKER} ps | ${TAIL} -n +2) - - # a change of IP address occured, restart dnsmasq - if [ $changed = true ] - then - systemctl restart dnsmasq - fi - - ${SLEEP} $INTERVAL -done From 65c9785bb54c93964b73f183722ffda7c5352f34 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 17:07:44 +0200 Subject: [PATCH 157/559] deleted filebeat test --- molecule/default/create.yml | 4 +++ molecule/default/tests/test_default.py | 6 ++++ molecule/filebeat/Dockerfile.j2 | 14 -------- molecule/filebeat/INSTALL.rst | 22 ------------ molecule/filebeat/molecule.yml | 45 ------------------------- molecule/filebeat/playbook.yml | 5 --- molecule/filebeat/prepare.yml | 37 -------------------- molecule/filebeat/tests/test_default.py | 13 ------- molecule/kibana/playbook.yml | 4 +-- run_none_cluster.sh | 6 ++++ 10 files changed, 17 insertions(+), 139 deletions(-) delete mode 100644 molecule/filebeat/Dockerfile.j2 delete mode 100644 molecule/filebeat/INSTALL.rst delete mode 100644 molecule/filebeat/molecule.yml delete mode 100644 molecule/filebeat/playbook.yml delete mode 100644 molecule/filebeat/prepare.yml delete mode 100644 molecule/filebeat/tests/test_default.py create mode 100644 run_none_cluster.sh diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 09e1a232..0b25ec81 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -47,6 +47,10 @@ name: "main" state: present + - name: Sleep 5 seconds till the network gets created if it's not + # Pause for 5 minutes to build app cache. + pause: + seconds: 10 - name: Create molecule instance(s) docker_container: diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index c5e76d67..becf02f7 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -78,3 +78,9 @@ def test_open_ports(host): elif distribution == 'centos': assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.1') \ No newline at end of file diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/filebeat/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/filebeat/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml deleted file mode 100644 index c111b06e..00000000 --- a/molecule/filebeat/molecule.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - # - name: trusty - # image: ubuntu:trusty - #- name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # privileged: true - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - #- name: centos6 - # image: geerlingguy/docker-centos6-ansible - # privileged: true - # command: /sbin/init - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true -provisioner: - name: ansible - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml deleted file mode 100644 index 3ff917f6..00000000 --- a/molecule/filebeat/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-filebeat diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml deleted file mode 100644 index 49325b85..00000000 --- a/molecule/filebeat/prepare.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-apt - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py deleted file mode 100644 index 02638b52..00000000 --- a/molecule/filebeat/tests/test_default.py +++ /dev/null @@ -1,13 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index c7d3acf8..f560f96d 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,7 +2,5 @@ - name: Converge hosts: all roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch' - \ No newline at end of file + elasticsearch_network_host: 'elasticsearch' \ No newline at end of file diff --git a/run_none_cluster.sh b/run_none_cluster.sh new file mode 100644 index 00000000..77cd0690 --- /dev/null +++ b/run_none_cluster.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +sudo pipenv run elasticsearch +sudo pipenv run test +sudo pipenv run agent +sudo pipenv run kibana \ No newline at end of file From defd2ab2f85e92ae0fca83d787690d742fc60d2a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 11:15:33 +0200 Subject: [PATCH 158/559] added a worker test --- Pipfile | 6 +- molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 3 +- molecule/worker/Dockerfile.j2 | 14 +++ molecule/worker/molecule.yml | 60 +++++++++++++ molecule/worker/playbook.yml | 11 +++ molecule/worker/tests/test_default.py | 87 +++++++++++++++++++ .../ansible-wazuh-manager/defaults/main.yml | 4 +- run_cluster_mode.sh | 5 ++ 9 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 molecule/worker/Dockerfile.j2 create mode 100644 molecule/worker/molecule.yml create mode 100644 molecule/worker/playbook.yml create mode 100644 molecule/worker/tests/test_default.py create mode 100644 run_cluster_mode.sh diff --git a/Pipfile b/Pipfile index e7b1b5c0..8aa7757a 100644 --- a/Pipfile +++ b/Pipfile @@ -15,10 +15,10 @@ python_version = "2.7" [scripts] test ="molecule test --destroy=never" -agent ="molecule test -s wazuh-agent" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" -filebeat ="molecule test -s filebeat" -kibana ="molecule test -s kibana" +kibana ="molecule test -s kibana --destroy=never" # Destroy all the existing containers ' Created by Molecule ' destroy_elasticsearch ="molecule destroy -s elasticsearch" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 2e5dfa0d..054acc00 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - - idempotence + #- idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index becf02f7..278ce719 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -79,8 +79,9 @@ def test_open_ports(host): assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening + def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') \ No newline at end of file + assert filebeat.version.startswith('7.2.1') diff --git a/molecule/worker/Dockerfile.j2 b/molecule/worker/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/worker/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml new file mode 100644 index 00000000..c82aacfc --- /dev/null +++ b/molecule/worker/molecule.yml @@ -0,0 +1,60 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: elasticsearch + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 2048m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 + #- name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 2048m + # privileged: true + # ulimits: + # - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml new file mode 100644 index 00000000..6c9a6317 --- /dev/null +++ b/molecule/worker/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + roles: + - { role: wazuh/ansible-wazuh-manager, + wazuh_manager_config.cluster.disable: 'no', + wazuh_manager_config.cluster.name: 'worker-01', + wazuh_manager_config.cluster.node_type: 'worker' + } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py new file mode 100644 index 00000000..278ce719 --- /dev/null +++ b/molecule/worker/tests/test_default.py @@ -0,0 +1,87 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.5" + + +def test_wazuh_packages_are_installed(host): + """Test if the main packages are installed.""" + manager = host.package("wazuh-manager") + api = host.package("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + if host.system_info.release == "7": + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + assert api.is_installed + assert api.version.startswith(get_wazuh_version()) + elif host.system_info.release.startswith("6"): + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + elif distribution == 'ubuntu': + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test if the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + manager = host.service("wazuh-manager") + api = host.service("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + # assert manager.is_running + assert manager.is_enabled + # assert not api.is_running + assert not api.is_enabled + elif distribution == 'ubuntu': + # assert manager.is_running + assert manager.is_enabled + # assert api.is_running + assert api.is_enabled + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test if Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_open_ports(host): + """Test if the main port is open and the agent-auth is not open.""" + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening + elif distribution == 'centos': + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.1') diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 6041c64d..8c7c1f16 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -35,9 +35,7 @@ wazuh_manager_config: port: '1516' bind_addr: '0.0.0.0' nodes: - - '172.17.0.2' - - '172.17.0.3' - - '172.17.0.4' + - 'manager' hidden: 'no' connection: - type: 'secure' diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh new file mode 100644 index 00000000..e58f0702 --- /dev/null +++ b/run_cluster_mode.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +#sudo pipenv run elasticsearch +sudo pipenv run test +sudo pipenv run worker \ No newline at end of file From 36d3cbee4a16d86c46165064ec572540679babe4 Mon Sep 17 00:00:00 2001 From: Apely Date: Thu, 22 Aug 2019 12:33:45 +0200 Subject: [PATCH 159/559] Update var-ossec-etc-ossec-agent.conf.j2 Hi, it seems that ansible_os_family is too specific for syscheck. Ex: Debian strech ( ansible_os_family == Debian ) --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 7d7e139d..fa8fa349 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -99,14 +99,14 @@ {% endif %} - {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %} + {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% for directory in wazuh_agent_config.syscheck.directories %} {{ directory.dirs }} {% endfor %} {% endif %} - {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %} + {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %} {% for directory in wazuh_agent_config.syscheck.win_directories %} {{ directory.dirs }} {% endfor %} From 675e2c5c88b101bdb84c4d25f513a8434acbc7cd Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 13:07:39 +0200 Subject: [PATCH 160/559] possible solution for ansible variables access and improving Pipefile --- Pipfile | 13 +++++++------ Pipfile.template | 26 ++++++++++++++++++++++++++ molecule/default/playbook.yml | 4 +++- molecule/worker/molecule.yml | 18 +++++++++++++++++- run_cluster_mode.sh | 2 +- 5 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 Pipfile.template diff --git a/Pipfile b/Pipfile index 8aa7757a..34e238d1 100644 --- a/Pipfile +++ b/Pipfile @@ -14,12 +14,13 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" +test ="molecule test --destroy=never --platform _PLATFORM_" +worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" +agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" +elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" +kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Created by Molecule ' +# Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_worker ="molecule destroy -s worker" destroy ="molecule destroy" diff --git a/Pipfile.template b/Pipfile.template new file mode 100644 index 00000000..47567850 --- /dev/null +++ b/Pipfile.template @@ -0,0 +1,26 @@ +[[source]] +url = "https://pypi.org/simple" +verify_ssl = true +name = "pypi" + +[packages] +docker-py = "*" +ansible = "==2.7.13" +molecule = "==2.20.2" + +[dev-packages] + +[requires] +python_version = "2.7" + +[scripts] +test ="molecule test --destroy=never" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" +elasticsearch ="molecule test -s elasticsearch --destroy=never" +kibana ="molecule test -s kibana --destroy=never" + +# Destroy all the existing containers ' Created by Molecule ' +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_worker ="molecule destroy -s worker" +destroy ="molecule destroy" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index f181f59a..c92eaf8f 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,6 +2,8 @@ - name: Converge hosts: all roles: - - role: wazuh/ansible-wazuh-manager + - { role: wazuh/ansible-wazuh-manager, + wazuh_manager_config[cluster][disable]: 'no', + } - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index c82aacfc..11c1fefa 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -9,7 +9,7 @@ lint: config-data: ignore: .virtualenv platforms: - - name: elasticsearch + - name: worker image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: @@ -54,6 +54,22 @@ provisioner: lint: name: ansible-lint enabled: true +scenario: + name: worker + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy verifier: name: testinfra lint: diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index e58f0702..8821f3e2 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,5 +1,5 @@ #!/bin/bash -#sudo pipenv run elasticsearch +sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run worker \ No newline at end of file From e1b084c1a7175b930909eb9f9cada1188ecf80a7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:26:07 +0200 Subject: [PATCH 161/559] Adding hash_behaviour: merge in order not to override the default variables --- Pipfile | 10 +++++----- Pipfile.template | 12 +++++------ molecule/default/playbook.yml | 5 +---- molecule/kibana/molecule.yml | 2 +- molecule/worker/molecule.yml | 3 +++ molecule/worker/playbook.yml | 20 +++++++++++++------ .../ansible-wazuh-manager/tasks/main.yml | 7 +++++++ run_none_cluster.sh | 13 +++++++++++- 8 files changed, 49 insertions(+), 23 deletions(-) diff --git a/Pipfile b/Pipfile index 34e238d1..d878e0b6 100644 --- a/Pipfile +++ b/Pipfile @@ -14,11 +14,11 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never --platform _PLATFORM_" -worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" -agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" -elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" -kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" +test ="molecule test --destroy=never" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" +elasticsearch ="molecule test -s elasticsearch --destroy=never" +kibana ="molecule test -s kibana --destroy=never" # Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" diff --git a/Pipfile.template b/Pipfile.template index 47567850..34e238d1 100644 --- a/Pipfile.template +++ b/Pipfile.template @@ -14,13 +14,13 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" +test ="molecule test --destroy=never --platform _PLATFORM_" +worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" +agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" +elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" +kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Created by Molecule ' +# Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_worker ="molecule destroy -s worker" destroy ="molecule destroy" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index c92eaf8f..4bb7f5ef 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,8 +2,5 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, - wazuh_manager_config[cluster][disable]: 'no', - } + - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } - diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 5067e088..57017523 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,7 +9,7 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic + - name: kibana image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index 11c1fefa..c22b3497 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -44,6 +44,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 6c9a6317..084419b1 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -2,10 +2,18 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, - wazuh_manager_config.cluster.disable: 'no', - wazuh_manager_config.cluster.name: 'worker-01', - wazuh_manager_config.cluster.node_type: 'worker' - } - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'worker-01' + node_type: 'worker' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager' + hidden: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1dac6f0f..1dfa58c2 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,4 +1,11 @@ --- +- debug: + msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} + +- debug: + #msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} + msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} + - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") diff --git a/run_none_cluster.sh b/run_none_cluster.sh index 77cd0690..0bad5d84 100644 --- a/run_none_cluster.sh +++ b/run_none_cluster.sh @@ -1,6 +1,17 @@ #!/bin/bash +if [ -z "$1" ] +then + echo "Platform not selected. Please select a platform. => Aborting" + exit +else + cp Pipfile.template Pipfile + sed -i "s/_PLATFORM_/$1/g" Pipfile +fi + sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run agent -sudo pipenv run kibana \ No newline at end of file +sudo pipenv run kibana + +cp Pipfile.template Pipfile \ No newline at end of file From 902658bd86bb4836e461369cc924bc44fa2d7085 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:30:05 +0200 Subject: [PATCH 162/559] generalizing .. Adding hash_behaviour: merge in order not to override the default variables --- molecule/default/molecule.yml | 3 +++ molecule/elasticsearch/molecule.yml | 3 +++ molecule/kibana/molecule.yml | 3 +++ molecule/wazuh-agent/molecule.yml | 3 +++ molecule/worker/playbook.yml | 2 ++ 5 files changed, 14 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 054acc00..3a707d0d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -41,6 +41,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge env: ANSIBLE_ROLES_PATH: ../../roles lint: diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 109e2f4f..1f2e4180 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -44,6 +44,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 57017523..ba9ceb26 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -42,6 +42,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 5c1082cf..a0b050b1 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -53,6 +53,9 @@ platforms: # - agent provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 084419b1..7e256bbe 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -16,4 +16,6 @@ nodes: - 'manager' hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + From 38d954aeaa268dd3357078dfc518b3a854da4eed Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:38:24 +0200 Subject: [PATCH 163/559] adding execution scenario for elasticsearch test --- molecule/default/playbook.yml | 2 +- molecule/elasticsearch/molecule.yml | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 4bb7f5ef..4b33eb26 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 1f2e4180..564bf371 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -61,6 +61,22 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 512 +scenario: + name: elasticsearch + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy verifier: name: testinfra lint: From 3249fd86edac74e161a496f5c624810d018a8921 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:48:02 +0200 Subject: [PATCH 164/559] adapted testinfra tests for the worker --- Pipfile | 2 ++ molecule/worker/tests/test_default.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index d878e0b6..d4d826df 100644 --- a/Pipfile +++ b/Pipfile @@ -20,6 +20,8 @@ agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" kibana ="molecule test -s kibana --destroy=never" +verify_worker ="molecule verify -s worker" + # Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_worker ="molecule destroy -s worker" diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index 278ce719..eef9fbcb 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -73,10 +73,10 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1516").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening From 76029f99fd6993746e9d1c4b55bb0a2612e527f4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 09:58:19 +0200 Subject: [PATCH 165/559] added vars to default/playbook.yml --- molecule/default/playbook.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 4b33eb26..531d8b5f 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,5 +2,18 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'manager' + node_type: 'master' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager' + hidden: 'no' - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file From adbf200142d72a8b14d9e251796118f6bcd29716 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 10:43:44 +0200 Subject: [PATCH 166/559] fixes for the managers tests and added more tasks in Pipfile --- Pipfile | 14 +++++++++++--- molecule/default/tests/test_default.py | 2 ++ molecule/worker/tests/test_default.py | 2 -- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Pipfile b/Pipfile index d4d826df..2659fa8f 100644 --- a/Pipfile +++ b/Pipfile @@ -20,9 +20,17 @@ agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" kibana ="molecule test -s kibana --destroy=never" +# Verify .. +verify ="molecule verify" verify_worker ="molecule verify -s worker" +verify_agent ="molecule verify -s agent" +verify_elasticsearch ="molecule verify -s elasticsearch" +verify_kibana ="molecule verify -s kibana" -# Destroy all the existing containers ' Molecule instances ' -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_worker ="molecule destroy -s worker" +# Destroy .. destroy ="molecule destroy" +destroy_worker ="molecule destroy -s worker" +destroy_agent ="molecule destroy -s agent" +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_kibana ="molecule destroy -s kibana" + diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 278ce719..174a499f 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,9 +73,11 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index eef9fbcb..8dc96bbf 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -73,10 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1516").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening From 726a8962c5ab42c5af54d3588c04d47c90f92160 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:00:47 +0200 Subject: [PATCH 167/559] adapted kibana test --- molecule/default/playbook.yml | 4 ++-- molecule/kibana/prepare.yml | 5 ----- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 - run_cluster_mode.sh | 3 ++- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 531d8b5f..a492a035 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -14,6 +14,6 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager' + - 'manager_platofrm' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml index 7e5ca29d..c5592219 100644 --- a/molecule/kibana/prepare.yml +++ b/molecule/kibana/prepare.yml @@ -34,8 +34,3 @@ until: wazuh_manager_dependencies_packages_installed is succeeded when: - ansible_os_family == 'RedHat' - - roles: - - role: wazuh/ansible-wazuh-manager - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1dfa58c2..b0b90d87 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -3,7 +3,6 @@ msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} - debug: - #msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} - import_tasks: "RedHat.yml" diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 8821f3e2..0933b9ee 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -2,4 +2,5 @@ sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run worker \ No newline at end of file +sudo pipenv run worker +sudo pipenv run kibana \ No newline at end of file From ce862efdcaac5efc7d39ae90c372b5b99ac67e2c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:28:14 +0200 Subject: [PATCH 168/559] made the platform selection dynamic --- Pipfile.template | 15 ++++++++++--- molecule/default/molecule.yml | 28 +++++++++++------------ molecule/default/playbook.yml | 4 ++-- molecule/default/playbook.yml.template | 19 ++++++++++++++++ molecule/elasticsearch/playbook.yml | 2 +- molecule/kibana/molecule.yml | 28 +++++++++++------------ molecule/kibana/playbook.yml | 2 +- molecule/wazuh-agent/playbook.yml | 2 +- molecule/worker/molecule.yml | 31 +++++++++++++------------- molecule/worker/playbook.yml | 4 ++-- molecule/worker/playbook.yml.template | 21 +++++++++++++++++ run_cluster_mode.sh | 19 +++++++++++++++- run_none_cluster.sh | 17 -------------- 13 files changed, 120 insertions(+), 72 deletions(-) create mode 100644 molecule/default/playbook.yml.template create mode 100644 molecule/worker/playbook.yml.template delete mode 100644 run_none_cluster.sh diff --git a/Pipfile.template b/Pipfile.template index 34e238d1..8cb94bdf 100644 --- a/Pipfile.template +++ b/Pipfile.template @@ -20,7 +20,16 @@ agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Molecule instances ' -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_worker ="molecule destroy -s worker" +# Verify .. +verify ="molecule verify" +verify_worker ="molecule verify -s worker" +verify_agent ="molecule verify -s agent" +verify_elasticsearch ="molecule verify -s elasticsearch" +verify_kibana ="molecule verify -s kibana" + +# Destroy .. destroy ="molecule destroy" +destroy_worker ="molecule destroy -s worker" +destroy_agent ="molecule destroy -s agent" +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_kibana ="molecule destroy -s kibana" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 3a707d0d..7fcb33da 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,20 +7,20 @@ lint: name: yamllint enabled: false platforms: - - name: manager + - name: manager_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: manager_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: manager_centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index a492a035..d4561c1b 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -14,6 +14,6 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager_platofrm' + - 'manager_bionic' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } \ No newline at end of file diff --git a/molecule/default/playbook.yml.template b/molecule/default/playbook.yml.template new file mode 100644 index 00000000..f73659e9 --- /dev/null +++ b/molecule/default/playbook.yml.template @@ -0,0 +1,19 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'manager' + node_type: 'master' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager_platform' + hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index 75be4f34..0b2f9d5a 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch' + elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index ba9ceb26..96c4ae6f 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: - - name: kibana + - name: kibana_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 1024m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 1024m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: kibana_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m @@ -34,12 +34,12 @@ platforms: # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 1024m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: kibana_centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index f560f96d..b166ac28 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch' \ No newline at end of file + elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml index 09413204..4feac0c2 100644 --- a/molecule/wazuh-agent/playbook.yml +++ b/molecule/wazuh-agent/playbook.yml @@ -5,7 +5,7 @@ - role: wazuh/ansible-wazuh-agent vars: wazuh_managers: - - address: 'manager' + - address: 'manager_platform' port: 1514 protocol: tcp api_port: 55000 diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index c22b3497..894b9453 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -9,22 +9,21 @@ lint: config-data: ignore: .virtualenv platforms: - - name: worker + - name: worker_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 2048m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - #- name: trusty + - name: worker_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty #image: ubuntu:trusty #privileged: true #memory_reservation: 2048m @@ -36,12 +35,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - #- name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 2048m - # privileged: true - # ulimits: - # - nofile:262144:262144 + - name: worker_centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 7e256bbe..a59f93f2 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -14,8 +14,8 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager' + - 'manager_bionic' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } diff --git a/molecule/worker/playbook.yml.template b/molecule/worker/playbook.yml.template new file mode 100644 index 00000000..45b12d1d --- /dev/null +++ b/molecule/worker/playbook.yml.template @@ -0,0 +1,21 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'worker-01' + node_type: 'worker' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager_platform' + hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } + + diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 0933b9ee..51e699be 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,6 +1,23 @@ #!/bin/bash +paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) + +if [ -z "$1" ] +then + echo "Platform not selected. Please select a platform. => Aborting" + exit +else + for i in "${paths[@]}" + do + cp "$i/playbook.yml.template" "$i/playbook.yml" + sed -i "s/platform/$1/g" "$i/playbook.yml" + done + + cp Pipfile.template Pipfile + sed -i "s/_PLATFORM_/$1/g" Pipfile +fi + sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run worker +sudo pipenv run agent sudo pipenv run kibana \ No newline at end of file diff --git a/run_none_cluster.sh b/run_none_cluster.sh deleted file mode 100644 index 0bad5d84..00000000 --- a/run_none_cluster.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -if [ -z "$1" ] -then - echo "Platform not selected. Please select a platform. => Aborting" - exit -else - cp Pipfile.template Pipfile - sed -i "s/_PLATFORM_/$1/g" Pipfile -fi - -sudo pipenv run elasticsearch -sudo pipenv run test -sudo pipenv run agent -sudo pipenv run kibana - -cp Pipfile.template Pipfile \ No newline at end of file From a837d8a18d94aae04c93a88349cadf58ce3194c8 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:29:31 +0200 Subject: [PATCH 169/559] made the platform selection dynamic --- run_cluster_mode.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 51e699be..ba9e6af7 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -4,7 +4,8 @@ paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecu if [ -z "$1" ] then - echo "Platform not selected. Please select a platform. => Aborting" + echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" + echo "Run Instruction: ./run_cluster_mode.sh " exit else for i in "${paths[@]}" From 3de387b3584b146ad9d7b0c4bf5d5be18e0f0530 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:31:30 +0200 Subject: [PATCH 170/559] made the platform selection dynamic .. --- molecule/elasticsearch/playbook.yml.template | 6 ++++++ molecule/kibana/playbook.yml.template | 6 ++++++ 2 files changed, 12 insertions(+) create mode 100644 molecule/elasticsearch/playbook.yml.template create mode 100644 molecule/kibana/playbook.yml.template diff --git a/molecule/elasticsearch/playbook.yml.template b/molecule/elasticsearch/playbook.yml.template new file mode 100644 index 00000000..0b2f9d5a --- /dev/null +++ b/molecule/elasticsearch/playbook.yml.template @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/kibana/playbook.yml.template b/molecule/kibana/playbook.yml.template new file mode 100644 index 00000000..b166ac28 --- /dev/null +++ b/molecule/kibana/playbook.yml.template @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-kibana + elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file From f4e4ed472268a1804d3c30e09dcd115c63cb58a5 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 13:12:00 +0200 Subject: [PATCH 171/559] automated the selection of a platform - platform restriction --- Pipfile | 1 - Pipfile.template | 35 -------- molecule/default/molecule.yml | 27 +----- molecule/default/molecule.yml.template | 47 +++++++++++ molecule/elasticsearch/molecule.yml | 30 +------ molecule/elasticsearch/molecule.yml.template | 57 +++++++++++++ molecule/elasticsearch/playbook.yml | 2 +- molecule/kibana/molecule.yml | 2 +- molecule/kibana/molecule.yml.template | 64 ++++++++++++++ molecule/kibana/playbook.yml | 2 +- molecule/wazuh-agent/molecule.yml.template | 89 ++++++++++++++++++++ molecule/wazuh-agent/playbook.yml.template | 18 ++++ molecule/worker/molecule.yml | 28 +----- molecule/worker/molecule.yml.template | 54 ++++++++++++ run_cluster_mode.sh | 30 +++++-- 15 files changed, 359 insertions(+), 127 deletions(-) delete mode 100644 Pipfile.template create mode 100644 molecule/default/molecule.yml.template create mode 100644 molecule/elasticsearch/molecule.yml.template create mode 100644 molecule/kibana/molecule.yml.template create mode 100644 molecule/wazuh-agent/molecule.yml.template create mode 100644 molecule/wazuh-agent/playbook.yml.template create mode 100644 molecule/worker/molecule.yml.template diff --git a/Pipfile b/Pipfile index 2659fa8f..6f709455 100644 --- a/Pipfile +++ b/Pipfile @@ -33,4 +33,3 @@ destroy_worker ="molecule destroy -s worker" destroy_agent ="molecule destroy -s agent" destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_kibana ="molecule destroy -s kibana" - diff --git a/Pipfile.template b/Pipfile.template deleted file mode 100644 index 8cb94bdf..00000000 --- a/Pipfile.template +++ /dev/null @@ -1,35 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -docker-py = "*" -ansible = "==2.7.13" -molecule = "==2.20.2" - -[dev-packages] - -[requires] -python_version = "2.7" - -[scripts] -test ="molecule test --destroy=never --platform _PLATFORM_" -worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" -agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" -elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" -kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" - -# Verify .. -verify ="molecule verify" -verify_worker ="molecule verify -s worker" -verify_agent ="molecule verify -s agent" -verify_elasticsearch ="molecule verify -s elasticsearch" -verify_kibana ="molecule verify -s kibana" - -# Destroy .. -destroy ="molecule destroy" -destroy_worker ="molecule destroy -s worker" -destroy_agent ="molecule destroy -s agent" -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_kibana ="molecule destroy -s kibana" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7fcb33da..2561f1ac 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: lint: name: yamllint enabled: false -platforms: +bionics: - name: manager_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -14,31 +14,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: manager_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: manager_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template new file mode 100644 index 00000000..9e67505d --- /dev/null +++ b/molecule/default/molecule.yml.template @@ -0,0 +1,47 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + enabled: false +platforms: + - name: manager_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: default + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + enabled: true diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 564bf371..11d8902f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -8,40 +8,14 @@ lint: options: config-data: ignore: .virtualenv -platforms: - - name: elasticsearch +bionics: + - name: elasticsearch_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 2048m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - #- name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 2048m - # privileged: true - # ulimits: - # - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template new file mode 100644 index 00000000..abb9bcec --- /dev/null +++ b/molecule/elasticsearch/molecule.yml.template @@ -0,0 +1,57 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: elasticsearch_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 512 +scenario: + name: elasticsearch + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index 0b2f9d5a..6b5c44f8 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_platform' + elasticsearch_network_host: 'elasticsearch_bionic' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 96c4ae6f..ecd11c49 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: kibana_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template new file mode 100644 index 00000000..74dddec2 --- /dev/null +++ b/molecule/kibana/molecule.yml.template @@ -0,0 +1,64 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: kibana_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: kibana_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 + - name: kibana_centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index b166ac28..6af17723 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file + elasticsearch_network_host: 'elasticsearch_bionic' \ No newline at end of file diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template new file mode 100644 index 00000000..a0b050b1 --- /dev/null +++ b/molecule/wazuh-agent/molecule.yml.template @@ -0,0 +1,89 @@ +--- +dependency: + name: galaxy +driver: + name: docker + #lint: + # name: yamllint +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + #- name: wazuh_server_centos7 + # image: milcom/centos7-systemd + # networks: + # - name: wazuh + # privileged: true + # groups: + # - manager + - name: wazuh_agent_bionic + image: ubuntu:bionic + networks: + - name: wazuh + groups: + - agent + #- name: wazuh_agent_xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_trusty + # image: ubuntu:trusty + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos6 + # image: centos:6 + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos7 + # image: milcom/centos7-systemd + # privileged: true + # networks: + # - name: wazuh + # groups: + # - agent +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + inventory: + group_vars: + agent: + api_pass: password + wazuh_managers: + - address: "{{ wazuh_manager_ip }}" + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: null + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_agent_cert: null + ssl_agent_key: null + ssl_auto_negotiate: 'no' + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template new file mode 100644 index 00000000..4feac0c2 --- /dev/null +++ b/molecule/wazuh-agent/playbook.yml.template @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-agent + vars: + wazuh_managers: + - address: 'manager_platform' + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index 894b9453..61c07c69 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: worker_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -16,31 +16,7 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: worker_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - - name: worker_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + provisioner: name: ansible config_options: diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template new file mode 100644 index 00000000..1b2bd85e --- /dev/null +++ b/molecule/worker/molecule.yml.template @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: worker_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: worker + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index ba9e6af7..4803542d 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,24 +1,38 @@ #!/bin/bash paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) +images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" ) +platform=( "bionic" "xenial" "centos7" "trusty" "centos6" ) -if [ -z "$1" ] +echo "Please select an image. " + +select IMAGE in "${images[@]}"; +do + echo "You picked $IMAGE ($REPLY)" + break +done + +index=$(($REPLY - 1)) + +if [ -z "$IMAGE" ] then echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" echo "Run Instruction: ./run_cluster_mode.sh " exit else - for i in "${paths[@]}" - do + for i in "${paths[@]}" + do cp "$i/playbook.yml.template" "$i/playbook.yml" - sed -i "s/platform/$1/g" "$i/playbook.yml" - done + sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml" - cp Pipfile.template Pipfile - sed -i "s/_PLATFORM_/$1/g" Pipfile + cp "$i/molecule.yml.template" "$i/molecule.yml" + sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml" + sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml" + + done fi sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run agent +sudo pipenv run worker sudo pipenv run kibana \ No newline at end of file From c54b0409550c7f55377c15190a8845cd8aa86439 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:13:32 +0200 Subject: [PATCH 172/559] done! --- molecule/default/molecule.yml | 47 -------------------- molecule/kibana/molecule.yml | 64 --------------------------- molecule/kibana/molecule.yml.template | 24 ---------- molecule/worker/molecule.yml | 54 ---------------------- molecule/worker/molecule.yml.template | 1 - run_cluster_mode.sh | 1 - 6 files changed, 191 deletions(-) delete mode 100644 molecule/default/molecule.yml delete mode 100644 molecule/kibana/molecule.yml delete mode 100644 molecule/worker/molecule.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index 2561f1ac..00000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -bionics: - - name: manager_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml deleted file mode 100644 index ecd11c49..00000000 --- a/molecule/kibana/molecule.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: kibana_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: kibana_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 - - name: kibana_centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template index 74dddec2..eec8f6e3 100644 --- a/molecule/kibana/molecule.yml.template +++ b/molecule/kibana/molecule.yml.template @@ -16,30 +16,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 1024m - - name: kibana_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 - - name: kibana_centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml deleted file mode 100644 index 61c07c69..00000000 --- a/molecule/worker/molecule.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: worker_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: worker - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template index 1b2bd85e..2389d223 100644 --- a/molecule/worker/molecule.yml.template +++ b/molecule/worker/molecule.yml.template @@ -16,7 +16,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - provisioner: name: ansible config_options: diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 4803542d..6bb78777 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -17,7 +17,6 @@ index=$(($REPLY - 1)) if [ -z "$IMAGE" ] then echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" - echo "Run Instruction: ./run_cluster_mode.sh " exit else for i in "${paths[@]}" From 53d96c18d39cd2a2a6017a977bf754c7ae209f3c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:19:21 +0200 Subject: [PATCH 173/559] deleted testing tasks --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b0b90d87..1dac6f0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,10 +1,4 @@ --- -- debug: - msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} - -- debug: - msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} - - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") From 234271b4f634d45b03cb9d3fdaf51e06607a2dc4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:35:06 +0200 Subject: [PATCH 174/559] added destroy statements to Pipfile and uncommented idempotence --- molecule/default/molecule.yml.template | 2 +- molecule/elasticsearch/molecule.yml.template | 2 +- molecule/worker/molecule.yml.template | 2 +- run_cluster_mode.sh | 8 +++++++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template index 9e67505d..f46226c2 100644 --- a/molecule/default/molecule.yml.template +++ b/molecule/default/molecule.yml.template @@ -35,7 +35,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template index abb9bcec..baba140e 100644 --- a/molecule/elasticsearch/molecule.yml.template +++ b/molecule/elasticsearch/molecule.yml.template @@ -46,7 +46,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template index 2389d223..ecfe6469 100644 --- a/molecule/worker/molecule.yml.template +++ b/molecule/worker/molecule.yml.template @@ -42,7 +42,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 6bb78777..c1a0941d 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -34,4 +34,10 @@ fi sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run worker -sudo pipenv run kibana \ No newline at end of file +sudo pipenv run kibana + +sudo pipenv run destroy +sudo pipenv run destroy_worker +sudo pipenv run destroy_elasticsearch +sudo pipenv run destroy_kibana + From fdc2cdb3092f49d54ac680aadb4a2f5c0a7cb8cd Mon Sep 17 00:00:00 2001 From: Joey Wong Date: Tue, 3 Sep 2019 14:06:30 -0600 Subject: [PATCH 175/559] Fix typo in var-ossec-etc-ossec-agent.conf.j2 --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 7d7e139d..51078d17 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -42,7 +42,7 @@ - {{ wazuh_agent_config.active_response.ar|default('no') }} + {{ wazuh_agent_config.active_response.disabled|default('no') }} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} {{ wazuh_agent_config.active_response.ca_verification }} From 06a3f2712cdc61232715144af805616286bc60df Mon Sep 17 00:00:00 2001 From: Joey Wong Date: Tue, 3 Sep 2019 14:19:31 -0600 Subject: [PATCH 176/559] Fix typo in var-ossec-etc-ossec-agent.conf.j2 --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 51078d17..83e692dd 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -42,7 +42,7 @@ - {{ wazuh_agent_config.active_response.disabled|default('no') }} + {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} {{ wazuh_agent_config.active_response.ca_verification }} From 4ce3a0e5d77f69ebe2b3afc73057794b2a8e71cd Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 12:05:42 +0200 Subject: [PATCH 177/559] Fix conditionals for Amazon Linux in Manager and Filebeat --- roles/wazuh/ansible-filebeat/tasks/main.yml | 4 ++-- .../ansible-wazuh-manager/tasks/main.yml | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index fbf8cfbf..d9dc11c2 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -10,7 +10,7 @@ register: filebeat_installing_package until: filebeat_installing_package is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] tags: - install @@ -22,7 +22,7 @@ register: filebeat_installing_package_debian until: filebeat_installing_package_debian is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat']) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 30e5ec87..d63b8ec7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,7 +5,7 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat | Install wazuh-manager, wazuh-api +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager @@ -13,7 +13,7 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] tags: - init @@ -28,13 +28,13 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat']) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) tags: init - name: Install expect package: pkg=expect state={{ wazuh_manager_package_state }} when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) tags: init - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 @@ -43,7 +43,7 @@ regexp: 'echo -n "Starting Wazuh-manager: "' replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int == 6 + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - wazuh_manager_config.cluster.disable != 'yes' - name: Install wazuh-manager and expect (EL5) @@ -54,7 +54,7 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6 + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 tags: - init @@ -203,7 +203,7 @@ - name: Retrieving Wazuh-API User Credentials include_vars: wazuh_api_creds.yml when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) tags: - config @@ -281,7 +281,7 @@ poll: 0 when: - wazuh_manager_config.vuls.disable != 'yes' - - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle'] + - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle', 'Amazon'] tags: - init @@ -322,7 +322,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) tags: - config @@ -378,7 +378,7 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) - name: Ensure Wazuh Manager is started and enabled (EL5) service: @@ -388,10 +388,10 @@ tags: - config when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 6 + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From a15477300f803d1d1cc6b7bc44e24b6e29bbbcff Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 15:57:02 +0200 Subject: [PATCH 178/559] Reload deamons to fix Kibana error on Amazon Linux 2 --- .../elastic-stack/ansible-kibana/tasks/main.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index fe0c9365..e695ddec 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -93,7 +93,6 @@ owner: root group: root mode: 0664 - notify: restart kibana tags: configure - name: Checking Wazuh-APP version @@ -124,21 +123,30 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json - notify: restart kibana become: yes become_user: kibana tags: - install - skip_ansible_lint -- name: Ensure Kibana started and enabled +- name: Reload systemd configuration + systemd: + daemon_reload: true + +- name: Restart Kibana + service: + name: kibana + enabled: true + state: restarted + +- name: Ensure Kibana is started service: name: kibana enabled: true state: started - import_tasks: RMRedHat.yml - when: ansible_os_family == 'RedHat' + when: ansible_os_family == 'RedHat', 'Amazon' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian' From ad0fde391e7b35c42c25a75456db76a3fa2108c2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 15:59:03 +0200 Subject: [PATCH 179/559] Fix Kibana enabling task description --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e695ddec..320c9b74 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -139,7 +139,7 @@ enabled: true state: restarted -- name: Ensure Kibana is started +- name: Ensure Kibana is started and enabled service: name: kibana enabled: true From 9f84bfe15a2a99cd124c2b57d7256756522b58fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:03:03 +0200 Subject: [PATCH 180/559] Update Windows x86 and x64 path detection. Added fact for authd. --- .../ansible-wazuh-agent/tasks/Windows.yml | 28 ++++++++----------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 6a8a93ac..47568abb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -4,25 +4,19 @@ path: C:\Program Files (x86) register: check_path -- name: "Set Win Path" +- name: Windows | Set Win Path (x86) set_fact: - wazuh_agent_win_path: "{% wazuh_winagent_config.install_dir_x86 if check_path.stat.exists else wazuh_winagent_config.install_dir %}" - -- name: Windows | Get current installed version - win_shell: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %} - {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe -h" - args: - removes: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %} - {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe" - register: agent_version - failed_when: false - changed_when: false - -- name: Windows | Check Wazuh agent version installed - set_fact: correct_version=true + wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" when: - - agent_version.stdout is defined - - wazuh_winagent_config.version in agent_version.stdout + - check_path.stat.exists + +- name: Windows | Set Win Path (x64) + set_fact: + wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + when: + - not check_path.stat.exists - name: Windows | Downloading windows Wazuh agent installer win_get_url: From ea69b7fc9b655ec109ae292d3255d348b775f1bf Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:04:45 +0200 Subject: [PATCH 181/559] Update Wazuh installation tasks. Added Product key to avoid reinstalling Agent --- .../ansible-wazuh-agent/tasks/Windows.yml | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 47568abb..d620f5da 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -18,34 +18,36 @@ when: - not check_path.stat.exists -- name: Windows | Downloading windows Wazuh agent installer - win_get_url: - dest: C:\wazuh-agent-installer.msi - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - when: - - correct_version is not defined - -- name: Windows | Verify the downloaded Wazuh agent installer +- name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: C:\wazuh-agent-installer.msi + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + register: wazuh_package_downloaded + +- name: Windows | Download Wazuh Agent package + win_get_url: + url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + dest: "{{ wazuh_winagent_config.download_dir }}" + when: + - not wazuh_package_downloaded.stat.exists + +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" get_checksum: true checksum_algorithm: md5 - register: installer_md5 - when: - - correct_version is not defined + register: wazuh_agent_status failed_when: - - installer_md5.stat.checksum != wazuh_winagent_config.md5 + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 -- name: Windows | Install Wazuh agent +- name: Windows | Install Agent if not already installed win_package: - path: C:\wazuh-agent-installer.msi - when: - - correct_version is not defined + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + product_id: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}" + win_stat: path="{{ wazuh_agent_win_path }}client.keys" register: check_windows_key - notify: restart wazuh-agent windows tags: - config From a52d5e540c2f97bc6d91f152b108c17480d404b6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:05:40 +0200 Subject: [PATCH 182/559] Modify registration task to use new fact "wazuh_agent_win_auth_path" --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index d620f5da..f42467d4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -58,15 +58,12 @@ - name: Windows | Register agent win_shell: > - {% if check_path.stat.exists %}{{ wazuh_winagent_config.auth_path_x86 }}{% else %} - {{ wazuh_winagent_config.auth_path }}{% endif %} + {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} - args: - chdir: "{{ wazuh_agent_win_path }}" register: agent_auth_output - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent when: - wazuh_agent_authd.enable - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 From 1ad5763e00246f455bc80682f9749079eb4e921a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:06:42 +0200 Subject: [PATCH 183/559] Add verification for the wazuh directory path. --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index f42467d4..0640b8e8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -71,6 +71,11 @@ tags: - config +- name: Windows | Check if ossec folder is accessible + win_file: + path: "{{ wazuh_agent_win_path }}" + state: directory + - name: Windows | Installing agent configuration (ossec.conf) win_template: src: var-ossec-etc-ossec-agent.conf.j2 From be977fa9ac78c8965c2e4a305629d828254b291f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:07:03 +0200 Subject: [PATCH 184/559] Update task handler naming to a more explicit message --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0640b8e8..b6d3af4a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -77,10 +77,10 @@ state: directory - name: Windows | Installing agent configuration (ossec.conf) - win_template: + template: src: var-ossec-etc-ossec-agent.conf.j2 dest: "{{ wazuh_agent_win_path }}ossec.conf" - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent tags: - config @@ -88,11 +88,11 @@ win_template: src: var-ossec-etc-local-internal-options.conf.j2 dest: "{{ wazuh_agent_win_path }}local_internal_options.conf" - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent tags: - config - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: C:\wazuh-agent-installer.msi + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" state: absent From 8f856eea7dfaf1b610247ed18088653ec9ad4e56 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:07:52 +0200 Subject: [PATCH 185/559] Updated default attributes for windows agent. Added register_key. Removed quotes from path --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2b3f88a4..21f12684 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -20,14 +20,17 @@ wazuh_notify_time: '10' wazuh_time_reconnect: '60' wazuh_crypto_method: 'aes' wazuh_winagent_config: - install_dir: 'C:\Program Files\ossec-agent\' - install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' - auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe + download_dir: C:\ + install_dir: C:\Program Files\ossec-agent\ + install_dir_x86: C:\Program Files (x86)\ossec-agent\ + auth_path: C:\Program Files\ossec-agent\agent-auth.exe + # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe version: '3.9.5' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: c3fdbd6c121ca371b8abcd477ed4e8a4 + md5: ee5b24216db472d291da4e14f0b3bc63 + register_key: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' wazuh_agent_config: active_response: ar_disabled: 'no' From d1246627ff128f093794ae26370b8eedccb362b8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:08:38 +0200 Subject: [PATCH 186/559] Update wazuh-agent windows handler for restarting --- roles/wazuh/ansible-wazuh-agent/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml index bb84954e..1858906b 100644 --- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml @@ -2,5 +2,5 @@ - name: restart wazuh-agent service: name=wazuh-agent state=restarted enabled=yes -- name: restart wazuh-agent windows +- name: Windows | Restart Wazuh Agent win_service: name=OssecSvc start_mode=auto state=restarted From 78ca9ff6168e63899db684af6c1548907ff2737a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:09:51 +0200 Subject: [PATCH 187/559] Remove hardcoding of wazuh-agent 'product_id' --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index b6d3af4a..49e7a38d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -42,7 +42,7 @@ - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - product_id: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}' state: present - name: Windows | Check if client.keys exists From ded355809eace5a69d610b236eb19a543dc0cefb Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:27:22 +0200 Subject: [PATCH 188/559] Remove brackets from "register_key" variable to fix the brackets problem in the installation task. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 21f12684..c3da8e89 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_winagent_config: revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: ee5b24216db472d291da4e14f0b3bc63 - register_key: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5 wazuh_agent_config: active_response: ar_disabled: 'no' From bb591ee466f7f18f1de2a3c49b9d138cda15eb85 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 17:13:33 +0200 Subject: [PATCH 189/559] Remove traling whitespace on line 12 to fix ansible-linting error. --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 49e7a38d..2d388748 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -9,7 +9,7 @@ wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}" wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" when: - - check_path.stat.exists + - check_path.stat.exists - name: Windows | Set Win Path (x64) set_fact: From d3784b4727027c712c9b7332d8409d2d0ee375ad Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 17:14:10 +0200 Subject: [PATCH 190/559] Fix conditionals longer than 160 characters to pass linting tests. --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8858d0be..a1afbb4c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,7 +322,8 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') + - ansible_distribution_major_version|int < 6 tags: - config @@ -378,7 +379,8 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') + - ansible_distribution_major_version|int < 6 - name: Ensure Wazuh Manager is started and enabled (EL5) service: From 3911b8e0382300782ea8fe246f50d00ee8d3cdff Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:08:53 +0200 Subject: [PATCH 191/559] Remove old Elastic alerts template. --- .../wazuh-elastic6-template-alerts.json.j2 | 621 ------------------ 1 file changed, 621 deletions(-) delete mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 deleted file mode 100644 index 18dda52f..00000000 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 +++ /dev/null @@ -1,621 +0,0 @@ -{ - "order": 0, - "template": "wazuh-alerts-3.x-*", - "settings": { - "index.refresh_interval": "5s" - }, - "mappings": { - "wazuh": { - "dynamic_templates": [ - { - "string_as_keyword": { - "match_mapping_type": "string", - "mapping": { - "type": "keyword", - "doc_values": "true" - } - } - } - ], - "properties": { - "@timestamp": { - "type": "date", - "format": "dateOptionalTime" - }, - "@version": { - "type": "text" - }, - "agent": { - "properties": { - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "manager": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "cluster": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, - "full_log": { - "type": "text" - }, - "previous_log": { - "type": "text" - }, - "GeoLocation": { - "properties": { - "area_code": { - "type": "long" - }, - "city_name": { - "type": "keyword", - "doc_values": "true" - }, - "continent_code": { - "type": "text" - }, - "coordinates": { - "type": "double" - }, - "country_code2": { - "type": "text" - }, - "country_code3": { - "type": "text" - }, - "country_name": { - "type": "keyword", - "doc_values": "true" - }, - "dma_code": { - "type": "long" - }, - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "latitude": { - "type": "double" - }, - "location": { - "type": "geo_point" - }, - "longitude": { - "type": "double" - }, - "postal_code": { - "type": "keyword" - }, - "real_region_name": { - "type": "keyword", - "doc_values": "true" - }, - "region_name": { - "type": "keyword", - "doc_values": "true" - }, - "timezone": { - "type": "text" - } - } - }, - "host": { - "type": "keyword", - "doc_values": "true" - }, - "syscheck": { - "properties": { - "path": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_before": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_after": { - "type": "keyword", - "doc_values": "true" - }, - "uid_before": { - "type": "keyword", - "doc_values": "true" - }, - "uid_after": { - "type": "keyword", - "doc_values": "true" - }, - "gid_before": { - "type": "keyword", - "doc_values": "true" - }, - "gid_after": { - "type": "keyword", - "doc_values": "true" - }, - "perm_before": { - "type": "keyword", - "doc_values": "true" - }, - "perm_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_before": { - "type": "keyword", - "doc_values": "true" - }, - "gname_after": { - "type": "keyword", - "doc_values": "true" - }, - "gname_before": { - "type": "keyword", - "doc_values": "true" - }, - "inode_after": { - "type": "keyword", - "doc_values": "true" - }, - "inode_before": { - "type": "keyword", - "doc_values": "true" - }, - "mtime_after": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "mtime_before": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "uname_after": { - "type": "keyword", - "doc_values": "true" - }, - "uname_before": { - "type": "keyword", - "doc_values": "true" - }, - "size_before": { - "type": "long", - "doc_values": "true" - }, - "size_after": { - "type": "long", - "doc_values": "true" - }, - "diff": { - "type": "keyword", - "doc_values": "true" - }, - "event": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "location": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "text" - }, - "offset": { - "type": "keyword" - }, - "rule": { - "properties": { - "description": { - "type": "keyword", - "doc_values": "true" - }, - "groups": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "long", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "cve": { - "type": "keyword", - "doc_values": "true" - }, - "info": { - "type": "keyword", - "doc_values": "true" - }, - "frequency": { - "type": "long", - "doc_values": "true" - }, - "firedtimes": { - "type": "long", - "doc_values": "true" - }, - "cis": { - "type": "keyword", - "doc_values": "true" - }, - "pci_dss": { - "type": "keyword", - "doc_values": "true" - }, - "gdpr": { - "type": "keyword", - "doc_values": "true" - }, - "gpg13": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "decoder": { - "properties": { - "parent": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - }, - "ftscomment": { - "type": "keyword", - "doc_values": "true" - }, - "fts": { - "type": "long", - "doc_values": "true" - }, - "accumulate": { - "type": "long", - "doc_values": "true" - } - } - }, - "data": { - "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, - "audit": { - "properties": { - "type": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" - }, - "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" - }, - "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" - }, - "dev": { - "type": "keyword", - "doc_values": "true" - }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - } - } - }, - "program_name": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "type": { - "type": "text" - }, - "title": { - "type": "keyword", - "doc_values": "true" - } - } - } - } -} From fe23f2a97dc654dd6ce280fdf9fca872889e4500 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:09:12 +0200 Subject: [PATCH 192/559] Update Elastic templates for Elasticsearch and Filebeat --- .../wazuh-elastic7-template-alerts.json.j2 | 1986 ++++++++-------- .../templates/elasticsearch.yml.j2 | 1987 +++++++++-------- 2 files changed, 2207 insertions(+), 1766 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 index 836b2cb2..06af6322 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 @@ -1,25 +1,426 @@ { "order": 0, - "index_patterns": ["wazuh-alerts-3.x-*"], + "index_patterns": [ + "wazuh-alerts-3.x-*", + "wazuh-archives-3.x-*" + ], "settings": { "index.refresh_interval": "5s", "index.number_of_shards": "3", "index.number_of_replicas": "0", "index.auto_expand_replicas": "0-1", - "index.mapping.total_fields.limit": 2000 + "index.mapping.total_fields.limit": 10000, + "index.query.default_field": [ + "GeoLocation.city_name", + "GeoLocation.continent_code", + "GeoLocation.country_code2", + "GeoLocation.country_code3", + "GeoLocation.country_name", + "GeoLocation.ip", + "GeoLocation.postal_code", + "GeoLocation.real_region_name", + "GeoLocation.region_name", + "GeoLocation.timezone", + "agent.id", + "agent.ip", + "agent.name", + "cluster.name", + "cluster.node", + "command", + "data", + "data.action", + "data.audit", + "data.audit.acct", + "data.audit.arch", + "data.audit.auid", + "data.audit.command", + "data.audit.cwd", + "data.audit.dev", + "data.audit.directory.inode", + "data.audit.directory.mode", + "data.audit.directory.name", + "data.audit.egid", + "data.audit.enforcing", + "data.audit.euid", + "data.audit.exe", + "data.audit.execve.a0", + "data.audit.execve.a1", + "data.audit.execve.a2", + "data.audit.execve.a3", + "data.audit.exit", + "data.audit.file.inode", + "data.audit.file.mode", + "data.audit.file.name", + "data.audit.fsgid", + "data.audit.fsuid", + "data.audit.gid", + "data.audit.id", + "data.audit.key", + "data.audit.list", + "data.audit.old-auid", + "data.audit.old-ses", + "data.audit.old_enforcing", + "data.audit.old_prom", + "data.audit.op", + "data.audit.pid", + "data.audit.ppid", + "data.audit.prom", + "data.audit.res", + "data.audit.session", + "data.audit.sgid", + "data.audit.srcip", + "data.audit.subj", + "data.audit.success", + "data.audit.suid", + "data.audit.syscall", + "data.audit.tty", + "data.audit.uid", + "data.aws.accountId", + "data.aws.account_id", + "data.aws.action", + "data.aws.actor", + "data.aws.aws_account_id", + "data.aws.description", + "data.aws.dstport", + "data.aws.errorCode", + "data.aws.errorMessage", + "data.aws.eventID", + "data.aws.eventName", + "data.aws.eventSource", + "data.aws.eventType", + "data.aws.id", + "data.aws.name", + "data.aws.requestParameters.accessKeyId", + "data.aws.requestParameters.bucketName", + "data.aws.requestParameters.gatewayId", + "data.aws.requestParameters.groupDescription", + "data.aws.requestParameters.groupId", + "data.aws.requestParameters.groupName", + "data.aws.requestParameters.host", + "data.aws.requestParameters.hostedZoneId", + "data.aws.requestParameters.instanceId", + "data.aws.requestParameters.instanceProfileName", + "data.aws.requestParameters.loadBalancerName", + "data.aws.requestParameters.loadBalancerPorts", + "data.aws.requestParameters.masterUserPassword", + "data.aws.requestParameters.masterUsername", + "data.aws.requestParameters.name", + "data.aws.requestParameters.natGatewayId", + "data.aws.requestParameters.networkAclId", + "data.aws.requestParameters.path", + "data.aws.requestParameters.policyName", + "data.aws.requestParameters.port", + "data.aws.requestParameters.stackId", + "data.aws.requestParameters.stackName", + "data.aws.requestParameters.subnetId", + "data.aws.requestParameters.subnetIds", + "data.aws.requestParameters.volumeId", + "data.aws.requestParameters.vpcId", + "data.aws.resource.accessKeyDetails.accessKeyId", + "data.aws.resource.accessKeyDetails.principalId", + "data.aws.resource.accessKeyDetails.userName", + "data.aws.resource.instanceDetails.instanceId", + "data.aws.resource.instanceDetails.instanceState", + "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.subnetId", + "data.aws.resource.instanceDetails.networkInterfaces.vpcId", + "data.aws.resource.instanceDetails.tags.value", + "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId", + "data.aws.responseElements.description", + "data.aws.responseElements.instanceId", + "data.aws.responseElements.instances.instanceId", + "data.aws.responseElements.instancesSet.items.instanceId", + "data.aws.responseElements.listeners.port", + "data.aws.responseElements.loadBalancerName", + "data.aws.responseElements.loadBalancers.vpcId", + "data.aws.responseElements.loginProfile.userName", + "data.aws.responseElements.networkAcl.vpcId", + "data.aws.responseElements.ownerId", + "data.aws.responseElements.publicIp", + "data.aws.responseElements.user.userId", + "data.aws.responseElements.user.userName", + "data.aws.responseElements.volumeId", + "data.aws.service.serviceName", + "data.aws.severity", + "data.aws.source", + "data.aws.sourceIPAddress", + "data.aws.srcport", + "data.aws.userIdentity.accessKeyId", + "data.aws.userIdentity.accountId", + "data.aws.userIdentity.userName", + "data.aws.vpcEndpointId", + "data.command", + "data.data", + "data.docker.Actor.Attributes.container", + "data.docker.Actor.Attributes.image", + "data.docker.Actor.Attributes.name", + "data.docker.Actor.ID", + "data.docker.id", + "data.docker.message", + "data.docker.status", + "data.dstip", + "data.dstport", + "data.dstuser", + "data.hardware.serial", + "data.id", + "data.integration", + "data.netinfo.iface.adapter", + "data.netinfo.iface.ipv4.address", + "data.netinfo.iface.ipv6.address", + "data.netinfo.iface.mac", + "data.netinfo.iface.name", + "data.os.architecture", + "data.os.build", + "data.os.codename", + "data.os.hostname", + "data.os.major", + "data.os.minor", + "data.os.name", + "data.os.platform", + "data.os.release", + "data.os.release_version", + "data.os.sysname", + "data.os.version", + "data.oscap.check.description", + "data.oscap.check.id", + "data.oscap.check.identifiers", + "data.oscap.check.oval.id", + "data.oscap.check.rationale", + "data.oscap.check.references", + "data.oscap.check.result", + "data.oscap.check.severity", + "data.oscap.check.title", + "data.oscap.scan.benchmark.id", + "data.oscap.scan.content", + "data.oscap.scan.id", + "data.oscap.scan.profile.id", + "data.oscap.scan.profile.title", + "data.osquery.columns.address", + "data.osquery.columns.command", + "data.osquery.columns.description", + "data.osquery.columns.dst_ip", + "data.osquery.columns.gid", + "data.osquery.columns.hostname", + "data.osquery.columns.md5", + "data.osquery.columns.path", + "data.osquery.columns.sha1", + "data.osquery.columns.sha256", + "data.osquery.columns.src_ip", + "data.osquery.columns.user", + "data.osquery.columns.username", + "data.osquery.name", + "data.osquery.pack", + "data.port.process", + "data.port.protocol", + "data.port.state", + "data.process.args", + "data.process.cmd", + "data.process.egroup", + "data.process.euser", + "data.process.fgroup", + "data.process.name", + "data.process.rgroup", + "data.process.ruser", + "data.process.sgroup", + "data.process.state", + "data.process.suser", + "data.program.architecture", + "data.program.description", + "data.program.format", + "data.program.location", + "data.program.multiarch", + "data.program.name", + "data.program.priority", + "data.program.section", + "data.program.source", + "data.program.vendor", + "data.program.version", + "data.protocol", + "data.pwd", + "data.sca", + "data.sca.check.compliance.cis", + "data.sca.check.compliance.cis_csc", + "data.sca.check.compliance.pci_dss", + "data.sca.check.compliance.hipaa", + "data.sca.check.compliance.nist_800_53", + "data.sca.check.description", + "data.sca.check.directory", + "data.sca.check.file", + "data.sca.check.id", + "data.sca.check.previous_result", + "data.sca.check.process", + "data.sca.check.rationale", + "data.sca.check.reason", + "data.sca.check.references", + "data.sca.check.registry", + "data.sca.check.remediation", + "data.sca.check.result", + "data.sca.check.status", + "data.sca.check.title", + "data.sca.description", + "data.sca.file", + "data.sca.invalid", + "data.sca.name", + "data.sca.policy", + "data.sca.policy_id", + "data.sca.scan_id", + "data.sca.total_checks", + "data.script", + "data.src_ip", + "data.src_port", + "data.srcip", + "data.srcport", + "data.srcuser", + "data.status", + "data.system_name", + "data.title", + "data.tty", + "data.uid", + "data.url", + "data.virustotal.description", + "data.virustotal.error", + "data.virustotal.found", + "data.virustotal.permalink", + "data.virustotal.scan_date", + "data.virustotal.sha1", + "data.virustotal.source.alert_id", + "data.virustotal.source.file", + "data.virustotal.source.md5", + "data.virustotal.source.sha1", + "data.vulnerability.advisories", + "data.vulnerability.bugzilla_reference", + "data.vulnerability.cve", + "data.vulnerability.cwe_reference", + "data.vulnerability.package.condition", + "data.vulnerability.package.name", + "data.vulnerability.package.version", + "data.vulnerability.reference", + "data.vulnerability.severity", + "data.vulnerability.state", + "data.vulnerability.title", + "data.win.eventdata.auditPolicyChanges", + "data.win.eventdata.auditPolicyChangesId", + "data.win.eventdata.binary", + "data.win.eventdata.category", + "data.win.eventdata.categoryId", + "data.win.eventdata.data", + "data.win.eventdata.image", + "data.win.eventdata.ipAddress", + "data.win.eventdata.ipPort", + "data.win.eventdata.keyName", + "data.win.eventdata.logonGuid", + "data.win.eventdata.logonProcessName", + "data.win.eventdata.operation", + "data.win.eventdata.parentImage", + "data.win.eventdata.processId", + "data.win.eventdata.processName", + "data.win.eventdata.providerName", + "data.win.eventdata.returnCode", + "data.win.eventdata.service", + "data.win.eventdata.status", + "data.win.eventdata.subcategory", + "data.win.eventdata.subcategoryGuid", + "data.win.eventdata.subcategoryId", + "data.win.eventdata.subjectDomainName", + "data.win.eventdata.subjectLogonId", + "data.win.eventdata.subjectUserName", + "data.win.eventdata.subjectUserSid", + "data.win.eventdata.targetDomainName", + "data.win.eventdata.targetLinkedLogonId", + "data.win.eventdata.targetLogonId", + "data.win.eventdata.targetUserName", + "data.win.eventdata.targetUserSid", + "data.win.eventdata.workstationName", + "data.win.system.channel", + "data.win.system.computer", + "data.win.system.eventID", + "data.win.system.eventRecordID", + "data.win.system.eventSourceName", + "data.win.system.keywords", + "data.win.system.level", + "data.win.system.message", + "data.win.system.opcode", + "data.win.system.processID", + "data.win.system.providerGuid", + "data.win.system.providerName", + "data.win.system.securityUserID", + "data.win.system.severityValue", + "data.win.system.userID", + "decoder.ftscomment", + "decoder.name", + "decoder.parent", + "full_log", + "host", + "id", + "input", + "location", + "manager.name", + "message", + "offset", + "predecoder.hostname", + "predecoder.program_name", + "previous_log", + "previous_output", + "program_name", + "rule.cis", + "rule.cve", + "rule.description", + "rule.gdpr", + "rule.gpg13", + "rule.groups", + "rule.id", + "rule.info", + "rule.pci_dss", + "syscheck.audit.effective_user.id", + "syscheck.audit.effective_user.name", + "syscheck.audit.group.id", + "syscheck.audit.group.name", + "syscheck.audit.login_user.id", + "syscheck.audit.login_user.name", + "syscheck.audit.process.id", + "syscheck.audit.process.name", + "syscheck.audit.process.ppid", + "syscheck.audit.user.id", + "syscheck.audit.user.name", + "syscheck.diff", + "syscheck.event", + "syscheck.gid_after", + "syscheck.gid_before", + "syscheck.gname_after", + "syscheck.gname_before", + "syscheck.inode_after", + "syscheck.inode_before", + "syscheck.md5_after", + "syscheck.md5_before", + "syscheck.path", + "syscheck.perm_after", + "syscheck.perm_before", + "syscheck.sha1_after", + "syscheck.sha1_before", + "syscheck.sha256_after", + "syscheck.sha256_before", + "syscheck.tags", + "syscheck.uid_after", + "syscheck.uid_before", + "syscheck.uname_after", + "syscheck.uname_before", + "title", + "type" + ] }, "mappings": { "dynamic_templates": [ { "string_as_keyword": { - "match_mapping_type": "string", "mapping": { - "type": "keyword", - "doc_values": "true" - } + "type": "keyword" + }, + "match_mapping_type": "string" } } ], + "date_detection": false, "properties": { "@timestamp": { "type": "date" @@ -34,42 +435,35 @@ "agent": { "properties": { "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "manager": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "cluster": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "node": { + "type": "keyword" } } }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, "full_log": { - "enabled": false, - "type": "object" + "type": "text" }, "previous_log": { "type": "text" @@ -80,8 +474,7 @@ "type": "long" }, "city_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "continent_code": { "type": "text" @@ -96,15 +489,13 @@ "type": "text" }, "country_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dma_code": { "type": "long" }, "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "latitude": { "type": "double" @@ -119,12 +510,10 @@ "type": "keyword" }, "real_region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timezone": { "type": "text" @@ -132,110 +521,151 @@ } }, "host": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "syscheck": { "properties": { "path": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtime_after": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "mtime_before": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "uname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size_before": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size_after": { - "type": "long", - "doc_values": "true" + "type": "long" }, "diff": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "event": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "audit": { + "properties": { + "effective_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "login_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + } + } + }, + "user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + } + } + }, + "sha256_after": { + "type": "keyword" + }, + "sha256_before": { + "type": "keyword" + }, + "tags": { + "type": "keyword" } } }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "message": { "type": "text" @@ -246,554 +676,441 @@ "rule": { "properties": { "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "groups": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "level": { - "type": "long", - "doc_values": "true" + "type": "long" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cve": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "info": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "frequency": { - "type": "long", - "doc_values": "true" + "type": "long" }, "firedtimes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gdpr": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gpg13": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + }, + "mail": { + "type": "boolean" } } }, "predecoder": { "properties": { "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timestamp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hostname": { + "type": "keyword" } } }, "decoder": { "properties": { "parent": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ftscomment": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fts": { - "type": "long", - "doc_values": "true" + "type": "long" }, "accumulate": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "data": { "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, "audit": { "properties": { - "type": { - "type": "keyword", - "doc_values": "true" + "acct": { + "type": "keyword" }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" + "arch": { + "type": "keyword" }, "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dev": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "aws": { - "properties": { - "bytes": { - "type": "long", - "doc_values": "true" - }, - "dstaddr": { - "type": "ip", - "doc_values": "true" - }, - "srcaddr": { - "type": "ip", - "doc_values": "true" - }, - "end": { - "type": "date", - "doc_values": "true" - }, - "start": { - "type": "date", - "doc_values": "true" - }, - "source_ip_address": { - "type": "ip", - "doc_values": "true" - }, - "resource.instanceDetails.networkInterfaces": { + "directory": { "properties": { - "privateIpAddress": { - "type": "ip", - "doc_values": "true" + "inode": { + "type": "keyword" }, - "publicIp": { - "type": "ip", - "doc_values": "true" + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" } } }, - "service": { + "egid": { + "type": "keyword" + }, + "enforcing": { + "type": "keyword" + }, + "euid": { + "type": "keyword" + }, + "exe": { + "type": "keyword" + }, + "execve": { "properties": { - "count": { - "type": "long", - "doc_values": "true" + "a0": { + "type": "keyword" }, - "action.networkConnectionAction.remoteIpDetails": { + "a1": { + "type": "keyword" + }, + "a2": { + "type": "keyword" + }, + "a3": { + "type": "keyword" + } + } + }, + "exit": { + "type": "keyword" + }, + "file": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "fsgid": { + "type": "keyword" + }, + "fsuid": { + "type": "keyword" + }, + "gid": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "key": { + "type": "keyword" + }, + "list": { + "type": "keyword" + }, + "old-auid": { + "type": "keyword" + }, + "old-ses": { + "type": "keyword" + }, + "old_enforcing": { + "type": "keyword" + }, + "old_prom": { + "type": "keyword" + }, + "op": { + "type": "keyword" + }, + "pid": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + }, + "prom": { + "type": "keyword" + }, + "res": { + "type": "keyword" + }, + "session": { + "type": "keyword" + }, + "sgid": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "subj": { + "type": "keyword" + }, + "success": { + "type": "keyword" + }, + "suid": { + "type": "keyword" + }, + "syscall": { + "type": "keyword" + }, + "tty": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + } + } + }, + "protocol": { + "type": "keyword" + }, + "action": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "dstip": { + "type": "keyword" + }, + "srcport": { + "type": "keyword" + }, + "dstport": { + "type": "keyword" + }, + "srcuser": { + "type": "keyword" + }, + "dstuser": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "data": { + "type": "keyword" + }, + "system_name": { + "type": "keyword" + }, + "url": { + "type": "keyword" + }, + "oscap": { + "properties": { + "check": { + "properties": { + "description": { + "type": "text" + }, + "id": { + "type": "keyword" + }, + "identifiers": { + "type": "text" + }, + "oval": { "properties": { - "ipAddressV4": { - "type": "ip", - "doc_values": "true" - }, - "geoLocation": { - "type": "geo_point", - "doc_values": "true" + "id": { + "type": "keyword" } } + }, + "rationale": { + "type": "text" + }, + "references": { + "type": "text" + }, + "result": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "scan": { + "properties": { + "benchmark": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "content": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "profile": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "return_code": { + "type": "long" + }, + "score": { + "type": "double" } } } } }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netinfo": { "properties": { "iface": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mac": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "adapter": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtu": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ipv4": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "ipv6": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } } @@ -804,630 +1121,523 @@ "os": { "properties": { "hostname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "codename": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "major": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "minor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "build": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "platform": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sysname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release_version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "port": { "properties": { "protocol": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "local_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "local_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "remote_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "remote_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "inode": { - "type": "long", - "doc_values": "true" + "type": "long" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "hardware": { "properties": { "serial": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_cores": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cpu_mhz": { - "type": "double", - "doc_values": "true" + "type": "double" }, "ram_total": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_free": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_usage": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "program": { "properties": { "format": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "section": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vendor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "install_time": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "multiarch": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "source": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "process": { "properties": { "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ppid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "utime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "stime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cmd": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "args": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "euser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ruser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "suser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "egroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nice": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vm_size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "resident": { - "type": "long", - "doc_values": "true" + "type": "long" }, "share": { - "type": "long", - "doc_values": "true" + "type": "long" }, "start_time": { - "type": "long", - "doc_values": "true" + "type": "long" }, "pgrp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "session": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nlwp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tgid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tty": { - "type": "long", - "doc_values": "true" + "type": "long" }, "processor": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "sca": { "properties": { "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "scan_id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "policy": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "passed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "failed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "score": { - "type": "long", - "doc_values": "true" + "type": "long" }, "check": { "properties": { "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rationale": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "remediation": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "compliance": { "properties": { "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cis_csc": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" } } }, "references": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "directory": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "registry": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "previous_result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "reason": { + "type": "keyword" + }, + "status": { + "type": "keyword" } } + }, + "invalid": { + "type": "keyword" + }, + "policy_id": { + "type": "keyword" + }, + "total_checks": { + "type": "keyword" } } }, - "win": { + "command": { + "type": "keyword" + }, + "integration": { + "type": "keyword" + }, + "timestamp": { + "type": "date" + }, + "title": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + }, + "virustotal": { "properties": { - "system": { + "description": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "found": { + "type": "keyword" + }, + "malicious": { + "type": "keyword" + }, + "permalink": { + "type": "keyword" + }, + "positives": { + "type": "keyword" + }, + "scan_date": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + }, + "source": { "properties": { - "providerName": { - "type": "keyword", - "doc_values": "true" + "alert_id": { + "type": "keyword" }, - "providerGuid": { - "type": "keyword", - "doc_values": "true" + "file": { + "type": "keyword" }, - "eventSourceName": { - "type": "keyword", - "doc_values": "true" + "md5": { + "type": "keyword" }, - "securityUserID": { - "type": "keyword", - "doc_values": "true" + "sha1": { + "type": "keyword" + } + } + }, + "total": { + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "advisories": { + "type": "keyword" + }, + "bugzilla_reference": { + "type": "keyword" + }, + "cve": { + "type": "keyword" + }, + "cvss": { + "properties": { + "cvss3_score": { + "type": "keyword" }, - "userID": { - "type": "keyword", - "doc_values": "true" + "cvss_score": { + "type": "keyword" }, - "eventID": { - "type": "keyword", - "doc_values": "true" + "cvss_scoring_vector": { + "type": "keyword" + } + } + }, + "cwe_reference": { + "type": "keyword" + }, + "package": { + "properties": { + "condition": { + "type": "keyword" + }, + "name": { + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "keyword", - "doc_values": "true" - }, - "task": { - "type": "keyword", - "doc_values": "true" - }, - "opcode": { - "type": "keyword", - "doc_values": "true" - }, - "keywords": { - "type": "keyword", - "doc_values": "true" - }, - "systemTime": { - "type": "keyword", - "doc_values": "true" - }, - "eventRecordID": { - "type": "keyword", - "doc_values": "true" - }, - "processID": { - "type": "keyword", - "doc_values": "true" - }, - "threadID": { - "type": "keyword", - "doc_values": "true" - }, - "channel": { - "type": "keyword", - "doc_values": "true" - }, - "computer": { - "type": "keyword", - "doc_values": "true" - }, - "severityValue": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, - "eventdata": { + "published": { + "type": "date" + }, + "reference": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long" + }, + "dstaddr": { + "type": "ip" + }, + "srcaddr": { + "type": "ip" + }, + "end": { + "type": "date" + }, + "start": { + "type": "date" + }, + "source_ip_address": { + "type": "ip" + }, + "service": { "properties": { - "subjectUserSid": { - "type": "keyword", - "doc_values": "true" + "count": { + "type": "long" }, - "subjectUserName": { - "type": "keyword", - "doc_values": "true" + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip" + }, + "geoLocation": { + "type": "geo_point" + } + } }, - "subjectDomainName": { - "type": "keyword", - "doc_values": "true" + "eventFirstSeen": { + "type": "date" }, - "subjectLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserSid": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserName": { - "type": "keyword", - "doc_values": "true" - }, - "targetDomainName": { - "type": "keyword", - "doc_values": "true" - }, - "targetLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "logonType": { - "type": "keyword", - "doc_values": "true" - }, - "logonProcessName": { - "type": "keyword", - "doc_values": "true" - }, - "authenticationPackageName": { - "type": "keyword", - "doc_values": "true" - }, - "logonGuid": { - "type": "keyword", - "doc_values": "true" - }, - "keyLength": { - "type": "keyword", - "doc_values": "true" - }, - "impersonationLevel": { - "type": "keyword", - "doc_values": "true" - }, - "transactionId": { - "type": "keyword", - "doc_values": "true" - }, - "newState": { - "type": "keyword", - "doc_values": "true" - }, - "resourceManager": { - "type": "keyword", - "doc_values": "true" - }, - "processId": { - "type": "keyword", - "doc_values": "true" - }, - "processName": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "image": { - "type": "keyword", - "doc_values": "true" - }, - "binary": { - "type": "keyword", - "doc_values": "true" - }, - "parentImage": { - "type": "keyword", - "doc_values": "true" - }, - "categoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryGuid": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChangesId": { - "type": "keyword", - "doc_values": "true" - }, - "category": { - "type": "keyword", - "doc_values": "true" - }, - "subcategory": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChanges": { - "type": "keyword", - "doc_values": "true" + "eventLastSeen": { + "type": "date" } } }, - "rmSessionEvent": { + "createdAt": { + "type": "date" + }, + "updatedAt": { + "type": "date" + }, + "resource.instanceDetails": { "properties": { - "rmSessionId": { - "type": "keyword", - "doc_values": "true" + "launchTime": { + "type": "date" }, - "uTCStartTime": { - "type": "keyword", - "doc_values": "true" + "networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip" + }, + "publicIp": { + "type": "ip" + } + } } } } @@ -1436,21 +1646,31 @@ } }, "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { "type": "text" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "input": { + "properties": { + "type": { + "type": "keyword" + } + } + }, + "previous_output": { + "type": "keyword" } } - } + }, + "version": 1 } - diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 11ef6176..06af6322 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -1,25 +1,426 @@ { "order": 0, - "index_patterns": ["wazuh-alerts-3.x-*"], + "index_patterns": [ + "wazuh-alerts-3.x-*", + "wazuh-archives-3.x-*" + ], "settings": { "index.refresh_interval": "5s", "index.number_of_shards": "3", "index.number_of_replicas": "0", "index.auto_expand_replicas": "0-1", - "index.mapping.total_fields.limit": 2000 + "index.mapping.total_fields.limit": 10000, + "index.query.default_field": [ + "GeoLocation.city_name", + "GeoLocation.continent_code", + "GeoLocation.country_code2", + "GeoLocation.country_code3", + "GeoLocation.country_name", + "GeoLocation.ip", + "GeoLocation.postal_code", + "GeoLocation.real_region_name", + "GeoLocation.region_name", + "GeoLocation.timezone", + "agent.id", + "agent.ip", + "agent.name", + "cluster.name", + "cluster.node", + "command", + "data", + "data.action", + "data.audit", + "data.audit.acct", + "data.audit.arch", + "data.audit.auid", + "data.audit.command", + "data.audit.cwd", + "data.audit.dev", + "data.audit.directory.inode", + "data.audit.directory.mode", + "data.audit.directory.name", + "data.audit.egid", + "data.audit.enforcing", + "data.audit.euid", + "data.audit.exe", + "data.audit.execve.a0", + "data.audit.execve.a1", + "data.audit.execve.a2", + "data.audit.execve.a3", + "data.audit.exit", + "data.audit.file.inode", + "data.audit.file.mode", + "data.audit.file.name", + "data.audit.fsgid", + "data.audit.fsuid", + "data.audit.gid", + "data.audit.id", + "data.audit.key", + "data.audit.list", + "data.audit.old-auid", + "data.audit.old-ses", + "data.audit.old_enforcing", + "data.audit.old_prom", + "data.audit.op", + "data.audit.pid", + "data.audit.ppid", + "data.audit.prom", + "data.audit.res", + "data.audit.session", + "data.audit.sgid", + "data.audit.srcip", + "data.audit.subj", + "data.audit.success", + "data.audit.suid", + "data.audit.syscall", + "data.audit.tty", + "data.audit.uid", + "data.aws.accountId", + "data.aws.account_id", + "data.aws.action", + "data.aws.actor", + "data.aws.aws_account_id", + "data.aws.description", + "data.aws.dstport", + "data.aws.errorCode", + "data.aws.errorMessage", + "data.aws.eventID", + "data.aws.eventName", + "data.aws.eventSource", + "data.aws.eventType", + "data.aws.id", + "data.aws.name", + "data.aws.requestParameters.accessKeyId", + "data.aws.requestParameters.bucketName", + "data.aws.requestParameters.gatewayId", + "data.aws.requestParameters.groupDescription", + "data.aws.requestParameters.groupId", + "data.aws.requestParameters.groupName", + "data.aws.requestParameters.host", + "data.aws.requestParameters.hostedZoneId", + "data.aws.requestParameters.instanceId", + "data.aws.requestParameters.instanceProfileName", + "data.aws.requestParameters.loadBalancerName", + "data.aws.requestParameters.loadBalancerPorts", + "data.aws.requestParameters.masterUserPassword", + "data.aws.requestParameters.masterUsername", + "data.aws.requestParameters.name", + "data.aws.requestParameters.natGatewayId", + "data.aws.requestParameters.networkAclId", + "data.aws.requestParameters.path", + "data.aws.requestParameters.policyName", + "data.aws.requestParameters.port", + "data.aws.requestParameters.stackId", + "data.aws.requestParameters.stackName", + "data.aws.requestParameters.subnetId", + "data.aws.requestParameters.subnetIds", + "data.aws.requestParameters.volumeId", + "data.aws.requestParameters.vpcId", + "data.aws.resource.accessKeyDetails.accessKeyId", + "data.aws.resource.accessKeyDetails.principalId", + "data.aws.resource.accessKeyDetails.userName", + "data.aws.resource.instanceDetails.instanceId", + "data.aws.resource.instanceDetails.instanceState", + "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.subnetId", + "data.aws.resource.instanceDetails.networkInterfaces.vpcId", + "data.aws.resource.instanceDetails.tags.value", + "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId", + "data.aws.responseElements.description", + "data.aws.responseElements.instanceId", + "data.aws.responseElements.instances.instanceId", + "data.aws.responseElements.instancesSet.items.instanceId", + "data.aws.responseElements.listeners.port", + "data.aws.responseElements.loadBalancerName", + "data.aws.responseElements.loadBalancers.vpcId", + "data.aws.responseElements.loginProfile.userName", + "data.aws.responseElements.networkAcl.vpcId", + "data.aws.responseElements.ownerId", + "data.aws.responseElements.publicIp", + "data.aws.responseElements.user.userId", + "data.aws.responseElements.user.userName", + "data.aws.responseElements.volumeId", + "data.aws.service.serviceName", + "data.aws.severity", + "data.aws.source", + "data.aws.sourceIPAddress", + "data.aws.srcport", + "data.aws.userIdentity.accessKeyId", + "data.aws.userIdentity.accountId", + "data.aws.userIdentity.userName", + "data.aws.vpcEndpointId", + "data.command", + "data.data", + "data.docker.Actor.Attributes.container", + "data.docker.Actor.Attributes.image", + "data.docker.Actor.Attributes.name", + "data.docker.Actor.ID", + "data.docker.id", + "data.docker.message", + "data.docker.status", + "data.dstip", + "data.dstport", + "data.dstuser", + "data.hardware.serial", + "data.id", + "data.integration", + "data.netinfo.iface.adapter", + "data.netinfo.iface.ipv4.address", + "data.netinfo.iface.ipv6.address", + "data.netinfo.iface.mac", + "data.netinfo.iface.name", + "data.os.architecture", + "data.os.build", + "data.os.codename", + "data.os.hostname", + "data.os.major", + "data.os.minor", + "data.os.name", + "data.os.platform", + "data.os.release", + "data.os.release_version", + "data.os.sysname", + "data.os.version", + "data.oscap.check.description", + "data.oscap.check.id", + "data.oscap.check.identifiers", + "data.oscap.check.oval.id", + "data.oscap.check.rationale", + "data.oscap.check.references", + "data.oscap.check.result", + "data.oscap.check.severity", + "data.oscap.check.title", + "data.oscap.scan.benchmark.id", + "data.oscap.scan.content", + "data.oscap.scan.id", + "data.oscap.scan.profile.id", + "data.oscap.scan.profile.title", + "data.osquery.columns.address", + "data.osquery.columns.command", + "data.osquery.columns.description", + "data.osquery.columns.dst_ip", + "data.osquery.columns.gid", + "data.osquery.columns.hostname", + "data.osquery.columns.md5", + "data.osquery.columns.path", + "data.osquery.columns.sha1", + "data.osquery.columns.sha256", + "data.osquery.columns.src_ip", + "data.osquery.columns.user", + "data.osquery.columns.username", + "data.osquery.name", + "data.osquery.pack", + "data.port.process", + "data.port.protocol", + "data.port.state", + "data.process.args", + "data.process.cmd", + "data.process.egroup", + "data.process.euser", + "data.process.fgroup", + "data.process.name", + "data.process.rgroup", + "data.process.ruser", + "data.process.sgroup", + "data.process.state", + "data.process.suser", + "data.program.architecture", + "data.program.description", + "data.program.format", + "data.program.location", + "data.program.multiarch", + "data.program.name", + "data.program.priority", + "data.program.section", + "data.program.source", + "data.program.vendor", + "data.program.version", + "data.protocol", + "data.pwd", + "data.sca", + "data.sca.check.compliance.cis", + "data.sca.check.compliance.cis_csc", + "data.sca.check.compliance.pci_dss", + "data.sca.check.compliance.hipaa", + "data.sca.check.compliance.nist_800_53", + "data.sca.check.description", + "data.sca.check.directory", + "data.sca.check.file", + "data.sca.check.id", + "data.sca.check.previous_result", + "data.sca.check.process", + "data.sca.check.rationale", + "data.sca.check.reason", + "data.sca.check.references", + "data.sca.check.registry", + "data.sca.check.remediation", + "data.sca.check.result", + "data.sca.check.status", + "data.sca.check.title", + "data.sca.description", + "data.sca.file", + "data.sca.invalid", + "data.sca.name", + "data.sca.policy", + "data.sca.policy_id", + "data.sca.scan_id", + "data.sca.total_checks", + "data.script", + "data.src_ip", + "data.src_port", + "data.srcip", + "data.srcport", + "data.srcuser", + "data.status", + "data.system_name", + "data.title", + "data.tty", + "data.uid", + "data.url", + "data.virustotal.description", + "data.virustotal.error", + "data.virustotal.found", + "data.virustotal.permalink", + "data.virustotal.scan_date", + "data.virustotal.sha1", + "data.virustotal.source.alert_id", + "data.virustotal.source.file", + "data.virustotal.source.md5", + "data.virustotal.source.sha1", + "data.vulnerability.advisories", + "data.vulnerability.bugzilla_reference", + "data.vulnerability.cve", + "data.vulnerability.cwe_reference", + "data.vulnerability.package.condition", + "data.vulnerability.package.name", + "data.vulnerability.package.version", + "data.vulnerability.reference", + "data.vulnerability.severity", + "data.vulnerability.state", + "data.vulnerability.title", + "data.win.eventdata.auditPolicyChanges", + "data.win.eventdata.auditPolicyChangesId", + "data.win.eventdata.binary", + "data.win.eventdata.category", + "data.win.eventdata.categoryId", + "data.win.eventdata.data", + "data.win.eventdata.image", + "data.win.eventdata.ipAddress", + "data.win.eventdata.ipPort", + "data.win.eventdata.keyName", + "data.win.eventdata.logonGuid", + "data.win.eventdata.logonProcessName", + "data.win.eventdata.operation", + "data.win.eventdata.parentImage", + "data.win.eventdata.processId", + "data.win.eventdata.processName", + "data.win.eventdata.providerName", + "data.win.eventdata.returnCode", + "data.win.eventdata.service", + "data.win.eventdata.status", + "data.win.eventdata.subcategory", + "data.win.eventdata.subcategoryGuid", + "data.win.eventdata.subcategoryId", + "data.win.eventdata.subjectDomainName", + "data.win.eventdata.subjectLogonId", + "data.win.eventdata.subjectUserName", + "data.win.eventdata.subjectUserSid", + "data.win.eventdata.targetDomainName", + "data.win.eventdata.targetLinkedLogonId", + "data.win.eventdata.targetLogonId", + "data.win.eventdata.targetUserName", + "data.win.eventdata.targetUserSid", + "data.win.eventdata.workstationName", + "data.win.system.channel", + "data.win.system.computer", + "data.win.system.eventID", + "data.win.system.eventRecordID", + "data.win.system.eventSourceName", + "data.win.system.keywords", + "data.win.system.level", + "data.win.system.message", + "data.win.system.opcode", + "data.win.system.processID", + "data.win.system.providerGuid", + "data.win.system.providerName", + "data.win.system.securityUserID", + "data.win.system.severityValue", + "data.win.system.userID", + "decoder.ftscomment", + "decoder.name", + "decoder.parent", + "full_log", + "host", + "id", + "input", + "location", + "manager.name", + "message", + "offset", + "predecoder.hostname", + "predecoder.program_name", + "previous_log", + "previous_output", + "program_name", + "rule.cis", + "rule.cve", + "rule.description", + "rule.gdpr", + "rule.gpg13", + "rule.groups", + "rule.id", + "rule.info", + "rule.pci_dss", + "syscheck.audit.effective_user.id", + "syscheck.audit.effective_user.name", + "syscheck.audit.group.id", + "syscheck.audit.group.name", + "syscheck.audit.login_user.id", + "syscheck.audit.login_user.name", + "syscheck.audit.process.id", + "syscheck.audit.process.name", + "syscheck.audit.process.ppid", + "syscheck.audit.user.id", + "syscheck.audit.user.name", + "syscheck.diff", + "syscheck.event", + "syscheck.gid_after", + "syscheck.gid_before", + "syscheck.gname_after", + "syscheck.gname_before", + "syscheck.inode_after", + "syscheck.inode_before", + "syscheck.md5_after", + "syscheck.md5_before", + "syscheck.path", + "syscheck.perm_after", + "syscheck.perm_before", + "syscheck.sha1_after", + "syscheck.sha1_before", + "syscheck.sha256_after", + "syscheck.sha256_before", + "syscheck.tags", + "syscheck.uid_after", + "syscheck.uid_before", + "syscheck.uname_after", + "syscheck.uname_before", + "title", + "type" + ] }, "mappings": { "dynamic_templates": [ { "string_as_keyword": { - "match_mapping_type": "string", "mapping": { - "type": "keyword", - "doc_values": "true" - } + "type": "keyword" + }, + "match_mapping_type": "string" } } ], + "date_detection": false, "properties": { "@timestamp": { "type": "date" @@ -34,42 +435,35 @@ "agent": { "properties": { "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "manager": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "cluster": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "node": { + "type": "keyword" } } }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, "full_log": { - "enabled": false, - "type": "object" + "type": "text" }, "previous_log": { "type": "text" @@ -80,8 +474,7 @@ "type": "long" }, "city_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "continent_code": { "type": "text" @@ -96,15 +489,13 @@ "type": "text" }, "country_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dma_code": { "type": "long" }, "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "latitude": { "type": "double" @@ -119,12 +510,10 @@ "type": "keyword" }, "real_region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timezone": { "type": "text" @@ -132,110 +521,151 @@ } }, "host": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "syscheck": { "properties": { "path": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtime_after": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "mtime_before": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "uname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size_before": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size_after": { - "type": "long", - "doc_values": "true" + "type": "long" }, "diff": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "event": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "audit": { + "properties": { + "effective_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "login_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + } + } + }, + "user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + } + } + }, + "sha256_after": { + "type": "keyword" + }, + "sha256_before": { + "type": "keyword" + }, + "tags": { + "type": "keyword" } } }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "message": { "type": "text" @@ -246,554 +676,441 @@ "rule": { "properties": { "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "groups": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "level": { - "type": "long", - "doc_values": "true" + "type": "long" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cve": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "info": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "frequency": { - "type": "long", - "doc_values": "true" + "type": "long" }, "firedtimes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gdpr": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gpg13": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + }, + "mail": { + "type": "boolean" } } }, "predecoder": { "properties": { "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timestamp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hostname": { + "type": "keyword" } } }, "decoder": { "properties": { "parent": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ftscomment": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fts": { - "type": "long", - "doc_values": "true" + "type": "long" }, "accumulate": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "data": { "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, "audit": { "properties": { - "type": { - "type": "keyword", - "doc_values": "true" + "acct": { + "type": "keyword" }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" + "arch": { + "type": "keyword" }, "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dev": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "aws": { - "properties": { - "bytes": { - "type": "long", - "doc_values": "true" - }, - "dstaddr": { - "type": "ip", - "doc_values": "true" - }, - "srcaddr": { - "type": "ip", - "doc_values": "true" - }, - "end": { - "type": "date", - "doc_values": "true" - }, - "start": { - "type": "date", - "doc_values": "true" - }, - "source_ip_address": { - "type": "ip", - "doc_values": "true" - }, - "resource.instanceDetails.networkInterfaces": { + "directory": { "properties": { - "privateIpAddress": { - "type": "ip", - "doc_values": "true" + "inode": { + "type": "keyword" }, - "publicIp": { - "type": "ip", - "doc_values": "true" + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" } } }, - "service": { + "egid": { + "type": "keyword" + }, + "enforcing": { + "type": "keyword" + }, + "euid": { + "type": "keyword" + }, + "exe": { + "type": "keyword" + }, + "execve": { "properties": { - "count": { - "type": "long", - "doc_values": "true" + "a0": { + "type": "keyword" }, - "action.networkConnectionAction.remoteIpDetails": { + "a1": { + "type": "keyword" + }, + "a2": { + "type": "keyword" + }, + "a3": { + "type": "keyword" + } + } + }, + "exit": { + "type": "keyword" + }, + "file": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "fsgid": { + "type": "keyword" + }, + "fsuid": { + "type": "keyword" + }, + "gid": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "key": { + "type": "keyword" + }, + "list": { + "type": "keyword" + }, + "old-auid": { + "type": "keyword" + }, + "old-ses": { + "type": "keyword" + }, + "old_enforcing": { + "type": "keyword" + }, + "old_prom": { + "type": "keyword" + }, + "op": { + "type": "keyword" + }, + "pid": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + }, + "prom": { + "type": "keyword" + }, + "res": { + "type": "keyword" + }, + "session": { + "type": "keyword" + }, + "sgid": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "subj": { + "type": "keyword" + }, + "success": { + "type": "keyword" + }, + "suid": { + "type": "keyword" + }, + "syscall": { + "type": "keyword" + }, + "tty": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + } + } + }, + "protocol": { + "type": "keyword" + }, + "action": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "dstip": { + "type": "keyword" + }, + "srcport": { + "type": "keyword" + }, + "dstport": { + "type": "keyword" + }, + "srcuser": { + "type": "keyword" + }, + "dstuser": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "data": { + "type": "keyword" + }, + "system_name": { + "type": "keyword" + }, + "url": { + "type": "keyword" + }, + "oscap": { + "properties": { + "check": { + "properties": { + "description": { + "type": "text" + }, + "id": { + "type": "keyword" + }, + "identifiers": { + "type": "text" + }, + "oval": { "properties": { - "ipAddressV4": { - "type": "ip", - "doc_values": "true" - }, - "geoLocation": { - "type": "geo_point", - "doc_values": "true" + "id": { + "type": "keyword" } } + }, + "rationale": { + "type": "text" + }, + "references": { + "type": "text" + }, + "result": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "scan": { + "properties": { + "benchmark": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "content": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "profile": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "return_code": { + "type": "long" + }, + "score": { + "type": "double" } } } } }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netinfo": { "properties": { "iface": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mac": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "adapter": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtu": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ipv4": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "ipv6": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } } @@ -804,630 +1121,523 @@ "os": { "properties": { "hostname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "codename": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "major": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "minor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "build": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "platform": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sysname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release_version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "port": { "properties": { "protocol": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "local_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "local_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "remote_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "remote_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "inode": { - "type": "long", - "doc_values": "true" + "type": "long" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "hardware": { "properties": { "serial": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_cores": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cpu_mhz": { - "type": "double", - "doc_values": "true" + "type": "double" }, "ram_total": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_free": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_usage": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "program": { "properties": { "format": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "section": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vendor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "install_time": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "multiarch": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "source": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "process": { "properties": { "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ppid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "utime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "stime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cmd": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "args": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "euser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ruser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "suser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "egroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nice": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vm_size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "resident": { - "type": "long", - "doc_values": "true" + "type": "long" }, "share": { - "type": "long", - "doc_values": "true" + "type": "long" }, "start_time": { - "type": "long", - "doc_values": "true" + "type": "long" }, "pgrp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "session": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nlwp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tgid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tty": { - "type": "long", - "doc_values": "true" + "type": "long" }, "processor": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "sca": { "properties": { "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "scan_id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "policy": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "passed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "failed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "score": { - "type": "long", - "doc_values": "true" + "type": "long" }, "check": { "properties": { "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rationale": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "remediation": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "compliance": { "properties": { "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cis_csc": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" } } }, "references": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "directory": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "registry": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "previous_result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "reason": { + "type": "keyword" + }, + "status": { + "type": "keyword" } } + }, + "invalid": { + "type": "keyword" + }, + "policy_id": { + "type": "keyword" + }, + "total_checks": { + "type": "keyword" } } }, - "win": { + "command": { + "type": "keyword" + }, + "integration": { + "type": "keyword" + }, + "timestamp": { + "type": "date" + }, + "title": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + }, + "virustotal": { "properties": { - "system": { + "description": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "found": { + "type": "keyword" + }, + "malicious": { + "type": "keyword" + }, + "permalink": { + "type": "keyword" + }, + "positives": { + "type": "keyword" + }, + "scan_date": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + }, + "source": { "properties": { - "providerName": { - "type": "keyword", - "doc_values": "true" + "alert_id": { + "type": "keyword" }, - "providerGuid": { - "type": "keyword", - "doc_values": "true" + "file": { + "type": "keyword" }, - "eventSourceName": { - "type": "keyword", - "doc_values": "true" + "md5": { + "type": "keyword" }, - "securityUserID": { - "type": "keyword", - "doc_values": "true" + "sha1": { + "type": "keyword" + } + } + }, + "total": { + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "advisories": { + "type": "keyword" + }, + "bugzilla_reference": { + "type": "keyword" + }, + "cve": { + "type": "keyword" + }, + "cvss": { + "properties": { + "cvss3_score": { + "type": "keyword" }, - "userID": { - "type": "keyword", - "doc_values": "true" + "cvss_score": { + "type": "keyword" }, - "eventID": { - "type": "keyword", - "doc_values": "true" + "cvss_scoring_vector": { + "type": "keyword" + } + } + }, + "cwe_reference": { + "type": "keyword" + }, + "package": { + "properties": { + "condition": { + "type": "keyword" + }, + "name": { + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "keyword", - "doc_values": "true" - }, - "task": { - "type": "keyword", - "doc_values": "true" - }, - "opcode": { - "type": "keyword", - "doc_values": "true" - }, - "keywords": { - "type": "keyword", - "doc_values": "true" - }, - "systemTime": { - "type": "keyword", - "doc_values": "true" - }, - "eventRecordID": { - "type": "keyword", - "doc_values": "true" - }, - "processID": { - "type": "keyword", - "doc_values": "true" - }, - "threadID": { - "type": "keyword", - "doc_values": "true" - }, - "channel": { - "type": "keyword", - "doc_values": "true" - }, - "computer": { - "type": "keyword", - "doc_values": "true" - }, - "severityValue": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, - "eventdata": { + "published": { + "type": "date" + }, + "reference": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long" + }, + "dstaddr": { + "type": "ip" + }, + "srcaddr": { + "type": "ip" + }, + "end": { + "type": "date" + }, + "start": { + "type": "date" + }, + "source_ip_address": { + "type": "ip" + }, + "service": { "properties": { - "subjectUserSid": { - "type": "keyword", - "doc_values": "true" + "count": { + "type": "long" }, - "subjectUserName": { - "type": "keyword", - "doc_values": "true" + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip" + }, + "geoLocation": { + "type": "geo_point" + } + } }, - "subjectDomainName": { - "type": "keyword", - "doc_values": "true" + "eventFirstSeen": { + "type": "date" }, - "subjectLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserSid": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserName": { - "type": "keyword", - "doc_values": "true" - }, - "targetDomainName": { - "type": "keyword", - "doc_values": "true" - }, - "targetLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "logonType": { - "type": "keyword", - "doc_values": "true" - }, - "logonProcessName": { - "type": "keyword", - "doc_values": "true" - }, - "authenticationPackageName": { - "type": "keyword", - "doc_values": "true" - }, - "logonGuid": { - "type": "keyword", - "doc_values": "true" - }, - "keyLength": { - "type": "keyword", - "doc_values": "true" - }, - "impersonationLevel": { - "type": "keyword", - "doc_values": "true" - }, - "transactionId": { - "type": "keyword", - "doc_values": "true" - }, - "newState": { - "type": "keyword", - "doc_values": "true" - }, - "resourceManager": { - "type": "keyword", - "doc_values": "true" - }, - "processId": { - "type": "keyword", - "doc_values": "true" - }, - "processName": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "image": { - "type": "keyword", - "doc_values": "true" - }, - "binary": { - "type": "keyword", - "doc_values": "true" - }, - "parentImage": { - "type": "keyword", - "doc_values": "true" - }, - "categoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryGuid": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChangesId": { - "type": "keyword", - "doc_values": "true" - }, - "category": { - "type": "keyword", - "doc_values": "true" - }, - "subcategory": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChanges": { - "type": "keyword", - "doc_values": "true" + "eventLastSeen": { + "type": "date" } } }, - "rmSessionEvent": { + "createdAt": { + "type": "date" + }, + "updatedAt": { + "type": "date" + }, + "resource.instanceDetails": { "properties": { - "rmSessionId": { - "type": "keyword", - "doc_values": "true" + "launchTime": { + "type": "date" }, - "uTCStartTime": { - "type": "keyword", - "doc_values": "true" + "networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip" + }, + "publicIp": { + "type": "ip" + } + } } } } @@ -1436,20 +1646,31 @@ } }, "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { "type": "text" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "input": { + "properties": { + "type": { + "type": "keyword" + } + } + }, + "previous_output": { + "type": "keyword" } } - } -} \ No newline at end of file + }, + "version": 1 +} From 58b3b734bea81da15d43131a69c115cb33e727fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:10:28 +0200 Subject: [PATCH 193/559] Bump version to 3.10.0_7.3.2 --- VERSION | 4 ++-- molecule/default/tests/test_default.py | 4 ++-- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- molecule/worker/tests/test_default.py | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/VERSION b/VERSION index 921c9fb1..2a8b969e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.5" -REVISION="3950" +WAZUH-ANSIBLE_VERSION="v3.10.0" +REVISION="31000" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 174a499f..03fe99d4 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_wazuh_packages_are_installed(host): @@ -86,4 +86,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') + assert filebeat.version.startswith('7.3.2') diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 31c5da6c..f4021876 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.1') + assert elasticsearch.version.startswith('7.3.2') def test_elasticsearch_is_running(host): diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index f57bb8f7..ccd4d4f2 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.1") + assert kibana.contains("7.3.2") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index a4845d06..1846d3fe 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_ossec_package_installed(Package): diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index 8dc96bbf..4de03dc3 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_wazuh_packages_are_installed(host): @@ -82,4 +82,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') + assert filebeat.version.startswith('7.3.2') diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 31ed74de..ca6dd06e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.2.1 +elastic_stack_version: 7.3.2 single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9ec61091..06c2c6af 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.2.1 -wazuh_version: 3.9.5 +elastic_stack_version: 7.3.2 +wazuh_version: 3.10.0 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 632ab7e3..180308a6 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.2.1 +filebeat_version: 7.3.2 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c3da8e89..f6904240 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.5 +wazuh_agent_version: 3.10.0 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -26,7 +26,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.5' + version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: ee5b24216db472d291da4e14f0b3bc63 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c7c1f16..87ab144b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.5 +wazuh_manager_api_version: 3.10.0 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From e98f52deb7226c83eaa2910e9443a582152be7da Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:26:47 +0200 Subject: [PATCH 194/559] Update CHANGELOG.md --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87570f08..0c31372c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,23 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.10.0_7.3.2] + +### Added + + +### Changed + +- Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) +- Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) + +### Fixed + +- Fixed typo in the `agent.conf` template [@joey1a2b3c](https://github.com/joey1a2b3c) [#227](https://github.com/wazuh/wazuh-ansible/pull/227) +- Updated conditionals in tasks to fix Amazon Linux installation [@jm404](https://github.com/jm404) [#229](https://github.com/wazuh/wazuh-ansible/pull/229) +- Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232) +- Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234) + ## [v3.9.5_7.2.1] ### Added From 3680e6a3a3f827b7314b67045a096a86c4a0cff0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 11:53:53 +0200 Subject: [PATCH 195/559] Remove "Amazon" from conditional in remove repo task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 320c9b74..13fcd37d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -146,7 +146,7 @@ state: started - import_tasks: RMRedHat.yml - when: ansible_os_family == 'RedHat', 'Amazon' + when: ansible_os_family == 'RedHat' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian' From 9db41aac8cbece45559c96b47c444e8380054517 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 11:54:40 +0200 Subject: [PATCH 196/559] Add changed_when: false conditional to fix idempotence --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 13fcd37d..af9b5eaf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -138,6 +138,7 @@ name: kibana enabled: true state: restarted + changed_when: false - name: Ensure Kibana is started and enabled service: From 8c48c6ce624c574fda8e771dffe9ca67b8a16b90 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:43:47 +0200 Subject: [PATCH 197/559] Remove explicit Kibana restart. Add restart notifications --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index af9b5eaf..d09f13fb 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -84,6 +84,7 @@ when: - check_certs_permissions is defined - kibana_xpack_security + notify: restart kibana tags: xpack-security - name: Kibana configuration @@ -93,6 +94,7 @@ owner: root group: root mode: 0664 + notify: restart kibana tags: configure - name: Checking Wazuh-APP version @@ -125,6 +127,7 @@ creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana + notify: restart kibana tags: - install - skip_ansible_lint @@ -133,13 +136,6 @@ systemd: daemon_reload: true -- name: Restart Kibana - service: - name: kibana - enabled: true - state: restarted - changed_when: false - - name: Ensure Kibana is started and enabled service: name: kibana From f94e095972bc2f6d25b6752c38bd51df19f68695 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:47:19 +0200 Subject: [PATCH 198/559] Remove Amazon from daemon reload exceptions --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d09f13fb..6b66920b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -6,10 +6,10 @@ when: ansible_os_family == 'Debian' - name: Reload systemd - systemd: daemon_reload=true + systemd: + daemon_reload: true ignore_errors: true when: - - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) From d6ebdbba76b3c754f4864f8083b70a926601df96 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:48:20 +0200 Subject: [PATCH 199/559] Update CHANGELOG.md --- CHANGELOG.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c31372c..153218ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,6 @@ All notable changes to this project will be documented in this file. ## [v3.10.0_7.3.2] -### Added - - ### Changed - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) From 8f953f4272045423ee82db0c4a36530c44679fab Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 13:04:35 +0200 Subject: [PATCH 200/559] Add versioning to filter AL2 in the daemon reload task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 6b66920b..c4069f90 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -10,6 +10,7 @@ daemon_reload: true ignore_errors: true when: + - not (ansible_distribution == "Amazon and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) From d6ef30b6a30abe703d654a02f7ff2681ac9d57cf Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 13:05:06 +0200 Subject: [PATCH 201/559] Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 153218ac..ab4e5eea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,13 @@ All notable changes to this project will be documented in this file. ## [v3.10.0_7.3.2] +### Added + +- Update to Wazuh v3.10.0 + ### Changed +- Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237) - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) - Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) From c1e085a1ed2d954ddf9687f99f9283a3f203e88f Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 14:34:04 +0200 Subject: [PATCH 202/559] Fix trailing whitespace for linting checks --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c4069f90..a0f6e5c0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -6,7 +6,7 @@ when: ansible_os_family == 'Debian' - name: Reload systemd - systemd: + systemd: daemon_reload: true ignore_errors: true when: From a9d2c5201047c273c2c4fead5a54e576111da455 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 08:55:17 +0200 Subject: [PATCH 203/559] Moved run_cluster_mode.sh script to molecule folder --- run_cluster_mode.sh => molecule/run_cluster_mode.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename run_cluster_mode.sh => molecule/run_cluster_mode.sh (100%) diff --git a/run_cluster_mode.sh b/molecule/run_cluster_mode.sh similarity index 100% rename from run_cluster_mode.sh rename to molecule/run_cluster_mode.sh From 48cff3046de5052b99d3c9b68ccd532b55e10feb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 08:58:19 +0200 Subject: [PATCH 204/559] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab4e5eea..95a9d18b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file. - Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237) - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) - Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) +- Moved "run_cluster_mode.sh" script to molecule folder [@jm404](https://github.com/jm404) [#a9d2c52](https://github.com/wazuh/wazuh-ansible/commit/a9d2c5201047c273c2c4fead5a54e576111da455) ### Fixed From 61740ebebc60d63fccdd33c41e82fdb262a9a01e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 09:01:10 +0200 Subject: [PATCH 205/559] Fix typo in Amazon distribution conditional --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a0f6e5c0..c7c7f551 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -10,7 +10,7 @@ daemon_reload: true ignore_errors: true when: - - not (ansible_distribution == "Amazon and ansible_distribution_version == "(Karoo)") + - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) From 9f08ca93f86f3773ff1810e70b2b1ae73b17400d Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 18 Sep 2019 15:35:29 +0200 Subject: [PATCH 206/559] Removed molecule from root folder --- Pipfile | 35 -------- README.md | 15 ++++ molecule/default/Dockerfile.j2 | 14 --- molecule/default/INSTALL.rst | 16 ---- molecule/default/create.yml | 85 ------------------- molecule/default/destroy.yml | 32 ------- molecule/default/molecule.yml.template | 47 ----------- molecule/default/playbook.yml | 19 ----- molecule/default/playbook.yml.template | 19 ----- molecule/default/prepare.yml | 36 -------- molecule/default/tests/test_default.py | 89 -------------------- molecule/elasticsearch/Dockerfile.j2 | 14 --- molecule/elasticsearch/INSTALL.rst | 22 ----- molecule/elasticsearch/molecule.yml | 57 ------------- molecule/elasticsearch/molecule.yml.template | 57 ------------- molecule/elasticsearch/playbook.yml | 6 -- molecule/elasticsearch/playbook.yml.template | 6 -- molecule/elasticsearch/tests/test_default.py | 20 ----- molecule/kibana/Dockerfile.j2 | 14 --- molecule/kibana/INSTALL.rst | 22 ----- molecule/kibana/molecule.yml.template | 40 --------- molecule/kibana/playbook.yml | 6 -- molecule/kibana/playbook.yml.template | 6 -- molecule/kibana/prepare.yml | 36 -------- molecule/kibana/tests/test_default.py | 24 ------ molecule/run_cluster_mode.sh | 43 ---------- molecule/wazuh-agent/Dockerfile.j2 | 14 --- molecule/wazuh-agent/INSTALL.rst | 22 ----- molecule/wazuh-agent/molecule.yml | 89 -------------------- molecule/wazuh-agent/molecule.yml.template | 89 -------------------- molecule/wazuh-agent/playbook.yml | 18 ---- molecule/wazuh-agent/playbook.yml.template | 18 ---- molecule/wazuh-agent/prepare.yml | 43 ---------- molecule/wazuh-agent/tests/test_agents.py | 28 ------ molecule/wazuh-agent/tests/test_manager.py | 15 ---- molecule/worker/Dockerfile.j2 | 14 --- molecule/worker/molecule.yml.template | 53 ------------ molecule/worker/playbook.yml | 21 ----- molecule/worker/playbook.yml.template | 21 ----- molecule/worker/tests/test_default.py | 85 ------------------- 40 files changed, 15 insertions(+), 1295 deletions(-) delete mode 100644 Pipfile delete mode 100644 molecule/default/Dockerfile.j2 delete mode 100644 molecule/default/INSTALL.rst delete mode 100644 molecule/default/create.yml delete mode 100644 molecule/default/destroy.yml delete mode 100644 molecule/default/molecule.yml.template delete mode 100644 molecule/default/playbook.yml delete mode 100644 molecule/default/playbook.yml.template delete mode 100644 molecule/default/prepare.yml delete mode 100644 molecule/default/tests/test_default.py delete mode 100644 molecule/elasticsearch/Dockerfile.j2 delete mode 100644 molecule/elasticsearch/INSTALL.rst delete mode 100644 molecule/elasticsearch/molecule.yml delete mode 100644 molecule/elasticsearch/molecule.yml.template delete mode 100644 molecule/elasticsearch/playbook.yml delete mode 100644 molecule/elasticsearch/playbook.yml.template delete mode 100644 molecule/elasticsearch/tests/test_default.py delete mode 100644 molecule/kibana/Dockerfile.j2 delete mode 100644 molecule/kibana/INSTALL.rst delete mode 100644 molecule/kibana/molecule.yml.template delete mode 100644 molecule/kibana/playbook.yml delete mode 100644 molecule/kibana/playbook.yml.template delete mode 100644 molecule/kibana/prepare.yml delete mode 100644 molecule/kibana/tests/test_default.py delete mode 100644 molecule/run_cluster_mode.sh delete mode 100644 molecule/wazuh-agent/Dockerfile.j2 delete mode 100644 molecule/wazuh-agent/INSTALL.rst delete mode 100644 molecule/wazuh-agent/molecule.yml delete mode 100644 molecule/wazuh-agent/molecule.yml.template delete mode 100644 molecule/wazuh-agent/playbook.yml delete mode 100644 molecule/wazuh-agent/playbook.yml.template delete mode 100644 molecule/wazuh-agent/prepare.yml delete mode 100644 molecule/wazuh-agent/tests/test_agents.py delete mode 100644 molecule/wazuh-agent/tests/test_manager.py delete mode 100644 molecule/worker/Dockerfile.j2 delete mode 100644 molecule/worker/molecule.yml.template delete mode 100644 molecule/worker/playbook.yml delete mode 100644 molecule/worker/playbook.yml.template delete mode 100644 molecule/worker/tests/test_default.py diff --git a/Pipfile b/Pipfile deleted file mode 100644 index 6f709455..00000000 --- a/Pipfile +++ /dev/null @@ -1,35 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -docker-py = "*" -ansible = "==2.7.13" -molecule = "==2.20.2" - -[dev-packages] - -[requires] -python_version = "2.7" - -[scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" - -# Verify .. -verify ="molecule verify" -verify_worker ="molecule verify -s worker" -verify_agent ="molecule verify -s agent" -verify_elasticsearch ="molecule verify -s elasticsearch" -verify_kibana ="molecule verify -s kibana" - -# Destroy .. -destroy ="molecule destroy" -destroy_worker ="molecule destroy -s worker" -destroy_agent ="molecule destroy -s agent" -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_kibana ="molecule destroy -s kibana" diff --git a/README.md b/README.md index f684d1a8..257d15cc 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,21 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. * `master` branch contains the latest code, be aware of possible bugs on this branch. ## Testing + +1. Get the `wazuh-ansible` folder from the `wazuh-qa` [repository](https://github.com/wazuh/wazuh-qa/tree/master/ansible/wazuh-ansible). + +``` +git clone https://github.com/wazuh/wazuh-qa +``` + +2. Copy the `Pipfile` and the `molecule` folder into the root wazuh-ansible directory: + +``` +cp wazuh-qa/ansible/wazuh-ansible/* . -R +``` + +3. Follow these steps for launching the tests. Check the Pipfile for running different scenarios: + ``` pip install pipenv sudo pipenv install diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/default/create.yml b/molecule/default/create.yml deleted file mode 100644 index 0b25ec81..00000000 --- a/molecule/default/create.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Log into a Docker registry - docker_login: - username: "{{ item.registry.credentials.username }}" - password: "{{ item.registry.credentials.password }}" - email: "{{ item.registry.credentials.email | default(omit) }}" - registry: "{{ item.registry.url }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ molecule_yml.platforms }}" - when: - - item.registry is defined - - item.registry.credentials is defined - - item.registry.credentials.username is defined - - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create docker network(s) - docker_network: - name: "main" - state: present - - - name: Sleep 5 seconds till the network gets created if it's not - # Pause for 5 minutes to build app cache. - pause: - seconds: 10 - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - exposed_ports: "{{ item.exposed_ports | default(omit) }}" - published_ports: "{{ item.published_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - networks: - - name: "main" - dns_servers: "{{ item.dns_servers | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" \ No newline at end of file diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml deleted file mode 100644 index ddf7062b..00000000 --- a/molecule/default/destroy.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" - - - name: Delete docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template deleted file mode 100644 index f46226c2..00000000 --- a/molecule/default/molecule.yml.template +++ /dev/null @@ -1,47 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -platforms: - - name: manager_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index d4561c1b..00000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'manager' - node_type: 'master' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_bionic' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } \ No newline at end of file diff --git a/molecule/default/playbook.yml.template b/molecule/default/playbook.yml.template deleted file mode 100644 index f73659e9..00000000 --- a/molecule/default/playbook.yml.template +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'manager' - node_type: 'master' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_platform' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml deleted file mode 100644 index f3dc9aac..00000000 --- a/molecule/default/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py deleted file mode 100644 index 03fe99d4..00000000 --- a/molecule/default/tests/test_default.py +++ /dev/null @@ -1,89 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1516").is_listening - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://0.0.0.0:1516").is_listening - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.3.2') diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/elasticsearch/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/elasticsearch/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml deleted file mode 100644 index 11d8902f..00000000 --- a/molecule/elasticsearch/molecule.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: elasticsearch_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 512 -scenario: - name: elasticsearch - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template deleted file mode 100644 index baba140e..00000000 --- a/molecule/elasticsearch/molecule.yml.template +++ /dev/null @@ -1,57 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: elasticsearch_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 512 -scenario: - name: elasticsearch - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml deleted file mode 100644 index 6b5c44f8..00000000 --- a/molecule/elasticsearch/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_bionic' diff --git a/molecule/elasticsearch/playbook.yml.template b/molecule/elasticsearch/playbook.yml.template deleted file mode 100644 index 0b2f9d5a..00000000 --- a/molecule/elasticsearch/playbook.yml.template +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py deleted file mode 100644 index f4021876..00000000 --- a/molecule/elasticsearch/tests/test_default.py +++ /dev/null @@ -1,20 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_elasticsearch_is_installed(host): - """Test if the elasticsearch package is installed.""" - elasticsearch = host.package("elasticsearch") - assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.3.2') - - -def test_elasticsearch_is_running(host): - """Test if the services are enabled and running.""" - elasticsearch = host.service("elasticsearch") - assert elasticsearch.is_enabled - assert elasticsearch.is_running diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/kibana/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/kibana/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template deleted file mode 100644 index eec8f6e3..00000000 --- a/molecule/kibana/molecule.yml.template +++ /dev/null @@ -1,40 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: kibana_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml deleted file mode 100644 index 6af17723..00000000 --- a/molecule/kibana/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_bionic' \ No newline at end of file diff --git a/molecule/kibana/playbook.yml.template b/molecule/kibana/playbook.yml.template deleted file mode 100644 index b166ac28..00000000 --- a/molecule/kibana/playbook.yml.template +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml deleted file mode 100644 index c5592219..00000000 --- a/molecule/kibana/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - pre_tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py deleted file mode 100644 index ccd4d4f2..00000000 --- a/molecule/kibana/tests/test_default.py +++ /dev/null @@ -1,24 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_port_kibana_is_open(host): - """Test if the port 5601 is open and listening to connections.""" - host.socket("tcp://0.0.0.0:5601").is_listening - - -def test_find_correct_elasticsearch_version(host): - """Test if we find the kibana/elasticsearch version in package.json""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.3.2") - - -def test_wazuh_plugin_installed(host): - """Make sure there is a plugin wazuh directory.""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/") - - assert kibana.is_directory diff --git a/molecule/run_cluster_mode.sh b/molecule/run_cluster_mode.sh deleted file mode 100644 index c1a0941d..00000000 --- a/molecule/run_cluster_mode.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) -images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" ) -platform=( "bionic" "xenial" "centos7" "trusty" "centos6" ) - -echo "Please select an image. " - -select IMAGE in "${images[@]}"; -do - echo "You picked $IMAGE ($REPLY)" - break -done - -index=$(($REPLY - 1)) - -if [ -z "$IMAGE" ] -then - echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" - exit -else - for i in "${paths[@]}" - do - cp "$i/playbook.yml.template" "$i/playbook.yml" - sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml" - - cp "$i/molecule.yml.template" "$i/molecule.yml" - sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml" - sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml" - - done -fi - -sudo pipenv run elasticsearch -sudo pipenv run test -sudo pipenv run worker -sudo pipenv run kibana - -sudo pipenv run destroy -sudo pipenv run destroy_worker -sudo pipenv run destroy_elasticsearch -sudo pipenv run destroy_kibana - diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/wazuh-agent/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/wazuh-agent/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml deleted file mode 100644 index a0b050b1..00000000 --- a/molecule/wazuh-agent/molecule.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker - #lint: - # name: yamllint -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - #- name: wazuh_server_centos7 - # image: milcom/centos7-systemd - # networks: - # - name: wazuh - # privileged: true - # groups: - # - manager - - name: wazuh_agent_bionic - image: ubuntu:bionic - networks: - - name: wazuh - groups: - - agent - #- name: wazuh_agent_xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_trusty - # image: ubuntu:trusty - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos6 - # image: centos:6 - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos7 - # image: milcom/centos7-systemd - # privileged: true - # networks: - # - name: wazuh - # groups: - # - agent -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - inventory: - group_vars: - agent: - api_pass: password - wazuh_managers: - - address: "{{ wazuh_manager_ip }}" - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template deleted file mode 100644 index a0b050b1..00000000 --- a/molecule/wazuh-agent/molecule.yml.template +++ /dev/null @@ -1,89 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker - #lint: - # name: yamllint -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - #- name: wazuh_server_centos7 - # image: milcom/centos7-systemd - # networks: - # - name: wazuh - # privileged: true - # groups: - # - manager - - name: wazuh_agent_bionic - image: ubuntu:bionic - networks: - - name: wazuh - groups: - - agent - #- name: wazuh_agent_xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_trusty - # image: ubuntu:trusty - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos6 - # image: centos:6 - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos7 - # image: milcom/centos7-systemd - # privileged: true - # networks: - # - name: wazuh - # groups: - # - agent -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - inventory: - group_vars: - agent: - api_pass: password - wazuh_managers: - - address: "{{ wazuh_manager_ip }}" - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml deleted file mode 100644 index 4feac0c2..00000000 --- a/molecule/wazuh-agent/playbook.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-agent - vars: - wazuh_managers: - - address: 'manager_platform' - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template deleted file mode 100644 index 4feac0c2..00000000 --- a/molecule/wazuh-agent/playbook.yml.template +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-agent - vars: - wazuh_managers: - - address: 'manager_platform' - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml deleted file mode 100644 index ddb1bbe1..00000000 --- a/molecule/wazuh-agent/prepare.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Prepare - hosts: manager - gather_facts: true - tasks: - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - roles: - - role: wazuh/ansible-wazuh-manager - -- name: Prepare - hosts: agent - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_agent_dependencies_packages_installed - until: wazuh_agent_dependencies_packages_installed is succeeded diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py deleted file mode 100644 index 1846d3fe..00000000 --- a/molecule/wazuh-agent/tests/test_agents.py +++ /dev/null @@ -1,28 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_ossec_package_installed(Package): - ossec = Package('wazuh-agent') - assert ossec.is_installed - - -@pytest.mark.parametrize("wazuh_service, wazuh_owner", ( - ("ossec-agentd", "ossec"), - ("ossec-execd", "root"), - ("ossec-syscheckd", "root"), - ("wazuh-modulesd", "root"), -)) -def test_wazuh_processes_running(host, wazuh_service, wazuh_owner): - master = host.process.get(user=wazuh_owner, comm=wazuh_service) - assert master.args == "/var/ossec/bin/" + wazuh_service diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py deleted file mode 100644 index 9b085b2b..00000000 --- a/molecule/wazuh-agent/tests/test_manager.py +++ /dev/null @@ -1,15 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('manager') - - -def test_agents_registered_on_manager(host): - cmd = host.run("/var/ossec/bin/manage_agents -l") - assert 'wazuh_agent_bionic' in cmd.stdout - assert 'wazuh_agent_xenial' in cmd.stdout - assert 'wazuh_agent_trusty' in cmd.stdout - assert 'wazuh_agent_centos6' in cmd.stdout - assert 'wazuh_agent_centos7' in cmd.stdout diff --git a/molecule/worker/Dockerfile.j2 b/molecule/worker/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/worker/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template deleted file mode 100644 index ecfe6469..00000000 --- a/molecule/worker/molecule.yml.template +++ /dev/null @@ -1,53 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: worker_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: worker - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml deleted file mode 100644 index a59f93f2..00000000 --- a/molecule/worker/playbook.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'worker-01' - node_type: 'worker' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_bionic' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } - - diff --git a/molecule/worker/playbook.yml.template b/molecule/worker/playbook.yml.template deleted file mode 100644 index 45b12d1d..00000000 --- a/molecule/worker/playbook.yml.template +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'worker-01' - node_type: 'worker' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_platform' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } - - diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py deleted file mode 100644 index 4de03dc3..00000000 --- a/molecule/worker/tests/test_default.py +++ /dev/null @@ -1,85 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1514").is_listening - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.3.2') From a1359495a98a966851f171f238b7f372c46f8a78 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Sep 2019 10:57:23 +0200 Subject: [PATCH 207/559] Fix linting: trailing whitespace --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 85706199..af17e528 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -76,7 +76,7 @@ mode: 0660 notify: restart elasticsearch tags: configure - + - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf lineinfile: path: /etc/security/limits.conf From 02425e0c85a15157882f5db6f559acd12383a945 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Sep 2019 11:09:21 +0200 Subject: [PATCH 208/559] Fix linting errors Fixed linting on xpack_security.yml --- .../tasks/xpack_security.yml | 67 +++++++++---------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e64b71df..046c3382 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -39,7 +39,7 @@ when: - node_certs_generator -- name: Importing custom CA key +- name: Importing custom CA key copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" @@ -61,7 +61,7 @@ - name: Generating certificates for Elasticsearch security (generating CA) shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator @@ -70,37 +70,37 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists - not generate_CA - - ca_password == "" + - ca_password | length == 0 tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} - --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip - --ca-pass {{ca_password}} + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + --ca-pass {{ ca_password }} when: - node_certs_generator - not xpack_certs_zip.stat.exists - not generate_CA - - ca_password != "" - tags: xpack-security - + - ca_password | length > 0 + tags: xpack-security + - name: Verify the Elastic certificates directory file: path: "{{ master_certs_path }}" state: directory mode: '0700' delegate_to: "127.0.0.1" - when: + when: - node_certs_generator - name: Verify the Certificates Authority directory @@ -109,7 +109,7 @@ state: directory mode: '0700' delegate_to: "127.0.0.1" - when: + when: - node_certs_generator - name: Copying certificates to Ansible master @@ -118,7 +118,7 @@ dest: "{{ master_certs_path }}/" flat: yes mode: 0700 - when: + when: - node_certs_generator tags: xpack-security @@ -126,39 +126,39 @@ file: state: absent path: "{{ node_certs_source }}/certs.zip" - when: + when: - node_certs_generator - + - name: Unzip generated certs.zip unarchive: - src: "{{master_certs_path}}/certs.zip" - dest: "{{master_certs_path}}/" + src: "{{ master_certs_path }}/certs.zip" + dest: "{{ master_certs_path }}/" become: true delegate_to: "127.0.0.1" - when: + when: - node_certs_generator tags: xpack-security - name: Copying node's certificate from master copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" with_items: - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_path}}/ca/ca.crt" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" + - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA tags: xpack-security - name: Copying node's certificate from master (Custom CA) copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_path}}/ca/{{ca_cert_name}}" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + with_items: + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" + - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA tags: xpack-security @@ -179,4 +179,3 @@ echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password when: - node_certs_generator - \ No newline at end of file From 534704f115628b6d92a8f81100f56d7b64a1c1b2 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Sep 2019 12:47:28 +0200 Subject: [PATCH 209/559] Fix linting errors on vars --- roles/wazuh/ansible-filebeat/tasks/main.yml | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7cd01cbd..85bd17e1 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -28,25 +28,25 @@ - name: Copying node's certificate from master copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" - - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" - - "{{master_certs_path}}/ca/ca.crt" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + with_items: + - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" + - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" + - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA - filebeat_xpack_security tags: xpack-security - + - name: Copying node's certificate from master (Custom CA) copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" - - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt" - - "{{master_certs_path}}/ca/{{ca_cert_name}}" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + with_items: + - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" + - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" + - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA - filebeat_xpack_security From 4f955fe4988b19c433342daeed87e1bc852b5c78 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Sep 2019 12:49:26 +0200 Subject: [PATCH 210/559] Switch tasks from shell to command --- .../tasks/xpack_security.yml | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 046c3382..650692c5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -60,9 +60,10 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (generating CA) - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in - {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + command: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem + --in {{ node_certs_source }}/instances.yml + --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists @@ -70,10 +71,12 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) - shell: >- + command: >- /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} - --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + --ca-key {{ node_certs_source }}/{{ ca_key_name }} + --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --pem --in {{ node_certs_source }}/instances.yml + --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists @@ -82,9 +85,10 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) - shell: >- + command: >- /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --ca-key {{ node_certs_source }}/{{ ca_key_name }} + --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip --ca-pass {{ ca_password }} when: @@ -175,7 +179,8 @@ tags: xpack-security - name: Set elasticsearch bootstrap password - shell: >- + command: >- + set -o pipefail echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password when: - node_certs_generator From de70f4eecd1ae6d25e907a0124625952305e07a0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 24 Sep 2019 18:36:44 +0200 Subject: [PATCH 211/559] Add single_node:false to ES distributed playbook --- playbooks/wazuh-elastic_stack-distributed.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index b582df9b..8c6bc567 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -17,6 +17,7 @@ elasticsearch_xpack_security: true node_certs_generator: true elasticsearch_xpack_security_password: elastic_pass + single_node: false vars: instances: @@ -35,6 +36,7 @@ - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-2 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: @@ -47,6 +49,7 @@ - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true elasticsearch_discovery_nodes: From b8803de85fb71edf090b0c076d4fe3684cd7cb36 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 24 Sep 2019 18:37:14 +0200 Subject: [PATCH 212/559] Fix set bootstrap password task. Linting OK --- .../ansible-elasticsearch/tasks/xpack_security.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 650692c5..d05c3241 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -179,8 +179,8 @@ tags: xpack-security - name: Set elasticsearch bootstrap password - command: >- - set -o pipefail - echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password + shell: >- + set -o pipefail; + echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password when: - node_certs_generator From 0017b34c6b6ae9ccb7e1d9a4b5a23d299ef4bf64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 25 Sep 2019 09:14:07 +0200 Subject: [PATCH 213/559] Update CHANGELOG.md --- CHANGELOG.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95a9d18b..72c6ae35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,22 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.10.2_7.3.2] + +### Added + +- Update to Wazuh v3.10.2 + +### Changed + +- Moved molecule folder to Wazuh QA Repository [manuasir](https://github.com/manuasir) [#120ed16](https://github.com/wazuh/wazuh-ansible/commit/120ed163b6f131315848938beca65c1f1cad7f1b) + +- Refactored XPack Security configuration tasks [@jm404](https://github.com/jm404) [#246](https://github.com/wazuh/wazuh-ansible/pull/246) + +### Fixed + +- Fixed ES bootstrap password configuration [@jm404](https://github.com/jm404) [#b8803de](https://github.com/wazuh/wazuh-ansible/commit/b8803de85fb71edf090b0c076d4fe3684cd7cb36) + ## [v3.10.0_7.3.2] ### Added From 5646848266ceefe513134f0a230d179913442cea Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 25 Sep 2019 09:14:31 +0200 Subject: [PATCH 214/559] Bump version to 3.10.2_7.3.2 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/VERSION b/VERSION index 2a8b969e..f4d1cb92 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.0" -REVISION="31000" +WAZUH-ANSIBLE_VERSION="v3.10.2" +REVISION="31020" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 25525d89..ad639011 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.3.2 -wazuh_version: 3.10.0 +wazuh_version: 3.10.2 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index f6904240..fe6749ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.10.0 +wazuh_agent_version: 3.10.2 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -26,7 +26,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.0' + version: '3.10.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: ee5b24216db472d291da4e14f0b3bc63 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 87ab144b..170a8da5 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.10.0 +wazuh_manager_api_version: 3.10.2 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From a0d4967b1fd0ab19e5bfa4fab571345253bef2ba Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 25 Sep 2019 09:48:07 +0200 Subject: [PATCH 215/559] Add filebeat_module_folder to default variables --- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 78a47cf8..46d65654 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,6 +28,8 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_folder: /usr/share/filebeat/module/wazuh + # Xpack Security filebeat_xpack_security: false @@ -43,3 +45,5 @@ node_certs_destination: /etc/filebeat/certs master_certs_path: /es_certs generate_CA: true ca_cert_name: "" + + From 744193008199987e8c589093c45186e3e47c466a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 25 Sep 2019 11:49:56 +0200 Subject: [PATCH 216/559] Add default filebeat module variables --- roles/wazuh/ansible-filebeat/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 46d65654..d38565d9 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,6 +28,9 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /tmp/ +filebeat_module_destination: /usr/share/filebeat/module filebeat_module_folder: /usr/share/filebeat/module/wazuh # Xpack Security From 133cda683a6c3e7e9efd5120f955d1b9a57ebe7a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 25 Sep 2019 12:47:49 +0200 Subject: [PATCH 217/559] Fix linting in ansible-kibana tasks --- .../ansible-kibana/tasks/main.yml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b49cef4e..f2152d00 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -17,12 +17,12 @@ - name: Copying node's certificate from master copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" - - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" - - "{{master_certs_path}}/ca/ca.crt" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + with_items: + - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" + - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" + - "{{ master_certs_path }}/ca/ca.crt" tags: xpack-security when: - kibana_xpack_security @@ -30,13 +30,13 @@ - name: Copying node's certificate from master (Custom CA) copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - mode: '0664' - with_items: - - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.key" - - "{{master_certs_path}}/{{kibana_node_name}}/{{ kibana_node_name }}.crt" - - "{{master_certs_path}}/ca/{{ca_cert_name}}" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + mode: '0664' + with_items: + - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" + - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" + - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - kibana_xpack_security - not generate_CA @@ -69,7 +69,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: '0664' notify: restart kibana tags: configure From e8881ee82fdf1be46543b1d460f01550a815de7b Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 26 Sep 2019 13:03:14 +0200 Subject: [PATCH 218/559] Bypass idempotence tests on elastic xpack --- .../tasks/xpack_security.yml | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index d05c3241..35f64fae 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -68,7 +68,9 @@ - node_certs_generator - not xpack_certs_zip.stat.exists - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) command: >- @@ -82,7 +84,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length == 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) command: >- @@ -96,7 +100,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length > 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Verify the Elastic certificates directory file: @@ -124,7 +130,9 @@ mode: 0700 when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Delete certs.zip in Generator node file: @@ -132,6 +140,7 @@ path: "{{ node_certs_source }}/certs.zip" when: - node_certs_generator + tags: molecule-idempotence-notest - name: Unzip generated certs.zip unarchive: @@ -141,7 +150,9 @@ delegate_to: "127.0.0.1" when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master copy: @@ -153,7 +164,9 @@ - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master (Custom CA) copy: @@ -165,7 +178,9 @@ - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Ensuring folder permissions file: @@ -179,8 +194,11 @@ tags: xpack-security - name: Set elasticsearch bootstrap password - shell: >- - set -o pipefail; + shell: | + set -o pipefail echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password + args: + executable: /bin/bash when: - node_certs_generator + tags: molecule-idempotence-notest From 736f9b8c4822baac0bce60afcc45ea698dc68ee4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 13:05:44 +0200 Subject: [PATCH 219/559] Rename Elastic respository to allow upgrades from 6.x --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 67a34e7e..69c698f0 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -38,7 +38,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 16366dfc..d02664c8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -2,7 +2,7 @@ - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 95663765..ae6ff0e9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -17,7 +17,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index 1364552b..abb8b0c0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch From 33a95a5c4a7b50f5f920bf0088b7e225beea728b Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 13:06:42 +0200 Subject: [PATCH 220/559] Fix "Checking Wazuh-APP version" task that updates plugins --- .../elastic-stack/ansible-kibana/tasks/main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index f2152d00..8f9602ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -74,24 +74,26 @@ tags: configure - name: Checking Wazuh-APP version - shell: | - set -o pipefail - grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo + shell: >- + grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false - tags: install + failed_when: wazuh_app_verify.stderr | length > 0 - name: Removing old Wazuh-APP - command: /usr/share/kibana/bin/kibana-plugin remove wazuh - when: wazuh_app_verify.stdout == "0" + command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh + when: wazuh_app_verify.rc == 1 + debugger: always tags: install - name: Removing bundles file: path=/usr/share/kibana/optimize/bundles state=absent - when: wazuh_app_verify.stdout == "0" + become: yes + become_user: kibana + when: wazuh_app_verify.rc == 1 tags: install - name: Install Wazuh-APP (can take a while) From 4c9ae0eee5bd3842352894c28b7b0a4770ea1299 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 16:11:20 +0200 Subject: [PATCH 221/559] Fix conditional when checking Wazuh-APP version --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8f9602ae..9e28411a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -81,7 +81,9 @@ removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false - failed_when: wazuh_app_verify.stderr | length > 0 + failed_when: + - wazuh_app_verify.rc != 0 + - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh From 1ec7e696e2c5f574eef77cae1a068b92f1f78891 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 16:11:38 +0200 Subject: [PATCH 222/559] Remove debugger setting used in testing --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 9e28411a..584becc7 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -88,7 +88,6 @@ - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh when: wazuh_app_verify.rc == 1 - debugger: always tags: install - name: Removing bundles From 47b16b3c20b3f85e68e0d44f0644f176152b56d3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 26 Sep 2019 16:32:57 +0200 Subject: [PATCH 223/559] Support both IP and DNS when creating elastic cluster --- .../ansible-elasticsearch/templates/instances.yml.j2 | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index c74b1700..62182293 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,10 +4,14 @@ {% if node_certs_generator %} instances: -{% for (key,value) in instances.iteritems() %} -- name: "{{ value.name }}" +{% for (key,value) in instances.items() %} +- name: "{{ value.name }}" +{% if value.ip %} ip: - "{{ value.ip }}" -{% endfor %} - +{% elif value.dns %} + dns: + - "{{ value.dns }}" +{% endif %} +{% endfor %} {% endif %} From 7444885ecd26b381f46d2ac57baa3aa786f4f3e8 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 12:47:44 +0200 Subject: [PATCH 224/559] Check if var is defined --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 62182293..1e87f8d2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip %} +{% if value.ip is defined %} ip: - "{{ value.ip }}" -{% elif value.dns %} +{% elif value.dns is defined %} dns: - "{{ value.dns }}" {% endif %} From a542c3bb4ba27d57356f4bae6886c4c329e5f6a1 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 13:08:02 +0200 Subject: [PATCH 225/559] Remove unzip check --- .../ansible-elasticsearch/tasks/xpack_security.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 35f64fae..8cdfdb77 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -1,12 +1,4 @@ -- name: Install unzip dependency. - package: - name: unzip - state: present - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - name: Check if certificate exists locally stat: path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" From 7371e7392041fe1753073290e231acf143ee8b71 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 13:38:45 +0200 Subject: [PATCH 226/559] Update default variables for sca configuration --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 170a8da5..f45e95b0 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -154,6 +154,14 @@ wazuh_manager_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' vul_detector: disable: 'yes' interval: '5m' From beacf88017b24f9b473b11dbfa56e6c76c782b2f Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:29:53 +0200 Subject: [PATCH 227/559] Update Manager template to add configuration --- .../var-ossec-etc-ossec-server.conf.j2 | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 65ae38fb..b107d6d1 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -222,6 +222,32 @@ {{ wazuh_manager_config.syscollector.processes }} + {% if ansible_system == "Linux" %} + + {% if wazuh_manager_config.sca.enabled | length > 0 %} + {{ wazuh_manager_config.sca.enabled }} + {% endif %} + {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} + {{ wazuh_manager_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_manager_config.sca.interval | length > 0 %} + {{ wazuh_manager_config.sca.interval }} + {% endif %} + {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.time | length > 0 %} + + {% endif %} + + {% endif %} + {{ wazuh_manager_config.vul_detector.disable }} {{ wazuh_manager_config.vul_detector.interval }} From 3e0cc08104726cc9338260eaf4ab58312df7fa64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:30:11 +0200 Subject: [PATCH 228/559] Add sca default variables to wazuh agent defaults --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fe6749ce..7eaab059 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -237,6 +237,14 @@ wazuh_agent_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' cis_cat: disable: 'yes' install_java: 'yes' From d45ad1db03538c8935ad57c0132f2e78bf96eb89 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:30:20 +0200 Subject: [PATCH 229/559] Update wazuh agent template to add sca configuration --- .../var-ossec-etc-ossec-agent.conf.j2 | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6946cc07..59ab67d2 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -270,7 +270,31 @@ {{ wazuh_agent_config.syscollector.processes }} - + {% if ansible_system == "Linux" %} + + {% if wazuh_agent_config.sca.enabled | length > 0 %} + {{ wazuh_agent_config.sca.enabled }} + {% endif %} + {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} + {{ wazuh_agent_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_agent_config.sca.interval | length > 0 %} + {{ wazuh_agent_config.sca.interval }} + {% endif %} + {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.time | length > 0 %} + + {% endif %} + + {% endif %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} From 6fc395a81f7ccb4a469a73fcd28e6c159432df87 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 15:12:54 +0200 Subject: [PATCH 230/559] Add length check --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 1e87f8d2..b2f3bf6c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip is defined %} +{% if value.ip is defined and value.ip | length > 0 %} ip: - "{{ value.ip }}" -{% elif value.dns is defined %} +{% elif value.dns is defined and value.dns | length > 0 %} dns: - "{{ value.dns }}" {% endif %} From a53674791f7ff3d8ab276a35d1c17bfdf5292fc7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 16:44:12 +0200 Subject: [PATCH 231/559] Add xpack scenario in the Readme --- .../ansible-elasticsearch/README.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index f3089e7e..68d55c29 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -12,6 +12,8 @@ This role will work on: * Fedora * Debian * Ubuntu + +For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master. Role Variables -------------- @@ -53,6 +55,70 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` +- Three nodes Elasticsearch cluster with XPack security +``` +--- +- hosts: elastic-1 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.111 + node_name: node-1 + single_node: false + elasticsearch_master_candidate: true + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_xpack_security: true + node_certs_generator: true + node_certs_generator_ip: 172.16.0.111 + + vars: + instances: + node-1: + name: node-1 + ip: 172.16.0.111 + node-2: + name: node-2 + ip: 172.16.0.112 + node-3: + name: node-3 + ip: 172.16.0.113 + +- hosts: elastic-2 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.112 + elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +- hosts: elastic-3 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.113 + elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +``` + + License and copyright --------------------- From 65ba7e088f361854de3a80cfd5c031b35d863cb3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 18:39:21 +0200 Subject: [PATCH 232/559] Add config tag to the enable service task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index d9415ffc..37a8a8eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -185,6 +185,7 @@ name: wazuh-agent enabled: true state: started + tags: config - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 86de4a0fee015d2c6e96fc10d08dc008b8fc29ca Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 11:01:18 +0200 Subject: [PATCH 233/559] Add elasticsearch_reachable_host This fixes #262 --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 +---- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index f365f66a..c19fcce9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,6 +3,7 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 +elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true @@ -30,7 +31,3 @@ generate_CA: true ca_key_name: "" ca_cert_name: "" ca_password: "" - - - - diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index af17e528..706de27e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,7 +109,7 @@ - init - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_reachable_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init From 38993c3100360f09539834714078da9fd7add340 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 18:20:29 +0200 Subject: [PATCH 234/559] Fix vars on cluster example --- roles/elastic-stack/ansible-elasticsearch/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 68d55c29..41cebd54 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -62,7 +62,7 @@ Example Playbook roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.111 - node_name: node-1 + elasticsearch_node_name: node-1 single_node: false elasticsearch_master_candidate: true elasticsearch_bootstrap_node: true @@ -95,6 +95,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.112 elasticsearch_node_name: node-2 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 @@ -108,6 +109,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.113 elasticsearch_node_name: node-3 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 From b9695dc9058236758a44adb421a4c2b89fd9b4b8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:25:53 +0200 Subject: [PATCH 235/559] Remove product_id parameter from windows Agent. Update md5 --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 3 +-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index f6904240..0222d8d7 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -29,8 +29,7 @@ wazuh_winagent_config: version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: ee5b24216db472d291da4e14f0b3bc63 - register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5 + md5: 2bceb80901f22b56221658aceb64b914 wazuh_agent_config: active_response: ar_disabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2d388748..8dff6274 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -42,7 +42,6 @@ - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}' state: present - name: Windows | Check if client.keys exists From 37bbca73a420aec8cf191f72db2a98408c1ac430 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:30:59 +0200 Subject: [PATCH 236/559] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95a9d18b..3c192f74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,10 @@ All notable changes to this project will be documented in this file. - Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232) - Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234) +### Fixed + +- Removed registry key check on Wazuh Agent installation in windows [@jm404](https://github.com/jm404) [#265](https://github.com/wazuh/wazuh-ansible/pull/265) + ## [v3.9.5_7.2.1] ### Added From 867936d4c5fa3b71a33e812627eb529b809cccc0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 2 Oct 2019 09:52:13 +0200 Subject: [PATCH 237/559] Update md5 for windows agent installater --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 0222d8d7..32d5963c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -29,7 +29,7 @@ wazuh_winagent_config: version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 2bceb80901f22b56221658aceb64b914 + md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: active_response: ar_disabled: 'no' From 99426a3c0fbf5d98e6c930a0c21c2deaef65ea51 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 4 Oct 2019 17:01:34 +0200 Subject: [PATCH 238/559] New task to create elasticsearch users Fixes #269 Fixes #268 --- .../ansible-elasticsearch/README.md | 7 +++++++ .../tasks/xpack_security.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 41cebd54..b10a2152 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -79,6 +79,13 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' instances: node-1: name: node-1 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 8cdfdb77..1d338cf7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -194,3 +194,19 @@ when: - node_certs_generator tags: molecule-idempotence-notest + +- name: Create elasticsearch users + uri: + url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined + - node_certs_generator From d7e3cec04bed4a865971601aee9daf34ec3fe1f5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 7 Oct 2019 16:17:18 +0200 Subject: [PATCH 239/559] Enabling sca for Windows Agent in the ossec.conf template --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 59ab67d2..4d43bc94 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -270,7 +270,6 @@ {{ wazuh_agent_config.syscollector.processes }} - {% if ansible_system == "Linux" %} {% if wazuh_agent_config.sca.enabled | length > 0 %} {{ wazuh_agent_config.sca.enabled }} @@ -294,7 +293,6 @@ {% endif %} - {% endif %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} From d482629c80f13ed4367db87b1c71a9bbf95e9ea3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 7 Oct 2019 16:26:56 +0200 Subject: [PATCH 240/559] Remove sca linux conditional from Manager template --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index b107d6d1..145af4af 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -222,7 +222,6 @@ {{ wazuh_manager_config.syscollector.processes }} - {% if ansible_system == "Linux" %} {% if wazuh_manager_config.sca.enabled | length > 0 %} {{ wazuh_manager_config.sca.enabled }} @@ -246,7 +245,6 @@ {% endif %} - {% endif %} {{ wazuh_manager_config.vul_detector.disable }} From 1e8cc831cfbd0cd9be2c6c03d3ca986a5116f557 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 16:47:41 +0200 Subject: [PATCH 241/559] Remove become from local task --- .../elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 1d338cf7..855be9b9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -138,7 +138,6 @@ unarchive: src: "{{ master_certs_path }}/certs.zip" dest: "{{ master_certs_path }}/" - become: true delegate_to: "127.0.0.1" when: - node_certs_generator From 9c125c6b1c16d2873882c68b9f976db824da7185 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 16:59:58 +0200 Subject: [PATCH 242/559] Move user creation to main file --- .../ansible-elasticsearch/tasks/main.yml | 15 +++++++++++++++ .../tasks/xpack_security.yml | 16 ---------------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 706de27e..8146eaee 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -119,3 +119,18 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" + +- name: Create elasticsearch users + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 855be9b9..e9261956 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -193,19 +193,3 @@ when: - node_certs_generator tags: molecule-idempotence-notest - -- name: Create elasticsearch users - uri: - url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" - method: POST - body_format: json - user: "{{ elasticsearch_xpack_security_user }}" - password: "{{ elasticsearch_xpack_security_password }}" - body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' - validate_certs: no - loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" - register: http_response - failed_when: http_response.status != 200 - when: - - elasticsearch_xpack_users is defined - - node_certs_generator From dcc7624d59317f784c8d98b7dde050e4177095ac Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:00:47 +0200 Subject: [PATCH 243/559] Add waiting task before creating users Wait for elasticsearch API to be ready before attempting to add users --- .../ansible-elasticsearch/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8146eaee..aef459e2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -120,6 +120,22 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" +- name: Wait for Elasticsearch API + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + when: + - elasticsearch_xpack_users is defined + - name: Create elasticsearch users uri: url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" From 9b0bcf9fe64d533b671d7d7d323e5aba36aee4c9 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:12:01 +0200 Subject: [PATCH 244/559] Add docs on user creation --- .../ansible-elasticsearch/README.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index b10a2152..288628e7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -55,7 +55,9 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` + - Three nodes Elasticsearch cluster with XPack security + ``` --- - hosts: elastic-1 @@ -79,13 +81,6 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: - elasticsearch_xpack_users: - anne: - password: 'PasswordHere' - roles: '["kibana_user", "monitoring_user"]' - jack: - password: 'PasswordHere' - roles: '["superuser"]' instances: node-1: name: node-1 @@ -124,9 +119,19 @@ Example Playbook - 172.16.0.111 - 172.16.0.112 - 172.16.0.113 + vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' ``` +It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example. + License and copyright --------------------- From 56e7d1093721dc3cdc13eb0923670d933a733ffd Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:13:11 +0200 Subject: [PATCH 245/559] Fix space typo --- roles/elastic-stack/ansible-elasticsearch/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 288628e7..388affce 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -55,9 +55,7 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` - - Three nodes Elasticsearch cluster with XPack security - ``` --- - hosts: elastic-1 From c265bbbaac6c581fba22f3947ac9cea05a94b06c Mon Sep 17 00:00:00 2001 From: havidarou Date: Sat, 19 Oct 2019 17:39:38 +0200 Subject: [PATCH 246/559] Add filebeat role to wazuh-elastic_stack-single.yml playbook --- playbooks/wazuh-elastic_stack-single.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index ac5efaf1..051b5fd2 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -2,5 +2,7 @@ - hosts: roles: - {role: ../roles/wazuh/ansible-wazuh-manager} + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } From 6db1fd65d385e2365c64e08c18e771eb5b62475f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 21 Oct 2019 16:34:43 +0200 Subject: [PATCH 247/559] Add support for environments with low disk space This adds and option to bypass ES default disk-based shard allocation. --- .../ansible-elasticsearch/defaults/main.yml | 1 + .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index c19fcce9..87381a4e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -14,6 +14,7 @@ elasticsearch_cluster_nodes: elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_lower_disk_requirements: false # X-Pack Security elasticsearch_xpack_security: false elasticsearch_xpack_security_user: elastic diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 3cd386da..2bb6ebe4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -27,6 +27,13 @@ discovery.seed_hosts: {% endfor %} {% endif %} +{% if elasticsearch_lower_disk_requirements %} +cluster.routing.allocation.disk.threshold_enabled: true +cluster.routing.allocation.disk.watermark.flood_stage: 200mb +cluster.routing.allocation.disk.watermark.low: 500mb +cluster.routing.allocation.disk.watermark.high: 300mb +{% endif %} + # XPACK Security {% if elasticsearch_xpack_security %} @@ -49,4 +56,4 @@ xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }} {% elif generate_CA == false %} xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/{{ca_cert_name}}" ] {% endif %} -{% endif %} \ No newline at end of file +{% endif %} From 62ac174880772dd874b884dbff89da919287453e Mon Sep 17 00:00:00 2001 From: sgargel Date: Thu, 24 Oct 2019 18:24:32 +0200 Subject: [PATCH 248/559] Fix for Wazuh-API User skipped on debian This should fix that Wazuh-API User task is being skipped on debian > 6 --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..40b51863 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,8 +322,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config @@ -379,8 +378,7 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - name: Ensure Wazuh Manager is started and enabled (EL5) service: From 9647c79e68c14ec8f345e16632c9a4ce577c47dc Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Fri, 25 Oct 2019 13:44:56 +0200 Subject: [PATCH 249/559] Updated Filebeat configuration file template --- .../templates/filebeat.yml.j2 | 56 ++++--------------- 1 file changed, 11 insertions(+), 45 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 466d9a89..da87ec8d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -1,58 +1,24 @@ # Wazuh - Filebeat configuration file -filebeat.inputs: - - type: log - paths: - - '/var/ossec/logs/alerts/alerts.json' +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false setup.template.json.enabled: true -setup.template.json.path: "/etc/filebeat/wazuh-template.json" -setup.template.json.name: "wazuh" +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' setup.template.overwrite: true +setup.ilm.enabled: false -processors: - - decode_json_fields: - fields: ['message'] - process_array: true - max_depth: 200 - target: '' - overwrite_keys: true - - drop_fields: - fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'] - - rename: - fields: - - from: "data.aws.sourceIPAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.srcip" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.win.eventdata.ipAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b # Send events directly to Elasticsearch output.elasticsearch: hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} - #pipeline: geoip - indices: - - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' + {% if filebeat_xpack_security %} username: {{ elasticsearch_xpack_security_user }} password: {{ elasticsearch_xpack_security_password }} From 359f3e3cb40dfcf1c10cd99af7eee9c866e59d39 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Fri, 25 Oct 2019 13:45:03 +0200 Subject: [PATCH 250/559] Updated Wazuh template --- roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 06af6322..5387bf8c 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,6 +162,7 @@ "data.dstip", "data.dstport", "data.dstuser", + "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -943,6 +944,9 @@ "data": { "type": "keyword" }, + "extra_data": { + "type": "keyword" + }, "system_name": { "type": "keyword" }, @@ -1673,4 +1677,4 @@ } }, "version": 1 -} +} \ No newline at end of file From 88d3ea22dd83eb5eb0d3654c06e26d5183ae8673 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 25 Oct 2019 16:59:14 +0200 Subject: [PATCH 251/559] Update tempate for ossec.conf (Agent) --- .../var-ossec-etc-ossec-agent.conf.j2 | 159 +++++++++--------- 1 file changed, 81 insertions(+), 78 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 4d43bc94..61c28012 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True {{ wazuh_agent_config.client_buffer.disable }} {{ wazuh_agent_config.client_buffer.queue_size }} {{ wazuh_agent_config.client_buffer.events_per_sec }} + {{ wazuh_agent_config.log_format }} @@ -72,7 +72,6 @@ {% endif %} yes {% endif %} - {% if ansible_os_family == "Windows" %} ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt @@ -86,11 +85,11 @@ {% if wazuh_agent_config.syscheck is defined %} no - + {{ wazuh_agent_config.syscheck.frequency }} {% if ansible_system == "Linux" %} - + /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot @@ -130,7 +129,7 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} {% endif %} @@ -270,29 +269,29 @@ {{ wazuh_agent_config.syscollector.processes }} - - {% if wazuh_agent_config.sca.enabled | length > 0 %} - {{ wazuh_agent_config.sca.enabled }} - {% endif %} - {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} - {{ wazuh_agent_config.sca.scan_on_start }} - {% endif %} - {% if wazuh_agent_config.sca.interval | length > 0 %} - {{ wazuh_agent_config.sca.interval }} - {% endif %} - {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} - - {% endif %} - + + {% if wazuh_agent_config.sca.enabled | length > 0 %} + {{ wazuh_agent_config.sca.enabled }} + {% endif %} + {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} + {{ wazuh_agent_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_agent_config.sca.interval | length > 0 %} + {{ wazuh_agent_config.sca.interval }} + {% endif %} + {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.time | length > 0 %} + + {% endif %} + {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} @@ -306,68 +305,72 @@ {% endif %} - {% if ansible_system == "Linux" %} - {% for localfile in wazuh_agent_config.localfiles.linux %} - - {{ localfile.format }} + {% if ansible_system == "Linux" %} + {% for localfile in wazuh_agent_config.localfiles.linux %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} {% endif %} - + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Debian" %} - {% for localfile in wazuh_agent_config.localfiles.debian %} - - {{ localfile.format }} + {% if ansible_os_family == "Debian" %} + {% for localfile in wazuh_agent_config.localfiles.debian %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "RedHat" %} - {% for localfile in wazuh_agent_config.localfiles.centos %} - - {{ localfile.format }} + {% if ansible_os_family == "RedHat" %} + {% for localfile in wazuh_agent_config.localfiles.centos %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Windows" %} - {% for localfile in wazuh_agent_config.localfiles.windows %} - - {{ localfile.format }} - {% if localfile.format == 'eventchannel' %} - {{ localfile.location }} - {{ localfile.query}} - {% else %} - {{ localfile.location }} - {% endif %} - + {% if ansible_os_family == "Windows" %} + {% for localfile in wazuh_agent_config.localfiles.windows %} + + + {{ localfile.format }} + {% if localfile.format == 'eventchannel' %} + {{ localfile.location }} + {{ localfile.query}} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} From 9d607c2a4256b608c8338e7aae09203725a41cd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 25 Oct 2019 16:59:25 +0200 Subject: [PATCH 252/559] Update template for ossec.conf (Manager) --- .../var-ossec-etc-ossec-server.conf.j2 | 192 ++++++++++-------- 1 file changed, 112 insertions(+), 80 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 145af4af..733cae18 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True no @@ -222,29 +231,29 @@ {{ wazuh_manager_config.syscollector.processes }} - - {% if wazuh_manager_config.sca.enabled | length > 0 %} - {{ wazuh_manager_config.sca.enabled }} - {% endif %} - {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} - {{ wazuh_manager_config.sca.scan_on_start }} - {% endif %} - {% if wazuh_manager_config.sca.interval | length > 0 %} - {{ wazuh_manager_config.sca.interval }} - {% endif %} - {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} - - {% endif %} - + + {% if wazuh_manager_config.sca.enabled | length > 0 %} + {{ wazuh_manager_config.sca.enabled }} + {% endif %} + {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} + {{ wazuh_manager_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_manager_config.sca.interval | length > 0 %} + {{ wazuh_manager_config.sca.interval }} + {% endif %} + {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.time | length > 0 %} + + {% endif %} + {{ wazuh_manager_config.vul_detector.disable }} @@ -297,7 +306,6 @@ {% for no_diff in wazuh_manager_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} @@ -319,53 +327,77 @@ {% endfor %} - {% for command in wazuh_manager_config.commands %} - - {{ command.name }} - {{ command.executable }} - {{ command.expect }} - {{ command.timeout_allowed }} - +{% for command in wazuh_manager_config.commands %} + + + {{ command.name }} + {{ command.executable }} + {{ command.expect }} + {{ command.timeout_allowed }} + +{% endfor %} + + + + ruleset/decoders + ruleset/rules + {% if wazuh_manager_config.rule_exclude is defined %} + {% for rule in wazuh_manager_config.rule_exclude %} + {{ rule }} {% endfor %} + {% endif %} + {% if cdb_lists is defined %} + {% for list in cdb_lists %} + etc/lists/{{ list.name }} + {% endfor %} + {% endif %} - - - ruleset/decoders - ruleset/rules - {% if wazuh_manager_config.rule_exclude is defined %} - {% for rule in wazuh_manager_config.rule_exclude %} - {{ rule }} - {% endfor %} - {% endif %} - {% if cdb_lists is defined %} - {% for list in cdb_lists %} - etc/lists/{{ list.name }} - {% endfor %} - {% endif %} - - - etc/decoders - etc/rules + + etc/decoders + etc/rules {% if wazuh_manager_config.authd.enable == true %} no - {% if wazuh_manager_config.authd.port is not none %}{{wazuh_manager_config.authd.port}}{% else %}1515{% endif %} - {% if wazuh_manager_config.authd.use_source_ip is not none %}{{wazuh_manager_config.authd.use_source_ip}}{% endif %} - {% if wazuh_manager_config.authd.force_insert is not none %}{{wazuh_manager_config.authd.force_insert}}{% endif %} - {% if wazuh_manager_config.authd.force_time is not none %}{{wazuh_manager_config.authd.force_time}}{% endif %} - {% if wazuh_manager_config.authd.purge is not none %}{{wazuh_manager_config.authd.purge}}{% endif %} - {% if wazuh_manager_config.authd.use_password is not none %}{{wazuh_manager_config.authd.use_password}}{% endif %} - {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_verify_host is not none %}{{wazuh_manager_config.authd.ssl_verify_host}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_key is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}{{wazuh_manager_config.authd.ssl_auto_negotiate}}{% endif %} + {% if wazuh_manager_config.authd.port is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1515 + {% endif %} + {% if wazuh_manager_config.authd.use_source_ip is not none %} + {{wazuh_manager_config.authd.use_source_ip}} + {% endif %} + {% if wazuh_manager_config.authd.force_insert is not none %} + {{wazuh_manager_config.authd.force_insert}} + {% endif %} + {% if wazuh_manager_config.authd.force_time is not none %} + {{wazuh_manager_config.authd.force_time}} + {% endif %} + {% if wazuh_manager_config.authd.purge is not none %} + {{wazuh_manager_config.authd.purge}} + {% endif %} + {% if wazuh_manager_config.authd.use_password is not none %} + {{wazuh_manager_config.authd.use_password}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_verify_host is not none %} + {{wazuh_manager_config.authd.ssl_verify_host}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_cert is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_key is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %} + {{wazuh_manager_config.authd.ssl_auto_negotiate}} + {% endif %} {% endif %} - {{ wazuh_manager_config.cluster.disable }} {{ wazuh_manager_config.cluster.name }} @@ -385,7 +417,7 @@ {{ wazuh_manager_config.cluster.hidden }} - {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} +{% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} no Wazuh-VULS @@ -394,7 +426,7 @@ yes {{ wazuh_manager_config.vuls.run_on_start }} - {% endif %} +{% endif -%} {% if agentless_creds is defined %} {% for agentless in agentless_creds %} @@ -407,11 +439,8 @@ {{ agentless.arguments }} {% endif %} - {% endfor %} -{% endif %} - - +{% endif -%} {% if wazuh_manager_config.active_responses is defined %} {% for response in wazuh_manager_config.active_responses %} @@ -427,10 +456,11 @@ {%if response.repeated_offenders is defined %}{{ response.repeated_offenders }}{% endif %} {% endfor %} -{% endif %} +{% endif -%} {% for localfile in wazuh_manager_config.localfiles.common %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -468,6 +498,7 @@ {% if ansible_os_family == "Debian" %} {% for localfile in wazuh_manager_config.localfiles.debian %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -502,10 +533,11 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -540,7 +572,7 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if wazuh_manager_config.syslog_outputs is defined %} {% for syslog_output in wazuh_manager_config.syslog_outputs %} From 812fadd76b40a9f05c5159fa53b9a150368ca272 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:01:25 +0100 Subject: [PATCH 253/559] Add default to manage repositories --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 87f8534c..d7155415 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -31,6 +31,10 @@ wazuh_winagent_config: repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' From 8a69a6e92234db6539ff439e5a7c1097c2851903 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:07 +0100 Subject: [PATCH 254/559] Update Debian repositories to use dynamic urls from default variables --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 +++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 48e45685..e2629069 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -22,13 +22,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuh_agent_config.repo.apt }}" state: present update_cache: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9e9a94d7..79328bb1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,13 +24,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: deb "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true changed_when: false @@ -49,7 +50,8 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) From afff33941d088497085209c5d2d750e7e423fe8e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:41 +0100 Subject: [PATCH 255/559] Update RedHat tasks to use dynamic repo urls from variables --- .../ansible-wazuh-agent/tasks/RedHat.yml | 27 ++++++---------- .../ansible-wazuh-manager/tasks/RedHat.yml | 31 ++++++++++--------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 33382e28..86d38f12 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,36 +1,27 @@ --- -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_installed -- name: AmazonLinux | Install Wazuh repo +- name: RedHat/CentOS/Fedora | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" gpgcheck: true changed_when: false when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - repo_v5_installed is undefined - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 7540e142..ffac6189 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -38,26 +38,29 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true + changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_manager_installed + +- name: RedHat/CentOS/Fedora | Install Wazuh repo + yum_repository: + name: wazuh_repo + description: Wazuh repository + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + gpgcheck: true + changed_when: false + when: + - repo_v5_manager_installed is undefined - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 8c1740381bc392322395663963d9d76dff331dee Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:22 +0100 Subject: [PATCH 256/559] Add manager repo variables --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f45e95b0..1482a533 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,6 +5,10 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest wazuh_manager_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' alerts_log: 'yes' logall: 'no' From a21392fe58991ac5e0645e69afd38e57f43fcc74 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:32 +0100 Subject: [PATCH 257/559] Fix manager repo variables typo --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ffac6189..3ec0719b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -42,8 +42,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}5/" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" + baseurl: "{{ wazuh_manager_config.repo.yum }}5/" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: @@ -55,8 +55,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + baseurl: "{{ wazuh_manager_config.repo.yum }}" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}" gpgcheck: true changed_when: false when: From 30b04ac5a8b7c0771d2485a4a44a0b44bc8b8665 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:55:21 +0100 Subject: [PATCH 258/559] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) mode change 100644 => 100755 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 index ad13d3d3..f220561d --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.xx.x_x.x.x] + +## Changed + +- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) + ## [v3.10.2_7.3.2] ### Added From 3bedf74055c69f8eccb1f2083a93df9fdb9ad777 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 11:50:55 +0100 Subject: [PATCH 259/559] Fix wrong conditionals in repo installation tasks --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 86d38f12..0c3b8b97 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -9,7 +9,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 3ec0719b..71a5a375 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -48,7 +48,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo From 83d0de790a46e9ebed1a86fc9c9fe6e22f2335fe Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 15:54:29 +0100 Subject: [PATCH 260/559] Fix wazuh manager variable typo related with repositories --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 79328bb1..bad36dfb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -25,13 +25,13 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: - url: "{{ wazuh_agent_config.repo.gpg }}" + url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_agent_config.repo.apt }}" + repo: deb "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From acb052ba73a5dc6cb15751c7d98452f32a586fdd Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:09:39 +0100 Subject: [PATCH 261/559] Fix RedHat conditional related with Wazuh repositories --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 71a5a375..09b2c0a4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -60,7 +60,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed is undefined + - repo_v5_manager_installed.skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 34ed408cfd05ce24938b819b069babdfce3c5fab Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:54:00 +0100 Subject: [PATCH 262/559] Fix typo in Debian repository installation task --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index bad36dfb..8bf97217 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_manager_config.repo.apt }}" + repo: "deb {{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From fd0d51bc52432c5e78062a980e8f1ff50e3dbce9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:53:14 +0100 Subject: [PATCH 263/559] Change Agent repository condition to .skipped like manager task --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 0c3b8b97..7bfcc611 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -21,8 +21,8 @@ gpgcheck: true changed_when: false when: - - repo_v5_installed is undefined - + - repo_v5_installed.skipped + - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm From f367e9bd23ad7b12b11caf1ed94737f8665da11f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:54:51 +0100 Subject: [PATCH 264/559] Fix typo in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f220561d..b434ff63 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ## Changed -- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) ## [v3.10.2_7.3.2] From 0587512be17e52abeed441c837a4380eec2530c3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 29 Oct 2019 17:31:44 +0100 Subject: [PATCH 265/559] Require openssl --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..42be0533 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,6 +5,11 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Install Openssl + package: + name: openssl + state: present + - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: From d17542698218973c1e938bbd317d58f8420ce70a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 29 Oct 2019 17:36:57 +0100 Subject: [PATCH 266/559] Remove duplicated install --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 09b2c0a4..efec0395 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -66,7 +66,6 @@ package: name={{ item }} state=present with_items: - openscap-scanner - - openssl register: wazuh_manager_openscp_packages_installed until: wazuh_manager_openscp_packages_installed is succeeded tags: From ec0104cda58d4acca20422a63a40268e00354536 Mon Sep 17 00:00:00 2001 From: sgargel Date: Wed, 30 Oct 2019 11:05:46 +0100 Subject: [PATCH 267/559] Update main.yml --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 40b51863..7b2ca34e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,7 +322,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config From d184ec76fe20af247cb5bbffb27b7f6533bd18fe Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 30 Oct 2019 15:06:00 +0100 Subject: [PATCH 268/559] Require unzip --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 42be0533..97a9f4fa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,15 +1,18 @@ --- +- name: "Install dependencies" + package: + name: + - unzip + - openssl + - tar + state: present + - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Install Openssl - package: - name: openssl - state: present - - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: From f0f54b63a658eeb41c579f3a2859ddbb50293582 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:32 +0100 Subject: [PATCH 269/559] Rename "elasticsearch_master_candidate" to "elasticsearch_node_master" --- roles/elastic-stack/ansible-elasticsearch/README.md | 10 +++++----- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../templates/elasticsearch.yml.j2 | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 388affce..c574aa9f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -48,11 +48,11 @@ Example Playbook - hosts: 172.16.0.162 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} - hosts: 172.16.0.163 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` - Three nodes Elasticsearch cluster with XPack security @@ -64,7 +64,7 @@ Example Playbook elasticsearch_network_host: 172.16.0.111 elasticsearch_node_name: node-1 single_node: false - elasticsearch_master_candidate: true + elasticsearch_node_master: true elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - 172.16.0.111 @@ -97,7 +97,7 @@ Example Playbook elasticsearch_node_name: node-2 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 @@ -111,7 +111,7 @@ Example Playbook elasticsearch_node_name: node-3 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 87381a4e..abf3161c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,7 +8,7 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true elasticsearch_bootstrap_node: false -elasticsearch_master_candidate: false +elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 2bb6ebe4..4f8d56cc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -20,7 +20,7 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate|lower }} +node.master: {{ elasticsearch_node_master|lower }} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 9020e06ec8d330276439faf78bcbb012281bfbc2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:56 +0100 Subject: [PATCH 270/559] Update ES parameters with new node.ingest and node.data variables --- .../ansible-elasticsearch/defaults/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index abf3161c..bcd81183 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -1,20 +1,25 @@ --- -elasticsearch_cluster_name: wazuh -elasticsearch_node_name: node-1 + elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true +elasticsearch_cluster_name: wazuh +elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: false elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_node_data: true +elasticsearch_node_ingest: true -elasticsearch_lower_disk_requirements: false # X-Pack Security elasticsearch_xpack_security: false elasticsearch_xpack_security_user: elastic @@ -24,8 +29,6 @@ node_certs_generator: false node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs - - # CA generation master_certs_path: /es_certs generate_CA: true From a46b681dcfc32f655ed4e93a09e1b4e5d9fa190e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:02:26 +0100 Subject: [PATCH 271/559] Update elasticsearch.yml to render node.data and .ingest vars --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 4f8d56cc..0d6887f5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -21,6 +21,12 @@ discovery.seed_hosts: {% endfor %} {% else %} node.master: {{ elasticsearch_node_master|lower }} +{% if elasticsearch_node_data|lower == 'false' %} +node.data: false +{% endif %} +{% if elasticsearch_node_ingest|lower == 'false' %} +node.ingest: false +{% endif %} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} @@ -34,9 +40,8 @@ cluster.routing.allocation.disk.watermark.low: 500mb cluster.routing.allocation.disk.watermark.high: 300mb {% endif %} -# XPACK Security - {% if elasticsearch_xpack_security %} +# XPACK Security xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate From 895715bd19f6f6ff80d3bdf62176a34e21e0539d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 30 Oct 2019 16:34:30 +0100 Subject: [PATCH 272/559] Enable node repo for Amazon Linux --- .../wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 09b2c0a4..bea182b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -26,17 +26,9 @@ args: warn: false executable: /bin/bash + creates: /etc/yum.repos.d/nodesource-el7.repo when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - -- name: AmazonLinux | Install Nodejs repo - yum: - name: nodejs - state: present - register: wazuh_manager_amz_node_packages_installed - until: wazuh_manager_amz_node_packages_installed is succeeded - when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - ansible_distribution|lower == "amazon" - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -47,7 +39,7 @@ gpgcheck: true changed_when: false when: - - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) register: repo_v5_manager_installed @@ -60,7 +52,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed.skipped + - repo_v5_manager_installed|skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From f36d8be92ef7850fd3474cede6acd2dd1952bd5b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 10:35:59 +0100 Subject: [PATCH 273/559] Fixing repo_v5 | skipped ocurrences. Updating to new format --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 7bfcc611..cbc981d5 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -21,7 +21,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_installed.skipped + - repo_v5_installed is skipped - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index fd614765..d64829a9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -52,7 +52,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed|skipped + - repo_v5_manager_installed is skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 0ce3590b6e84f5fa7703211a6038d50446c25dfe Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 12:48:38 +0100 Subject: [PATCH 274/559] Add "agent_name" var to "wazuh_agent_authd" vars --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d7155415..22b1f26c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -12,6 +12,7 @@ wazuh_auto_restart: 'yes' wazuh_agent_authd: enable: false port: 1515 + agent_name: null ssl_agent_ca: null ssl_agent_cert: null ssl_agent_key: null From 5af556b72c4263e05fc405f5eedd7700aa4c14d4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 12:49:21 +0100 Subject: [PATCH 275/559] Update Wazuh Agent registration task with new "agent_name" var --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..4300576f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -51,7 +51,7 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - -A {{ agent_name }} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} From e531427df05c3263f49d7914cb3aef99d5c9369e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 13:30:47 +0100 Subject: [PATCH 276/559] Fix syntax error on Register agent task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 4300576f..88c0784b 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -51,7 +51,7 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} From b6ccd7020e78a192162f711ca3dc515d1fa38e4b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 14:25:11 +0100 Subject: [PATCH 277/559] Add notify to Agent registration tasks to explictly restart it --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..bc00e87e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -63,6 +63,7 @@ {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} register: agent_auth_output + notify: restart wazuh-agent vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: @@ -99,6 +100,7 @@ user: "{{ wazuh_managers.0.api_user }}" password: "{{ api_pass }}" register: newagent_api + notify: restart wazuh-agent # changed_when: newagent_api.json.error == 0 vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" From e52a5dba4fa308e1694f541d46947dc63f8faf31 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 14:44:33 +0100 Subject: [PATCH 278/559] Update windows register task to use new "agent_name" variable --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 8dff6274..2de09a8e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,6 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent From 483a543c76fc6f6017237b2a15f59364c4bb51ef Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:14:30 +0100 Subject: [PATCH 279/559] Create variable to flexibility Wazuh App URL --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ad639011..36367cea 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,6 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.3.2 wazuh_version: 3.10.2 +wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security kibana_xpack_security: false From 5684805d5539b264669868b1013dd4854b208622 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:14:53 +0100 Subject: [PATCH 280/559] Update Kibana task to make use of "wazuh_app_url" --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 584becc7..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,7 +98,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: From 0d95790a163895887ad3e2ca7a83e7e12b4f8f3b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:25:33 +0100 Subject: [PATCH 281/559] Update CHANGELOG.md --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..68c280a7 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,11 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Added + +- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) From e4f72e0ad3aa52052043ec45023bdd9a58d446dc Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:26:58 +0100 Subject: [PATCH 282/559] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..39a086da 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,10 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) ## [v3.10.2_7.3.2] From 9dcb8b424432f3a5d2ddd8c28645eb81929a8e4c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:36:36 +0100 Subject: [PATCH 283/559] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..6bd805cb 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ All notable changes to this project will be documented in this file. - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +### Fixed + +- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) + ## [v3.10.2_7.3.2] ### Added From c02885c2ad21abcd0b18e084e065986120726a71 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 11:48:31 +0100 Subject: [PATCH 284/559] Update conditional in Redhat/Debian installation --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..41cf60df 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -10,7 +10,7 @@ async: 90 poll: 30 when: - - ansible_distribution in ['CentOS','RedHat'] + - {{ ansible_os_family|lower == "redhat" }} tags: - init @@ -20,7 +20,7 @@ state: present cache_valid_time: 3600 when: - - not (ansible_distribution in ['CentOS','RedHat']) + - {{ ansible_os_family|lower != "redhat" }} tags: - init From 1593e7fdc243f8aa668459b1ee37df7d48636b25 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 11:51:22 +0100 Subject: [PATCH 285/559] Fix syntax errors on Wazuh Agent installation conditionals --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 41cf60df..3d9d04dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -10,7 +10,7 @@ async: 90 poll: 30 when: - - {{ ansible_os_family|lower == "redhat" }} + - ansible_os_family|lower == "redhat" tags: - init @@ -20,7 +20,7 @@ state: present cache_valid_time: 3600 when: - - {{ ansible_os_family|lower != "redhat" }} + - ansible_os_family|lower != "redhat" tags: - init From 2ad7e03a7cbc8822c2a1fef8e5f6fad6a33a153c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:22:32 +0100 Subject: [PATCH 286/559] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..ff30cea7 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ## Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) ## [v3.10.2_7.3.2] From 5fb65306b7d09c462503749ab3f84b2b0d3635a5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:24:00 +0100 Subject: [PATCH 287/559] Update CHANGELOG.md --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff30cea7..1ddce2c9 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,12 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +### Fixed + - Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) ## [v3.10.2_7.3.2] From 27c332183d289ef70f0b7b5b9c3cd26c638a07fb Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:51:41 +0100 Subject: [PATCH 288/559] Add Amazon conditonal to RHEL/Centos --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index cbc981d5..5c026a13 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -8,7 +8,7 @@ gpgcheck: true changed_when: false when: - - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) register: repo_v5_installed From 11fe7e81ba57a28b691a70a6c82d47906f0d05a5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 17:08:59 +0100 Subject: [PATCH 289/559] Fix trailing whitespaces for linting --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 5c026a13..8f3b8dbd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -22,7 +22,7 @@ changed_when: false when: - repo_v5_installed is skipped - + - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm From 1c2d6d41ec5652002dae9931efb6093fac460506 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 14:16:14 +0100 Subject: [PATCH 290/559] Update default variables for manager version and package state --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1482a533..e5c56256 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,8 +1,8 @@ --- -wazuh_manager_api_version: 3.10.2 +wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" -wazuh_manager_package_state: latest +wazuh_manager_package_state: present wazuh_manager_config: repo: From d64b107fbb7c892fa2ed11629f8c4fdb06f3b1b6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 14:16:36 +0100 Subject: [PATCH 291/559] Update tasks related to manager installation. Remove -1, update state --- .../ansible-wazuh-manager/tasks/main.yml | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 97a9f4fa..b90909dc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -14,20 +14,22 @@ when: ansible_os_family == "Debian" - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" with_items: - wazuh-manager - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] + - ansible_os_family|lower == "redhat" tags: - init - name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: - name: "{{ item }}={{ wazuh_manager_api_version }}-1" + name: "{{ item }}={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 with_items: @@ -36,13 +38,15 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) + - not (ansible_os_family|lower == "redhat") tags: init - name: Install expect - package: pkg=expect state={{ wazuh_manager_package_state }} + package: + name: expect + state: "{{ wazuh_manager_package_state }}" when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) + - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 @@ -54,15 +58,17 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - wazuh_manager_config.cluster.disable != 'yes' -- name: Install wazuh-manager and expect (EL5) - package: pkg={{ item }} state={{ wazuh_manager_package_state }} +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" with_items: - - wazuh-manager-{{ wazuh_manager_api_version }} - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 tags: - init From cc18318590e7e783ae16c7b7bb533b0630f268e4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:07:56 +0100 Subject: [PATCH 292/559] Fix trailing whitespaces for linting --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b90909dc..bd0c9663 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -14,7 +14,7 @@ when: ansible_os_family == "Debian" - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: + package: name: "{{ item }}-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" with_items: @@ -59,7 +59,7 @@ - wazuh_manager_config.cluster.disable != 'yes' - name: Install expect (EL5) - package: + package: name: "{{ item }}" state: "{{ wazuh_manager_package_state }}" with_items: From 00f04dd4a46e5e23a4981e4c087d32a680f14162 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:18:49 +0100 Subject: [PATCH 293/559] Update wazuh_agent_version value --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..dc2b366d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.10.2 +wazuh_agent_version: 3.10.2-1 wazuh_managers: - address: 127.0.0.1 port: 1514 From 357a21bed3e72e933ed590aef1c3467ac103c03a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:19:07 +0100 Subject: [PATCH 294/559] Update Agent installation tasks to remove "-1" sufix --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 7230c7a6..949e5719 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -6,7 +6,9 @@ when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent - package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present + package: + name: wazuh-agent-{{ wazuh_agent_version }} + state: present async: 90 poll: 30 when: @@ -16,7 +18,7 @@ - name: Linux Debian | Install wazuh-agent apt: - name: "wazuh-agent={{ wazuh_agent_version }}-1" + name: "wazuh-agent={{ wazuh_agent_version }}" state: present cache_valid_time: 3600 when: From 0b62d85802b248916f3739ed9c53de577098f2b3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:30:46 +0100 Subject: [PATCH 295/559] Fix linting: trailing whitespace --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 949e5719..698f704f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -6,7 +6,7 @@ when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent - package: + package: name: wazuh-agent-{{ wazuh_agent_version }} state: present async: 90 From c657ebd50e41a49c9e00a82a3a47a1de620029de Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:28:11 +0100 Subject: [PATCH 296/559] Change "openscap.disable" to no in default Wazuh Agent variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..378a6689 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -218,7 +218,7 @@ wazuh_agent_config: rootcheck: frequency: 43200 openscap: - disable: 'no' + disable: 'yes' timeout: 1800 interval: '1d' scan_on_start: 'yes' From ee7cf1a5984e7c2ad5f74d86824014efcf80da65 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:37:40 +0100 Subject: [PATCH 297/559] Change default repo.apt variable of Managers and Agents to include "deb" --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..e87e3a6f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,7 +33,7 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: - apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1482a533..634d3758 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -6,7 +6,7 @@ wazuh_manager_package_state: latest wazuh_manager_config: repo: - apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' From 154e10912a7fdf363ab7dd4f69dafaf79f0effd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:38:24 +0100 Subject: [PATCH 298/559] Include apt repository name in debian task. Remove explicit "deb" --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index e2629069..1aa7a38e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -29,7 +29,8 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: "deb {{ wazuh_agent_config.repo.apt }}" + filename: wazuh_repo + repo: "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 8bf97217..611aa3b6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -31,7 +31,8 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: "deb {{ wazuh_manager_config.repo.apt }}" + filename: wazuh_repo + repo: "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From e1f88c84f2d76029c5a60e5a249bdf535b6b24d2 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 7 Nov 2019 17:41:16 +0100 Subject: [PATCH 299/559] Enable allow-root flag for kibana-plugin --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 622db80b..aba4060c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,14 +98,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: | + /usr/share/kibana/bin/kibana-plugin --allow-root install \ + https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json - become: yes - become_user: kibana notify: restart kibana tags: - install From 63c5fcce08cbbb205bb9c66a3ed0ac88cb596d81 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 11 Nov 2019 11:32:44 +0100 Subject: [PATCH 300/559] Fix Wazuh-API User task conditionals. Removed exclusion of OS's --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index bd0c9663..2a14fb69 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -336,8 +336,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 tags: - config From 75c6ee2ea9f716f7c58d9153954a6ee19e6dd966 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 14:51:18 +0100 Subject: [PATCH 301/559] Update apt param format --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 611aa3b6..48f528cc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -85,16 +85,15 @@ - init - name: Debian/Ubuntu | Install OpenScap - package: - name: "{{ item }}" + apt: + name: + - libopenscap8 + - xsltproc state: present cache_valid_time: 3600 register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc tags: - init From 7316af3db1de1b0b8124a4ec59e65a29ac80ba1f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:02:09 +0100 Subject: [PATCH 302/559] Move OS dependent tasks to its own file --- .../ansible-wazuh-manager/tasks/Debian.yml | 12 +++++ .../ansible-wazuh-manager/tasks/RedHat.yml | 37 ++++++++++++++ .../ansible-wazuh-manager/tasks/main.yml | 51 ------------------- 3 files changed, 49 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 48f528cc..1f5d6e96 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -112,3 +112,15 @@ changed_when: false tags: - config + +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api + apt: + name: "{{ item }}={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index d64829a9..c8e8a95a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,3 +137,40 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - expect + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 + tags: + - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a14fb69..e8734373 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,34 +13,6 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: - name: "{{ item }}-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - tags: - - init - -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api - apt: - name: "{{ item }}={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - not (ansible_os_family|lower == "redhat") - tags: init - - name: Install expect package: name: expect @@ -49,29 +21,6 @@ - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install expect (EL5) - package: - name: "{{ item }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - expect - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "RedHat" - - ansible_distribution_major_version|int < 6 - tags: - - init - - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: From ee6daa79d741c2e9bc78d67ef8de930bdab2af1e Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:08:50 +0100 Subject: [PATCH 303/559] Disable APT recommends --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 1f5d6e96..a61b064d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -7,6 +7,7 @@ - gnupg state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded @@ -91,6 +92,7 @@ - xsltproc state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' @@ -118,6 +120,7 @@ name: "{{ item }}={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 + install_recommends: false with_items: - wazuh-manager - wazuh-api From c1141b1e73c3bc118c11bce9ec674d6fbc32c0d7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:32:15 +0100 Subject: [PATCH 304/559] Remove deprecation warning --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index a61b064d..b7bc7946 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -117,13 +117,12 @@ - name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: - name: "{{ item }}={{ wazuh_manager_version }}" + name: + - "wazuh-manager={{ wazuh_manager_version }}" + - "wazuh-api={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 install_recommends: false - with_items: - - wazuh-manager - - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded tags: init From 249f6b666d95303d3e0f0c78bac20dd14dbd1240 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:53:59 +0100 Subject: [PATCH 305/559] Use include_tasks to reduce unnecessary output --- roles/wazuh/ansible-filebeat/tasks/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 85bd17e1..ca5ea6ac 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- import_tasks: RedHat.yml +- include_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- import_tasks: Debian.yml +- include_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: CentOS/RedHat | Install Filebeat. @@ -116,8 +116,8 @@ state: started enabled: true -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e8734373..ed4847aa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,10 +7,10 @@ - tar state: present -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect @@ -353,8 +353,8 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From 0384bf69117b740f890941a31dc775441f01d84d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 16:07:00 +0100 Subject: [PATCH 306/559] Switch agent to include_tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 8 ++++---- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 698f704f..2ef87f11 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,8 +1,8 @@ --- -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent @@ -191,8 +191,8 @@ state: started tags: config -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 4b919bc5..25c7b955 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "Windows.yml" +- include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- import_tasks: "Linux.yml" +- include_tasks: "Linux.yml" when: ansible_system == "Linux" From 10ab6a30a627e57d5596c41019dc597feb58211e Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 307/559] Bump elasticsearch version --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index bcd81183..7eb645c2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 36367cea..526bfabf 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 wazuh_version: 3.10.2 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d38565d9..c5914664 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From 699cbccf7eac4a311889a6f49c14cd2ef455c23b Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 308/559] Resolved conflicts --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 ++++- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index f365f66a..ceb3244b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,10 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ad639011..92605c13 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 wazuh_version: 3.10.2 # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d38565d9..c5914664 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From ade8496dce289eba5ab2901bf11149dce4c365be Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 309/559] Resolved conflicts --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 ++++- roles/elastic-stack/ansible-kibana/defaults/main.yml | 5 +++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index ca6dd06e..0015c25b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,10 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 06c2c6af..19b33876 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,9 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 -wazuh_version: 3.10.0 +elastic_stack_version: 7.4.2 +wazuh_version: 3.10.2 +wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 180308a6..d37cf5e6 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From fbd287984d49dfe4f531d6479db2c17959241637 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 10:50:49 +0100 Subject: [PATCH 310/559] Set default user to "elastic" for the first API calls to ES --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index aef459e2..d74a391b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -123,7 +123,7 @@ - name: Wait for Elasticsearch API uri: url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" - user: "{{ elasticsearch_xpack_security_user }}" + user: "elastic" # Default Elasticsearch user is always "elastic" password: "{{ elasticsearch_xpack_security_password }}" validate_certs: no status_code: 200,401 @@ -141,7 +141,7 @@ url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" method: POST body_format: json - user: "{{ elasticsearch_xpack_security_user }}" + user: "elastic" password: "{{ elasticsearch_xpack_security_password }}" body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' validate_certs: no From 2b4a1407a5f804bd502391ad24a79fa786ff93bf Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:11:28 +0100 Subject: [PATCH 311/559] Add variables for sources installation --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 4060e99c..e8e5c83c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,6 +33,8 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: + sources: false + sources_branch: "3.10" apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' From 8e56076b9fc8e4200a4dadd5dfbf67943844ec5f Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:11:59 +0100 Subject: [PATCH 312/559] Add conditionals to disable repo installation and install from sources --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 7 +++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 1aa7a38e..cd7f3d77 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,4 +1,9 @@ --- + +- include_tasks: "installation_from_sources" + when: + - wazuh_agent_config.repo.sources == "true" + - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -33,6 +38,8 @@ repo: "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true + when: + - wazuh_agent_config.repo.sources == "false" - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8f3b8dbd..1aa909fa 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,4 +1,9 @@ --- + +- include_tasks: "installation_from_sources" + when: + - wazuh_agent_config.repo.sources == "true" + - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo @@ -10,6 +15,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) + - wazuh_agent_config.repo.sources == "false" register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -22,6 +28,7 @@ changed_when: false when: - repo_v5_installed is skipped + - wazuh_agent_config.repo.sources == "false" - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: From a3f4ed74eaf8b7c87fa5a10db306c50f8a026f53 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:12:22 +0100 Subject: [PATCH 313/559] Add installation_from_sources.yml tasks --- .../tasks/installation_from_sources.yml | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml new file mode 100644 index 00000000..f068353c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -0,0 +1,59 @@ +--- + - hosts: all + tasks: + - include_vars: ../defaults/main.yml + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - policycoreutils-python-utils + - automake + - autoconf + - libtool + state: present + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + dest: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Extract downloaded Wazuh branch from Github + unarchive: + src: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + dest: "/tmp/" + remote_src: yes + + - name: Configure "preloaded_vars.conf" file + copy: + dest: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/etc/preloaded-vars.conf" + content: | + USER_LANGUAGE="en" + USER_NO_STOP="y" + USER_INSTALL_TYPE="agent" + USER_DIR="/var/ossec" + USER_ENABLE_SYSCHECK="y" + USER_ENABLE_ROOTCHECK="y" + USER_ENABLE_OPENSCAP="y" + USER_ENABLE_ACTIVE_RESPONSE="y" + USER_AGENT_SERVER_IP="{{ wazuh_managers.0.address }}" + USER_CA_STORE="/var/ossec/wpk_root.pem" + USER_ENABLE_SCA="y" + force: yes + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/src/" + with_items: + - "clean" + - "clean-deps" + failed_when: false + + - name: Executing "install.sh" script to build and install the Wazuh Agent + shell: ./install.sh + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}" + + become: yes From df016d53c6173512f790cba1e95e8d7a6a1f81e2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:39:12 +0100 Subject: [PATCH 314/559] Add variables for wazuh installation from sources --- .../ansible-wazuh-agent/defaults/main.yml | 22 +++++++++++++++-- .../ansible-wazuh-manager/defaults/main.yml | 24 +++++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e8e5c83c..58db0f85 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,25 @@ --- wazuh_agent_version: 3.10.2-1 +wazuh_sources_installation: + enabled: "true" + branch: "3.10" + user_language: "y" + user_no_stop: "y" + user_install_type: "agent" + user_dir: "/var/ossec" + user_delete_dir: "y" + user_enable_active_response: "y" + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_authd: null + user_generate_authd_cert: null + user_update: null + user_binaryinstall: null + user_agent_server_ip: null + user_agent_server_name: null + user_agent_config_profile: null + wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -33,8 +53,6 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: - sources: false - sources_branch: "3.10" apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e66ccae5..924bd980 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,30 @@ wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +wazuh_sources_installation: + enabled: false + branch: "3.10" + user_language: "y" + user_no_stop: "y" + user_install_type: "manager" + user_dir: "/var/ossec" + user_delete_dir: "y" + user_enable_active_response: "y" + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_authd: "y" + user_generate_authd_cert: "n" + user_update: null + user_binaryinstall: null + user_enable_email: null + user_auto_start: null + user_email_address: null + user_email_smpt: null + user_enable_syslog: null + user_white_list: null + user_ca_store: null + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 46b4d34695094e1066f8cebaf7e3a14e78938e4f Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:41:28 +0100 Subject: [PATCH 315/559] Update conditionals to use new variables --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 10 ++++++++-- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 6 ++++++ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++++-- 6 files changed, 28 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index cd7f3d77..5e2cfae6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -2,7 +2,7 @@ - include_tasks: "installation_from_sources" when: - - wazuh_agent_config.repo.sources == "true" + - wazuh_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -39,7 +39,7 @@ state: present update_cache: true when: - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 2ef87f11..3a745a20 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -13,6 +13,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" + - not wazuh_sources_installation.enabled tags: - init @@ -23,6 +24,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" + - not wazuh_sources_installation.enabled tags: - init @@ -192,7 +194,11 @@ tags: config - include_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + when: + - ansible_os_family == "RedHat" + - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" + when: + - ansible_os_family == "Debian" + - not wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 1aa909fa..a81ecea5 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -2,7 +2,7 @@ - include_tasks: "installation_from_sources" when: - - wazuh_agent_config.repo.sources == "true" + - wazuh_sources_installation.enabled - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -15,7 +15,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -28,7 +28,7 @@ changed_when: false when: - repo_v5_installed is skipped - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index b7bc7946..fc3a646f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -23,12 +23,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -37,6 +39,8 @@ state: present update_cache: true changed_when: false + when: + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -126,3 +130,5 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded tags: init + when: + - not wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..2a76fb45 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -41,6 +41,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) + - not wazuh_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -53,6 +54,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped + - not wazuh_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -149,6 +151,7 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" + - not wazuh_sources_installation.enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index ed4847aa..901ec050 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,7 +354,11 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" + when: + - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" + - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" + when: + - ansible_os_family == "Debian" + - not wazuh_sources_installation.enabled From 8ecbeff501b403ba9c7bc611a4f89d46763219b3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:42:27 +0100 Subject: [PATCH 316/559] Update installation_from_sources.yml. Added installation conditionals --- .../tasks/installation_from_sources.yml | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index f068353c..bdfc9676 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -7,53 +7,59 @@ name: - make - gcc - - policycoreutils-python-utils - automake - autoconf - libtool state: present + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" - dest: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Extract downloaded Wazuh branch from Github unarchive: - src: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" dest: "/tmp/" remote_src: yes - - name: Configure "preloaded_vars.conf" file - copy: - dest: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/etc/preloaded-vars.conf" - content: | - USER_LANGUAGE="en" - USER_NO_STOP="y" - USER_INSTALL_TYPE="agent" - USER_DIR="/var/ossec" - USER_ENABLE_SYSCHECK="y" - USER_ENABLE_ROOTCHECK="y" - USER_ENABLE_OPENSCAP="y" - USER_ENABLE_ACTIVE_RESPONSE="y" - USER_AGENT_SERVER_IP="{{ wazuh_managers.0.address }}" - USER_CA_STORE="/var/ossec/wpk_root.pem" - USER_ENABLE_SCA="y" - force: yes - - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" - failed_when: false + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: ../templates/preloaded_vars.conf.j2 + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh args: - chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}" + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" become: yes From 6a0c92294e0f08644a538f4ebb68771d3d21c2db Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:42:40 +0100 Subject: [PATCH 317/559] Implement template for preloaded_vars.conf --- .../ansible-wazuh-agent/templates/preloaded_vars.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 new file mode 100644 index 00000000..f02252d1 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file From b3a2fea6b94616726e2d6250915eb71b55fc1285 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 18 Nov 2019 16:04:00 +0100 Subject: [PATCH 318/559] UPdate wazuh-agent default settings related to sources_installation --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 58db0f85..886de1bb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -12,13 +12,15 @@ wazuh_sources_installation: user_enable_syscheck: "y" user_enable_rootcheck: "y" user_enable_openscap: "y" - user_enable_authd: null - user_generate_authd_cert: null + user_enable_sca: "y" + user_enable_authd: "y" + user_generate_authd_cert: "n" user_update: null user_binaryinstall: null - user_agent_server_ip: null + user_agent_server_ip: "172.16.1.2" user_agent_server_name: null user_agent_config_profile: null + user_ca_store: "/var/ossec/wpk_root.pem" wazuh_managers: - address: 127.0.0.1 From c1b331be79ef28cb4bb768d45879523009f9777a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 18 Nov 2019 16:04:13 +0100 Subject: [PATCH 319/559] Update Wazuh Manager default vars related to sources installation --- .../ansible-wazuh-manager/defaults/main.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 924bd980..9df70863 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,11 +5,11 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_sources_installation: - enabled: false + enabled: true branch: "3.10" - user_language: "y" + user_language: "en" user_no_stop: "y" - user_install_type: "manager" + user_install_type: "server" user_dir: "/var/ossec" user_delete_dir: "y" user_enable_active_response: "y" @@ -17,16 +17,17 @@ wazuh_sources_installation: user_enable_rootcheck: "y" user_enable_openscap: "y" user_enable_authd: "y" - user_generate_authd_cert: "n" + user_generate_authd_cert: null user_update: null user_binaryinstall: null - user_enable_email: null - user_auto_start: null + user_enable_email: "n" + user_auto_start: "y" user_email_address: null user_email_smpt: null - user_enable_syslog: null - user_white_list: null + user_enable_syslog: "n" + user_white_list: "n" user_ca_store: null + threads: "2" wazuh_manager_config: repo: From 9258026c49400e23f2c7247ac6dd89ef57331752 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:08:42 +0100 Subject: [PATCH 320/559] Update installation_from_sources.yml to pass linting --- .../tasks/installation_from_sources.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index bdfc9676..d45c4219 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -33,7 +33,7 @@ url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - + - name: Extract downloaded Wazuh branch from Github unarchive: src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" @@ -47,19 +47,22 @@ with_items: - "clean" - "clean-deps" - failed_when: false + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false - name: Render the "preloaded-vars.conf" file template: - src: ../templates/preloaded_vars.conf.j2 + src: /templates/preloaded_vars.conf.j2 dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' - - name: Executing "install.sh" script to build and install the Wazuh Agent - shell: ./install.sh + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 args: chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" - - become: yes + become: yes \ No newline at end of file From b467a9e5c77278c2a66601fc8d7116019baf91ee Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:09:10 +0100 Subject: [PATCH 321/559] Fix linting for "Linux.yml" tasks in Wazuh Agent --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 3a745a20..5cd95ff4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -194,11 +194,11 @@ tags: config - include_tasks: "RMRedHat.yml" - when: + when: - ansible_os_family == "RedHat" - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: + when: - ansible_os_family == "Debian" - not wazuh_sources_installation.enabled From cbc5de68acb955441358ad33b4f2144770f83489 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:09:56 +0100 Subject: [PATCH 322/559] Set "delete_dir" and "enable_active_response" to null in manager default --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9df70863..ab652cc2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -11,8 +11,8 @@ wazuh_sources_installation: user_no_stop: "y" user_install_type: "server" user_dir: "/var/ossec" - user_delete_dir: "y" - user_enable_active_response: "y" + user_delete_dir: null + user_enable_active_response: null user_enable_syscheck: "y" user_enable_rootcheck: "y" user_enable_openscap: "y" From 95ee10d7a71da6e6dfa65d9973069b500a119577 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:10:32 +0100 Subject: [PATCH 323/559] Add import of "installation_from_sources" for Debian and RHEL families --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++++ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index fc3a646f..4aa7b045 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "installation_from_sources" + when: + - wazuh_sources_installation.enabled + - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 2a76fb45..ae7be9d9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "../roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml" + when: + - wazuh_sources_installation.enabled + - name: RedHat/CentOS | Install Nodejs repo yum_repository: name: NodeJS From d3d0edc291a5c1f13a3ee2f85bf6e3d5b17d39a6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:03 +0100 Subject: [PATCH 324/559] Add tasks to install from sources to Wazuh Manager --- .../tasks/installation_from_sources.yml | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml new file mode 100644 index 00000000..85920f40 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -0,0 +1,70 @@ +--- + +# Wazuh Manager + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + state: present + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Extract downloaded Wazuh branch from Github + unarchive: + src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/" + remote_src: yes + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + +# Wazuh API + + - name: \ No newline at end of file From cc9f28719cf035bbdce83b838a79d1db6cd99da3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:11 +0100 Subject: [PATCH 325/559] Fix linting --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 901ec050..f2fc55db 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,11 +354,11 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" - when: + when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: + when: - ansible_os_family == "Debian" - not wazuh_sources_installation.enabled From 9e4544ae424ae300165ee0496234234deca8b2e2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:36 +0100 Subject: [PATCH 326/559] Add template to configure "preloaded_vars" in Wazuh Manager role --- .../ansible-wazuh-manager/templates/preloaded_vars.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 new file mode 100644 index 00000000..f02252d1 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file From a90b241fb0652638e59c205cba07b62f48db820d Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:19:32 +0100 Subject: [PATCH 327/559] Remove deprecated API installation tasks --- .../ansible-wazuh-manager/tasks/RedHat.yml | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..0f4cf567 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,34 +1,11 @@ --- -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: ansible_distribution == 'Fedora' - -- name: AmazonLinux | Get Nodejs +- name: Install Wazuh API repository shell: | set -o pipefail curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - args: warn: false executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution|lower == "amazon" - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 89557bdaddcc877e31c4ae874db3c081ef89426c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 14:49:39 +0100 Subject: [PATCH 328/559] Update alerts template for Elasticsearch --- roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 5387bf8c..444cef06 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,7 +162,6 @@ "data.dstip", "data.dstport", "data.dstuser", - "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -944,9 +943,6 @@ "data": { "type": "keyword" }, - "extra_data": { - "type": "keyword" - }, "system_name": { "type": "keyword" }, From 219b35c2ef4a97bda98f3aca68857e8b72669045 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 14:58:44 +0100 Subject: [PATCH 329/559] Add API installation tasks to installation_from_sources.yml --- .../tasks/installation_from_sources.yml | 40 ++++++++++++++++--- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 85920f40..cb12739e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -1,5 +1,4 @@ --- - # Wazuh Manager - name: Install dependencies to build Wazuh packages package: @@ -9,6 +8,7 @@ - automake - autoconf - libtool + - tar state: present - name: Installing policycoreutils-python (RedHat families) @@ -33,11 +33,15 @@ dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + state: directory + - name: Extract downloaded Wazuh branch from Github - unarchive: - src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/" - remote_src: yes + shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + args: + warn: false - name: Clean remaining files from others builds command: "make -C src {{ item }}" @@ -67,4 +71,28 @@ # Wazuh API - - name: \ No newline at end of file + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" + + - name: Execute downloaded script to install Nodejs repo + shell: /tmp/setup_nodejs_repo.sh + + - name: Install Nodejs + package: + name: nodejs + state: present + + - name: Run NPM under root account + shell: npm config set user 0 + + - name: Download the installation script to install Wazuh API + get_url: + url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" + dest: "/tmp/install_api.sh" + mode: "0700" + + - name: Execute Wazuh API installation script + shell: /tmp/install_api.sh download From 35d35b5059cecb430b8f60bc01122dabc4f05829 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 14:59:38 +0100 Subject: [PATCH 330/559] Update tasks that download the Wazuh branch and extract it. --- .../tasks/installation_from_sources.yml | 123 +++++++++--------- 1 file changed, 62 insertions(+), 61 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index d45c4219..7b259b98 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,68 +1,69 @@ ---- - - hosts: all - tasks: - - include_vars: ../defaults/main.yml - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - state: present +--- + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python - when: - - ansible_os_family|lower == "redhat" + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" - - name: Extract downloaded Wazuh branch from Github - unarchive: - src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/" - remote_src: yes + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + state: directory - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false + - name: Extract downloaded Wazuh branch from Github + shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + args: + warn: false - - name: Render the "preloaded-vars.conf" file - template: - src: /templates/preloaded_vars.conf.j2 - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: '644' + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" - become: yes \ No newline at end of file + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" \ No newline at end of file From 9b6fd47e3a0b08212ee14dcd0acfea060a01808d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:00:50 +0100 Subject: [PATCH 331/559] Add conditional to don't install Node repo when installing from sources --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 4aa7b045..6e488cc5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -58,12 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -71,6 +73,8 @@ state: present update_cache: true changed_when: false + when: + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: From d9cb1a24dd72aa7b576ceb42450a6397324b0181 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:02:18 +0100 Subject: [PATCH 332/559] Implement "node_js_repository_url" variable --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ab652cc2..2e82056c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -351,3 +351,5 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' + +node_js_repository_url: https://rpm.nodesource.com/setup_8.x \ No newline at end of file From be1b60471e8b53a4360eb097207abddd942b0dc1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:05:59 +0100 Subject: [PATCH 333/559] Change Wazuh APP installation to do it as kibana user --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index aba4060c..efde790c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,14 +98,13 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: | - /usr/share/kibana/bin/kibana-plugin --allow-root install \ - https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash - creates: /usr/share/kibana/plugins/wazuh/package.json + become: yes + become_user: kibana notify: restart kibana tags: - install From 4dd780504b0669d6aa7d77fea5711cf58c312b9d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 20 Nov 2019 16:33:14 +0100 Subject: [PATCH 334/559] Adapt NodeJS installation tasks in Debian --- .../ansible-wazuh-manager/tasks/Debian.yml | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index b7bc7946..af33e4ba 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -38,31 +38,23 @@ update_cache: true changed_when: false -- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) +- name: Debian/Ubuntu | Installing NodeJS repository become: true shell: | set -o pipefail - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - + curl -sL https://deb.nodesource.com/setup_8.x | bash - args: warn: false executable: /bin/bash changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 -- name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - -- name: Debian/Ubuntu | Add NodeSource repositories for Node.js - apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" +- name: Debian/Ubuntu | Install NodeJS + apt: + name: "nodejs" state: present - update_cache: true - changed_when: false + register: nodejs_package_is_installed + until: nodejs_package_is_installed is succeeded + tags: init - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: From 2c9b18de72be4986affbffd96803b1aae4e66ac7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:36:56 +0100 Subject: [PATCH 335/559] Update ("user_update" and "branch") variables. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 886de1bb..e7126e0a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_sources_installation: enabled: "true" - branch: "3.10" + branch: "v3.10.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -15,7 +15,7 @@ wazuh_sources_installation: user_enable_sca: "y" user_enable_authd: "y" user_generate_authd_cert: "n" - user_update: null + user_update: "y" user_binaryinstall: null user_agent_server_ip: "172.16.1.2" user_agent_server_name: null diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2e82056c..68948ae4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -6,7 +6,7 @@ wazuh_manager_package_state: present wazuh_sources_installation: enabled: true - branch: "3.10" + branch: "v3.10.2" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -18,7 +18,7 @@ wazuh_sources_installation: user_enable_openscap: "y" user_enable_authd: "y" user_generate_authd_cert: null - user_update: null + user_update: "y" user_binaryinstall: null user_enable_email: "n" user_auto_start: "y" From 0329441817c2c8604f337700d157c77d35c3f6a4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:37:27 +0100 Subject: [PATCH 336/559] Update tasks and conditioinals for Agent installations in Debian families --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 5e2cfae6..87112798 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,6 +1,6 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled @@ -25,6 +25,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: From a6d614610e53d86e6cc9a451493b3847694891fc Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:37:49 +0100 Subject: [PATCH 337/559] Format updates for "installation_from_sources.yml" --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 7b259b98..053b4ea6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,4 +1,5 @@ ---- +--- + - name: Install dependencies to build Wazuh packages package: name: @@ -61,7 +62,7 @@ group: root mode: '644' - - name: Executing "install.sh" script to build and install the Wazuh Manager + - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_log.txt register: installation_result changed_when: installation_result == 0 From c5f2893a0b6bb81a74eb4c14d320e50b826656ea Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:38:02 +0100 Subject: [PATCH 338/559] Update tasks path in "Redhat.yml" --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index a81ecea5..36984115 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,6 +1,6 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled From 841fe3d28d559ee47cf4f93f23cea0e4d6aa44ca Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:39:57 +0100 Subject: [PATCH 339/559] Remove testing address in "user_agent_server_ip" --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e7126e0a..b4bed923 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -17,7 +17,7 @@ wazuh_sources_installation: user_generate_authd_cert: "n" user_update: "y" user_binaryinstall: null - user_agent_server_ip: "172.16.1.2" + user_agent_server_ip: "YOUR_MANAGER_IP" user_agent_server_name: null user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" From da7cfa60b130725f64a6f063f11769a3f4e1a16d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:49:11 +0100 Subject: [PATCH 340/559] Restore "creates" setting in Wazuh Kibana plugin installation --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efde790c..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -103,6 +103,7 @@ NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana notify: restart kibana From e0038118e1ffb2a02ee39d733cff0c26138e5afe Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:49:11 +0100 Subject: [PATCH 341/559] Restore "creates" setting in Wazuh Kibana plugin installation --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efde790c..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -103,6 +103,7 @@ NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana notify: restart kibana From 571abfbb2c7d7152df44574db890e23e4a208dea Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:00:53 +0100 Subject: [PATCH 342/559] Update untar task to pass linting, added comment --- .../tasks/installation_from_sources.yml | 7 ++++--- .../tasks/installation_from_sources.yml | 6 ++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 053b4ea6..381f9c67 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,5 +1,4 @@ --- - - name: Install dependencies to build Wazuh packages package: name: @@ -38,8 +37,10 @@ path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" state: directory - - name: Extract downloaded Wazuh branch from Github - shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 args: warn: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index cb12739e..65e06e24 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -38,8 +38,10 @@ path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" state: directory - - name: Extract downloaded Wazuh branch from Github - shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 args: warn: false From 9d62860ea1644656db5c949e2c46f152f87e83c1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:06:48 +0100 Subject: [PATCH 343/559] Update "installation_from_sources" to fix linting errors --- .../tasks/installation_from_sources.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 65e06e24..1ecfd7c8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -80,15 +80,19 @@ mode: "0700" - name: Execute downloaded script to install Nodejs repo - shell: /tmp/setup_nodejs_repo.sh - + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 + - name: Install Nodejs package: name: nodejs state: present - + - name: Run NPM under root account - shell: npm config set user 0 + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 - name: Download the installation script to install Wazuh API get_url: @@ -97,4 +101,6 @@ mode: "0700" - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download + command: /tmp/install_api.sh download + register: install_api + changed_when: install_api.rc == 0 From e3ecb74ca87f7f4e561da8fe7e19a96677220b3d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:09:40 +0100 Subject: [PATCH 344/559] Move "installation_from_sources" include to Linux.yml --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 7 +------ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 5 ----- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 87112798..81062d80 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,9 +1,4 @@ --- - -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" - when: - - wazuh_sources_installation.enabled - - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -25,7 +20,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5cd95ff4..0c1f8e5f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" + when: + - wazuh_sources_installation.enabled + - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 36984115..13b1b3e8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,9 +1,4 @@ --- - -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" - when: - - wazuh_sources_installation.enabled - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo From c64d331e7f99a8cac94058f778a7320479aeeac6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:16:44 +0100 Subject: [PATCH 345/559] Fix include_tasks for "installation_from_sources.yml" --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 0c1f8e5f..e258fa1f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" +- include_tasks: "../tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6e488cc5..3bd2c541 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "installation_from_sources.yml" when: - wazuh_sources_installation.enabled @@ -58,14 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +74,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ae7be9d9..ed681344 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "../roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml" +- include_tasks: "../tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled From 3c70bc5b2a1e7505971090867378f72fa9219249 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 13:13:36 +0100 Subject: [PATCH 346/559] Update NodJS installation tasks --- .../ansible-wazuh-manager/tasks/RedHat.yml | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..5503a10c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,25 +1,5 @@ --- -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: ansible_distribution == 'Fedora' - -- name: AmazonLinux | Get Nodejs +- name: Centos | Get Nodejs shell: | set -o pipefail curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - @@ -27,8 +7,28 @@ warn: false executable: /bin/bash creates: /etc/yum.repos.d/nodesource-el7.repo + when: + - ansible_distribution_major_version|int > 5 + +- name: AmazonLinux/Fedora| Get Nodejs + shell: | + set -o pipefail + curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - + args: + warn: false + executable: /bin/bash when: - ansible_distribution|lower == "amazon" + - ansible_distribution == 'Fedora' + +- name: CentOS/RedHat/Amazon/Fedora | Install NodeJS + package: + name: "nodejs" + state: present + register: nodejs_is_installed + until: nodejs_is_installed is succeeded + tags: + - init - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 320b3732404cced74dceed93f0d57e4d1e835610 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:28:46 +0100 Subject: [PATCH 347/559] Add default variables to build Wazuh Kibana Plugin --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 526bfabf..f6ac7023 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -23,3 +23,10 @@ node_certs_destination: /etc/kibana/certs master_certs_path: /es_certs generate_CA: true ca_cert_name: "" + +# Nodejs +node_js_repository_url: https://rpm.nodesource.com/setup_8.x + +# Build from sources +build_from_sources: true +wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 2f8da1b7c508f88c13dcf1ccc9760dd9c90a6fd3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:29:03 +0100 Subject: [PATCH 348/559] Add "build_wazuh_plugin.yml" tasks --- .../tasks/build_wazuh_plugin.yml | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml new file mode 100644 index 00000000..494bc8f0 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -0,0 +1,76 @@ +--- + + - name: Ensure the Git package is present + package: + name: git + state: present + + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" + + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 + + - name: Install Nodejs + package: + name: nodejs + state: present + + - name: Run NPM under root account + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 + + - name: Install yarn dependency to build the Wazuh Kibana Plugin + command: npm install -g yarn@1.10.1 + register: install_yarn_result + changed_when: install_yarn_result == 0 + + - name: Remove old wazuh-kibana-app git directory + file: + path: /tmp/app + state: absent + + - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth + command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 + register: clone_app_repo_result + changed_when: clone_app_repo_result.rc == 0 + args: + chdir: "/tmp" + + - name: Executing yarn to build the package + command: "{{ item }}" + with_items: + - "yarn" + - "yarn build" + - "yarn build" # Executing multiple times to workaround errors returned by yarn build + register: yarn_execution_result + changed_when: yarn_execution_result == 0 + args: + chdir: "/tmp/app/" + + - name: Obtain name of generated package + shell: "find ./ -name 'wazuh-*.zip' -printf '%f\\n'" + register: wazuhapp_package_name + changed_when: false + args: + chdir: "/tmp/app/build" + + - name: Install Wazuh Plugin (can take a while) + shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" + environment: + NODE_OPTIONS: "--max-old-space-size=3072" + args: + executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json + become: yes + become_user: kibana + notify: restart kibana + tags: + - install + - skip_ansible_lint From 886e96b182c90bbbd3e994d59246a39e8a058894 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:29:58 +0100 Subject: [PATCH 349/559] Update "main.yml" in Kibana installation to enable sources install --- .../ansible-kibana/tasks/main.yml | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 622db80b..89af291c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -82,8 +82,8 @@ register: wazuh_app_verify changed_when: false failed_when: - - wazuh_app_verify.rc != 0 - - wazuh_app_verify.rc != 1 + - wazuh_app_verify.rc != 0 + - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh @@ -91,13 +91,24 @@ tags: install - name: Removing bundles - file: path=/usr/share/kibana/optimize/bundles state=absent - become: yes - become_user: kibana + file: + path: /usr/share/kibana/optimize/bundles + state: absent when: wazuh_app_verify.rc == 1 tags: install -- name: Install Wazuh-APP (can take a while) +- name: Explicitly starting Kibana to generate "wazuh-" + service: + name: kibana + state: started + +- name: Build and Install Wazuh Kibana Plugin from sources + import_tasks: build_wazuh_plugin.yml + when: + - build_from_sources is defined + - build_from_sources + +- name: Install Wazuh Plugin (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" @@ -110,6 +121,8 @@ tags: - install - skip_ansible_lint + when: + - not build_from_sources - name: Reload systemd configuration systemd: From 3acdd20dff1b4c2eb4ffb7c953ebbafaa58611b9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:30:43 +0100 Subject: [PATCH 350/559] Change Wazuh API build task to log info to "/tmp/build_wazuh_api_log." --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 1ecfd7c8..472eab8f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -101,6 +101,6 @@ mode: "0700" - name: Execute Wazuh API installation script - command: /tmp/install_api.sh download + shell: /tmp/install_api.sh download > /tmp/build_api_log.txt register: install_api changed_when: install_api.rc == 0 From e2cee2e45d1cbdba88acf6724347bae4768fa6c7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 14:00:08 +0100 Subject: [PATCH 351/559] fix conditional statement when --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5503a10c..30e0cdc1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -18,8 +18,7 @@ warn: false executable: /bin/bash when: - - ansible_distribution|lower == "amazon" - - ansible_distribution == 'Fedora' + - ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' - name: CentOS/RedHat/Amazon/Fedora | Install NodeJS package: From 686c02b3d5d424356bde2df86ed335fb7276291b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 14:48:54 +0100 Subject: [PATCH 352/559] Add task to check if node service already exists --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 30e0cdc1..196d0e3b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,4 +1,8 @@ --- +- name: Check if NodeJS service Exists + stat: path=/usr/bin/node + register: node_service_status + - name: Centos | Get Nodejs shell: | set -o pipefail @@ -8,7 +12,7 @@ executable: /bin/bash creates: /etc/yum.repos.d/nodesource-el7.repo when: - - ansible_distribution_major_version|int > 5 + - ansible_distribution_major_version|int > 5 and not node_service_status.stat.exists - name: AmazonLinux/Fedora| Get Nodejs shell: | @@ -18,7 +22,7 @@ warn: false executable: /bin/bash when: - - ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' + - ( ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' ) and not node_service_status.stat.exists - name: CentOS/RedHat/Amazon/Fedora | Install NodeJS package: @@ -28,6 +32,7 @@ until: nodejs_is_installed is succeeded tags: - init + when: not node_service_status.stat.exists - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 13b232154026a852998b499ad8757a906bf9a538 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 15:01:15 +0100 Subject: [PATCH 353/559] Rename wazuh_sources_installation to wazuh_manager sources_installation --- playbooks/wazuh-elastic_stack-single.yml | 12 +-- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-agent/tasks/Debian.yml | 4 +- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 10 +-- .../ansible-wazuh-agent/tasks/RedHat.yml | 4 +- .../tasks/installation_from_sources.yml | 14 ++-- .../templates/preloaded_vars.conf.j2 | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/tasks/Debian.yml | 16 ++-- .../ansible-wazuh-manager/tasks/RedHat.yml | 8 +- .../tasks/installation_from_sources.yml | 74 ++++++++++--------- .../ansible-wazuh-manager/tasks/main.yml | 4 +- .../templates/preloaded_vars.conf.j2 | 2 +- 13 files changed, 81 insertions(+), 73 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 051b5fd2..bc353dfd 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- -- hosts: +- hosts: all roles: - - {role: ../roles/wazuh/ansible-wazuh-manager} - - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: localhost:9200 - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } + # - {role: ../roles/wazuh/ansible-wazuh-manager} + # - role: ../roles/wazuh/ansible-filebeat + # filebeat_output_elasticsearch_hosts: 172.24.1.2:9200 + # - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '172.24.1.1', elasticsearch_reachable_host: '172.24.1.2' } diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b4bed923..3ff7d803 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- wazuh_agent_version: 3.10.2-1 -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: "true" branch: "v3.10.2" user_language: "y" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 81062d80..329fab6d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,7 +20,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -35,7 +35,7 @@ state: present update_cache: true when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index e258fa1f..9c8db0b8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -17,7 +17,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -28,7 +28,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -200,9 +200,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 13b1b3e8..e9580a94 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -23,7 +23,7 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 381f9c67..55714673 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -28,17 +28,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -47,7 +47,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -58,7 +58,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -68,4 +68,4 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" \ No newline at end of file + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 68948ae4..2767ab37 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,7 +4,7 @@ wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: true branch: "v3.10.2" user_language: "en" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 3bd2c541..c8b52fda 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,7 +1,7 @@ --- - include_tasks: "installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -27,14 +27,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -58,14 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +74,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -139,4 +139,4 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ed681344..9baae413 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: RedHat/CentOS | Install Nodejs repo yum_repository: @@ -45,7 +45,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -58,7 +58,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -155,7 +155,7 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 472eab8f..8469713e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -29,17 +29,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -48,7 +48,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -59,7 +59,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -69,38 +69,46 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" # Wazuh API + - name: Check if Wazuh API is already installed + stat: + path: /var/ossec/api/app.js + register: wazuh_api - - name: Download script to install Nodejs repository - get_url: - url: "{{ node_js_repository_url }}" - dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + - name: Install Wazuh API from sources + block: + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" - - name: Execute downloaded script to install Nodejs repo - command: /tmp/setup_nodejs_repo.sh - register: node_repo_installation_result - changed_when: node_repo_installation_result.rc == 0 + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 - - name: Install Nodejs - package: - name: nodejs - state: present + - name: Install Nodejs + package: + name: nodejs + state: present - - name: Run NPM under root account - command: npm config set user 0 - register: allow_root_npm - changed_when: allow_root_npm.rc == 0 + - name: Run NPM under root account + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 - - name: Download the installation script to install Wazuh API - get_url: - url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" - dest: "/tmp/install_api.sh" - mode: "0700" + - name: Download the installation script to install Wazuh API + get_url: + url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" + dest: "/tmp/install_api.sh" + mode: "0700" - - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download > /tmp/build_api_log.txt - register: install_api - changed_when: install_api.rc == 0 + - name: Execute Wazuh API installation script + shell: /tmp/install_api.sh download > /tmp/build_api_log.txt + register: install_api + changed_when: install_api.rc == 0 + when: + - not wazuh_api.stat.exists diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f2fc55db..d2c99535 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -356,9 +356,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" From d85d210a3e5029253b0a30276e60d35233ab8fa1 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 16:12:08 +0100 Subject: [PATCH 354/559] Centralize NodeJS installation tasks --- playbooks/wazuh-manager.yml | 4 +++ .../ansible-wazuh-manager/tasks/Debian.yml | 18 ---------- .../ansible-wazuh-manager/tasks/RedHat.yml | 35 ------------------- .../ansible-wazuh-manager/tasks/main.yml | 19 ++++++++++ 4 files changed, 23 insertions(+), 53 deletions(-) diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 5ec6a50b..846d4158 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,5 +1,9 @@ --- - hosts: +- vars: + - repo_dic: + debian: "deb" + redhat: "rpm" roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index af33e4ba..b4e94308 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -38,24 +38,6 @@ update_cache: true changed_when: false -- name: Debian/Ubuntu | Installing NodeJS repository - become: true - shell: | - set -o pipefail - curl -sL https://deb.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - changed_when: false - -- name: Debian/Ubuntu | Install NodeJS - apt: - name: "nodejs" - state: present - register: nodejs_package_is_installed - until: nodejs_package_is_installed is succeeded - tags: init - - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 196d0e3b..938bc83d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,39 +1,4 @@ --- -- name: Check if NodeJS service Exists - stat: path=/usr/bin/node - register: node_service_status - -- name: Centos | Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution_major_version|int > 5 and not node_service_status.stat.exists - -- name: AmazonLinux/Fedora| Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - when: - - ( ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' ) and not node_service_status.stat.exists - -- name: CentOS/RedHat/Amazon/Fedora | Install NodeJS - package: - name: "nodejs" - state: present - register: nodejs_is_installed - until: nodejs_is_installed is succeeded - tags: - - init - when: not node_service_status.stat.exists - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index ed4847aa..33aa58b7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,6 +13,25 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Installing NodeJS repository script + become: true + get_url: + url: "https://{{ repo_dic[ansible_os_family] }}nodesource.com/setup_8.x" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false + +- name: Running NodeJS bash script + script: /etc/nodejs.sh + +- name: Installing NodeJS + package: + name: ntpdate + state: present + register: nodejs_service_is_installed + until: nodejs_service_is_installed is succeeded + tags: init + - name: Install expect package: name: expect From 7bf823bcadead3ce3bae0206882d3dd43d2b98c9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:44:34 +0100 Subject: [PATCH 355/559] Split preloaded_vars into preloaded_vars_manager and api --- .../templates/preloaded_vars_api.conf.j2 | 7 +++++++ ...eloaded_vars.conf.j2 => preloaded_vars_manager.conf.j2} | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 rename roles/wazuh/ansible-wazuh-manager/templates/{preloaded_vars.conf.j2 => preloaded_vars_manager.conf.j2} (93%) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 new file mode 100644 index 00000000..198178c8 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_api_sources_installation.items() %} +{% if "enabled" not in key and "branch" not in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 similarity index 93% rename from roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 rename to roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 index be552560..3dacef92 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 @@ -4,4 +4,4 @@ {{ key|upper }}="{{ value }}" {% endif %} {% endif %} -{% endfor %} \ No newline at end of file +{% endfor %} From 628dcb2ccc8ddcc1a27d5d1255c206a9ae1cc63e Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:01 +0100 Subject: [PATCH 356/559] Update conditonals and add required tasks to RedHat.yml --- .../ansible-wazuh-manager/tasks/RedHat.yml | 42 ++++++++++++++----- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 9baae413..354beca4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,7 +1,4 @@ --- -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - name: RedHat/CentOS | Install Nodejs repo yum_repository: @@ -13,6 +10,7 @@ changed_when: false when: - ansible_distribution_major_version|int > 5 + - not wazuh_api_sources_installation.enabled - name: Fedora | Install Nodejs repo yum_repository: @@ -21,7 +19,9 @@ baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL gpgcheck: true - when: ansible_distribution == 'Fedora' + when: + - ansible_distribution == 'Fedora' + - not wazuh_api_sources_installation.enabled - name: AmazonLinux | Get Nodejs shell: | @@ -33,6 +33,7 @@ creates: /etc/yum.repos.d/nodesource-el7.repo when: - ansible_distribution|lower == "amazon" + - not wazuh_api_sources_installation.enabled - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -46,6 +47,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -58,7 +60,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_manager_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -144,13 +146,10 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api +- name: CentOS/RedHat/Amazon | Install Wazuh Manager package: - name: "{{ item }}-{{ wazuh_manager_version }}" + name: "wazuh-manager-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: @@ -159,6 +158,28 @@ tags: - init +- include_tasks: "../tasks/installation_from_sources.yml" + tags: manager + when: + - wazuh_manager_sources_installation.enabled + +- name: CentOS/RedHat/Amazon | Install Wazuh API + package: + name: "wazuh-api-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + register: wazuh_api_main_packages_installed + until: wazuh_api_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + - not wazuh_api_sources_installation.enabled + tags: + - init + +- include_tasks: "../tasks/installation_from_sources.yml" + tags: api + when: + - wazuh_api_sources_installation.enabled + - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager @@ -181,3 +202,4 @@ - ansible_distribution_major_version|int < 6 tags: - init + From 380d4d14300b71b8f99822cc29253e834cf3a7e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:25 +0100 Subject: [PATCH 357/559] Update installation_from_sources conditionals and blocks --- .../tasks/installation_from_sources.yml | 196 +++++++++++------- 1 file changed, 122 insertions(+), 74 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 8469713e..ef24c238 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -1,75 +1,98 @@ --- # Wazuh Manager - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present + - name: Check if Wazuh Manager is already installed + stat: + path: /var/ossec/bin/ossec-control + register: wazuh_ossec_control - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python + - name: Installing Wazuh Manager from sources + block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Remove old repository folder + file: + path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + state: absent + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: directory + + # When downloading "v3.10.2" extracted folder name is 3.10.2. + # Explicitly creating the folder with proper naming and striping first level in .tar.gz file + + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: >- + tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 + args: + warn: false + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars_manager.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_manager_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" when: - - ansible_os_family|lower == "redhat" - - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" - - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" - - - name: Create folder to extract Wazuh branch - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: directory - - - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - register: wazuh_untar - changed_when: wazuh_untar.rc ==0 - args: - warn: false - - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false - - - name: Render the "preloaded-vars.conf" file - template: - src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: '644' - - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + - not wazuh_ossec_control.stat.exists + - wazuh_manager_sources_installation.enabled + tags: + - manager # Wazuh API - name: Check if Wazuh API is already installed @@ -79,6 +102,11 @@ - name: Install Wazuh API from sources block: + - name: Ensure Git is present in the host + package: + name: git + state: present + - name: Download script to install Nodejs repository get_url: url: "{{ node_js_repository_url }}" @@ -100,15 +128,35 @@ register: allow_root_npm changed_when: allow_root_npm.rc == 0 - - name: Download the installation script to install Wazuh API - get_url: - url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" - dest: "/tmp/install_api.sh" - mode: "0700" + - name: Remove old repository folder + file: + path: /tmp/wazuh-api + state: absent + + - name: Download the Wazuh API repository + git: + repo: 'https://github.com/wazuh/wazuh-api.git' + version: "{{ wazuh_api_sources_installation.branch }}" + dest: /tmp/wazuh-api + + - name: Configure Wazuh API installation + template: + src: "templates/preloaded_vars_api.conf.j2" + dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" + owner: root + group: root + mode: '644' - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download > /tmp/build_api_log.txt + shell: ./install_api.sh > /tmp/build_api_log.txt register: install_api changed_when: install_api.rc == 0 + args: + chdir: "/tmp/wazuh-api" + notify: + - restart wazuh-api when: - not wazuh_api.stat.exists + - wazuh_api_sources_installation.enabled + tags: + - api \ No newline at end of file From 9e6966b6994d07ae9ef18f054500b27ff8ea3bf1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:45 +0100 Subject: [PATCH 358/559] Fix conditionals for Debian families. Split Manager and API install --- .../ansible-wazuh-manager/tasks/Debian.yml | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index c8b52fda..6da6a6f3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,7 +1,7 @@ --- - include_tasks: "installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -28,6 +28,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -35,6 +36,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -45,6 +47,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -59,13 +62,14 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +78,7 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -127,11 +131,10 @@ tags: - config -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api +- name: Debian/Ubuntu | Install wazuh-manager apt: name: - "wazuh-manager={{ wazuh_manager_version }}" - - "wazuh-api={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 install_recommends: false @@ -140,3 +143,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + +- name: Debian/Ubuntu | Install wazuh-api + apt: + name: + - "wazuh-api={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + install_recommends: false + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init + when: + - not wazuh_api_sources_installation.enabled \ No newline at end of file From 6ba58b68386d9a38b08f630cc01eba2c1fd760b5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:46:11 +0100 Subject: [PATCH 359/559] Add variables for Wazuh Api installation from sources --- .../ansible-wazuh-manager/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2767ab37..475a50a9 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -29,6 +29,24 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" +wazuh_api_sources_installation: + enabled: true + branch: "v3.10.2" + update: "y" + remove: "y" + directory: null + port: 55000 + https: "n" + authd: null + proxy: null + country: null + state: null + locality: null + org_name: null + org_unit: null + common_name: null + password: null + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 902ee2a3d18fce94e48cfe376dacb13b56664b0b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 11:18:09 +0100 Subject: [PATCH 360/559] Add a task to check if nodejs already exists --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 33aa58b7..2a3b20e0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,20 +13,29 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Check if NodeJS service Exists + stat: + path: /usr/bin/node + register: node_service_status + - name: Installing NodeJS repository script become: true get_url: - url: "https://{{ repo_dic[ansible_os_family] }}nodesource.com/setup_8.x" + url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" dest: /etc/nodejs.sh mode: '0775' changed_when: false + when: not node_service_status.stat.exists - name: Running NodeJS bash script - script: /etc/nodejs.sh + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 + when: not node_service_status.stat.exists - name: Installing NodeJS package: - name: ntpdate + name: nodejs state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded From c32d992f890e20f3cb4a439509399df802c5ce49 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 11:39:08 +0100 Subject: [PATCH 361/559] Re-order tasks --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a3b20e0..a5ccf343 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,12 +7,6 @@ - tar state: present -- include_tasks: "RedHat.yml" - when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - -- include_tasks: "Debian.yml" - when: ansible_os_family == "Debian" - - name: Check if NodeJS service Exists stat: path: /usr/bin/node @@ -41,6 +35,12 @@ until: nodejs_service_is_installed is succeeded tags: init +- include_tasks: "RedHat.yml" + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") + +- include_tasks: "Debian.yml" + when: ansible_os_family == "Debian" + - name: Install expect package: name: expect From 376628a914e93cebaabf105f3208d0e57923ef03 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:14:48 +0100 Subject: [PATCH 362/559] Define variable in default.yml instead of playbook --- playbooks/wazuh-manager.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/vars/default.yml | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/vars/default.yml diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 846d4158..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,9 +1,5 @@ --- - hosts: -- vars: - - repo_dic: - debian: "deb" - redhat: "rpm" roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat diff --git a/roles/wazuh/ansible-wazuh-manager/vars/default.yml b/roles/wazuh/ansible-wazuh-manager/vars/default.yml new file mode 100644 index 00000000..af1a2fbe --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/vars/default.yml @@ -0,0 +1,3 @@ +- repo_dic: + debian: "deb" + redhat: "rpm" \ No newline at end of file From 5fd5ddc61f9befa864c7e37d92698ad48fffa50c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:16:28 +0100 Subject: [PATCH 363/559] Englobe tasks with same when statement in block --- .../ansible-wazuh-manager/tasks/main.yml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a5ccf343..d10f1f2a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,24 +7,24 @@ - tar state: present -- name: Check if NodeJS service Exists +- name: Check if NodeJS service exists stat: path: /usr/bin/node register: node_service_status -- name: Installing NodeJS repository script - become: true - get_url: - url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" - dest: /etc/nodejs.sh - mode: '0775' - changed_when: false - when: not node_service_status.stat.exists +- name: Install NodeJS repository + block: + - name: Download NodeJS repository script + get_url: + url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false -- name: Running NodeJS bash script - command: sh /etc/nodejs.sh - register: nodejs_script - changed_when: nodejs_script.rc == 0 + - name: Run NodeJS bash script + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 when: not node_service_status.stat.exists - name: Installing NodeJS From 565a84c49f801c934bcecffeda47b7356e334584 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:38:11 +0100 Subject: [PATCH 364/559] Define variables in default/main.yml --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/vars/default.yml | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/default.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e66ccae5..069af007 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -326,3 +326,6 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' +repo_dic: + debian: "deb" + redhat: "rpm" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/vars/default.yml b/roles/wazuh/ansible-wazuh-manager/vars/default.yml deleted file mode 100644 index af1a2fbe..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/default.yml +++ /dev/null @@ -1,3 +0,0 @@ -- repo_dic: - debian: "deb" - redhat: "rpm" \ No newline at end of file From bc4f36582a0b1ed5c3f70c37c9f309da08dbb33d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:40:48 +0100 Subject: [PATCH 365/559] Remove unused tags from sources installation "include_tasks" --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 354beca4..382e33b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -159,7 +159,6 @@ - init - include_tasks: "../tasks/installation_from_sources.yml" - tags: manager when: - wazuh_manager_sources_installation.enabled @@ -176,7 +175,6 @@ - init - include_tasks: "../tasks/installation_from_sources.yml" - tags: api when: - wazuh_api_sources_installation.enabled From 8d667131d91f9cbf7a674ae9c6de90d65500284b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:41:06 +0100 Subject: [PATCH 366/559] Fix conditional for ssl_agent_ca --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d2c99535..f9d54536 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -28,7 +28,7 @@ chdir: /var/ossec/etc/ tags: - config - when: not wazuh_manager_config.authd.ssl_agent_ca is not none + when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: From df56764dbda227e7d55c0f509db90097c970977a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:41:47 +0100 Subject: [PATCH 367/559] Add dpeendencies to Wazuh API. Update nodejs repo installation --- .../tasks/installation_from_sources.yml | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index ef24c238..a0d22133 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -83,7 +83,7 @@ mode: '644' - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_manager_log.txt + shell: ./install.sh > /tmp/build_wazuh_manager_log.txt register: installation_result changed_when: installation_result == 0 args: @@ -102,14 +102,31 @@ - name: Install Wazuh API from sources block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + - name: Ensure Git is present in the host package: name: git state: present + - name: Modify repo url if host is in Debian family + set_fact: + node_js_repo_type: deb + when: + - ansible_os_family | lower == "debian" + - name: Download script to install Nodejs repository get_url: - url: "{{ node_js_repository_url }}" + url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" @@ -148,7 +165,7 @@ mode: '644' - name: Execute Wazuh API installation script - shell: ./install_api.sh > /tmp/build_api_log.txt + shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt register: install_api changed_when: install_api.rc == 0 args: From 5fd46ab9e4ce46972dbb129e0e44497b840e88d9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:09 +0100 Subject: [PATCH 368/559] Remove conditional from wazuh-api restart handler --- roles/wazuh/ansible-wazuh-manager/handlers/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 0fac45a1..46f1097b 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -12,6 +12,4 @@ service: name: wazuh-api state: restarted - enabled: true - when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + enabled: true \ No newline at end of file From d91ac23d8c13a0e6efe409ffe35c0da0c3feeaca Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:23 +0100 Subject: [PATCH 369/559] Update Nodejs repo variables to make it flexible for deb and rpm --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 475a50a9..84448ae7 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -370,4 +370,5 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -node_js_repository_url: https://rpm.nodesource.com/setup_8.x \ No newline at end of file +node_js_repo_url: nodesource.com/setup_8.x +node_js_repo_type: rpm \ No newline at end of file From 32dd2e5df5c0348c99a69d7cdaf87ae6d320959c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:56 +0100 Subject: [PATCH 370/559] Rename "preloaded_vars" to "preloaded_vars_agent" --- .../{preloaded_vars.conf.j2 => preloaded_vars_agent.conf.j2} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename roles/wazuh/ansible-wazuh-agent/templates/{preloaded_vars.conf.j2 => preloaded_vars_agent.conf.j2} (61%) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 similarity index 61% rename from roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 rename to roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 index be552560..0887b367 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_manager_sources_installation.items() %} +{% for key, value in wazuh_agent_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" From cbad3e06a2bfd115229cd54a4fffee2c05965fc7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:43:10 +0100 Subject: [PATCH 371/559] Fix sources conditionals for RedHat.yml --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e9580a94..76ed0f76 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_api_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -23,7 +24,7 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: From f60f218c8824ab332360d3fecad40f3d90ca1ef5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:43:38 +0100 Subject: [PATCH 372/559] Fix agent installation from sources. Update conditionals and includes --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9c8db0b8..9265ce92 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,14 +1,14 @@ --- -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_agent_sources_installation.enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -17,7 +17,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled tags: - init @@ -28,7 +28,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled tags: - init @@ -200,9 +200,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled From 66ac8fea816f6c4c5f0e90b6e2129bf8c77e22b5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:44:05 +0100 Subject: [PATCH 373/559] Fix naming copied from agent. Fix linting --- .../tasks/installation_from_sources.yml | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 55714673..afc3605f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -28,26 +28,31 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + command: >- + tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: warn: false + tags: + - molecule-idempotence-notest - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -57,15 +62,17 @@ - name: Render the "preloaded-vars.conf" file template: - src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + src: "templates/preloaded_vars_agent.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' + tags: + - molecule-idempotence-notest - name: Executing "install.sh" script to build and install the Wazuh Agent - shell: ./install.sh > /tmp/build_log.txt + shell: ./install.sh > /tmp/build_agent_log.txt register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" \ No newline at end of file + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" \ No newline at end of file From ce3dcf7abe9ba20210dec8ccef8058a287b60444 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:44:24 +0100 Subject: [PATCH 374/559] Fix sources conditionals in Debian.yml tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 329fab6d..0e0ba92f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,13 +20,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -35,7 +36,7 @@ state: present update_cache: true when: - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: From 329910eb4191af1c3668d2ca8f12d49185596096 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:45:14 +0100 Subject: [PATCH 375/559] Solve typo in default Agent variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3ff7d803..28e807f3 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,7 @@ --- wazuh_agent_version: 3.10.2-1 -wazuh_manager_sources_installation: + +wazuh_agent_sources_installation: enabled: "true" branch: "v3.10.2" user_language: "y" @@ -342,4 +343,4 @@ wazuh_agent_config: list: - key: Env value: Production -wazuh_agent_nat: false +wazuh_agent_nat: false \ No newline at end of file From c988e6220ea8de6d811c59c9b8282b815d1f4a2d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:45:37 +0100 Subject: [PATCH 376/559] Add custom repo for Wazuh Plugin Kibana installation app --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 494bc8f0..f4f8fd80 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -5,9 +5,15 @@ name: git state: present + - name: Modify repo url if host is in Debian family + set_fact: + node_js_repo_type: deb + when: + - ansible_os_family | lower == "debian" + - name: Download script to install Nodejs repository get_url: - url: "{{ node_js_repository_url }}" + url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" From c87da91104d5b7c87d3fdd9a5676a14be0126718 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:46:49 +0100 Subject: [PATCH 377/559] Add Kibana default vars to install Nodejs --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f6ac7023..1352e352 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -25,8 +25,9 @@ generate_CA: true ca_cert_name: "" # Nodejs -node_js_repository_url: https://rpm.nodesource.com/setup_8.x +node_js_repo_url: https://rpm.nodesource.com/setup_8.x +node_js_repo_type: rpm # Build from sources -build_from_sources: true -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +build_from_sources: false +wazuh_plugin_branch: 3.10-7.3 \ No newline at end of file From 2efe6e626831263bd9a0206b07d05cdc964ceaa6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 16:04:06 +0100 Subject: [PATCH 378/559] Restore playbook wazuh-elastic_stack-single.yml to default configuration --- playbooks/wazuh-elastic_stack-single.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index bc353dfd..6558e255 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- - hosts: all roles: - # - {role: ../roles/wazuh/ansible-wazuh-manager} - # - role: ../roles/wazuh/ansible-filebeat - # filebeat_output_elasticsearch_hosts: 172.24.1.2:9200 - # - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '172.24.1.1', elasticsearch_reachable_host: '172.24.1.2' } + - {role: ../roles/wazuh/ansible-wazuh-manager} + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: localhost:9200 + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' }s \ No newline at end of file From 61d05a0cdde62c8751488235d9df65598ca56ae9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 16:16:50 +0100 Subject: [PATCH 379/559] Fix linting in Ansible playbooks related with Elastic --- playbooks/wazuh-elastic.yml | 2 +- playbooks/wazuh-elastic_stack-distributed.yml | 8 ++++---- playbooks/wazuh-elastic_stack-single.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 36bd9b1d..eda19931 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,5 +1,5 @@ --- - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: '' diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 8c6bc567..5f4213f5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: node_name: node-1 elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: + elasticsearch_cluster_nodes: - - - @@ -22,7 +22,7 @@ vars: instances: node1: - name: node-1 # Important: must be equal to elasticsearch_node_name. + name: node-1 # Important: must be equal to elasticsearch_node_name. ip: # When unzipping, the node will search for its node name folder to get the cert. node2: name: node-2 @@ -43,10 +43,10 @@ - - - - + - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 single_node: false diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 6558e255..9bf5f0fa 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -5,4 +5,4 @@ - role: ../roles/wazuh/ansible-filebeat filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' }s \ No newline at end of file + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file From e003a2d51eb3c1fad46baa5e7644ad727796898d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 25 Nov 2019 17:39:03 +0100 Subject: [PATCH 380/559] Parameterize NodeJS repo. url --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 +++++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 069af007..66253fef 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -326,6 +326,8 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' -repo_dic: - debian: "deb" - redhat: "rpm" \ No newline at end of file +nodejs: + repo_dic: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d10f1f2a..d17e29bd 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -16,7 +16,7 @@ block: - name: Download NodeJS repository script get_url: - url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" + url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: '0775' changed_when: false From f57840b2e7ec2203c7d5fd43455c5c6479f5bb90 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:11:27 +0100 Subject: [PATCH 381/559] Merge #330 from wazuh/ansible --- .../ansible-wazuh-manager/defaults/main.yml | 7 ++-- .../ansible-wazuh-manager/tasks/Debian.yml | 31 ---------------- .../ansible-wazuh-manager/tasks/RedHat.yml | 36 ------------------- 3 files changed, 5 insertions(+), 69 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 84448ae7..92fbf13c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -370,5 +370,8 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -node_js_repo_url: nodesource.com/setup_8.x -node_js_repo_type: rpm \ No newline at end of file +nodejs: + repo_dic: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6da6a6f3..2c2db72d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -49,37 +49,6 @@ - not wazuh_manager_sources_installation.enabled - not wazuh_api_sources_installation.enabled -- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) - become: true - shell: | - set -o pipefail - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - - args: - warn: false - executable: /bin/bash - changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled - -- name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_api_sources_installation.enabled - -- name: Debian/Ubuntu | Add NodeSource repositories for Node.js - apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" - state: present - update_cache: true - changed_when: false - when: - - not wazuh_api_sources_installation.enabled - - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 382e33b8..68bf381f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,40 +1,4 @@ --- - -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - not wazuh_api_sources_installation.enabled - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: - - ansible_distribution == 'Fedora' - - not wazuh_api_sources_installation.enabled - -- name: AmazonLinux | Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution|lower == "amazon" - - not wazuh_api_sources_installation.enabled - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo From 9c2ce76f0919ee1aebc976fe95668b3bb242eb23 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:44:00 +0100 Subject: [PATCH 382/559] Fix linting --- .../tasks/installation_from_sources.yml | 26 +++++++++---------- .../tasks/installation_from_sources.yml | 6 ++--- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 70c3b5af..2b29a682 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -9,14 +9,14 @@ - libtool - tar state: present - - - name: Removing old files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent - - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent + - name: Removing old files + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent + + - name: Removing old folders + file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -85,10 +85,10 @@ args: chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + - name: Cleanup downloaded files + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + - name: Cleanup created folders + file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 69d27cfd..411254b1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -24,7 +24,7 @@ - name: Removing old folders file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -167,6 +167,4 @@ - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled tags: - - api - - \ No newline at end of file + - api \ No newline at end of file From c9c00b82c2fb88f592373451a72ee55a588093c4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:44:09 +0100 Subject: [PATCH 383/559] Add Nodejs installation --- .../ansible-wazuh-manager/tasks/main.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f9d54536..c6f0ae26 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,6 +7,34 @@ - tar state: present +- name: Check if NodeJS service exists + stat: + path: /usr/bin/node + register: node_service_status + +- name: Install NodeJS repository + block: + - name: Download NodeJS repository script + get_url: + url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false + + - name: Run NodeJS bash script + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 + when: not node_service_status.stat.exists + +- name: Installing NodeJS + package: + name: nodejs + state: present + register: nodejs_service_is_installed + until: nodejs_service_is_installed is succeeded + tags: init + - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") From fa0e3f16408af2497792eb25998eb5d3d322d8af Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:54:21 +0100 Subject: [PATCH 384/559] Fix cleanup tasks for Wazuh Manager and Agent --- .../tasks/installation_from_sources.yml | 20 +++++++++++-------- .../tasks/installation_from_sources.yml | 20 +++++++++++-------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 2b29a682..b13c17ef 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -11,12 +11,14 @@ state: present - name: Removing old files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -86,9 +88,11 @@ chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 411254b1..1bc17d9d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -19,12 +19,14 @@ state: present - name: Removing old files - file: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -98,12 +100,14 @@ chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent when: - not wazuh_ossec_control.stat.exists From fd50b604850d7a77809e19af06146cd65923605e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 19:01:02 +0100 Subject: [PATCH 385/559] Fix linting --- .../tasks/installation_from_sources.yml | 8 ++++---- .../tasks/installation_from_sources.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index b13c17ef..b426df58 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -11,12 +11,12 @@ state: present - name: Removing old files - file: + file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent - name: Removing old folders - file: + file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: absent @@ -88,11 +88,11 @@ chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - name: Cleanup downloaded files - file: + file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent - name: Cleanup created folders - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 1bc17d9d..7e28a70e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -19,12 +19,12 @@ state: present - name: Removing old files - file: + file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" state: absent - name: Removing old folders - file: + file: path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: absent @@ -100,12 +100,12 @@ chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - name: Cleanup downloaded files - file: + file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" state: absent - name: Cleanup created folders - file: + file: path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: absent From 3406109b33ca3d05eac3d308ef96ab90abd668f7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 19:35:23 +0100 Subject: [PATCH 386/559] Remove tags from "preloaded-vars.conf" --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index b426df58..4c4a2c82 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -77,8 +77,6 @@ owner: root group: root mode: '644' - tags: - - molecule-idempotence-notest - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_agent_log.txt From a4f68f6487dfb46c4ce62ccba3725bb6bf904fa3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 20:04:28 +0100 Subject: [PATCH 387/559] Remove molecule-idemptence-notest tag to fix Jenkins build --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 4c4a2c82..0cca7044 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -56,8 +56,6 @@ changed_when: wazuh_untar.rc ==0 args: warn: false - tags: - - molecule-idempotence-notest - name: Clean remaining files from others builds command: "make -C src {{ item }}" From b4352beda178e54f4aeebfc0dd438832c4248ab9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 00:39:19 +0100 Subject: [PATCH 388/559] Add changed_when conditionals to avoid idempotence errors --- .../tasks/installation_from_sources.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 0cca7044..69934631 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -41,11 +41,13 @@ url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" + changed_when: false - name: Create folder to extract Wazuh branch file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: directory + changed_when: false - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip command: >- @@ -53,7 +55,7 @@ --strip 1 --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} register: wazuh_untar - changed_when: wazuh_untar.rc ==0 + changed_when: false args: warn: false @@ -75,6 +77,7 @@ owner: root group: root mode: '644' + changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_agent_log.txt @@ -87,8 +90,10 @@ file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent + changed_when: false - name: Cleanup created folders file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + state: absent + changed_when: false \ No newline at end of file From dc0811e6690b901d8e6abfa3cec18e02223decc1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 01:13:09 +0100 Subject: [PATCH 389/559] Testing Manager: sources, API packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 92fbf13c..3d1615f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From 37a59e212e3fa472a15faa0681ebf991cbc8835e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 01:14:51 +0100 Subject: [PATCH 390/559] Testing, Manager: package, API: package --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d1615f4..90d7fed3 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" From 0e196abb51c38a432e51737ab1c5d31e3968f43a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 10:35:34 +0100 Subject: [PATCH 391/559] Add npm as dependency required for Debian 10 --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 7e28a70e..89b934e8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -133,6 +133,7 @@ - autoconf - libtool - tar + - npm state: present - name: Ensure Git is present in the host From 85db46bbd89db0b8f6439fc7a3261762eb3fcbed Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 10:50:03 +0100 Subject: [PATCH 392/559] Set installation type to sources --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 90d7fed3..92fbf13c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From c17424b4639a7916548540f612c51ac1a246176a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 11:28:22 +0100 Subject: [PATCH 393/559] Limit the npm installation to Debian hosts only --- .../tasks/installation_from_sources.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 89b934e8..420992e6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -133,8 +133,14 @@ - autoconf - libtool - tar - - npm state: present + + - name: Explicitly installing npm for Debian hosts + package: + name: npm + state: present + when: + - ansible_distribution == "Debian" - name: Ensure Git is present in the host package: From e4fdb984d6ad2b538a442ab205a0e55837d8dc7f Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 11:38:54 +0100 Subject: [PATCH 394/559] Fix Linting --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 420992e6..b92e4edc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -134,7 +134,7 @@ - libtool - tar state: present - + - name: Explicitly installing npm for Debian hosts package: name: npm From 94ed23c60788c33cb9afadcb454770457d87fc16 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 13:22:42 +0100 Subject: [PATCH 395/559] Testing Agent from packages. Testing sources/package for manager and api --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 28e807f3..64935264 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_agent_sources_installation: - enabled: "true" + enabled: "false" branch: "v3.10.2" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 92fbf13c..3d1615f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From a25b7d9681fa30d05e975388549f33f5ce2b2906 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 14:55:57 +0100 Subject: [PATCH 396/559] Fix conditionals related with Manager and API kind of installatioin --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 9 +++------ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +-- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 76ed0f76..e0b2b426 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,8 +10,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 2c2db72d..9752545a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -27,16 +27,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -46,8 +44,7 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 68bf381f..807275f1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -10,8 +10,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo From c772d5c983b3e9aa53fd45d7b6798aa2ff03a125 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 15:00:22 +0100 Subject: [PATCH 397/559] Fix Nodejs in Kibana and rename 'repo_dic' to 'repo_dict' --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 +++++-- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 1352e352..db42b801 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -25,8 +25,11 @@ generate_CA: true ca_cert_name: "" # Nodejs -node_js_repo_url: https://rpm.nodesource.com/setup_8.x -node_js_repo_type: rpm +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index f4f8fd80..b864afc3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -13,7 +13,8 @@ - name: Download script to install Nodejs repository get_url: - url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" + nodejs['repo_dict'][ansible_os_family|lower] + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d1615f4..f85e32eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -371,7 +371,7 @@ wazuh_agent_configs: format: 'eventlog' nodejs: - repo_dic: + repo_dict: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index c6f0ae26..0bb00fef 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -16,7 +16,7 @@ block: - name: Download NodeJS repository script get_url: - url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: '0775' changed_when: false From e18e95816004b76cab8a46aa5841d371f56a8fb7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 16:38:40 +0100 Subject: [PATCH 398/559] Fix typo in build_wazuh_plugin.yml --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index b864afc3..4a2ebc23 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -1,5 +1,4 @@ --- - - name: Ensure the Git package is present package: name: git @@ -13,7 +12,6 @@ - name: Download script to install Nodejs repository get_url: - nodejs['repo_dict'][ansible_os_family|lower] url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" From ad8ae0ed655205f062ef50bead632e2a1448177c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 17:53:24 +0100 Subject: [PATCH 399/559] Testing package/sources for Manager and API respectively --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f85e32eb..ca23f8ff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From 4ba0a85bf199511278d127a774e3e81f6b0b4ce8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 18:49:10 +0100 Subject: [PATCH 400/559] Fix includes for wazuh-manager role --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9752545a..e045059d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,8 +1,4 @@ --- -- include_tasks: "installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -110,6 +106,10 @@ when: - not wazuh_manager_sources_installation.enabled +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 807275f1..49ff0cdf 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,10 +137,6 @@ tags: - init -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_api_sources_installation.enabled - - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager From dbf436be04828e4a0c28abae95ce1da926ada5c0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 18:56:06 +0100 Subject: [PATCH 401/559] Testing installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca23f8ff..ad3ddf1d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From ae5a3d6f91f459f2963a257b4d6e1c0ccff7173c Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 10:04:21 +0100 Subject: [PATCH 402/559] Fix conditional for RHEL hosts --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ad3ddf1d..ca23f8ff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 49ff0cdf..fc8cd489 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -123,7 +123,7 @@ - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - name: CentOS/RedHat/Amazon | Install Wazuh API package: From aaa68bd5bb87c0a8bda4d2fb3aee63ac60aca738 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 11:27:26 +0100 Subject: [PATCH 403/559] Testing installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca23f8ff..ad3ddf1d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From dec2fc5cca33e001ba8717af2741b5b9874edc64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 12:50:06 +0100 Subject: [PATCH 404/559] Test Kibana installation from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index db42b801..0a05d853 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: false -wazuh_plugin_branch: 3.10-7.3 \ No newline at end of file +build_from_sources: true +wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 814cfa1e5e5cf2f97bfe9ca81a60b1107eac79e8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 13:49:12 +0100 Subject: [PATCH 405/559] Fix idempotence on Kibana installation from sources --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 4a2ebc23..8de3281c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -19,7 +19,7 @@ - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh register: node_repo_installation_result - changed_when: node_repo_installation_result.rc == 0 + changed_when: false - name: Install Nodejs package: @@ -29,7 +29,7 @@ - name: Run NPM under root account command: npm config set user 0 register: allow_root_npm - changed_when: allow_root_npm.rc == 0 + changed_when: false - name: Install yarn dependency to build the Wazuh Kibana Plugin command: npm install -g yarn@1.10.1 @@ -40,11 +40,12 @@ file: path: /tmp/app state: absent + changed_when: false - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 register: clone_app_repo_result - changed_when: clone_app_repo_result.rc == 0 + changed_when: false args: chdir: "/tmp" From 77145e71b867326df92f7904e8e95c1f24ca7a8f Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 18:00:34 +0100 Subject: [PATCH 406/559] Disable Kibana from sources and test sources/package after changes --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..8e4a6572 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true +build_from_sources: false wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ad3ddf1d..f85e32eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" user_language: "en" user_no_stop: "y" From eed1a11aebb7e4ffdb68d8548983aad46e6f2af8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 10:13:08 +0100 Subject: [PATCH 407/559] Testing sources/sources installation for Manager and API respectively --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f85e32eb..27106dc1 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From 50cd3745bb13750572b3ae73bf191c61b7325b9e Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:28:38 +0100 Subject: [PATCH 408/559] Add check to stop if trying to build Kibana in Debian 10 --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 89af291c..dd0e423f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -1,4 +1,13 @@ --- + +- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible + fail: + msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" + when: + - build_from_sources + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' @@ -108,6 +117,7 @@ - build_from_sources is defined - build_from_sources + - name: Install Wazuh Plugin (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: From 7f70b4dfebce1484c95db3e8ff623d05871624b4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:49:40 +0100 Subject: [PATCH 409/559] Update "build_wazuh_plugin" to fix conditional and update npm task --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 8de3281c..a18a752b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -26,13 +26,9 @@ name: nodejs state: present - - name: Run NPM under root account - command: npm config set user 0 - register: allow_root_npm - changed_when: false - - name: Install yarn dependency to build the Wazuh Kibana Plugin - command: npm install -g yarn@1.10.1 + # Using shell due to errors when evaluating text between @ with command + shell: "npm install -g {{ 'yarn' }}{{ '@' }}{{ '1.10.1'}}" # noqa 305 register: install_yarn_result changed_when: install_yarn_result == 0 @@ -56,7 +52,7 @@ - "yarn build" - "yarn build" # Executing multiple times to workaround errors returned by yarn build register: yarn_execution_result - changed_when: yarn_execution_result == 0 + changed_when: false args: chdir: "/tmp/app/" From b9a6d0e1d6c2f098480dc04e8309f439b23ee671 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:49:47 +0100 Subject: [PATCH 410/559] Testing Kibana from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8e4a6572..0a05d853 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: false +build_from_sources: true wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 7525c75beb3cbb66e0a6822d762713b6220e14a2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:00:19 +0100 Subject: [PATCH 411/559] Restore elastic_stack-single to default configuration --- playbooks/wazuh-elastic_stack-single.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 9bf5f0fa..aba365c9 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- -- hosts: all +- hosts: roles: - {role: ../roles/wazuh/ansible-wazuh-manager} - role: ../roles/wazuh/ansible-filebeat filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '0.0.0.0', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file From e45aaf6a8e133910e17536aaa7897668fafb9eaf Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:04:09 +0100 Subject: [PATCH 412/559] Improving description for installation tasks in "RedHat.yml" --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index fc8cd489..5dc57e81 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -109,7 +109,7 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: CentOS/RedHat/Amazon | Install Wazuh Manager +- name: CentOS/RedHat/Amazon | Install wazuh-manager package: name: "wazuh-manager-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" @@ -125,7 +125,7 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled -- name: CentOS/RedHat/Amazon | Install Wazuh API +- name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" From ab4ef23e2ae9a947ed8585500a434188314bafc8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:51:58 +0100 Subject: [PATCH 413/559] Remove unneeded yarn build execution --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a18a752b..6a3dc514 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -50,7 +50,6 @@ with_items: - "yarn" - "yarn build" - - "yarn build" # Executing multiple times to workaround errors returned by yarn build register: yarn_execution_result changed_when: false args: From da2442ca0685f2e2286943f31dbc69263c59cf4c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 17:03:50 +0100 Subject: [PATCH 414/559] Adapt agent installation to the default --- .../ansible-wazuh-agent/defaults/main.yml | 32 +++++++++---------- .../var-ossec-etc-ossec-agent.conf.j2 | 27 ++++------------ 2 files changed, 22 insertions(+), 37 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 64935264..dc447edd 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -74,8 +74,6 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - remove_old_diff: 'yes' - restart_audit: 'yes' win_audit_interval: 300 skip_nfs: 'yes' ignore: @@ -93,6 +91,10 @@ wazuh_agent_config: - /etc/svc/volatile - /sys/kernel/security - /sys/kernel/debug + - /dev/core + ignore_linux_type: + - '^/proc' + - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' no_diff: @@ -273,19 +275,15 @@ wazuh_agent_config: wday: '' time: '' cis_cat: - disable: 'yes' - install_java: 'yes' + disable: 'no' + install_java: 'no' timeout: 1800 interval: '1d' scan_on_start: 'yes' - java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' + java_path: 'wodles/java' java_path_win: '\\server\jre\bin\java.exe' - ciscat_path: '/var/ossec/wodles/ciscat' + ciscat_path: 'wodles/ciscat' ciscat_path_win: 'C:\cis-cat' - content: - - type: 'xccdf' - path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' - profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' vuls: disable: 'yes' interval: '1d' @@ -318,16 +316,16 @@ wazuh_agent_config: linux: - format: 'syslog' location: '/var/ossec/logs/active-responses.log' - - format: 'command' - command: df -P -x squashfs -x tmpfs -x devtmpfs - frequency: '360' - - format: 'full_command' - command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t - alias: 'netstat listening ports' - frequency: '360' - format: 'full_command' command: 'last -n 20' frequency: '360' + - format: 'command' + command: df -P + frequency: '360' + - format: 'full_command' + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + alias: 'netstat listening ports' + frequency: '360' windows: - format: 'eventlog' location: 'Application' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 61c28012..ae5e47da 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -51,7 +51,6 @@ no {% if ansible_system == "Linux" %} - yes yes yes yes @@ -65,11 +64,6 @@ /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt - /var/ossec/etc/shared/system_audit_rcl.txt - /var/ossec/etc/shared/system_audit_ssh.txt - {% if cis_distribution_filename is defined %} - /var/ossec/etc/shared/{{ cis_distribution_filename }} - {% endif %} yes {% endif %} {% if ansible_os_family == "Windows" %} @@ -118,6 +112,13 @@ {% endfor %} {% endif %} + + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} + {{ ignore }} + {% endfor %} + {% endif %} + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %} {% for ignore in wazuh_agent_config.syscheck.ignore_win %} {{ ignore }} @@ -132,13 +133,6 @@ {{ wazuh_agent_config.syscheck.skip_nfs }} {% endif %} - - {{ wazuh_agent_config.syscheck.remove_old_diff }} - - {% if ansible_system == "Linux"%} - - {{ wazuh_agent_config.syscheck.restart_audit }} - {% endif %} {% if ansible_os_family == "Windows" %} {% for registry_key in wazuh_agent_config.syscheck.windows_registry %} @@ -234,13 +228,6 @@ {{ wazuh_agent_config.cis_cat.java_path }} {% endif %} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %} - {% if ansible_system == "Linux" %} - {% for benchmark in wazuh_agent_config.cis_cat.content %} - - {{ benchmark.profile }} - - {% endfor %} - {% endif %} {% endif %} From 29b4a9aacd549f6464f40a757825cc722be57cac Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 17:20:24 +0100 Subject: [PATCH 415/559] Change server protocol '' tcp -> udp '' --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index dc447edd..11e481f2 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -26,7 +26,7 @@ wazuh_agent_sources_installation: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: tcp + protocol: udp api_port: 55000 api_proto: 'http' api_user: null From 03e409fc52d0679fec6b79ff1083b4d5788bb742 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 18:44:18 +0100 Subject: [PATCH 416/559] Disable cis-cat --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 11e481f2..af9ad4c8 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -275,7 +275,7 @@ wazuh_agent_config: wday: '' time: '' cis_cat: - disable: 'no' + disable: 'yes' install_java: 'no' timeout: 1800 interval: '1d' From f6e4468fd86d4e496bd6783bfc7e4553d5c33d0a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 10 Dec 2019 10:12:32 +0100 Subject: [PATCH 417/559] Change default installation mode to packages. --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..8e4a6572 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true +build_from_sources: false wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 64935264..30eddc6e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_agent_sources_installation: - enabled: "false" + enabled: false branch: "v3.10.2" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0a5eaf07..ca536bff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From 8ef63f06ebaf17d8a8c4485dbdc604b8795d6162 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 12 Dec 2019 16:01:41 +0100 Subject: [PATCH 418/559] Fix Wazuh Agent name conditional in Linux.yml --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9265ce92..b53b2450 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,12 +59,12 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_authd.ssl_agent_ca is defined %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2de09a8e..ee0aced7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,7 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent From 2ddd8b9e72e403f7b0d99282e379644579a95092 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 16 Dec 2019 21:55:54 +0100 Subject: [PATCH 419/559] Add conditional check for syscheck.auto_ignore --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- .../templates/var-ossec-etc-shared-agent.conf.j2 | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index ae5e47da..6629da08 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -113,7 +113,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} {{ ignore }} {% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 4ae5a145..77e64fbf 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -4,7 +4,9 @@ {% if agent_config.syscheck is defined %} + {% if agent_config.syscheck.auto_ignore is defined %} {{ agent_config.syscheck.auto_ignore }} + {% endif %} {{ agent_config.syscheck.alert_new_files }} {{ agent_config.syscheck.frequency }} From ce013d1dde312c9b0e9a73393402542ee1545186 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 16 Dec 2019 21:57:10 +0100 Subject: [PATCH 420/559] Adapt ossec.conf template and variables to v3.11 - manager --- .../ansible-wazuh-manager/defaults/main.yml | 85 +++++++++------- .../var-ossec-etc-ossec-server.conf.j2 | 96 +++++++++++-------- 2 files changed, 108 insertions(+), 73 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0a5eaf07..3551c3ab 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -87,7 +87,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'tcp' + protocol: 'udp' queue_size: 131072 authd: enable: true @@ -97,6 +97,8 @@ wazuh_manager_config: force_time: 0 purge: 'no' use_password: 'no' + limit_maxagents: 'yes' + ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' ssl_agent_ca: null ssl_verify_host: 'no' ssl_manager_cert: 'sslmanager.cert' @@ -105,13 +107,14 @@ wazuh_manager_config: email_notification: 'no' mail_to: - 'admin@example.net' - mail_smtp_server: localhost - mail_from: wazuh-server@example.com + mail_smtp_server: smtp.example.wazuh.com + mail_from: ossecm@example.wazuh.com mail_maxperhour: 12 mail_queue_size: 131072 + email_log_source: 'alerts.log' extra_emails: - enable: false - mail_to: 'admin@example.net' + mail_to: 'recipient@example.wazuh.com' format: full level: 7 event_location: null @@ -152,6 +155,10 @@ wazuh_manager_config: - /etc/svc/volatile - /sys/kernel/security - /sys/kernel/debug + - /dev/core + ignore_linux_type: + - '^/proc' + - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: @@ -164,8 +171,6 @@ wazuh_manager_config: timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' - remove_old_diff: 'yes' - restart_audit: 'yes' rootcheck: frequency: 43200 openscap: @@ -181,10 +186,6 @@ wazuh_manager_config: scan_on_start: 'yes' java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' ciscat_path: 'wodles/ciscat' - content: - - type: 'xccdf' - path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' - profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' osquery: disable: 'yes' run_daemon: 'yes' @@ -209,20 +210,40 @@ wazuh_manager_config: day: '' wday: '' time: '' - vul_detector: - disable: 'yes' + vulnerability_detector: + enabled: 'no' interval: '5m' ignore_time: '6h' run_on_start: 'yes' - ubuntu: - disable: 'yes' - update_interval: '1h' - redhat: - disable: 'yes' - update_interval: '1h' - debian: - disable: 'yes' - update_interval: '1h' + providers: + canonical: + - name: 'canonical' + enabled: 'no' + os: + - precise + - trusty + - xenial + - bionic + update_interval: '1h' + debian: + - name: 'debian' + enabled: 'no' + os: + - wheezy + - stretch + - jessie + - buster + update_interval: '1h' + redhat: + - name: 'redhat' + enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + nvd: + - name: 'nvd' + enabled: 'no' + update_from_year: '2010' + update_interval: '1h' vuls: disable: 'yes' interval: '1d' @@ -233,15 +254,15 @@ wazuh_manager_config: - 'updatenvd' - 'nvd-year 2016' - 'autoupdate' - log_level: 1 + log_level: 3 email_level: 12 localfiles: common: - format: 'command' - command: df -P -x squashfs -x tmpfs -x devtmpfs + command: df -P frequency: '360' - format: 'full_command' - command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d alias: 'netstat listening ports' frequency: '360' - format: 'full_command' @@ -268,18 +289,15 @@ wazuh_manager_config: location: '/var/log/audit/audit.log' globals: - '127.0.0.1' - - '192.168.2.1' + - '^localhost.localdomain$' + - '127.0.0.53' commands: - name: 'disable-account' executable: 'disable-account.sh' expect: 'user' timeout_allowed: 'yes' - # - name: 'restart-ossec' - # executable: 'restart-ossec.sh' - # expect: '' - # timeout_allowed: 'no' - - name: 'win_restart-ossec' - executable: 'restart-ossec.cmd' + - name: 'restart-ossec' + executable: 'restart-ossec.sh' expect: '' timeout_allowed: 'no' - name: 'firewall-drop' @@ -298,6 +316,10 @@ wazuh_manager_config: executable: 'route-null.cmd' expect: 'srcip' timeout_allowed: 'yes' + - name: 'win_route-null-2012' + executable: 'route-null-2012.cmd' + expect: 'srcip' + timeout_allowed: 'yes' - name: 'netsh' executable: 'netsh.cmd' expect: 'srcip' @@ -327,7 +349,6 @@ wazuh_agent_configs: syscheck: frequency: 43200 scan_on_start: 'yes' - auto_ignore: 'no' alert_new_files: 'yes' ignore: - /etc/mtab diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 733cae18..603ce858 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -18,7 +18,7 @@ {{ wazuh_manager_config.mail_smtp_server }} {{ wazuh_manager_config.mail_from }} {{ wazuh_manager_config.mail_maxperhour }} - {{ wazuh_manager_config.mail_queue_size }} + {{ wazuh_manager_config.email_log_source }} @@ -115,7 +115,6 @@ no - yes yes yes yes @@ -129,11 +128,6 @@ /var/ossec/etc/shared/default/rootkit_files.txt /var/ossec/etc/shared/default/rootkit_trojans.txt - /var/ossec/etc/shared/default/system_audit_rcl.txt - /var/ossec/etc/shared/default/system_audit_ssh.txt - {% if cis_distribution_filename is defined %} - /var/ossec/etc/shared/default/{{ cis_distribution_filename }} - {% endif %} yes @@ -202,11 +196,6 @@ {{ wazuh_manager_config.cis_cat.java_path }} {% endif %} {{ wazuh_manager_config.cis_cat.ciscat_path }} - {% for benchmark in wazuh_manager_config.cis_cat.content %} - - {{ benchmark.profile }} - - {% endfor %} @@ -255,24 +244,45 @@ {% endif %} - - {{ wazuh_manager_config.vul_detector.disable }} - {{ wazuh_manager_config.vul_detector.interval }} - {{ wazuh_manager_config.vul_detector.ignore_time }} - {{ wazuh_manager_config.vul_detector.run_on_start }} - - {{ wazuh_manager_config.vul_detector.ubuntu.disable }} - {{ wazuh_manager_config.vul_detector.ubuntu.update_interval }} - - - {{ wazuh_manager_config.vul_detector.redhat.disable }} - {{ wazuh_manager_config.vul_detector.redhat.update_interval }} - - - {{ wazuh_manager_config.vul_detector.debian.disable }} - {{ wazuh_manager_config.vul_detector.debian.update_interval }} - - + + {% if wazuh_manager_config.vulnerability_detector.enabled is defined %} + {{ wazuh_manager_config.vulnerability_detector.enabled }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.interval is defined %} + {{ wazuh_manager_config.vulnerability_detector.interval }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.ignore_time is defined %} + {{ wazuh_manager_config.vulnerability_detector.ignore_time }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} + {{ wazuh_manager_config.vulnerability_detector.run_on_start }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.providers is defined %} + {% for provider in wazuh_manager_config.vulnerability_detector.providers %} + + + {% if provider.enabled is defined %} + {{ provider.enabled }} + {% endif %} + + {% if provider.os is defined %} + {% for os_ in provider.os %} + {{ os_ }} + {% endfor %} + {% endif %} + + {% if provider.update_from_year is defined %} + {{ provider.update_from_year }} + {% endif %} + + {% if provider.update_interval is defined %} + {{ provider.update_interval }} + {% endif %} + + + {% endfor %} + {% endif %} + @@ -283,7 +293,7 @@ {{ wazuh_manager_config.syscheck.frequency }} {{ wazuh_manager_config.syscheck.scan_on_start }} - + {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %} {{wazuh_manager_config.syscheck.auto_ignore_frequency.value }} {% endif %} @@ -302,6 +312,14 @@ {% endfor %} {% endif %} + + {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %} + {{ ignore }} + {% endfor %} + {% endif %} + + {% for no_diff in wazuh_manager_config.syscheck.no_diff %} {{ no_diff }} @@ -309,16 +327,6 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} - - - {% if wazuh_manager_config.syscheck.remove_old_diff is defined %} - {{ wazuh_manager_config.syscheck.remove_old_diff }} - {% endif %} - - - {% if wazuh_manager_config.syscheck.restart_audit is defined %} - {{ wazuh_manager_config.syscheck.restart_audit }} - {% endif %} @@ -380,6 +388,12 @@ {% if wazuh_manager_config.authd.use_password is not none %} {{wazuh_manager_config.authd.use_password}} {% endif %} + {% if wazuh_manager_config.authd.limit_maxagents is not none %} + {{wazuh_manager_config.authd.limit_maxagents}} + {% endif %} + {% if wazuh_manager_config.authd.ciphers is not none %} + {{wazuh_manager_config.authd.ciphers}} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 7df74182f4e4e086082c42712f9e4b69dbd34a35 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 11:50:28 +0100 Subject: [PATCH 421/559] Fix conditional check for null variables --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index b53b2450..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,17 +59,23 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is defined %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From 760057583c0b6c27266ceecf1659dc6b0572ca6a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 14:15:16 +0100 Subject: [PATCH 422/559] Bump version to wazuh 3.11.0 --- CHANGELOG.md | 4 ++-- VERSION | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c04df488..8ed1e39c 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,11 +17,11 @@ All notable changes to this project will be documented in this file. - Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) - Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) -## [v3.10.2_7.3.2] +## [v3.11.0_7.3.2] ### Added -- Update to Wazuh v3.10.2 +- Update to Wazuh v3.11.0 ### Changed diff --git a/VERSION b/VERSION index f4d1cb92..31264c4e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" +WAZUH-ANSIBLE_VERSION="v3.11.0" REVISION="31020" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..62af2781 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index af9ad4c8..ff574fe8 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.10.2-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: "false" - branch: "v3.10.2" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3551c3ab..e46a095c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.10.2-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: true - branch: "v3.10.2" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: true - branch: "v3.10.2" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b92e4edc..fe78cdbb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.10.2" extracted folder name is 3.10.2. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From dc96d210e5de5201f44a5f093ba3aa47515cd423 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 11:50:28 +0100 Subject: [PATCH 423/559] Fix conditional check for null variables cherry pick: 7df74182f4e4e086082c42712f9e4b69dbd34a35 --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9265ce92..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,17 +59,23 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From e7e3a39df7185e02d2db48110b8b71d04aae898e Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:14:07 +0100 Subject: [PATCH 424/559] Adapt agent (windows) to 3.11 --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ff574fe8..2ade229c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: - enabled: "false" + enabled: "true" branch: "v3.11.0" user_language: "y" user_no_stop: "y" @@ -250,11 +250,11 @@ wazuh_agent_config: osquery: disable: 'yes' run_daemon: 'yes' - bin_path_win: 'C:\ProgramData\osquery\osqueryd' + bin_path_win: 'C:\Program Files\osquery\osqueryd' log_path: '/var/log/osquery/osqueryd.results.log' - log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log' + log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' config_path: '/etc/osquery/osquery.conf' - config_path_win: 'C:\ProgramData\osquery\osquery.conf' + config_path_win: 'C:\Program Files\osquery\osquery.conf' add_labels: 'yes' syscollector: disable: 'no' From d64d26d5a558825e76be9d258026525f014d2cb6 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:48:09 +0100 Subject: [PATCH 425/559] Fix variable name in --- .../var-ossec-etc-ossec-server.conf.j2 | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 603ce858..251a8d5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -258,27 +258,25 @@ {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} {% if wazuh_manager_config.vulnerability_detector.providers is defined %} - {% for provider in wazuh_manager_config.vulnerability_detector.providers %} - + {% for provider_ in wazuh_manager_config.vulnerability_detector.providers_ %} + + {% if provider_.enabled is defined %} + {{ provider_.enabled }} + {% endif %} - {% if provider.enabled is defined %} - {{ provider.enabled }} - {% endif %} + {% if provider_.os is defined %} + {% for os_ in provider_.os %} + {{ os_ }} + {% endfor %} + {% endif %} - {% if provider.os is defined %} - {% for os_ in provider.os %} - {{ os_ }} - {% endfor %} - {% endif %} - - {% if provider.update_from_year is defined %} - {{ provider.update_from_year }} - {% endif %} - - {% if provider.update_interval is defined %} - {{ provider.update_interval }} - {% endif %} + {% if provider_.update_from_year is defined %} + {{ provider_.update_from_year }} + {% endif %} + {% if provider_.update_interval is defined %} + {{ provider_.update_interval }} + {% endif %} {% endfor %} {% endif %} From 9a42faebdf3eb0b14e76e0888e2e2beb080ee2f5 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:48:58 +0100 Subject: [PATCH 426/559] Rename and Reorder vars. --- .../ansible-wazuh-manager/defaults/main.yml | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e46a095c..cc956434 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -215,35 +215,35 @@ wazuh_manager_config: interval: '5m' ignore_time: '6h' run_on_start: 'yes' - providers: - canonical: - - name: 'canonical' - enabled: 'no' - os: - - precise - - trusty - - xenial - - bionic - update_interval: '1h' - debian: - - name: 'debian' - enabled: 'no' - os: - - wheezy - - stretch - - jessie - - buster - update_interval: '1h' - redhat: - - name: 'redhat' - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - nvd: - - name: 'nvd' - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' + providers_: + - canonical: + - enabled: 'no' + os: + - 'precise' + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: '1h' + name: 'canonical' + - debian: + - enabled: 'no' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: '1h' + name: 'debian' + - redhat: + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'redhat' + - nvd: + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'nvd' vuls: disable: 'yes' interval: '1d' From 39e514d51505602385391280c2d651d5b09bb858 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 11:02:27 +0100 Subject: [PATCH 427/559] Fix vulnerability-detector variables structure --- .../ansible-wazuh-manager/defaults/main.yml | 54 +++++++++---------- .../var-ossec-etc-ossec-server.conf.j2 | 2 +- 2 files changed, 26 insertions(+), 30 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index cc956434..f43958bb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -215,35 +215,31 @@ wazuh_manager_config: interval: '5m' ignore_time: '6h' run_on_start: 'yes' - providers_: - - canonical: - - enabled: 'no' - os: - - 'precise' - - 'trusty' - - 'xenial' - - 'bionic' - update_interval: '1h' - name: 'canonical' - - debian: - - enabled: 'no' - os: - - 'wheezy' - - 'stretch' - - 'jessie' - - 'buster' - update_interval: '1h' - name: 'debian' - - redhat: - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: 'redhat' - - nvd: - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: 'nvd' + providers: + - enabled: 'no' + os: + - 'precise' + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: '1h' + name: 'canonical' + - enabled: 'no' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: '1h' + name: 'debian' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'redhat' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'nvd' vuls: disable: 'yes' interval: '1d' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 251a8d5a..a6daf8b6 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -258,7 +258,7 @@ {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} {% if wazuh_manager_config.vulnerability_detector.providers is defined %} - {% for provider_ in wazuh_manager_config.vulnerability_detector.providers_ %} + {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %} {% if provider_.enabled is defined %} {{ provider_.enabled }} From fe1fc854a428044c40a263a99fdf5e5792002960 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 11:17:09 +0100 Subject: [PATCH 428/559] Quote vulnerabilit-detector providers names --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f43958bb..73834fc2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -223,7 +223,7 @@ wazuh_manager_config: - 'xenial' - 'bionic' update_interval: '1h' - name: 'canonical' + name: '"canonical"' - enabled: 'no' os: - 'wheezy' @@ -231,15 +231,15 @@ wazuh_manager_config: - 'jessie' - 'buster' update_interval: '1h' - name: 'debian' + name: '"debian"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' - name: 'redhat' + name: '"redhat"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' - name: 'nvd' + name: '"nvd"' vuls: disable: 'yes' interval: '1d' From efc5ad1b07e19e12a80955cadd5ce4ae492dcce2 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 13:28:18 +0100 Subject: [PATCH 429/559] Remove empty lines from template --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index a6daf8b6..81b7d31b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -263,17 +263,14 @@ {% if provider_.enabled is defined %} {{ provider_.enabled }} {% endif %} - {% if provider_.os is defined %} {% for os_ in provider_.os %} {{ os_ }} {% endfor %} {% endif %} - {% if provider_.update_from_year is defined %} {{ provider_.update_from_year }} {% endif %} - {% if provider_.update_interval is defined %} {{ provider_.update_interval }} {% endif %} From 879c2782b01ae8abc5117e4e9c964b2cf51a5559 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 11:58:01 +0100 Subject: [PATCH 430/559] Bump version to 3.11.0_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/VERSION b/VERSION index f4d1cb92..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" -REVISION="31020" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 7eb645c2..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8e4a6572..72e51254 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 30eddc6e..dc045dd6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.10.2-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca536bff..bd039d68 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.10.2-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b92e4edc..fe78cdbb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.10.2" extracted folder name is 3.10.2. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From bfe86ed1d30d75ed14b43d4bb6bfd87a1e859409 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 13:13:32 +0100 Subject: [PATCH 431/559] Update CHANGELOG.md --- CHANGELOG.md | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c04df488..73f7ea43 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,55 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.xx.x_x.x.x] +## [v3.11.0_7.5.1] ### Added -- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) +- Update to Wazuh v3.11.0 + +- Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +- Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) + +- Added config tag to the Wazuh Agent's enable task ([@xr09](https://github.com/xr09)) [PR#261](https://github.com/wazuh/wazuh-ansible/pull/261) + +- Implement task to configure Elasticsearch user on every cluster node ([@xr09](https://github.com/xr09)) [PR#270](https://github.com/wazuh/wazuh-ansible/pull/270) + +- Added SCA to Wazuh Agent and Manager installation ([@jm404](https://github.com/jm404)) [PR#260](https://github.com/wazuh/wazuh-ansible/pull/260) + +- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) + +- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) + ### Changed -- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) -- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) +- Updated Filebeat and Elasticsearch templates ([@manuasir](https://github.com/manuasir)) [PR#285](https://github.com/wazuh/wazuh-ansible/pull/285) + +- Make ossec.conf file more readable by removing trailing whitespaces ([@jm404](https://github.com/jm404)) [PR#286](https://github.com/wazuh/wazuh-ansible/pull/286) + +- Wazuh repositories can now be configured to different sources URLs ([@jm404](https://github.com/jm404)) [PR#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +- Wazuh App URL is now flexible ([@jm404](https://github.com/jm404)) [PR#304](https://github.com/wazuh/wazuh-ansible/pull/304) + +- Agent installation task now does not hardcodes the "-1" sufix ([@jm404](https://github.com/jm404)) [PR#310](https://github.com/wazuh/wazuh-ansible/pull/310) + +- Enhanced task importation in Wazuh Manager role and removed deprecated warnings ([@xr09](https://github.com/xr09)) [PR#320](https://github.com/wazuh/wazuh-ansible/pull/320) + +- Wazuh API installation task have been upgraded ([@rshad](https://github.com/rshad)) [PR#330](https://github.com/wazuh/wazuh-ansible/pull/330) + +- It's now possible to install Wazuh Manager and Agent from sources ([@jm404](https://github.com/jm404)) [PR#329](https://github.com/wazuh/wazuh-ansible/pull/329) + ### Fixed -- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) -- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) +- Ansible upgrade from 6.x to 7.x ([@jm404](https://github.com/jm404)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/251) + +- Wazuh Agent registration using agent name has been fixed ([@jm404](https://github.com/jm404)) [PR#298](https://github.com/wazuh/wazuh-ansible/pull/298) +- Fix Wazuh repository and installation conditionals ([@jm404](https://github.com/jm404)) [PR#299](https://github.com/wazuh/wazuh-ansible/pull/299) + +- Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334) + ## [v3.10.2_7.3.2] From 6eebfa4f2c83320c414ab33815b8ab3ef5a284cb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 30 Dec 2019 17:37:07 +0100 Subject: [PATCH 432/559] Fix openscap block rendering for CentOS 8 --- .../var-ossec-etc-ossec-server.conf.j2 | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 733cae18..b4d27e14 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -160,23 +160,33 @@ {% endif %} {% elif ansible_distribution == 'CentOS' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% elif ansible_distribution == 'RedHat' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% if ansible_distribution_major_version == '7' %} {% elif ansible_distribution_major_version == '6' %} From e5643b33ccc42609d33b5f06f4003ae119f63f88 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 13:57:47 +0100 Subject: [PATCH 433/559] Bump version - Wazuh = 3.11.1_7.5.1 --- VERSION | 2 +- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/VERSION b/VERSION index 31264c4e..fccb7443 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.0" +WAZUH-ANSIBLE_VERSION="v3.11.1" REVISION="31020" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 7eb645c2..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 62af2781..8ec8f78a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.11.0 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2ade229c..daa8df50 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.0-1 +wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: enabled: "true" - branch: "v3.11.0" + branch: "v3.11.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.0' + version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 73834fc2..1bf5d2f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.0-1 +wazuh_manager_version: 3.11.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: true - branch: "v3.11.0" + branch: "v3.11.1" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: true - branch: "v3.11.0" + branch: "v3.11.1" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index fe78cdbb..b8bf5625 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.1" extracted folder name is 3.11.1. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From d3f73a5e5816b0e474e76c04eec152ad1fe66e09 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 14:03:44 +0100 Subject: [PATCH 434/559] Set source installation mode to false --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index daa8df50..b6a1452c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: - enabled: "true" + enabled: "false" branch: "v3.11.1" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1bf5d2f4..6c4a27c8 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.11.1" user_language: "en" user_no_stop: "y" From 58c5005bedcc3cbd1e0c9f39fc840a3d191614d6 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 15:01:05 +0100 Subject: [PATCH 435/559] Set new API configuration behavior --- .../ansible-kibana/defaults/main.yml | 8 ++ .../ansible-kibana/tasks/main.yml | 25 ++++ .../ansible-kibana/templates/wazuh.yml.j2 | 134 ++++++++++++++++++ 3 files changed, 167 insertions(+) create mode 100644 roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 72e51254..22dcf3ea 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,6 +9,14 @@ elastic_stack_version: 7.5.1 wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +# API credentials +api_auth: + - api_id: "default" + api_url: "http://localhost" + api_port: 55000 + api_user: "foo" + api_password: "bar" + # Xpack Security kibana_xpack_security: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dd0e423f..c37a23eb 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -134,6 +134,31 @@ when: - not build_from_sources +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200, 404 + ignore_errors: yes + +- name: Configure Wazuh Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + owner: kibana + group: root + mode: 0644 + - name: Reload systemd configuration systemd: daemon_reload: true diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 new file mode 100644 index 00000000..4895c105 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -0,0 +1,134 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2019 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-3.x-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# ------------------------------ Advanced indices ------------------------------ +# +# Configure .wazuh indices shards and replicas. +#wazuh.shards : 1 +#wazuh.replicas : 0 +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-3.x-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +# +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# user: +# password: + +hosts: +{% for api in api_auth %} + - {{ api['api_id'] }}: + url: {{ api['api_url'] }} + port: {{ api['api_port'] }} + user: {{ api['api_user'] }} + password: {{ api['api_password'] }} +{% endfor %} From c7ca41169e07da37cddf82847d47c5fd88778a1d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:06:08 +0100 Subject: [PATCH 436/559] Rename API variables --- .../elastic-stack/ansible-kibana/defaults/main.yml | 14 +++++++------- .../ansible-kibana/templates/wazuh.yml.j2 | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 22dcf3ea..0f1b0611 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -10,12 +10,12 @@ wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials -api_auth: - - api_id: "default" - api_url: "http://localhost" - api_port: 55000 - api_user: "foo" - api_password: "bar" +wazuh_api_credentials: + - id: "default" + url: "http://localhost" + port: 55000 + user: "foo" + password: "bar" # Xpack Security kibana_xpack_security: false @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +wazuh_plugin_branch: 3.10-7.4 diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 4895c105..1cbc9e2d 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -125,10 +125,10 @@ # password: hosts: -{% for api in api_auth %} - - {{ api['api_id'] }}: - url: {{ api['api_url'] }} - port: {{ api['api_port'] }} - user: {{ api['api_user'] }} - password: {{ api['api_password'] }} +{% for api in wazuh_api_credentials %} + - {{ api['id'] }}: + url: {{ api['url'] }} + port: {{ api['port'] }} + user: {{ api['user'] }} + password: {{ api['password'] }} {% endfor %} From 2d91a5c126c615a9b0541ea202853f3046b62b8c Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:10:04 +0100 Subject: [PATCH 437/559] Rename task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c37a23eb..5e300934 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -151,7 +151,7 @@ status_code: 200, 404 ignore_errors: yes -- name: Configure Wazuh Plugin +- name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 dest: /usr/share/kibana/plugins/wazuh/wazuh.yml From 71e52de80f33fcb8be0c3b620e3cfbc2f10fc2b3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:21:47 +0100 Subject: [PATCH 438/559] Do not ignore errors on index removal --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 5e300934..d21dea91 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -149,7 +149,6 @@ password: "{{ elasticsearch_xpack_security_password }}" validate_certs: no status_code: 200, 404 - ignore_errors: yes - name: Configure Wazuh Kibana Plugin template: From 5b895233d458203e5a97acbc07bdae846224fa38 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:29:20 +0100 Subject: [PATCH 439/559] Fix missing bump --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0f1b0611..4e32c838 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 +wazuh_plugin_branch: 3.11-7.5 From 812fb81b812aab284455242f7dd6f1c88496641a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 12:02:14 +0100 Subject: [PATCH 440/559] Bump to version 3.11.1_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/VERSION b/VERSION index 53ae3f4b..3961d05c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.0" -REVISION="31100" +WAZUH-ANSIBLE_VERSION="v3.11.1" +REVISION="31110" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 4e32c838..486448d2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.0 +wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index dc045dd6..ba697a4b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.0-1 +wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.0' + version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 @@ -343,4 +343,4 @@ wazuh_agent_config: list: - key: Env value: Production -wazuh_agent_nat: false \ No newline at end of file +wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index bd039d68..6b884123 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.0-1 +wazuh_manager_version: 3.11.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" update: "y" remove: "y" directory: null From cf37169f1d4657b955be91523ad639ddec748352 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:39:49 +0100 Subject: [PATCH 441/559] Update Windows package MD5 hash --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ba697a4b..4786dadb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -53,7 +53,7 @@ wazuh_winagent_config: version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 71650780904cbfc2e45eae4298adb7a3 + md5: 1e39c2ad032259cb9682c1eac3ac646a wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 0d23ca8b01420122861c780c70f2538211ec6f8b Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:45:53 +0100 Subject: [PATCH 442/559] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73f7ea43..8509f0fd 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.1_7.5.1] + +### Added + +- Update to Wazuh v3.11.1 + + ## [v3.11.0_7.5.1] ### Added From 1348f1acc2a0ef8d85c5b86e2312efce8f246316 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 17:47:39 +0100 Subject: [PATCH 443/559] Remove whitespace --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d21dea91..4926e19d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -140,7 +140,7 @@ - name: Select correct API protocol set_fact: elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" - + - name: Attempting to delete legacy Wazuh index if exists uri: url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" From 09fd2ac4fe98df1e8c9f3c817a52d238b9dde68a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 18:09:49 +0100 Subject: [PATCH 444/559] Update revision to 31110 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index fad76f5c..3961d05c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31100" +REVISION="31110" From 0428fb3180570fd6b89673a39d5c421732aba8a0 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 17:47:39 +0100 Subject: [PATCH 445/559] Remove whitespace --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d21dea91..4926e19d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -140,7 +140,7 @@ - name: Select correct API protocol set_fact: elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" - + - name: Attempting to delete legacy Wazuh index if exists uri: url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" From d2615ef6466ffac7fb512aca979b92a7f95c2460 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 8 Jan 2020 14:22:07 +0100 Subject: [PATCH 446/559] Update Windows MD5 hash of Wazuh Agent 3.11.0 --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index dc045dd6..6645a4b3 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -53,7 +53,7 @@ wazuh_winagent_config: version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 71650780904cbfc2e45eae4298adb7a3 + md5: 817b52aabea7a9e936effa022c5eba43 wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From b050291a23da5fb911ca07c5ee20c12b37b7f925 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 8 Jan 2020 14:23:14 +0100 Subject: [PATCH 447/559] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73f7ea43..f2f333cc 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file. - Update to Wazuh v3.11.0 +- Implemented changes to configure Wazuh API using the `wazuh.yml` file ([@xr09](https://github.com/xr09)) [PR#342](https://github.com/wazuh/wazuh-ansible/pull/342) + - Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) - Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) From 16495e9b91881eb3744c677c638beed0147f1be8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 8 Jan 2020 17:16:38 +0100 Subject: [PATCH 448/559] Restore Wazuh version 3.11.0_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- wazuh-qa | 1 + 6 files changed, 11 insertions(+), 10 deletions(-) create mode 160000 wazuh-qa diff --git a/VERSION b/VERSION index 3961d05c..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31110" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 32039d6b..b82f4ce2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b6a1452c..d748f80e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.1-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: "false" - branch: "v3.11.1" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.1' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 21faa35c..d075b3cb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.1-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 68aeac34..10203cb9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.1" extracted folder name is 3.11.1. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file diff --git a/wazuh-qa b/wazuh-qa new file mode 160000 index 00000000..2699bb7b --- /dev/null +++ b/wazuh-qa @@ -0,0 +1 @@ +Subproject commit 2699bb7ba8026daae2bb73f19ac50c2010b4677c From 3954c0d317c6055d6ce45349c4a689902214dd8a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 8 Jan 2020 17:39:03 +0100 Subject: [PATCH 449/559] Remove wazuh-qa submodule --- wazuh-qa | 1 - 1 file changed, 1 deletion(-) delete mode 160000 wazuh-qa diff --git a/wazuh-qa b/wazuh-qa deleted file mode 160000 index 2699bb7b..00000000 --- a/wazuh-qa +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2699bb7ba8026daae2bb73f19ac50c2010b4677c From 99f5403d5005adf7c7c075c457b396b26102cbf0 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 9 Jan 2020 11:10:30 +0100 Subject: [PATCH 450/559] Update templates for Python 3 compatibility --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- .../templates/var-ossec-etc-shared-agent.conf.j2 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 99201c29..a3dcbb46 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -502,7 +502,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} @@ -540,7 +540,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} @@ -579,7 +579,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 77e64fbf..dd1c8d9a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -68,7 +68,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} From a35c7bceb1f9daeb543cd5e68a9685ab35f3fc81 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 9 Jan 2020 18:05:41 +0100 Subject: [PATCH 451/559] Fix rootkit files & trojans paths for manager --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++---- .../templates/var-ossec-etc-ossec-server.conf.j2 | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 21faa35c..e4f6a17d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -95,7 +95,7 @@ wazuh_manager_config: use_source_ip: 'yes' force_insert: 'yes' force_time: 0 - purge: 'no' + purge: 'yes' use_password: 'no' limit_maxagents: 'yes' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' @@ -114,7 +114,7 @@ wazuh_manager_config: email_log_source: 'alerts.log' extra_emails: - enable: false - mail_to: 'recipient@example.wazuh.com' + mail_to: 'admin@example.net' format: full level: 7 event_location: null @@ -174,7 +174,7 @@ wazuh_manager_config: rootcheck: frequency: 43200 openscap: - disable: 'no' + disable: 'yes' timeout: 1800 interval: '1d' scan_on_start: 'yes' @@ -263,6 +263,7 @@ wazuh_manager_config: frequency: '360' - format: 'full_command' command: 'last -n 20' + frequency: '360' - format: 'syslog' location: '/var/ossec/logs/active-responses.log' debian: @@ -295,7 +296,6 @@ wazuh_manager_config: - name: 'restart-ossec' executable: 'restart-ossec.sh' expect: '' - timeout_allowed: 'no' - name: 'firewall-drop' executable: 'firewall-drop.sh' expect: 'srcip' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 99201c29..94223a94 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -126,8 +126,8 @@ {{ wazuh_manager_config.rootcheck.frequency }} - /var/ossec/etc/shared/default/rootkit_files.txt - /var/ossec/etc/shared/default/rootkit_trojans.txt + /var/ossec/etc/rootcheck/rootkit_files.txt + /var/ossec/etc/rootcheck/rootkit_trojans.txt yes @@ -292,7 +292,6 @@ {{ wazuh_manager_config.syscheck.disable }} - {{ wazuh_manager_config.syscheck.auto_ignore }} {{ wazuh_manager_config.syscheck.alert_new_files }} {{ wazuh_manager_config.syscheck.frequency }} @@ -318,7 +317,7 @@ {% endif %} - {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% if wazuh_manager_config.syscheck.ignore_linux_type is defined %} {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %} {{ ignore }} {% endfor %} @@ -346,7 +345,9 @@ {{ command.name }} {{ command.executable }} {{ command.expect }} - {{ command.timeout_allowed }} + {% if command.timeout_allowed is defined %} + {{ command.timeout_allowed }} + {% endif %} {% endfor %} @@ -359,7 +360,6 @@ {{ rule }} {% endfor %} {% endif %} - {% if cdb_lists is defined %} {% for list in cdb_lists %} etc/lists/{{ list.name }} {% endfor %} From 285cbc26fc5e64bdfa11b3e2d51621282c34d8f2 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 9 Jan 2020 19:14:59 +0100 Subject: [PATCH 452/559] Adapt agent to 3.11.1 - detailed changes --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6629da08..57787b07 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -86,8 +86,6 @@ /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot - - {{ wazuh_agent_config.syscheck.auto_ignore }} {{ wazuh_agent_config.syscheck.scan_on_start }} {% endif %} @@ -113,7 +111,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% if wazuh_agent_config.syscheck.ignore_linux_type is defined %} {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} {{ ignore }} {% endfor %} @@ -161,9 +159,9 @@ {% endif %} - {% if ansible_system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %} + {% if ansible_system == "Linux" %} - no + {{ wazuh_agent_config.openscap.disable }} {{ wazuh_agent_config.openscap.timeout }} {{ wazuh_agent_config.openscap.interval }} {{ wazuh_agent_config.openscap.scan_on_start }} @@ -214,9 +212,8 @@ {% endif %} - {% if wazuh_agent_config.cis_cat.disable == 'no' %} - no + {{ wazuh_agent_config.cis_cat.disable }} {{ wazuh_agent_config.cis_cat.timeout }} {{ wazuh_agent_config.cis_cat.interval }} {{ wazuh_agent_config.cis_cat.scan_on_start }} @@ -229,7 +226,6 @@ {% endif %} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %} - {% endif %} From 144067763b3356dcac4801f962950012394faf6c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 9 Jan 2020 19:15:14 +0100 Subject: [PATCH 453/559] Remove cdb related tasks and config --- .../ansible-wazuh-manager/handlers/main.yml | 3 - .../ansible-wazuh-manager/tasks/main.yml | 26 ------ .../var-ossec-etc-ossec-server.conf.j2 | 3 +- .../ansible-wazuh-manager/vars/cdb_lists.yml | 88 +------------------ 4 files changed, 5 insertions(+), 115 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 46f1097b..f422b85d 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -1,7 +1,4 @@ --- -- name: rebuild cdb_lists - command: /var/ossec/bin/ossec-makelists - - name: restart wazuh-manager service: name: wazuh-manager diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 0bb00fef..842d33a6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -198,11 +198,6 @@ tags: - config -- name: Retrieving CDB lists - include_vars: cdb_lists.yml - tags: - - config - - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none @@ -334,27 +329,6 @@ tags: - config -- name: CDB Lists - template: - src: cdb_lists.j2 - dest: "/var/ossec/etc/lists/{{ item.name }}" - owner: root - group: ossec - mode: 0640 - no_log: true - register: wazuh_manager_cdb_lists - until: wazuh_manager_cdb_lists is succeeded - notify: - - rebuild cdb_lists - - restart wazuh-manager - with_items: - - "{{ cdb_lists }}" - when: - - cdb_lists is defined - - cdb_lists is iterable - tags: - - config - - name: Ensure Wazuh Manager, wazuh API service is started and enabled service: name: "{{ item }}" diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 94223a94..125f948c 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -360,8 +360,9 @@ {{ rule }} {% endfor %} {% endif %} + {% if cdb_lists is defined %} {% for list in cdb_lists %} - etc/lists/{{ list.name }} + etc/lists/{{ list }} {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml index 8e904e14..44188745 100644 --- a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml +++ b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml @@ -1,87 +1,5 @@ --- cdb_lists: - - name: 'audit-keys' - content: | - audit-wazuh-w:write - audit-wazuh-r:read - audit-wazuh-a:attribute - audit-wazuh-x:execute - audit-wazuh-c:command - - name: 'aws-source' - content: | - ec2.amazonaws.com: - elasticloadbalancing.amazonaws.com: - iam.amazonaws.com: - signin.amazonaws.com: - kms.amazonaws.com: - s3.amazonaws.com: - - name: 'aws-eventnames' - content: | - AddUserToGroup: - AllocateAddress: - AssociateAddress: - AssociateDhcpOptions: - AssociateRouteTable: - AttachGroupPolicy: - AttachNetworkInterface: - AttachRolePolicy: - AttachUserPolicy: - AttachVolume: - AuthorizeSecurityGroupIngress: - ConsoleLogin: - CopySnapshot: - CreateAccountAlias: - CreateGroup: - CreateImage: - CreateLoadBalancer: - CreatePlacementGroup: - CreatePolicy: - CreateRole: - CreateRouteTable: - CreateSecurityGroup: - CreateSnapshot: - CreateSubnet: - CreateTags: - CreateUser: - CreateVolume: - CreateVpc: - DeleteAccountAlias: - DeleteLoadBalancer: - DeletePlacementGroup: - DeleteSecurityGroup: - DeleteSnapshot: - DeleteTags: - DeleteUser: - DeleteVolume: - DeregisterImage: - DetachGroupPolicy: - DetachNetworkInterface: - DetachRolePolicy: - DetachVolume: - DisableKey: - DisassociateAddress: - DisassociateAddress: - DisassociateRouteTable: - GetGroup: - ListAliases: - ListGroups: - ListUsers: - ModifyImageAttribute: - ModifyInstanceAttribute: - ModifyNetworkInterfaceAttribute: - ModifySnapshotAttribute: - ModifySubnetAttribute: - ModifyVolumeAttribute: - MonitorInstances: - RebootInstances: - RegisterImage: - RemoveUserFromGroup: - RevokeSecurityGroupIngress: - RunInstances: - StartInstances: - StopInstances: - TerminateInstances: - UnmonitorInstances: - UpdateAccessKey: - UpdateAccountPasswordPolicy: - UpdateInstanceAlias: + - 'audit-keys' + - 'security-eventchannel' + - 'amazon/aws-eventnames' From cb2ded0e49569b2f8c925ccf8e9954b429272a0e Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 10 Jan 2020 11:16:15 +0100 Subject: [PATCH 454/559] Define cdb_lists in wzuh-manger default variables --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ .../templates/var-ossec-etc-ossec-server.conf.j2 | 4 ++-- roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml | 5 ----- 3 files changed, 6 insertions(+), 7 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e4f6a17d..385e3e6a 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -327,6 +327,10 @@ wazuh_manager_config: ruleset: rules_path: 'custom_ruleset/rules/' decoders_path: 'custom_ruleset/decoders/' + cdb_lists: + - 'audit-keys' + - 'security-eventchannel' + - 'amazon/aws-eventnames' rule_exclude: - '0215-policy_rules.xml' syslog_outputs: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 125f948c..f7242951 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -360,8 +360,8 @@ {{ rule }} {% endfor %} {% endif %} - {% if cdb_lists is defined %} - {% for list in cdb_lists %} + {% if wazuh_manager_config.ruleset.cdb_lists is defined %} + {% for list in wazuh_manager_config.ruleset.cdb_lists %} etc/lists/{{ list }} {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml deleted file mode 100644 index 44188745..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -cdb_lists: - - 'audit-keys' - - 'security-eventchannel' - - 'amazon/aws-eventnames' From 50a093d071418f3a375063532f872c3bf096f138 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 10 Jan 2020 13:35:11 +0100 Subject: [PATCH 455/559] Change default email_to --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 385e3e6a..638fa90b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -114,7 +114,7 @@ wazuh_manager_config: email_log_source: 'alerts.log' extra_emails: - enable: false - mail_to: 'admin@example.net' + mail_to: 'recipient@example.wazuh.com' format: full level: 7 event_location: null @@ -126,7 +126,7 @@ wazuh_manager_config: - enable: false category: 'syscheck' title: 'Daily report: File changes' - email_to: 'admin@example.net' + email_to: 'recipient@example.wazuh.com' location: null group: null rule: null From 8ba493ed24560e10aa3ebc6430bbf7703506e9bf Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 10 Jan 2020 13:35:41 +0100 Subject: [PATCH 456/559] Change config. tags order --- .../var-ossec-etc-ossec-server.conf.j2 | 183 +++++++++--------- 1 file changed, 93 insertions(+), 90 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index f7242951..d8334e2e 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -26,6 +26,11 @@ {{ wazuh_manager_config.email_level }} + + + {{ wazuh_manager_config.log_format }} + + {% if wazuh_manager_config.extra_emails is defined %} {% for mail in wazuh_manager_config.extra_emails %} {% if mail.enable == true %} @@ -57,10 +62,7 @@ {% endfor %} {% endif %} - - - {{ wazuh_manager_config.log_format }} - + {% for connection in wazuh_manager_config.connection %} @@ -351,92 +353,6 @@ {% endfor %} - - - ruleset/decoders - ruleset/rules - {% if wazuh_manager_config.rule_exclude is defined %} - {% for rule in wazuh_manager_config.rule_exclude %} - {{ rule }} - {% endfor %} - {% endif %} - {% if wazuh_manager_config.ruleset.cdb_lists is defined %} - {% for list in wazuh_manager_config.ruleset.cdb_lists %} - etc/lists/{{ list }} - {% endfor %} - {% endif %} - - - etc/decoders - etc/rules - - -{% if wazuh_manager_config.authd.enable == true %} - - no - {% if wazuh_manager_config.authd.port is not none %} - {{wazuh_manager_config.authd.port}} - {% else %} - 1515 - {% endif %} - {% if wazuh_manager_config.authd.use_source_ip is not none %} - {{wazuh_manager_config.authd.use_source_ip}} - {% endif %} - {% if wazuh_manager_config.authd.force_insert is not none %} - {{wazuh_manager_config.authd.force_insert}} - {% endif %} - {% if wazuh_manager_config.authd.force_time is not none %} - {{wazuh_manager_config.authd.force_time}} - {% endif %} - {% if wazuh_manager_config.authd.purge is not none %} - {{wazuh_manager_config.authd.purge}} - {% endif %} - {% if wazuh_manager_config.authd.use_password is not none %} - {{wazuh_manager_config.authd.use_password}} - {% endif %} - {% if wazuh_manager_config.authd.limit_maxagents is not none %} - {{wazuh_manager_config.authd.limit_maxagents}} - {% endif %} - {% if wazuh_manager_config.authd.ciphers is not none %} - {{wazuh_manager_config.authd.ciphers}} - {% endif %} - {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} - /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} - {% endif %} - {% if wazuh_manager_config.authd.ssl_verify_host is not none %} - {{wazuh_manager_config.authd.ssl_verify_host}} - {% endif %} - {% if wazuh_manager_config.authd.ssl_manager_cert is not none %} - /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}} - {% endif %} - {% if wazuh_manager_config.authd.ssl_manager_key is not none %} - /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}} - {% endif %} - {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %} - {{wazuh_manager_config.authd.ssl_auto_negotiate}} - {% endif %} - -{% endif %} - - - {{ wazuh_manager_config.cluster.disable }} - {{ wazuh_manager_config.cluster.name }} - {{ wazuh_manager_config.cluster.node_name }} - {{ wazuh_manager_config.cluster.node_type }} - {{ wazuh_manager_config.cluster.key }} - {% if wazuh_manager_config.cluster.interval is defined %} - {{ wazuh_manager_config.cluster.interval }} - {% endif %} - {{ wazuh_manager_config.cluster.port }} - {{ wazuh_manager_config.cluster.bind_addr }} - - {% for node in wazuh_manager_config.cluster.nodes %} - {{ node }} - {% endfor %} - - {{ wazuh_manager_config.cluster.hidden }} - - {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} no @@ -614,4 +530,91 @@ {% endif %} + + + + ruleset/decoders + ruleset/rules + {% if wazuh_manager_config.rule_exclude is defined %} + {% for rule in wazuh_manager_config.rule_exclude %} + {{ rule }} + {% endfor %} + {% endif %} + {% if wazuh_manager_config.ruleset.cdb_lists is defined %} + {% for list in wazuh_manager_config.ruleset.cdb_lists %} + etc/lists/{{ list }} + {% endfor %} + {% endif %} + + + etc/decoders + etc/rules + + +{% if wazuh_manager_config.authd.enable == true %} + + no + {% if wazuh_manager_config.authd.port is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1515 + {% endif %} + {% if wazuh_manager_config.authd.use_source_ip is not none %} + {{wazuh_manager_config.authd.use_source_ip}} + {% endif %} + {% if wazuh_manager_config.authd.force_insert is not none %} + {{wazuh_manager_config.authd.force_insert}} + {% endif %} + {% if wazuh_manager_config.authd.force_time is not none %} + {{wazuh_manager_config.authd.force_time}} + {% endif %} + {% if wazuh_manager_config.authd.purge is not none %} + {{wazuh_manager_config.authd.purge}} + {% endif %} + {% if wazuh_manager_config.authd.use_password is not none %} + {{wazuh_manager_config.authd.use_password}} + {% endif %} + {% if wazuh_manager_config.authd.limit_maxagents is not none %} + {{wazuh_manager_config.authd.limit_maxagents}} + {% endif %} + {% if wazuh_manager_config.authd.ciphers is not none %} + {{wazuh_manager_config.authd.ciphers}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_verify_host is not none %} + {{wazuh_manager_config.authd.ssl_verify_host}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_cert is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_key is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %} + {{wazuh_manager_config.authd.ssl_auto_negotiate}} + {% endif %} + +{% endif %} + + + {{ wazuh_manager_config.cluster.disable }} + {{ wazuh_manager_config.cluster.name }} + {{ wazuh_manager_config.cluster.node_name }} + {{ wazuh_manager_config.cluster.node_type }} + {{ wazuh_manager_config.cluster.key }} + {% if wazuh_manager_config.cluster.interval is defined %} + {{ wazuh_manager_config.cluster.interval }} + {% endif %} + {{ wazuh_manager_config.cluster.port }} + {{ wazuh_manager_config.cluster.bind_addr }} + + {% for node in wazuh_manager_config.cluster.nodes %} + {{ node }} + {% endfor %} + + {{ wazuh_manager_config.cluster.hidden }} + + From 5aa0f2e6c42af9c155706a523a4c8570e9aa5e26 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 10 Jan 2020 13:36:12 +0100 Subject: [PATCH 457/559] Define config_profile for CentOS and Ubuntu --- .../ansible-wazuh-agent/defaults/main.yml | 5 +- .../var-ossec-etc-ossec-agent.conf.j2 | 193 +++++++++--------- 2 files changed, 101 insertions(+), 97 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 88c560fa..9db5406d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -30,7 +30,8 @@ wazuh_managers: api_port: 55000 api_proto: 'http' api_user: null -wazuh_profile: null +wazuh_profile_centos: 'centos, centos7, centos7.6' +wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' wazuh_agent_authd: enable: false @@ -102,7 +103,7 @@ wazuh_agent_config: directories: - dirs: /etc,/usr/bin,/usr/sbin checks: 'check_all="yes"' - - dirs: /bin,/sbin + - dirs: /bin,/sbin,/boot checks: 'check_all="yes"' win_directories: - dirs: '%WINDIR%\regedit.exe' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 57787b07..424410b8 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -19,8 +19,12 @@ {% endif %} {% endfor %} - {% if wazuh_profile is not none %} - {{ wazuh_profile }} + {% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %} + {% if ansible_distribution == 'CentOS' %} + {{ wazuh_profile_centos }} + {% elif ansible_distribution == "Ubuntu" %} + {{ wazuh_profile_ubuntu }} + {% endif %} {% endif %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {{ wazuh_notify_time }} @@ -37,16 +41,6 @@ {{ wazuh_agent_config.client_buffer.events_per_sec }} - - {{ wazuh_agent_config.log_format }} - - - - {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} - {{ wazuh_agent_config.active_response.ca_verification }} - - {% if wazuh_agent_config.rootcheck is defined %} no @@ -75,89 +69,6 @@ {% endif %} - - {% if wazuh_agent_config.syscheck is defined %} - - no - - - {{ wazuh_agent_config.syscheck.frequency }} - {% if ansible_system == "Linux" %} - - /etc,/usr/bin,/usr/sbin - /bin,/sbin,/boot - {{ wazuh_agent_config.syscheck.scan_on_start }} - {% endif %} - - - {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} - {% for directory in wazuh_agent_config.syscheck.directories %} - {{ directory.dirs }} - {% endfor %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %} - {% for directory in wazuh_agent_config.syscheck.win_directories %} - {{ directory.dirs }} - {% endfor %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %} - {% for ignore in wazuh_agent_config.syscheck.ignore %} - {{ ignore }} - {% endfor %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.ignore_linux_type is defined %} - {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} - {{ ignore }} - {% endfor %} - {% endif %} - - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %} - {% for ignore in wazuh_agent_config.syscheck.ignore_win %} - {{ ignore }} - {% endfor %} - {% endif %} - - {% if ansible_system == "Linux" %} - - {% for no_diff in wazuh_agent_config.syscheck.no_diff %} - {{ no_diff }} - {% endfor %} - - {{ wazuh_agent_config.syscheck.skip_nfs }} - {% endif %} - - {% if ansible_os_family == "Windows" %} - {% for registry_key in wazuh_agent_config.syscheck.windows_registry %} - {% if registry_key.arch is defined %} - {{ registry_key.key }} - {% else %} - {{ registry_key.key }} - {% endif %} - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Windows" %} - {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %} - {% if registry_key.type is defined %} - {{ registry_key.key }} - {% else %} - {{ registry_key.key }} - {% endif %} - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Windows" %} - - {{ wazuh_agent_config.syscheck.win_audit_interval }} - {% endif %} - - {% endif %} {% if ansible_system == "Linux" %} @@ -276,6 +187,88 @@ {% endif %} + + + {% if wazuh_agent_config.syscheck is defined %} + + no + + + {{ wazuh_agent_config.syscheck.frequency }} + {% if ansible_system == "Linux" %} + {{ wazuh_agent_config.syscheck.scan_on_start }} + + {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} + {% for directory in wazuh_agent_config.syscheck.directories %} + {{ directory.dirs }} + {% endfor %} + {% endif %} + {% endif %} + + + {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %} + {% for directory in wazuh_agent_config.syscheck.win_directories %} + {{ directory.dirs }} + {% endfor %} + {% endif %} + + + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %} + {% for ignore in wazuh_agent_config.syscheck.ignore %} + {{ ignore }} + {% endfor %} + {% endif %} + + + {% if wazuh_agent_config.syscheck.ignore_linux_type is defined %} + {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} + {{ ignore }} + {% endfor %} + {% endif %} + + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %} + {% for ignore in wazuh_agent_config.syscheck.ignore_win %} + {{ ignore }} + {% endfor %} + {% endif %} + + {% if ansible_system == "Linux" %} + + {% for no_diff in wazuh_agent_config.syscheck.no_diff %} + {{ no_diff }} + {% endfor %} + + {{ wazuh_agent_config.syscheck.skip_nfs }} + {% endif %} + + {% if ansible_os_family == "Windows" %} + {% for registry_key in wazuh_agent_config.syscheck.windows_registry %} + {% if registry_key.arch is defined %} + {{ registry_key.key }} + {% else %} + {{ registry_key.key }} + {% endif %} + {% endfor %} + {% endif %} + + {% if ansible_os_family == "Windows" %} + {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %} + {% if registry_key.type is defined %} + {{ registry_key.key }} + {% else %} + {{ registry_key.key }} + {% endif %} + {% endfor %} + {% endif %} + + {% if ansible_os_family == "Windows" %} + + {{ wazuh_agent_config.syscheck.win_audit_interval }} + {% endif %} + + {% endif %} + + {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} no @@ -365,4 +358,14 @@ {% endif %} + + {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} + {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} + {{ wazuh_agent_config.active_response.ca_verification }} + + + + {{ wazuh_agent_config.log_format }} + + From c3cc763a5e719aacb81c378c0f64d6233762fa1a Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 11:58:05 +0100 Subject: [PATCH 458/559] added key ID for download only when required --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 1 + roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 1 + 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index c82e52ce..1b9c1da5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,9 +30,9 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - + state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index b00ad94a..4a621092 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -8,10 +8,11 @@ register: kibana_installing_ca_package until: kibana_installing_ca_package is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key +- name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index a192c401..ed4cde1a 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -8,10 +8,11 @@ register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded -- name: Debian/Ubuntu | Add Elasticsearch apt key. +- name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 0e0ba92f..d3d12c22 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,6 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e045059d..f47a3ef7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,6 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From d328609f29f3092b33b2bc382257c454fd83b2f3 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:06:40 +0100 Subject: [PATCH 459/559] repo param not needed any longer --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 --- 2 files changed, 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b4d1ed06..9db5406d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -342,8 +342,4 @@ wazuh_agent_config: list: - key: Env value: Production - wazuh_agent_nat: false - -wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ -wauzhrepo_gpg_keyserver: pool.sks-keyservers.net diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 09a8b4a1..638fa90b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -396,6 +396,3 @@ nodejs: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_8.x" - -wauzhrepo_gpg_keyserver: pool.sks-keyservers.net -wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ From b9b2663b3d0d496350fa5ca907d8cdfae3a1d548 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:26:34 +0100 Subject: [PATCH 460/559] made elasticrepo configurable --- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 6 ++++-- .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- .../ansible-elasticsearch/tasks/RMDebian.yml | 2 +- .../ansible-elasticsearch/tasks/RMRedHat.yml | 2 +- .../elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 6 ++++-- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 6 ++++-- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-filebeat/tasks/RMDebian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 8 ++++---- 15 files changed, 32 insertions(+), 26 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 55b79a69..8b16fb18 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -7,8 +7,10 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt -elasticrepo_gpg_keyserver: pool.sks-keyservers.net +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 1b9c1da5..e908d63c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,13 +30,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index bdf667bc..46989361 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index d02664c8..62f63978 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,8 +4,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 642473af..e741567a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,8 +9,10 @@ elastic_stack_version: 7.5.1 wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt -elasticrepo_gpg_keyserver: pool.sks-keyservers.net +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 4a621092..04c174c9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,13 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 1ae7df57..0da555b3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index abb8b0c0..7acdec09 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index eda469ba..ad93dd3a 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -49,5 +49,7 @@ master_certs_path: /es_certs generate_CA: true ca_cert_name: "" -elasticrepo_gpg_keyserver: pool.sks-keyservers.net -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index ed4cde1a..8c33fb0e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,13 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present update_cache: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 6472db68..25a33909 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index 519121b3..1cf84081 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 3d3108f6..23948b37 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -1,9 +1,9 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + name: elastic_repo_7 + description: Elastic repository for 7.x packages + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false From f9e50c5e8439025711b477232845e955a8d8eddd Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:36:22 +0100 Subject: [PATCH 461/559] unnecessary changes --- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 04c174c9..597a6354 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -8,7 +8,7 @@ register: kibana_installing_ca_package until: kibana_installing_ca_package is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key. +- name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 8c33fb0e..1a97d44f 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -8,7 +8,7 @@ register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key. +- name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 From 7e9f59388a94f73d1a673b6736cb52ee24a6b513 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 14:23:53 +0100 Subject: [PATCH 462/559] filebeat module destination configurable --- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index ad93dd3a..7f49790e 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index ca5ea6ac..07bc94ea 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -70,7 +70,7 @@ - name: Download Filebeat module package get_url: - url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_package_path }}" when: not filebeat_module_folder.stat.exists From 5906bd2df4ae8d6a5d3349168dd8f5307239945b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 21 Jan 2020 09:08:03 +0100 Subject: [PATCH 463/559] Change Wazuh Agent default protocol to udp in wazuh-agent.yml playbook --- playbooks/wazuh-agent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index bd85a3a6..8c7eaa69 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: tcp + protocol: udp api_port: 55000 api_proto: 'http' api_user: ansible From 6361eacbf0dd56e0171aa26654f2a29a3baf050f Mon Sep 17 00:00:00 2001 From: joschneider Date: Tue, 21 Jan 2020 10:56:59 +0100 Subject: [PATCH 464/559] repo gpg key id as a paramater --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 10 files changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 8b16fb18..1a737c04 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -11,6 +11,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index e908d63c..cfdbe342 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e741567a..07675f85 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,6 +13,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 597a6354..ff4373dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 7f49790e..5b655311 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -54,3 +54,4 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 1a97d44f..bdd7dc51 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9db5406d..d92b07b4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_agent_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d3d12c22..452fbdf8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 + id: "{{ wazuhrepo.kid }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 638fa90b..fadc54f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -52,6 +52,7 @@ wazuh_manager_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f47a3ef7..e4b69bcb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 + id: "{{ wazuhrepo.kid }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From 50964bd0f855244778b0569075bb468061f1eb79 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Tue, 21 Jan 2020 11:57:33 +0100 Subject: [PATCH 465/559] better naming for parameter kid --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 1a737c04..50b56d5c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -11,7 +11,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index cfdbe342..74c6bcf2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 07675f85..10408e77 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,7 +13,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index ff4373dc..281555ca 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 5b655311..d7bdcf02 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -54,4 +54,4 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index bdd7dc51..a87bb2bf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d92b07b4..d1c027ad 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,7 +60,7 @@ wazuh_agent_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 452fbdf8..88b9895c 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: "{{ wazuhrepo.kid }}" + id: "{{ wazuhrepo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index fadc54f9..ce84fa80 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -52,7 +52,7 @@ wazuh_manager_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e4b69bcb..58e4c232 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: "{{ wazuhrepo.kid }}" + id: "{{ wazuhrepo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From d79a14de054a757a19944f31c703075fd0e3701d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:30:53 +0100 Subject: [PATCH 466/559] Bump version to 3.11.2_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/VERSION b/VERSION index 3961d05c..6d825ed6 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31110" +WAZUH-ANSIBLE_VERSION="v3.11.2" +REVISION="31120" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 486448d2..9b6ec2f3 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.1 +wazuh_version: 3.11.2 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9db5406d..35992118 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.1-1 +wazuh_agent_version: 3.11.2-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -51,7 +51,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.1' + version: '3.11.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 1e39c2ad032259cb9682c1eac3ac646a diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 638fa90b..1a7b841e 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.1-1 +wazuh_manager_version: 3.11.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" update: "y" remove: "y" directory: null From 125af8cff3680a62b21200a170fcf136c64526e5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:31:08 +0100 Subject: [PATCH 467/559] Update wazuh-elasticsearch.json template --- .../templates/elasticsearch.yml.j2 | 140 +++++++++++++++++- 1 file changed, 132 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 444cef06..88d50c3f 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,6 +162,7 @@ "data.dstip", "data.dstport", "data.dstuser", + "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -291,10 +292,37 @@ "data.vulnerability.advisories", "data.vulnerability.bugzilla_reference", "data.vulnerability.cve", + "data.vulnerability.cvss.cvss2.base_score", + "data.vulnerability.cvss.cvss2.exploitability_score", + "data.vulnerability.cvss.cvss2.impact_score", + "data.vulnerability.cvss.cvss2.vector.access_complexity", + "data.vulnerability.cvss.cvss2.vector.attack_vector", + "data.vulnerability.cvss.cvss2.vector.authentication", + "data.vulnerability.cvss.cvss2.vector.availability", + "data.vulnerability.cvss.cvss2.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss2.vector.integrity_impact", + "data.vulnerability.cvss.cvss2.vector.privileges_required", + "data.vulnerability.cvss.cvss2.vector.scope", + "data.vulnerability.cvss.cvss2.vector.user_interaction", + "data.vulnerability.cvss.cvss3.base_score", + "data.vulnerability.cvss.cvss3.exploitability_score", + "data.vulnerability.cvss.cvss3.impact_score", + "data.vulnerability.cvss.cvss3.vector.access_complexity", + "data.vulnerability.cvss.cvss3.vector.attack_vector", + "data.vulnerability.cvss.cvss3.vector.authentication", + "data.vulnerability.cvss.cvss3.vector.availability", + "data.vulnerability.cvss.cvss3.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss3.vector.integrity_impact", + "data.vulnerability.cvss.cvss3.vector.privileges_required", + "data.vulnerability.cvss.cvss3.vector.scope", + "data.vulnerability.cvss.cvss3.vector.user_interaction", "data.vulnerability.cwe_reference", + "data.vulnerability.package.architecture", "data.vulnerability.package.condition", + "data.vulnerability.package.generated_cpe", "data.vulnerability.package.name", "data.vulnerability.package.version", + "data.vulnerability.rationale", "data.vulnerability.reference", "data.vulnerability.severity", "data.vulnerability.state", @@ -372,6 +400,8 @@ "rule.id", "rule.info", "rule.pci_dss", + "rule.hipaa", + "rule.nist_800_53", "syscheck.audit.effective_user.id", "syscheck.audit.effective_user.name", "syscheck.audit.group.id", @@ -943,6 +973,9 @@ "data": { "type": "keyword" }, + "extra_data": { + "type": "keyword" + }, "system_name": { "type": "keyword" }, @@ -1531,14 +1564,93 @@ }, "cvss": { "properties": { - "cvss3_score": { - "type": "keyword" + "cvss2": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } }, - "cvss_score": { - "type": "keyword" - }, - "cvss_scoring_vector": { - "type": "keyword" + "cvss3": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } } } }, @@ -1547,9 +1659,15 @@ }, "package": { "properties": { + "architecture": { + "type": "keyword" + }, "condition": { "type": "keyword" }, + "generated_cpe": { + "type": "keyword" + }, "name": { "type": "keyword" }, @@ -1561,6 +1679,12 @@ "published": { "type": "date" }, + "updated": { + "type": "date" + }, + "rationale": { + "type": "keyword" + }, "reference": { "type": "keyword" }, @@ -1673,4 +1797,4 @@ } }, "version": 1 -} \ No newline at end of file +} From 7f86bbe76529daa3e8687cd6f7305821b5ddac3a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:33:54 +0100 Subject: [PATCH 468/559] Update CHANGELOG.md --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09f505e9..cd521303 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.2_7.5.1] + +### Added + +- Update to Wazuh v3.11.2 + +### Changed + +- Update templates for Python 3 compatibility ([@xr09](https://github.com/xr09)) [PR#344](https://github.com/wazuh/wazuh-ansible/pull/344) + ## [v3.11.1_7.5.1] ### Added From 867df7b870ef30fee5325b7e3031d8bb76b2409a Mon Sep 17 00:00:00 2001 From: francobep Date: Wed, 22 Jan 2020 10:50:37 -0300 Subject: [PATCH 469/559] Fix playbook template In the first host of the elastic cluster, the "node_name" property, will be "elasticsearch_node_name" --- playbooks/wazuh-elastic_stack-distributed.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 5f4213f5..16abfcf5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -4,7 +4,7 @@ roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: - node_name: node-1 + elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - @@ -88,4 +88,4 @@ # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 # node_certs_generator: false -# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file +# elasticsearch_xpack_security_password: elastic_pass From 94095c88c9439e344998b545d9e6014244e4a327 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 15:14:56 +0100 Subject: [PATCH 470/559] Bump MD5 hash for Windows Agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 35992118..22db8c9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -54,7 +54,7 @@ wazuh_winagent_config: version: '3.11.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 1e39c2ad032259cb9682c1eac3ac646a + md5: 9b6e57054353e31f449ce61bf3695271 wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 5479fc55501efe4c6a2406dcf74f7847df1c13d1 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 23 Jan 2020 14:30:55 +0100 Subject: [PATCH 471/559] corrected repo key id parameter --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 88b9895c..68c0b726 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: "{{ wazuhrepo.key_id }}" + id: "{{ wazuh_agent_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 58e4c232..36fe4ff5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: "{{ wazuhrepo.key_id }}" + id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From f1771eaa62a85dabe871e1842cfdeceb878c2a3b Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 27 Jan 2020 19:32:54 +0100 Subject: [PATCH 472/559] Fix agent's ossec.conf for CentOS 8 --- .../var-ossec-etc-ossec-agent.conf.j2 | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 424410b8..128ba142 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -92,23 +92,33 @@ {% endif %} {% elif ansible_distribution == 'CentOS' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% elif ansible_distribution == 'RedHat' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% if ansible_distribution_major_version == '7' %} {% elif ansible_distribution_major_version == '6' %} From 87b485e5106033a485f8d23352f149cd8a7ca7ee Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 28 Jan 2020 12:09:38 +0100 Subject: [PATCH 473/559] Update CHANGELOG.md --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd521303..53ee7343 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,17 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.3_7.5.1] + +### Added + +- Update to Wazuh v3.11.3 + +### Fixed + +- Fix Wazuh Agent configuration file for RHEL 8 ([@xr09](https://github.com/xr09)) [PR#354](https://github.com/wazuh/wazuh-ansible/pull/354) +- Fix default port used in Wazuh Agent playbook ([@jm404](https://github.com/jm404)) [PR#347](https://github.com/wazuh/wazuh-ansible/pull/347) + ## [v3.11.2_7.5.1] ### Added From a400138eb0d42b0b862c246ad98d52deacb8e872 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 28 Jan 2020 12:15:35 +0100 Subject: [PATCH 474/559] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53ee7343..987939a3 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.11.3_7.5.1] +## [v3.11.3_7.5.2] ### Added From b39e6debacb14ca0f9d81dd4adaf158120e942de Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 28 Jan 2020 12:17:53 +0100 Subject: [PATCH 475/559] Bump version to 3.11.3_7.5.2 --- VERSION | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/VERSION b/VERSION index 6d825ed6..a70bc633 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.2" -REVISION="31120" +WAZUH-ANSIBLE_VERSION="v3.11.3" +REVISION="31130" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index a1bef6b2..9d3a9cdb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.1 +elastic_stack_version: 7.5.2 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9b6ec2f3..b0b1fc83 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.1 -wazuh_version: 3.11.2 +elastic_stack_version: 7.5.2 +wazuh_version: 3.11.3 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 1b1c1bd8..84693899 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.1 +filebeat_version: 7.5.2 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22db8c9d..6bf29daf 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.2-1 +wazuh_agent_version: 3.11.3-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.11.2" + branch: "v3.11.3" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -51,7 +51,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.2' + version: '3.11.3' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 9b6e57054353e31f449ce61bf3695271 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1a7b841e..0025bf5b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.2-1 +wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.2" + branch: "v3.11.3" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.2" + branch: "v3.11.3" update: "y" remove: "y" directory: null From 81096636d0dd6f91dca65de5c74174112eee9464 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 28 Jan 2020 18:37:48 +0100 Subject: [PATCH 476/559] Update MD5 hash for Windows Agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 6bf29daf..3ce49b3e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -54,7 +54,7 @@ wazuh_winagent_config: version: '3.11.3' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 9b6e57054353e31f449ce61bf3695271 + md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 7a8d2a7f9d68e1ed76cbde2b930f1b586782128f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 4 Feb 2020 11:59:19 +0100 Subject: [PATCH 477/559] Upgrade to NodeJS v10 --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0025bf5b..489becb2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -395,4 +395,4 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" From 13e283687ca1de2d4e7f62e491d9e1e62ff9d43d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 14:49:53 +0100 Subject: [PATCH 478/559] Define agent_groups group list --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5f32a0f1..3d5c9986 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -397,3 +397,7 @@ nodejs: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" + +agent_groups: + groups: # [] # groups to create + - group2 \ No newline at end of file From 8d8ed17ce98387905e056b57f7b220d85c30a03c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 14:50:06 +0100 Subject: [PATCH 479/559] Add task to create agent groups --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 842d33a6..f26664eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -355,6 +355,13 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 +- name: Create agent groups + shell: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" + with_items: + - "{{ agent_groups.groups }}" + when: + - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" From 01fb6b1d361236ed9d8231e288c630f55d9e93ff Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 11 Feb 2020 14:51:10 +0100 Subject: [PATCH 480/559] Sanatizing the Manager and API active status verification task --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 58c3f763..dd4fa04a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -339,20 +339,6 @@ - wazuh-api tags: - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - -- name: Ensure Wazuh Manager is started and enabled (EL5) - service: - name: wazuh-manager - enabled: true - state: started - tags: - - config - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" when: From e11c44e72e6b95d102093a8ad30cc1d075f7c625 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 16:14:50 +0100 Subject: [PATCH 481/559] Set group list to empty --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..51ba5302 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -37,6 +37,7 @@ wazuh_agent_authd: enable: false port: 1515 agent_name: null + groups: [] ssl_agent_ca: null ssl_agent_cert: null ssl_agent_key: null diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d5c9986..52de8dab 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -399,5 +399,4 @@ nodejs: repo_url_ext: "nodesource.com/setup_10.x" agent_groups: - groups: # [] # groups to create - - group2 \ No newline at end of file + groups: [] # groups to create From e1b3156ee647dbd358c6c3cbf9db24788c860256 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 16:16:15 +0100 Subject: [PATCH 482/559] Add ability to register agent and assign it to groups --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..6dbf1e46 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,6 +76,9 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + -G "{{ wazuh_agent_authd.groups | join(',') }}" + {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From 76215bf6ed5c01d648c37ed29dc8ed2c64512e21 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 17:55:51 +0100 Subject: [PATCH 483/559] Replace shell by command --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f26664eb..6637f287 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -356,7 +356,7 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - name: Create agent groups - shell: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" + command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - "{{ agent_groups.groups }}" when: From 50ad3e07da8f4cf8b4c1afb3a6c52b19f83cb60d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 11 Feb 2020 17:56:06 +0100 Subject: [PATCH 484/559] Remove trailing spaces --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 6dbf1e46..5465f393 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,8 +76,8 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} - -G "{{ wazuh_agent_authd.groups | join(',') }}" + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + -G "{{ wazuh_agent_authd.groups | join(',') }}" {% endif %} register: agent_auth_output notify: restart wazuh-agent From 4adc19a02ff42585ffcff00a249b47193fb0f921 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 12 Feb 2020 14:16:38 +0100 Subject: [PATCH 485/559] Ignore idempotence test for agent groups creation --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 6637f287..6a2ccf95 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -361,6 +361,7 @@ - "{{ agent_groups.groups }}" when: - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" when: From abdbab92474556add24b3d672e7a3b6be9d769de Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 14 Feb 2020 15:09:40 +0100 Subject: [PATCH 486/559] Fix auth path for 64bits Windows --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index ee0aced7..61e2412d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -14,7 +14,7 @@ - name: Windows | Set Win Path (x64) set_fact: wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" when: - not check_path.stat.exists From 1366a745696aa9304021683d48433c98d8614ba5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 14 Feb 2020 17:13:42 +0100 Subject: [PATCH 487/559] Remove API credentials as variable files and move to defaults --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ------ roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml | 3 --- 3 files changed, 3 insertions(+), 9 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5f32a0f1..8c71671b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -47,6 +47,9 @@ wazuh_api_sources_installation: common_name: null password: null +wazuh_api_user: + - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index dd4fa04a..faf13d05 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -191,12 +191,6 @@ tags: - config -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) - tags: - - config - name: Check if syslog output is enabled set_fact: syslog_output=true diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml deleted file mode 100644 index 2d5f8c73..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" From 9bc6d550be6de3b42b3bfc07a5adbf73a7537baa Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:46:41 +0100 Subject: [PATCH 488/559] Create required variables for Wazuh Manager installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c71671b..f1e9866b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,15 @@ wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false branch: "v3.11.3" From 7fb76b42e65993b925355b513aea31c40aa8be11 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:13 +0100 Subject: [PATCH 489/559] Create required tasks to download and install .rpm and .deb packages --- .../installation_from_custom_packages.yml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..ae837c9a --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,34 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file From bf6f72039cccac7fb0f9ebcce28a4084f4247ad9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:49 +0100 Subject: [PATCH 490/559] Update conditionals in Managers tasks to filter installation from packages --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 11 ++++++++++- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 36fe4ff5..ca4820fc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,6 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,6 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -42,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -106,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -122,4 +130,5 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..c0ff9ee4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled tags: - init From aa33bd353140783b798b3036a71df4ab0077d681 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:26 +0100 Subject: [PATCH 491/559] Add required variables to install agents from custom packages --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..202f5d3a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,15 @@ --- wazuh_agent_version: 3.11.3-1 + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation + wazuh_agent_sources_installation: enabled: false branch: "v3.11.3" From 281d54557afcd46c564effee58d637be9f6e186b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:48 +0100 Subject: [PATCH 492/559] Create tasks to download and install Agent from .rpm and .deb packages --- .../tasks/installation_from_custom_packages.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..01ce540c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,16 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file From 8f0d54b274ffdc93c26fbe811f2a6042e0a7bcce Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:10:26 +0100 Subject: [PATCH 493/559] Update Agent conditionals to make them work with custom packages install --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 +++ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 ++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 68c0b726..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,6 +21,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -29,6 +30,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -38,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..c1c701fc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..d93052c4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: @@ -34,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 53cee9a7be1602777bbc4a40667f3c86750dabcb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:11:39 +0100 Subject: [PATCH 494/559] Fix trailing whitespace in `RedHat.yml` tasks from Agent --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index d93052c4..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -36,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 807a816cf226215a565ba7af0a6b49b1da3cb06b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:12:44 +0100 Subject: [PATCH 495/559] Set Wazuh version to 3.12.0 for testing purposes --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 202f5d3a..8b4d197e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f1e9866b..3c5712d2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present From 9dddd2b26e176410fe0439345a1a55d00f3e5b99 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 19:19:16 +0100 Subject: [PATCH 496/559] Restore Wazuh installation to default configuration --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8b4d197e..ccd96e1c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,10 +1,10 @@ --- -wazuh_agent_version: 3.12.0-1 +wazuh_agent_version: 3.11.3-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3c5712d2..ffd1d90d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,14 +1,14 @@ --- -wazuh_manager_version: 3.12.0-1 +wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present # Custom packages installation -wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" -wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_enabled: false wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" From 2a7241b31a87da9289933e0358690dba64f15b6c Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:26 +0100 Subject: [PATCH 497/559] Adapt Windows Agent package related variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ccd96e1c..a5e0a8c0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,10 +60,9 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.3' - revision: '1' - repo: https://packages.wazuh.com/3.x/windows/ md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From c32b1ed1bd667addd29785aaa3029e79d025f996 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:45 +0100 Subject: [PATCH 498/559] Change Window spackage occurences to adapt it to the new variables --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 61e2412d..11f15255 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -20,19 +20,19 @@ - name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" register: wazuh_package_downloaded - name: Windows | Download Wazuh Agent package win_get_url: - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: "{{ wazuh_winagent_config_url }}" dest: "{{ wazuh_winagent_config.download_dir }}" when: - not wazuh_package_downloaded.stat.exists - name: Windows | Verify the Wazuh Agent installer win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" get_checksum: true checksum_algorithm: md5 register: wazuh_agent_status @@ -41,11 +41,12 @@ - name: Windows | Install Agent if not already installed win_package: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}client.keys" + win_stat: + path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: - config @@ -94,5 +95,5 @@ - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: absent From 4f8d3c6c0c17d40488b1551f452c62319a6cb0ff Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:46:41 +0100 Subject: [PATCH 499/559] Remove traling whitespace in win_package task --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 11f15255..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -45,7 +45,7 @@ state: present - name: Windows | Check if client.keys exists - win_stat: + win_stat: path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: From ca8b8684cfb251e5c972498c13049f5dc02e7adf Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 21 Feb 2020 16:31:45 +0100 Subject: [PATCH 500/559] Disable shared config by default. Update occurrences --- roles/wazuh/ansible-wazuh-manager/README.md | 4 +- .../ansible-wazuh-manager/defaults/main.yml | 94 +++++++++---------- .../ansible-wazuh-manager/tasks/main.yml | 2 + .../var-ossec-etc-shared-agent.conf.j2 | 4 +- 4 files changed, 53 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 19b1eae9..199e7810 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -20,7 +20,7 @@ This role has some variables which you can or need to override. ``` wazuh_manager_fqdn: ~ wazuh_manager_config: [] -wazuh_agent_configs: [] +shared_agent_config: [] ``` Vault variables @@ -157,7 +157,7 @@ wazuh_manager_config: level: 6 timeout: 600 -wazuh_agent_configs: +shared_agent_config: - type: os type_value: linux frequency_check: 79200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ffd1d90d..f955ddc4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -356,53 +356,53 @@ wazuh_manager_config: - key: Env value: Production -wazuh_agent_configs: - - type: os - type_value: Linux - syscheck: - frequency: 43200 - scan_on_start: 'yes' - alert_new_files: 'yes' - ignore: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - rootcheck: - frequency: 43200 - cis_distribution_filename: null - localfiles: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'apache' - location: '/var/log/httpd/error_log' - - format: 'apache' - location: '/var/log/httpd/access_log' - - format: 'apache' - location: '/var/ossec/logs/active-responses.log' - - type: os - type_value: Windows - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - alert_new_files: 'yes' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - arch: 'both' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - localfiles: - - location: 'Security' - format: 'eventchannel' - - location: 'System' - format: 'eventlog' +# shared_agent_config: + # - type: os + # type_value: Linux + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # alert_new_files: 'yes' + # ignore: + # - /etc/mtab + # - /etc/mnttab + # - /etc/hosts.deny + # - /etc/mail/statistics + # - /etc/svc/volatile + # no_diff: + # - /etc/ssl/private.key + # rootcheck: + # frequency: 43200 + # cis_distribution_filename: null + # localfiles: + # - format: 'syslog' + # location: '/var/log/messages' + # - format: 'syslog' + # location: '/var/log/secure' + # - format: 'syslog' + # location: '/var/log/maillog' + # - format: 'apache' + # location: '/var/log/httpd/error_log' + # - format: 'apache' + # location: '/var/log/httpd/access_log' + # - format: 'apache' + # location: '/var/ossec/logs/active-responses.log' + # - type: os + # type_value: Windows + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # auto_ignore: 'no' + # alert_new_files: 'yes' + # windows_registry: + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + # arch: 'both' + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + # localfiles: + # - location: 'Security' + # format: 'eventchannel' + # - location: 'System' + # format: 'eventlog' nodejs: repo_dict: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index faf13d05..88b3628f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -158,6 +158,8 @@ tags: - init - config + when: + - shared_agent_config is defined - name: Installing the config.js (api configuration) template: src=var-ossec-api-configuration-config.js.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index dd1c8d9a..00fdcd01 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -1,6 +1,6 @@ #jinja2: trim_blocks: False -{% if wazuh_agent_configs is defined %} -{% for agent_config in wazuh_agent_configs %} +{% if shared_agent_config is defined %} +{% for agent_config in shared_agent_config %} {% if agent_config.syscheck is defined %} From abd4f57106e5dddda336a150c24ee27807f7b70d Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 16:11:44 +0100 Subject: [PATCH 501/559] Avoid to install Wazuh API in worker nodes, fixes #370 --- .../ansible-wazuh-manager/tasks/Debian.yml | 3 +- .../ansible-wazuh-manager/tasks/RedHat.yml | 1 + .../installation_from_custom_packages.yml | 3 ++ .../tasks/installation_from_sources.yml | 3 ++ .../ansible-wazuh-manager/tasks/main.yml | 29 +++++++++++++++---- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..4712b573 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -131,4 +131,5 @@ tags: init when: - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file + - not wazuh_custom_packages_installation_manager_enabled + - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c0ff9ee4..cb0dbf5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -142,6 +142,7 @@ - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled - not wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..c4081a08 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -13,6 +13,8 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" + when: - ansible_os_family|lower == "debian" @@ -30,5 +32,6 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" when: - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 10203cb9..484f4b58 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,6 +122,8 @@ stat: path: /var/ossec/api/app.js register: wazuh_api + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources block: @@ -178,5 +180,6 @@ when: - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 88b3628f..d2ab8237 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,6 +11,8 @@ stat: path: /usr/bin/node register: node_service_status + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: @@ -25,7 +27,9 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: not node_service_status.stat.exists + when: + - not node_service_status.stat.exists + - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: @@ -33,6 +37,9 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: init - include_tasks: "RedHat.yml" @@ -168,6 +175,9 @@ group=ossec mode=0740 notify: restart wazuh-api + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: - init - config @@ -304,6 +314,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined + - wazuh_manager_config.cluster.node_type == "master" tags: - config @@ -325,14 +336,20 @@ tags: - config -- name: Ensure Wazuh Manager, wazuh API service is started and enabled +- name: Ensure Wazuh Manager service is started and enabled. service: - name: "{{ item }}" + name: "wazuh-manager" enabled: true state: started - with_items: - - wazuh-manager - - wazuh-api + tags: + - config + +- name: Ensure Wazuh API service is started and enabled. + service: + name: "wazuh-api" + enabled: true + state: started + when: wazuh_manager_config.cluster.node_type == "master" tags: - config From 543eff6342647d9834cc3d55d12e984202f8523c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 26 Feb 2020 17:06:48 +0100 Subject: [PATCH 502/559] Fix conditions in tasks: Replace variables --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..c8980bfa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,7 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -33,7 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -117,7 +117,7 @@ - include_tasks: "installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Install wazuh-api apt: From 079273eb353cf180010a84a3e4d3e5f8e8d0bf0c Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 17:26:01 +0100 Subject: [PATCH 503/559] Fix linting --- .../tasks/installation_from_sources.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 484f4b58..c83aaff1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,7 +122,7 @@ stat: path: /var/ossec/api/app.js register: wazuh_api - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d2ab8237..c1d91434 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,7 +11,7 @@ stat: path: /usr/bin/node register: node_service_status - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository @@ -27,7 +27,7 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: + when: - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" @@ -37,7 +37,7 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: init @@ -175,7 +175,7 @@ group=ossec mode=0740 notify: restart wazuh-api - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: From fde6d65723a0097183489a2602c49e106bd5dab8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 27 Feb 2020 15:17:43 +0100 Subject: [PATCH 504/559] Add chdir argument to Wazuh Kibana Plugin installation tasks --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 6a3dc514..37cfd7dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -69,6 +69,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4926e19d..c0d663cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana From ac8a0c83082e590953ba79339dc3249861aa94c7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:15 +0100 Subject: [PATCH 505/559] Adapt Agent installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index 01ce540c..ddd9b50d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -7,10 +7,24 @@ - ansible_os_family|lower == "debian" - wazuh_custom_packages_installation_agent_enabled - - name: Install Wazuh Agent from .rpm packages + - name: Install Wazuh Agent from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" state: present when: - ansible_os_family|lower == "redhat" - - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file + - wazuh_custom_packages_installation_agent_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Agent from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file From 03e35ada29493d6011d686b1aa1425feab4f6ebf Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:26 +0100 Subject: [PATCH 506/559] Adapt Manager installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..fcc61a22 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -17,18 +17,46 @@ - ansible_os_family|lower == "debian" - block: - - name: Install Wazuh Manager from .rpm packages + - name: Install Wazuh Manager from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" state: present when: - wazuh_custom_packages_installation_manager_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh API from .rpm packages + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + + - name: Install Wazuh API from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present when: - wazuh_custom_packages_installation_api_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From cf20e52938e9ca1ba45f9fcdd39d7c5f89d5913b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:47:53 +0100 Subject: [PATCH 507/559] Fix typo in .rpm package installation task using dnf --- .../tasks/installation_from_custom_packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index fcc61a22..6472a3d6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -48,7 +48,7 @@ - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh Manager from .rpm packages | dnf + - name: Install Wazuh API from .rpm packages | dnf dnf: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present From 4982b2868d4e23a7bd9f40833104fc8a7283e95e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 3 Mar 2020 13:14:13 +0100 Subject: [PATCH 508/559] Fix conditionals error related with AL2 custom packages installation --- .../tasks/installation_from_custom_packages.yml | 4 +--- .../tasks/installation_from_custom_packages.yml | 11 +++-------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index ddd9b50d..aa50004f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -16,7 +16,6 @@ - wazuh_custom_packages_installation_agent_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Agent from .rpm packages | dnf dnf: @@ -26,5 +25,4 @@ - ansible_os_family|lower == "redhat" - wazuh_custom_packages_installation_agent_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index 0fb46187..0dc9808d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -27,7 +27,6 @@ - wazuh_custom_packages_installation_manager_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Manager from .rpm packages | dnf dnf: @@ -36,9 +35,7 @@ when: - wazuh_custom_packages_installation_manager_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - name: Install Wazuh API from .rpm packages | yum yum: @@ -48,7 +45,6 @@ - wazuh_custom_packages_installation_api_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from .rpm packages | dnf @@ -58,9 +54,8 @@ when: - wazuh_custom_packages_installation_api_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - wazuh_manager_config.cluster.node_type == "master" - + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From 3f0e0325806eb77f678cef30d45515a2d78d1e29 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:44:02 +0100 Subject: [PATCH 509/559] Bump version --- CHANGELOG.md | 20 +++++++++++++++++++ VERSION | 4 ++-- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-kibana/defaults/main.yml | 6 +++--- .../wazuh/ansible-filebeat/defaults/main.yml | 2 +- .../ansible-wazuh-agent/defaults/main.yml | 8 ++++---- .../ansible-wazuh-manager/defaults/main.yml | 6 +++--- 7 files changed, 34 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 987939a3..213cb432 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.4_7.6.1] + +### Added + +- Update to Wazuh v3.11.4 +- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377) + +### Changed + +- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369) +- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375) +- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348) + +### Fixed + +- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371) +- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372) +- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352) +- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360) + ## [v3.11.3_7.5.2] ### Added diff --git a/VERSION b/VERSION index a70bc633..d6be8992 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.3" -REVISION="31130" +WAZUH-ANSIBLE_VERSION="v4" +REVISION="31140" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index b9aa470d..e04f9527 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.2 +elastic_stack_version: 7.6.1 elasticsearch_lower_disk_requirements: false elasticrepo: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 774f819e..cd25eec2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.2 -wazuh_version: 3.11.3 +elastic_stack_version: 7.6.1 +wazuh_version: 3.11.4 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: @@ -47,4 +47,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.5 +wazuh_plugin_branch: 3.11-7.6 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c54d62e7..8f06aaf4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.2 +filebeat_version: 7.6.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index a5e0a8c0..6270b94d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.11.4-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw wazuh_agent_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -61,8 +61,8 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi -wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f955ddc4..0da6165c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.11.4-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws. # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -40,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" update: "y" remove: "y" directory: null From c3dd95c8cea59021da8a8fc60071c098210498b6 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:53:15 +0100 Subject: [PATCH 510/559] Bump MD5 agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 6270b94d..186cac9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,8 +60,8 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi + md5: 87ce22038688efb44d95f9daff472056 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: From 3fe48ea7fd5cd4ba49858e648f0f36a8e4ecd343 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:45:23 +0100 Subject: [PATCH 511/559] Remove conditioinal from task that checks NodeJS --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index c1d91434..8ef1c2cb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,8 +11,6 @@ stat: path: /usr/bin/node register: node_service_status - when: - - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: From 58f0484cdaa6c3e10bba2117b6a44552d5b94e3b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:47:27 +0100 Subject: [PATCH 512/559] Bump Windows Agent version --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 186cac9d..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -61,7 +61,7 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: 87ce22038688efb44d95f9daff472056 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: From ab0a6aaaf39493a556791ce5399b40591995479a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:08:12 +0100 Subject: [PATCH 513/559] Remove Windows MD5 verification --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 - roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 --------- 2 files changed, 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..fbb278eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,7 +60,6 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..0b844d0a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,15 +30,6 @@ when: - not wazuh_package_downloaded.stat.exists -- name: Windows | Verify the Wazuh Agent installer - win_stat: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - get_checksum: true - checksum_algorithm: md5 - register: wazuh_agent_status - failed_when: - - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 - - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 91948198a093ad10c0f2b208877f44c8034e853b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:56:32 +0100 Subject: [PATCH 514/559] Revert "Merge pull request #381 from wazuh/remove_windows_md5_check" This reverts commit 4cc3e077a01750a8386fd486dc7a72dd790a01c2, reversing changes made to 52a81af988a00abd60483f1ccacab34ddd2c9b76. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fbb278eb..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0b844d0a..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,6 +30,15 @@ when: - not wazuh_package_downloaded.stat.exists +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + get_checksum: true + checksum_algorithm: md5 + register: wazuh_agent_status + failed_when: + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 2651bc53868dd533e1759bba0961372876271f68 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:57:12 +0100 Subject: [PATCH 515/559] Revert "Merge pull request #381 from wazuh/remove_windows_md5_check" This reverts commit 4cc3e077a01750a8386fd486dc7a72dd790a01c2, reversing changes made to 52a81af988a00abd60483f1ccacab34ddd2c9b76. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fbb278eb..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0b844d0a..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,6 +30,15 @@ when: - not wazuh_package_downloaded.stat.exists +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + get_checksum: true + checksum_algorithm: md5 + register: wazuh_agent_status + failed_when: + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 3b166ea617801ea54658af109f03184d13b01d63 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 15:07:21 +0100 Subject: [PATCH 516/559] Add flag to enable/disable Windows MD5 check --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..039e5960 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + check_md5: True md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..461249e9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -38,6 +38,8 @@ register: wazuh_agent_status failed_when: - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + when: + - wazuh_winagent_config.check_md5 - name: Windows | Install Agent if not already installed win_package: From efcb55b52362b517b3b9343f0b2183d7a8ef149e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 9 Mar 2020 18:27:05 +0100 Subject: [PATCH 517/559] Setting restrictive permissions on filebeat related files --- roles/wazuh/ansible-filebeat/tasks/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index ce63503d..d45b06e8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -5,7 +5,7 @@ dest: "/etc/filebeat/filebeat.yml" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -15,7 +15,7 @@ dest: "/etc/filebeat/wazuh-template.json" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0644 + mode: 0400 with_items: - "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_certificate_file }}" From ba424e944a5d9b1c004094ad0a89fc6a7acc4d62 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:26:33 +0100 Subject: [PATCH 518/559] Minor style fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..300efaff 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false From 163c89dbabcb822d18d58a7d4ddae65c16587dd6 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:23:35 +0100 Subject: [PATCH 519/559] Adding nodejs recommended node_options and plugin optimization --- .../ansible-kibana/defaults/main.yml | 5 ++++- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 4 +--- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..dcc2bf8a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,8 +43,11 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false wazuh_plugin_branch: 3.11-7.6 + +#Nodejs NODE_OPTIONS +node_options: --max-old-space-size=4096 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 37cfd7dc..5fb74823 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,9 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0d663cc..72f229ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,6 +62,12 @@ - kibana_xpack_security tags: xpack-security +- name: Node configuration + replace: + path: /usr/share/kibana/bin/kibana + regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -119,9 +125,7 @@ - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -135,6 +139,13 @@ when: - not build_from_sources +- name: Kibana optimization (can take a while) + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + args: + executable: /bin/bash + become: yes + become_user: kibana + - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From cfd2de0610c40f9c99d27f313ebbcb1ecfa34dc1 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 15:59:48 +0100 Subject: [PATCH 520/559] node_options scope improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcc2bf8a..a237607a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,4 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -node_options: --max-old-space-size=4096 \ No newline at end of file +# kibana_script_node_options: --max-old-space-size=4096 +node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 72f229ae..163605cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,11 +62,12 @@ - kibana_xpack_security tags: xpack-security -- name: Node configuration +- name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options is defined - name: Ensuring certificates folder owner file: From a4465eb82fd9c87778712c035330a977558bbf46 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 16:27:44 +0100 Subject: [PATCH 521/559] node options variable improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index a237607a..f62e114a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -# kibana_script_node_options: --max-old-space-size=4096 +kibana_script_node_options: "--max-old-space-size=4096" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 163605cc..8fad346a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -67,7 +67,7 @@ path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options is defined + when: kibana_script_node_options != "" - name: Ensuring certificates folder owner file: From 9dc91b88775e901c91f34b3ea591431b78e4c683 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 17:55:28 +0100 Subject: [PATCH 522/559] Adding lint fixes --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f62e114a..79078f7b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "--max-old-space-size=4096" +kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 5fb74823..e2b0bb50 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8fad346a..e6c7f52d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -65,9 +65,14 @@ - name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana - regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options != "" + regexp: >- + 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: >- + 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options | length > 0 + - name: Ensuring certificates folder owner file: @@ -126,7 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: >- + 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -141,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From efd55e5a5b0717f1957f10ed811a06bd233c1383 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 18:11:00 +0100 Subject: [PATCH 523/559] Minor linting fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e6c7f52d..7c78baa6 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,8 @@ executable: /bin/bash become: yes become_user: kibana + tags: + - skip_ansible_lint - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From 83aa5de3ef9e3df80d582f1a4ad313b6ec5c0469 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 11 Mar 2020 18:21:25 +0100 Subject: [PATCH 524/559] Bump NodeJS version to 10.x --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..692b85ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" # Build from sources build_from_sources: false From c0670f02afd26e1314f9287b1604024d786a3599 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 09:06:18 +0100 Subject: [PATCH 525/559] Lint fixes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index e2b0bb50..141438af 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 7c78baa6..2241c900 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -69,7 +69,7 @@ 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: >- - 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' when: kibana_script_node_options | length > 0 @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From b4bd4b334cea2262b5413344d5839a2146e8d530 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 10:47:28 +0100 Subject: [PATCH 526/559] multiline wrap with whitespace in a correct column --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 2241c900..53571026 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,8 +132,8 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} - -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From 3d2cce76fa7ee8a972f4f6ef86bed4982744bc73 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 11:50:02 +0100 Subject: [PATCH 527/559] multiline wrapping fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 53571026..118945ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -131,9 +131,8 @@ - name: Install Wazuh Plugin (can take a while) - shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ + install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From dab2f69b68dc7246c0a0356395d7c6354b962a64 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 15:02:28 +0100 Subject: [PATCH 528/559] removing single quotes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 141438af..cd22f42e 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 118945ae..8c8ed588 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -66,11 +66,11 @@ replace: path: /usr/share/kibana/bin/kibana regexp: >- - 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} replace: >- - 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} when: kibana_script_node_options | length > 0 @@ -131,8 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ - install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: >- + NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -147,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From b9a8dfff8abcbe123f9baa125f498b6a18d5457e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 09:29:54 +0100 Subject: [PATCH 529/559] fix to pass the indempotence test --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8c8ed588..1900777b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,7 @@ executable: /bin/bash become: yes become_user: kibana + changed_when: false tags: - skip_ansible_lint From 84b5510e3010f88da3863a53d416c789786fbded Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:11:07 +0100 Subject: [PATCH 530/559] Removing whitespaces surrounding node_options var --- .../elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index cd22f42e..a674a95f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 1900777b..dc7c3696 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From f4b70ab1c643b60b71236802ed04d143b76ea1ca Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:27:18 +0100 Subject: [PATCH 531/559] removing kibana script extra node options --- .../elastic-stack/ansible-kibana/defaults/main.yml | 1 - roles/elastic-stack/ansible-kibana/tasks/main.yml | 13 ------------- 2 files changed, 14 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index da865a38..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,4 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dc7c3696..b43b3755 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,18 +62,6 @@ - kibana_xpack_security tags: xpack-security -- name: Kibana script additional configuration for node - replace: - path: /usr/share/kibana/bin/kibana - regexp: >- - NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} - replace: >- - NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} - when: kibana_script_node_options | length > 0 - - - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -129,7 +117,6 @@ - build_from_sources is defined - build_from_sources - - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install From 3ba86f7cd8d30da34a81373881f7bf7ada71b681 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 14:15:50 +0100 Subject: [PATCH 532/559] minor fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 7f5d17c8..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,11 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" -<<<<<<< HEAD - repo_url_ext: "nodesource.com/setup_8.x" -======= repo_url_ext: "nodesource.com/setup_10.x" ->>>>>>> feature-node_options-variable # Build from sources build_from_sources: false From eff4b38bedf6091786e26bf55c8ceef51f47cf61 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 12:17:49 +0100 Subject: [PATCH 533/559] Restricting too open xpack and kibana permissions --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e9261956..82f3b081 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b43b3755..ad4a3e4c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -41,7 +41,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0664' + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" From c6a3dda23ac56d0e35bc208586d1a7cb8ffa3af8 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 15:50:22 +0100 Subject: [PATCH 534/559] Restricting already existing cert permissions and setting missing ones --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 ++ roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 82f3b081..664d1b4d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,6 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -163,6 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index ad4a3e4c..80bdeca9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,6 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 07bc94ea..b5b4cba8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -43,6 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" From 33fceff612a3f97c291c03158759b0ea0ad356f4 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 16:40:39 +0100 Subject: [PATCH 535/559] Normalization to octal for permissions asignations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 14 +++++++------- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 8 ++++---- .../tasks/installation_from_sources.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 664d1b4d..6eff899f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -100,7 +100,7 @@ file: path: "{{ master_certs_path }}" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -109,7 +109,7 @@ file: path: "{{ master_certs_path }}/ca/" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -178,7 +178,7 @@ - name: Ensuring folder permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a674a95f..b7ceb87f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -14,7 +14,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + mode: 0700 - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 80bdeca9..a31950bf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -66,7 +66,7 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: 0770 recurse: yes when: - kibana_xpack_security @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: 0664 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c83aaff1..e019d2f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file @@ -91,7 +91,7 @@ dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Executing "install.sh" script to build and install the Wazuh Manager shell: ./install.sh > /tmp/build_wazuh_manager_log.txt @@ -167,7 +167,7 @@ dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Execute Wazuh API installation script shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8ef1c2cb..1f354ca3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -18,7 +18,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh - mode: '0775' + mode: 0775 changed_when: false - name: Run NodeJS bash script From 4b9fb53549acd8a0fd2712ce59953827a3125f05 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 18:21:33 +0100 Subject: [PATCH 536/559] Removing readall perms in certs files. Minor syntax normalizations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- roles/wazuh/ansible-filebeat/tasks/main.yml | 6 +++--- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 6eff899f..47438f98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a31950bf..efd16de5 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: 0664 + mode: 0644 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b5b4cba8..4948c252 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -44,7 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -57,7 +57,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 69934631..73b3e6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -76,7 +76,7 @@ dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent From c63756d541dc64cd052943e24c4297136c7f9ae1 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 20 Mar 2020 21:35:18 +0100 Subject: [PATCH 537/559] Fix list check if it's empty --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5465f393..27819956 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -76,7 +76,7 @@ -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups != None %} + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} -G "{{ wazuh_agent_authd.groups | join(',') }}" {% endif %} register: agent_auth_output From b67a5e5e97e274705b023986e8ded6cf4e22de97 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 12:47:58 +0100 Subject: [PATCH 538/559] Adding new registration_adress ansible var --- roles/wazuh/ansible-wazuh-agent/README.md | 3 ++- .../wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 ++++++++-------- .../wazuh/ansible-wazuh-agent/tasks/Windows.yml | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md index 9709d9b3..e43ddb87 100644 --- a/roles/wazuh/ansible-wazuh-agent/README.md +++ b/roles/wazuh/ansible-wazuh-agent/README.md @@ -37,11 +37,12 @@ The following is an example of how this role can be used: api_proto: 'http' api_user: 'ansible' wazuh_agent_authd: + registration_address: 127.0.0.1 enable: true port: 1515 ssl_agent_ca: null ssl_auto_negotiate: 'no' - + License and copyright --------------------- diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 039e5960..31aaa7dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -43,6 +43,7 @@ wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' wazuh_agent_authd: + registration_address: 127.0.0.1 enable: false port: 1515 agent_name: null diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index c1c701fc..c83ca90d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -68,7 +68,7 @@ {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} -A {{ wazuh_agent_authd.agent_name }} {% endif %} - -m {{ wazuh_managers.0.address }} + -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} @@ -88,13 +88,13 @@ agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - name: Linux | Verify agent registration shell: echo {{ agent_auth_output }} | grep "Valid key created" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none when: wazuh_agent_authd.enable tags: @@ -109,7 +109,7 @@ - name: Linux | Create the agent key via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/" + url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" validate_certs: false method: POST body: '{"name":"{{ agent_name }}"}' @@ -126,13 +126,13 @@ agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none become: false ignore_errors: true - name: Linux | Retieve new agent data via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" + url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" validate_certs: false method: GET return_content: true @@ -140,7 +140,7 @@ password: "{{ api_pass }}" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - newagent_api.json.error == 0 register: newagentdata_api delegate_to: localhost @@ -158,7 +158,7 @@ register: manage_agents_output when: - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none - newagent_api.changed notify: restart wazuh-agent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 461249e9..bac0e1dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -61,7 +61,7 @@ - name: Windows | Register agent win_shell: > {{ wazuh_agent_win_auth_path }} - -m {{ wazuh_managers.0.address }} + -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} @@ -70,7 +70,7 @@ when: - wazuh_agent_authd.enable - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - - wazuh_managers.0.address is not none + - wazuh_agent_authd.registration_address is not none tags: - config From d75f75b76b46027db5d25af995d0e6cd6e900b95 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Mon, 23 Mar 2020 14:01:57 +0100 Subject: [PATCH 539/559] Fixes #390 . Removed bad formed XML comments. --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 1 - .../templates/var-ossec-etc-ossec-server.conf.j2 | 1 - .../templates/var-ossec-etc-shared-agent.conf.j2 | 1 - 3 files changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 128ba142..0c640cdc 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -203,7 +203,6 @@ no - {{ wazuh_agent_config.syscheck.frequency }} {% if ansible_system == "Linux" %} {{ wazuh_agent_config.syscheck.scan_on_start }} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 43853bec..d4340c9b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -295,7 +295,6 @@ {{ wazuh_manager_config.syscheck.disable }} {{ wazuh_manager_config.syscheck.alert_new_files }} - {{ wazuh_manager_config.syscheck.frequency }} {{ wazuh_manager_config.syscheck.scan_on_start }} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 00fdcd01..f300f22a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -8,7 +8,6 @@ {{ agent_config.syscheck.auto_ignore }} {% endif %} {{ agent_config.syscheck.alert_new_files }} - {{ agent_config.syscheck.frequency }} {{ agent_config.syscheck.scan_on_start }} From ec481c790a2640d740d141a94dc82bbeb2ce88bf Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 15:37:52 +0100 Subject: [PATCH 540/559] Fixing lint warnings --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index c83ca90d..1a9076be 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -132,7 +132,9 @@ - name: Linux | Retieve new agent data via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" + url: >- + "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address + }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" validate_certs: false method: GET return_content: true From 0f1d958ff2e9f99611c57841324c33384594c8a4 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 23 Mar 2020 17:57:22 +0100 Subject: [PATCH 541/559] Added registration address var to default wazuh-agent playbook --- playbooks/wazuh-agent.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 8c7eaa69..5e1fcacc 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -11,6 +11,7 @@ api_proto: 'http' api_user: ansible wazuh_agent_authd: + registration_address: enable: true port: 1515 ssl_agent_ca: null From e27d0d33102c631e0ecabb4d3bdcaaafa16735e7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 23 Mar 2020 20:32:12 +0100 Subject: [PATCH 542/559] Remove agent groups redundant list --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 86b0205b..8b4151de 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -410,5 +410,4 @@ nodejs: redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" -agent_groups: - groups: [] # groups to create +agent_groups: [] # groups to create diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 254b7e88..eaabdb77 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,9 +354,9 @@ - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - - "{{ agent_groups.groups }}" + - "{{ agent_groups }}" when: - - ( agent_groups.groups is defined) and ( agent_groups.groups|length > 0) + - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" From 1f2670f74ecf8de4b595a4faf2676b192dc14d4e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 12:42:45 +0100 Subject: [PATCH 543/559] Rule paths are now relative to playbooks --- playbooks/wazuh-agent.yml | 2 +- playbooks/wazuh-elastic.yml | 2 +- playbooks/wazuh-elastic_stack-distributed.yml | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 5e1fcacc..806b07c0 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,7 +1,7 @@ --- - hosts: roles: - - /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-agent + - ../roles/wazuh/ansible-wazuh-agent vars: wazuh_managers: - address: diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index eda19931..6c372889 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,5 +1,5 @@ --- - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: '' diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 16abfcf5..c0c14054 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -2,7 +2,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: true @@ -33,7 +33,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-2 single_node: false @@ -46,7 +46,7 @@ - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 single_node: false @@ -60,21 +60,21 @@ # - hosts: 172.16.0.162 # roles: -# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager +# - role: ../roles/wazuh/ansible-wazuh-manager -# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat +# - role: ../roles/wazuh/ansible-filebeat # filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 # filebeat_xpack_security: true # filebeat_node_name: node-2 # node_certs_generator: false # elasticsearch_xpack_security_password: elastic_pass -# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch +# - role: ../roles/elastic-stack/ansible-elasticsearch # elasticsearch_network_host: 172.16.0.162 # node_name: node-2 # elasticsearch_bootstrap_node: false # elasticsearch_master_candidate: true -# elasticsearch_discovery_nodes: +# elasticsearch_discovery_nodes: # - 172.16.0.161 # - 172.16.0.162 # elasticsearch_xpack_security: true @@ -83,7 +83,7 @@ # - hosts: 172.16.0.163 # roles: -# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana +# - role: ../roles/elastic-stack/ansible-kibana # kibana_xpack_security: true # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 From 14e2a6bb4730e4e6068a4a474b8bcec5dee293bb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 16:46:01 +0100 Subject: [PATCH 544/559] Bump versions to 3.12.0_7.6.1 --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 10 +++++----- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e930eae7..7223db60 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.6.1 -wazuh_version: 3.11.4 +wazuh_version: 3.12.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 05b0fe8b..b2808488 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.4-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw wazuh_agent_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -63,9 +63,9 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: 87ce22038688efb44d95f9daff472056 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi -wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi + md5: 91efaefae4e1977670eab0c768a22a93 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.0-1.msi +wazuh_winagent_package_name: wazuh-agent-3.12.0-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8b4151de..a4ce627f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.4-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws. # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -40,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.4" + branch: "v3.12.0" update: "y" remove: "y" directory: null From dfc7bbf4b36fd33e29beebb479076ac7ab15e6bf Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 18:21:46 +0100 Subject: [PATCH 545/559] Updates to adapt ossec.conf templates to Wazuh v3.12 default ones --- .../ansible-wazuh-agent/defaults/main.yml | 136 +++++------------- .../var-ossec-etc-ossec-agent.conf.j2 | 28 +++- 2 files changed, 61 insertions(+), 103 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b2808488..75c21d3c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -87,8 +87,17 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - win_audit_interval: 300 + win_audit_interval: 60 skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 ignore: - /etc/mtab - /etc/hosts.deny @@ -114,106 +123,39 @@ wazuh_agent_config: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' win_directories: - - dirs: '%WINDIR%\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\system.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\win.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cmd.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\lsass.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\winrm.vbs' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cmd.exe' - checks: 'check_all="yes"' + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\winrm.vbs' - checks: 'check_all="yes"' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'check_all="yes" realtime="yes"' + checks: 'realtime="yes"' + windows_registry: - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 0c640cdc..28b6828a 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -61,7 +61,6 @@ yes {% endif %} {% if ansible_os_family == "Windows" %} - ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt {% endif %} @@ -186,13 +185,13 @@ {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} + {% if wazuh_agent_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} + {% if wazuh_agent_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} + {% if wazuh_agent_config.sca.time | length > 0 %} {% endif %} @@ -246,8 +245,11 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} + {{ wazuh_agent_config.syscheck.skip_dev }} + {{ wazuh_agent_config.syscheck.skip_proc }} + {{ wazuh_agent_config.syscheck.skip_sys }} {% endif %} {% if ansible_os_family == "Windows" %} @@ -274,6 +276,20 @@ {{ wazuh_agent_config.syscheck.win_audit_interval }} {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + {% endif %} @@ -292,7 +308,7 @@ {% if ansible_system == "Linux" %} {% for localfile in wazuh_agent_config.localfiles.linux %} - + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} From 2cdc6fd7310990f74d4ae410b0cff152206e024a Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 24 Mar 2020 18:31:13 +0100 Subject: [PATCH 546/559] Updated elasticsearch template --- .../templates/wazuh-elastic7-template-alerts.json.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 index 06af6322..0b153fd4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 @@ -531,6 +531,9 @@ "sha1_before": { "type": "keyword" }, + "hard_links": { + "type": "keyword" + }, "sha1_after": { "type": "keyword" }, From bee5986b0301bbdbd2b229389fac4dc88ab1ee23 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 20:24:59 +0100 Subject: [PATCH 547/559] Bump branch when building from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 7223db60..2ac2cde5 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -47,7 +47,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.6 +wazuh_plugin_branch: 3.12-7.6 #Nodejs NODE_OPTIONS node_options: --max-old-space-size=4096 From c872140f28e54abda5c7cf8f8dccc3537e3a3dbb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 20:25:38 +0100 Subject: [PATCH 548/559] Update path for wazuh.yml --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efd16de5..2e39391f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -161,10 +161,15 @@ validate_certs: no status_code: 200, 404 +- name: Create wazuh plugin config directory + file: + path: /usr/share/kibana/optimize/wazuh/config/ + state: directory + - name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml owner: kibana group: root mode: 0644 From 52f4907847affe4b4edde48838434b4ed480e386 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 24 Mar 2020 18:21:46 +0100 Subject: [PATCH 549/559] Updates to adapt ossec.conf templates to Wazuh v3.12 default ones --- .../ansible-wazuh-agent/defaults/main.yml | 136 +++++------------- .../var-ossec-etc-ossec-agent.conf.j2 | 28 +++- 2 files changed, 61 insertions(+), 103 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 05b0fe8b..2e5bf4f0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -87,8 +87,17 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - win_audit_interval: 300 + win_audit_interval: 60 skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 ignore: - /etc/mtab - /etc/hosts.deny @@ -114,106 +123,39 @@ wazuh_agent_config: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' win_directories: - - dirs: '%WINDIR%\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\system.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\win.ini' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\cmd.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\lsass.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\SysNative\winrm.vbs' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\at.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\attrib.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cacls.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\cmd.exe' - checks: 'check_all="yes"' + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\eventcreate.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\ftp.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\net1.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\netsh.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\reg.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedit.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regedt32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\regsvr32.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\runas.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\schtasks.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\sethc.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\subst.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\wbem\WMIC.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe' - checks: 'check_all="yes"' - - dirs: '%WINDIR%\System32\winrm.vbs' - checks: 'check_all="yes"' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'check_all="yes" realtime="yes"' + checks: 'realtime="yes"' + windows_registry: - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 0c640cdc..28b6828a 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -61,7 +61,6 @@ yes {% endif %} {% if ansible_os_family == "Windows" %} - ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt {% endif %} @@ -186,13 +185,13 @@ {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} + {% if wazuh_agent_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} + {% if wazuh_agent_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} + {% if wazuh_agent_config.sca.time | length > 0 %} {% endif %} @@ -246,8 +245,11 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} + {{ wazuh_agent_config.syscheck.skip_dev }} + {{ wazuh_agent_config.syscheck.skip_proc }} + {{ wazuh_agent_config.syscheck.skip_sys }} {% endif %} {% if ansible_os_family == "Windows" %} @@ -274,6 +276,20 @@ {{ wazuh_agent_config.syscheck.win_audit_interval }} {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + {% endif %} @@ -292,7 +308,7 @@ {% if ansible_system == "Linux" %} {% for localfile in wazuh_agent_config.localfiles.linux %} - + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} From cd5a00633117dc94fda220133a71f67ab184e34a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Mar 2020 20:25:38 +0100 Subject: [PATCH 550/559] Update path for wazuh.yml --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efd16de5..2e39391f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -161,10 +161,15 @@ validate_certs: no status_code: 200, 404 +- name: Create wazuh plugin config directory + file: + path: /usr/share/kibana/optimize/wazuh/config/ + state: directory + - name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml owner: kibana group: root mode: 0644 From f625f0b310fe3a15d11a970535121d8de3426f34 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 12:49:49 +0100 Subject: [PATCH 551/559] Updating manager configuration templates and vars --- .../ansible-wazuh-agent/defaults/main.yml | 4 --- .../ansible-wazuh-manager/defaults/main.yml | 19 +++++++---- .../var-ossec-etc-ossec-server.conf.j2 | 33 ++++++++++++++++--- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2e5bf4f0..7df27cc9 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -111,11 +111,7 @@ wazuh_agent_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8b4151de..ffd2925c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -105,7 +105,7 @@ wazuh_manager_config: authd: enable: true port: 1515 - use_source_ip: 'yes' + use_source_ip: 'no' force_insert: 'yes' force_time: 0 purge: 'yes' @@ -166,24 +166,29 @@ wazuh_manager_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' auto_ignore_frequency: frequency: 'frequency="10"' timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 rootcheck: frequency: 43200 openscap: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d4340c9b..1a6b59c7 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -245,13 +245,13 @@ {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} + {% if wazuh_manager_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} + {% if wazuh_manager_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} + {% if wazuh_manager_config.sca.time | length > 0 %} {% endif %} @@ -332,6 +332,29 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} + {% if wazuh_manager_config.syscheck.skip_dev is defined %} + {{ wazuh_manager_config.syscheck.skip_dev }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_proc is defined %} + {{ wazuh_manager_config.syscheck.skip_proc }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_sys is defined %} + {{ wazuh_manager_config.syscheck.skip_sys }} + {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + @@ -470,7 +493,7 @@ {% endfor %} {% endif -%} -{% if ansible_os_family == "RedHat" %} +{% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} @@ -578,7 +601,7 @@ {% endif %} {% if wazuh_manager_config.authd.ciphers is not none %} {{wazuh_manager_config.authd.ciphers}} - {% endif %} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 245f4e7d6badda72c716bceada8198df2500f701 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 15:33:55 +0100 Subject: [PATCH 552/559] jinja template fixes --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 6 +++--- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 28b6828a..ee71769e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -286,9 +286,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 1a6b59c7..88620e7d 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -351,9 +351,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} From 0019c7fdf28b83d57d6994567b7dc1803b211af2 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 12:49:49 +0100 Subject: [PATCH 553/559] Updating manager configuration templates and vars --- .../ansible-wazuh-agent/defaults/main.yml | 4 --- .../ansible-wazuh-manager/defaults/main.yml | 19 +++++++---- .../var-ossec-etc-ossec-server.conf.j2 | 33 ++++++++++++++++--- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 75c21d3c..953da95e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -111,11 +111,7 @@ wazuh_agent_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index a4ce627f..db4f8841 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -105,7 +105,7 @@ wazuh_manager_config: authd: enable: true port: 1515 - use_source_ip: 'yes' + use_source_ip: 'no' force_insert: 'yes' force_time: 0 purge: 'yes' @@ -166,24 +166,29 @@ wazuh_manager_config: - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - /sys/kernel/security - - /sys/kernel/debug - - /dev/core ignore_linux_type: - - '^/proc' - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: - dirs: /etc,/usr/bin,/usr/sbin - checks: 'check_all="yes"' + checks: '' - dirs: /bin,/sbin,/boot - checks: 'check_all="yes"' + checks: '' auto_ignore_frequency: frequency: 'frequency="10"' timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 rootcheck: frequency: 43200 openscap: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d4340c9b..1a6b59c7 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -245,13 +245,13 @@ {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} + {% if wazuh_manager_config.sca.day | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} + {% if wazuh_manager_config.sca.wday | length > 0 %} yes {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} + {% if wazuh_manager_config.sca.time | length > 0 %} {% endif %} @@ -332,6 +332,29 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} + {% if wazuh_manager_config.syscheck.skip_dev is defined %} + {{ wazuh_manager_config.syscheck.skip_dev }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_proc is defined %} + {{ wazuh_manager_config.syscheck.skip_proc }} + {% endif %} + {% if wazuh_manager_config.syscheck.skip_sys is defined %} + {{ wazuh_manager_config.syscheck.skip_sys }} + {% endif %} + + + {{ wazuh_agent_config.syscheck.process_priority }} + + + {{ wazuh_agent_config.syscheck.max_eps }} + + + + {{ wazuh_agent_config.syscheck.sync_enabled }} + {{ wazuh_agent_config.syscheck.interval }} + {{ wazuh_agent_config.syscheck.max_interval }} + {{ wazuh_agent_config.syscheck.max_eps }} + @@ -470,7 +493,7 @@ {% endfor %} {% endif -%} -{% if ansible_os_family == "RedHat" %} +{% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} @@ -578,7 +601,7 @@ {% endif %} {% if wazuh_manager_config.authd.ciphers is not none %} {{wazuh_manager_config.authd.ciphers}} - {% endif %} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 6b57e195b868dc74183c020abe614c55118a7007 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 15:33:55 +0100 Subject: [PATCH 554/559] jinja template fixes --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 6 +++--- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 28b6828a..ee71769e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -286,9 +286,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 1a6b59c7..88620e7d 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -351,9 +351,9 @@ {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.interval }} - {{ wazuh_agent_config.syscheck.max_interval }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_agent_config.syscheck.sync_interval }} + {{ wazuh_agent_config.syscheck.sync_max_interval }} + {{ wazuh_agent_config.syscheck.sync_max_eps }} From 1d6988768f5da3f8fa5bad0c047188e5f8726dab Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 16:23:46 +0100 Subject: [PATCH 555/559] Minor jinja template fixes --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 88620e7d..998900b2 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -343,17 +343,17 @@ {% endif %} - {{ wazuh_agent_config.syscheck.process_priority }} + {{ wazuh_manager_config.syscheck.process_priority }} - {{ wazuh_agent_config.syscheck.max_eps }} + {{ wazuh_manager_config.syscheck.max_eps }} - {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.sync_interval }} - {{ wazuh_agent_config.syscheck.sync_max_interval }} - {{ wazuh_agent_config.syscheck.sync_max_eps }} + {{ wazuh_manager_config.syscheck.sync_enabled }} + {{ wazuh_manager_config.syscheck.sync_interval }} + {{ wazuh_manager_config.syscheck.sync_max_interval }} + {{ wazuh_manager_config.syscheck.sync_max_eps }} From ec9a4b61c7e8f5d94a69dd00b710a3274c3e6dec Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 17:57:38 +0100 Subject: [PATCH 556/559] v3.12 changelog --- CHANGELOG.md | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 213cb432..60673b65 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,25 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.12.0_7.6.1] + +### Added + +- Update to Wazuh v3.12.0 +- Added registration address variable to wazuh-agent playbook ([@Zenidd](https://github.com/Zenidd)) [PR#392](https://github.com/wazuh/wazuh-ansible/pull/392) + +### Changed + +- Bump NodeJS version to 10.x ([@manuasir](https://github.com/manuasir)) [PR#386](https://github.com/wazuh/wazuh-ansible/pull/386) +- Add flag to enable/disable Windows MD5 check ([@jm404](https://github.com/jm404)) [PR#383](https://github.com/wazuh/wazuh-ansible/pull/383) +- Rule paths are now relative to playbooks. ([@Zenidd ](https://github.com/Zenidd)) [PR#393](https://github.com/wazuh/wazuh-ansible/pull/393) + +### Fixed + +- Removed bad formed XML comments. ([@manuasir](https://github.com/manuasir)) [PR#391](https://github.com/wazuh/wazuh-ansible/pull/391) +- NodeJS node_options variable and Kibana plugin optimization fix. ([@Zenidd](https://github.com/Zenidd)) [PR#385](https://github.com/wazuh/wazuh-ansible/pull/385) +- Restrictive permissions for certificate files. ([@Zenidd](https://github.com/Zenidd)) [PR#382](https://github.com/wazuh/wazuh-ansible/pull/382) + ## [v3.11.4_7.6.1] ### Added @@ -70,7 +89,7 @@ All notable changes to this project will be documented in this file. - Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) - Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) - + ### Changed @@ -121,7 +140,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.10.0 +- Update to Wazuh v3.10.0 ### Changed @@ -143,14 +162,14 @@ All notable changes to this project will be documented in this file. ## [v3.9.5_7.2.1] -### Added +### Added - Update to Wazuh v3.9.5 - Update to Elastic Stack to v7.2.1 ## [v3.9.4_7.2.0] -### Added +### Added - Support for registring agents behind NAT [@jheikki100](https://github.com/jheikki100) [#208](https://github.com/wazuh/wazuh-ansible/pull/208) @@ -164,7 +183,7 @@ All notable changes to this project will be documented in this file. ## [v3.9.3_7.2.0] -### Added +### Added - Update to Wazuh v3.9.3 ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) - Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) - Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) @@ -174,7 +193,7 @@ All notable changes to this project will be documented in this file. ## [v3.9.2_7.1.1] -### Added +### Added - Update to Wazuh v3.9.2 - Support for Elastic 7 @@ -182,13 +201,13 @@ All notable changes to this project will be documented in this file. ## [v3.9.2_6.8.0] -### Added +### Added - Update to Wazuh v3.9.2 ## [v3.9.1] -### Added +### Added - Update to Wazuh v3.9.1 - Support for ELK v6.8.0 @@ -216,7 +235,7 @@ All notable changes to this project will be documented in this file. ## [v3.8.2] -### Changed +### Changed - Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150)) @@ -316,4 +335,3 @@ Roles: - ansible-filebeat: This role is prepared to install filebeat on the host that runs it. - ansible-wazuh-manager: With this role we will install Wazuh manager and Wazuh API on the host that runs it. - ansible-wazuh-agent: Using this role we will install Wazuh agent on the host that runs it and is able to register it. - From 02d945bed402b9d0a7ebfe69130841d29013a2b8 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 18:07:29 +0100 Subject: [PATCH 557/559] Empty custom agent packages url --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 953da95e..8041962f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -5,8 +5,8 @@ wazuh_agent_version: 3.12.0-1 # Custom packages installation wazuh_custom_packages_installation_agent_enabled: false -wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" -wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_agent_deb_url: "" +wazuh_custom_packages_installation_agent_rpm_url: "" # Sources installation From f518635a11142d673ad18ac5f44071615f6a68b7 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 25 Mar 2020 18:20:30 +0100 Subject: [PATCH 558/559] Changelog minor fix --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60673b65..520661ef 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ All notable changes to this project will be documented in this file. - Bump NodeJS version to 10.x ([@manuasir](https://github.com/manuasir)) [PR#386](https://github.com/wazuh/wazuh-ansible/pull/386) - Add flag to enable/disable Windows MD5 check ([@jm404](https://github.com/jm404)) [PR#383](https://github.com/wazuh/wazuh-ansible/pull/383) - Rule paths are now relative to playbooks. ([@Zenidd ](https://github.com/Zenidd)) [PR#393](https://github.com/wazuh/wazuh-ansible/pull/393) +- Add the option to create agent groups and add an agent to 1 or more group. ([@rshad](https://github.com/rshad)) [PR#361](https://github.com/wazuh/wazuh-ansible/pull/361) + ### Fixed From 9cdce6e988d697022ffe6546185157fe9befc66c Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 26 Mar 2020 14:43:47 +0100 Subject: [PATCH 559/559] Fix permissions --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 2e39391f..27673060 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -165,6 +165,10 @@ file: path: /usr/share/kibana/optimize/wazuh/config/ state: directory + recurse: yes + owner: kibana + group: kibana + mode: '0755' - name: Configure Wazuh Kibana Plugin template: