afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '4.8.0' into merge-4.7.2-into-4.8.0

Browse Source
This commit is contained in:
Gonzalo Acuña 2024-01-04 14:34:09 -03:00 committed by GitHub
commit 673914ffa8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 462 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,6 +1,12 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v4.8.0]
### Added
- Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
## [v4.7.2] ## [v4.7.2]
### Added ### Added

1
README.md
View File

@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| Wazuh version | Elastic | ODFE | | Wazuh version | Elastic | ODFE |
|---------------|---------|--------| |---------------|---------|--------|
| v4.8.0 | | |
| v4.7.2 | | | | v4.7.2 | | |
| v4.7.1 | | | | v4.7.1 | | |
| v4.7.0 | | | | v4.7.0 | | |

45
SECURITY.md Normal file
View File

@ -0,0 +1,45 @@
# Wazuh Open Source Project Security Policy
Version: 2023-06-12
## Introduction
This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
## Scope
This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
## Reporting Security Vulnerabilities
If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
## Vulnerability Disclosure Policy
Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
- Validation: We will validate the issue and work on reproducing it in our environment.
- Remediation: We will work on a fix and thoroughly test it
- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
## Automatic Scanning
We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
## Credit
We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
## Compliance with this Policy
We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
## Changes to this Security Policy
This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v4.7.2" WAZUH-ANSIBLE_VERSION="v4.8.0"
REVISION="40710" REVISION="40800"

4
playbooks/wazuh-agent.yml
View File

@ -10,7 +10,7 @@
port: 1514 port: 1514
protocol: tcp protocol: tcp
api_port: 55000 api_port: 55000
api_proto: 'http' api_proto: 'https'
api_user: ansible api_user: wazuh
max_retries: 5 max_retries: 5
retry_interval: 5 retry_interval: 5

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -45,9 +45,5 @@ nodejs:
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x" repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

3
roles/opendistro/opendistro-kibana/defaults/main.yml
View File

@ -52,9 +52,6 @@ nodejs:
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x" repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

6
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,14 +1,14 @@
--- ---
filebeat_version: 7.10.2 filebeat_version: 7.10.2
wazuh_template_branch: v4.7.2 wazuh_template_branch: v4.8.0
filebeat_node_name: node-1 filebeat_node_name: node-1
filebeat_output_indexer_hosts: filebeat_output_indexer_hosts:
- "localhost:9200" - "localhost"
filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz
filebeat_module_package_path: /tmp/ filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module filebeat_module_destination: /usr/share/filebeat/module
filebeat_module_folder: /usr/share/filebeat/module/wazuh filebeat_module_folder: /usr/share/filebeat/module/wazuh

2
roles/wazuh/ansible-wazuh-agent/README.md
View File

@ -12,6 +12,8 @@ This role is compatible with:
* Fedora * Fedora
* Debian * Debian
* Ubuntu * Ubuntu
* Windows
* macOS
Role Variables Role Variables

50
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_agent_version: 4.7.2 wazuh_agent_version: 4.8.0
# Custom packages installation # Custom packages installation
@ -7,30 +7,6 @@ wazuh_custom_packages_installation_agent_enabled: false
wazuh_custom_packages_installation_agent_deb_url: "" wazuh_custom_packages_installation_agent_deb_url: ""
wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_custom_packages_installation_agent_rpm_url: ""
# Sources installation
wazuh_agent_sources_installation:
enabled: false
branch: "v4.7.2"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
user_dir: "/var/ossec"
user_delete_dir: "y"
user_enable_active_response: "y"
user_enable_syscheck: "y"
user_enable_rootcheck: "y"
user_enable_openscap: "n"
user_enable_sca: "y"
user_enable_authd: "y"
user_generate_authd_cert: "n"
user_update: "y"
user_binaryinstall: null
user_agent_server_ip: "YOUR_MANAGER_IP"
user_agent_server_name: null
user_agent_config_profile: null
user_ca_store: "{{ wazuh_dir }}/wpk_root.pem"
wazuh_agent_yum_lock_timeout: 30 wazuh_agent_yum_lock_timeout: 30
# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. # We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials.
@ -40,6 +16,7 @@ authd_pass: ''
wazuh_api_reachable_from_agent: yes wazuh_api_reachable_from_agent: yes
wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_profile_macos: 'darwin, darwin21, darwin21.1'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_notify_time: '10' wazuh_notify_time: '10'
@ -54,6 +31,11 @@ wazuh_winagent_config:
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_sha512: True check_sha512: True
# macOS deployment
wazuh_macos_config:
download_dir: /tmp/
install_dir: /Library/Ossec/
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
# This is deprecated, see: wazuh_agent_address # This is deprecated, see: wazuh_agent_address
@ -100,6 +82,7 @@ wazuh_agent_enrollment:
agent_certificate_path: '' agent_certificate_path: ''
agent_key_path: '' agent_key_path: ''
authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass" authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass"
authorization_pass_path_macos: "/etc/authd.pass"
auto_method: 'no' auto_method: 'no'
delay_after_enrollment: 20 delay_after_enrollment: 20
use_source_ip: 'no' use_source_ip: 'no'
@ -225,6 +208,11 @@ wazuh_agent_syscheck:
checks: '' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: '' checks: ''
macos_directories:
- dirs: /etc,/usr/bin,/usr/sbin
checks: ''
- dirs: /bin,/sbin
checks: ''
win_directories: win_directories:
- dirs: '%WINDIR%' - dirs: '%WINDIR%'
checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"'
@ -327,6 +315,17 @@ wazuh_agent_localfiles:
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
macos:
- format: 'full_command'
command: netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u
alias: 'netstat listening ports'
frequency: '360'
- format: 'macos'
location: 'macos'
query:
type: 'trace,log,activity'
level: 'info'
value: (process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")
windows: windows:
- format: 'eventlog' - format: 'eventlog'
location: 'Application' location: 'Application'
@ -350,6 +349,7 @@ wazuh_agent_active_response:
ar_disabled: 'no' ar_disabled: 'no'
ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem" ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem"
ca_store_win: 'wpk_root.pem' ca_store_win: 'wpk_root.pem'
ca_store_macos: 'etc/wpk_root.pem'
ca_verification: 'yes' ca_verification: 'yes'
## Logging ## Logging

3
roles/wazuh/ansible-wazuh-agent/handlers/main.yml
View File

@ -4,3 +4,6 @@
- name: Windows | Restart Wazuh Agent - name: Windows | Restart Wazuh Agent
win_service: name=WazuhSvc start_mode=auto state=restarted win_service: name=WazuhSvc start_mode=auto state=restarted
- name: macOS | Restart Wazuh Agent
command: /Library/Ossec/bin/wazuh-control restart

3
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -36,7 +36,6 @@
when: when:
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 - ansible_distribution_major_version | int == 14
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
@ -45,7 +44,6 @@
id: "{{ wazuh_agent_config.repo.key_id }}" id: "{{ wazuh_agent_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Add Wazuh repositories - name: Debian/Ubuntu | Add Wazuh repositories
@ -55,7 +53,6 @@
state: present state: present
update_cache: true update_cache: true
when: when:
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for debian - name: Debian/Ubuntu | Set Distribution CIS filename for debian

8
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -5,10 +5,6 @@
- include_tasks: "Debian.yml" - include_tasks: "Debian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- include_tasks: "installation_from_sources.yml"
when:
- wazuh_agent_sources_installation.enabled
- include_tasks: "installation_from_custom_packages.yml" - include_tasks: "installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_agent_enabled - wazuh_custom_packages_installation_agent_enabled
@ -20,7 +16,6 @@
lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}' lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
when: when:
- ansible_os_family|lower == "redhat" - ansible_os_family|lower == "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
tags: tags:
- init - init
@ -32,7 +27,6 @@
cache_valid_time: 3600 cache_valid_time: 3600
when: when:
- ansible_os_family|lower != "redhat" - ansible_os_family|lower != "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- not ansible_check_mode - not ansible_check_mode
tags: tags:
@ -271,9 +265,7 @@
- include_tasks: "RMRedHat.yml" - include_tasks: "RMRedHat.yml"
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- not wazuh_agent_sources_installation.enabled
- include_tasks: "RMDebian.yml" - include_tasks: "RMDebian.yml"
when: when:
- ansible_os_family == "Debian" - ansible_os_family == "Debian"
- not wazuh_agent_sources_installation.enabled

2
roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
View File

@ -10,7 +10,6 @@
when: when:
- (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5) - (ansible_distribution_major_version|int <= 5)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
register: repo_v5_installed register: repo_v5_installed
@ -24,7 +23,6 @@
changed_when: false changed_when: false
when: when:
- repo_v5_installed is skipped - repo_v5_installed is skipped
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled - not wazuh_custom_packages_installation_agent_enabled
- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8

100
roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
View File

@ -1,100 +0,0 @@
---
- name: Install dependencies to build Wazuh packages
package:
name:
- make
- gcc
- automake
- autoconf
- libtool
- tar
state: present
- name: Removing old files
file:
path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
state: absent
- name: Removing old folders
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
state: absent
- name: Installing policycoreutils-python (RedHat families)
package:
name:
- policycoreutils-python
when:
- ansible_os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
name:
- libc6-dev
- curl
- policycoreutils
when:
- ansible_os_family|lower == "debian"
- name: Download required packages from github.com/wazuh/wazuh
get_url:
url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
delegate_to: "{{ inventory_hostname }}"
changed_when: false
- name: Create folder to extract Wazuh branch
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
mode: 0755
state: directory
changed_when: false
- name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
command: >-
tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz
--strip 1
--directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}
register: wazuh_untar
changed_when: false
args:
warn: false
- name: Clean remaining files from others builds
command: "make -C src {{ item }}"
args:
chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/"
with_items:
- "clean"
- "clean-deps"
register: clean_result
changed_when: clean_result.rc == 0
failed_when: false
- name: Render the "preloaded-vars.conf" file
template:
src: "templates/preloaded_vars_agent.conf.j2"
dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root
group: root
mode: 0644
changed_when: false
- name: Executing "install.sh" script to build and install the Wazuh Agent
shell: ./install.sh > /tmp/build_agent_log.txt
register: installation_result
changed_when: installation_result == 0
args:
chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
- name: Cleanup downloaded files
file:
path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
state: absent
changed_when: false
- name: Cleanup created folders
file:
path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
state: absent
changed_when: false

231
roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml Normal file
View File

@ -0,0 +1,231 @@
---
- name: macOS | Check architecture
command: "/usr/bin/uname -m"
register: uname_result
- name: macOS | Set architecture variable
set_fact:
macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"
- name: macOS | Set package name and URL based on architecture
set_fact:
wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"
- name: macOS | Check if Wazuh installer is already downloaded
stat:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
register: wazuh_package_downloaded
- name: macOS | Download Wazuh Agent package
get_url:
url: "{{ wazuh_macos_package_url }}"
dest: "{{ wazuh_macos_config.download_dir }}"
register: download_result
when:
- not wazuh_package_downloaded.stat.exists
- name: macOS | Check if Wazuh Agent is already installed
stat:
path: "{{ wazuh_macos_config.install_dir }}"
register: wazuh_installed
- name: macOS | Install Agent if not already installed
command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
register: install_result
- name: macOS | Check if client.keys exists
stat:
path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys"
register: client_keys_file
tags:
- config
- name: macOS | Agent registration via authd
block:
- name: macOS | Register agent (via authd)
shell: >
{{ wazuh_macos_config.install_dir }}/bin/agent-auth
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
-A {{ wazuh_agent_authd.agent_name }}
{% endif %}
-m {{ wazuh_agent_authd.registration_address }}
-p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_nat %} -I "any" {% endif %}
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
-G "{{ wazuh_agent_authd.groups | join(',') }}"
{% endif %}
register: agent_auth_output
notify: macOS | Restart Wazuh Agent
vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
- name: macOS | Verify agent registration
shell: >
sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
when:
- wazuh_agent_authd.enable | bool
- wazuh_agent_config.enrollment.enabled != 'yes'
tags:
- config
- authd
- name: macOS | Agent registration via rest-API
block:
- name: macOS | Establish target Wazuh Manager for registration task
set_fact:
target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
vars:
manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
manager_fallback: "{{ wazuh_managers | list }}"
- name: macOS | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: POST
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200
return_content: yes
force_basic_auth: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_jwt_result.json.error == 0
register: api_jwt_result
become: no
tags:
- config
- api
- name: macOS | Create the agent key via rest-API
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
method: POST
body_format: json
body:
name: '{{ agent_name }}'
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_agent_post.json.error == 0
register: api_agent_post
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
tags:
- config
- api
- name: macOS | Validate registered agent key matches manager record
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
method: GET
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
register: api_agent_validation
vars:
agent_id: '{{ api_agent_post.json.data.id }}'
agent_key: '{{ api_agent_post.json.data.key }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
when:
- wazuh_agent_api_validate | bool
- api_agent_post.json.error == 0
tags:
- config
- api
- name: macOS | Import Key (via rest-API)
command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents"
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ agent_name }}'
OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
notify: macOS | Restart Wazuh Agent
when:
- not ( wazuh_agent_authd.enable | bool )
- wazuh_agent_config.enrollment.enabled != 'yes'
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
tags:
- config
- api
- name: macOS | Agent registration via auto-enrollment
debug:
msg: Agent registration will be performed through enrollment option in templated ossec.conf
when: wazuh_agent_config.enrollment.enabled == 'yes'
- name: macOS | Ensure group "wazuh" exists
ansible.builtin.group:
name: wazuh
state: present
- name: macOS | Installing agent configuration (ossec.conf)
template:
src: var-ossec-etc-ossec-agent.conf.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf"
owner: root
group: wazuh
mode: 0644
notify: macOS | Restart Wazuh Agent
tags:
- init
- config
- name: macOS | Installing local_internal_options.conf
template:
src: var-ossec-etc-local-internal-options.conf.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf"
owner: root
group: wazuh
mode: 0640
notify: macOS | Restart Wazuh Agent
tags:
- init
- config
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
owner: wazuh
group: wazuh
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
- authd_pass | length > 0
tags:
- config
- name: macOS | Delete downloaded Wazuh agent installer file
file:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
state: absent

3
roles/wazuh/ansible-wazuh-agent/tasks/main.yml
View File

@ -23,3 +23,6 @@
- include_tasks: "Linux.yml" - include_tasks: "Linux.yml"
when: ansible_system == "Linux" when: ansible_system == "Linux"
- include_tasks: "macOS.yml"
when: ansible_system == "Darwin"

7
roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2
View File

@ -1,7 +0,0 @@
{% for key, value in wazuh_agent_sources_installation.items() %}
{% if "user_" in key %}
{% if value is defined and value is not none %}
{{ key|upper }}="{{ value }}"
{% endif %}
{% endif %}
{% endfor %}

58
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -30,6 +30,9 @@
<config-profile>{{ wazuh_profile_ubuntu }}</config-profile> <config-profile>{{ wazuh_profile_ubuntu }}</config-profile>
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if ansible_system == "Darwin" %}
<config-profile>{{ wazuh_profile_macos }}</config-profile>
{% endif %}
{% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
<notify_time>{{ wazuh_notify_time }}</notify_time> <notify_time>{{ wazuh_notify_time }}</notify_time>
<time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect> <time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect>
@ -64,8 +67,10 @@
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path> <agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
{% endif %} {% endif %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path> <authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path>
{% else %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path_macos }}</authorization_pass_path>
{% endif %} {% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %} {% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method> <auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
@ -91,7 +96,7 @@
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<check_files>yes</check_files> <check_files>yes</check_files>
<check_trojans>yes</check_trojans> <check_trojans>yes</check_trojans>
<check_dev>yes</check_dev> <check_dev>yes</check_dev>
@ -103,8 +108,13 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>
{% if ansible_system == "Darwin" %}
<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
{% else %}
<rootkit_files>{{ wazuh_dir }}/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_files>{{ wazuh_dir }}/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt</rootkit_trojans> <rootkit_trojans>{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt</rootkit_trojans>
{% endif %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
@ -112,6 +122,7 @@
<windows_malware>./shared/win_malware_rcl.txt</windows_malware> <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
{% endif %} {% endif %}
</rootcheck> </rootcheck>
{% endif %} {% endif %}
@ -179,6 +190,7 @@
</wodle> </wodle>
{% endif %} {% endif %}
{% if ansible_system != "Darwin" %}
<wodle name="cis-cat"> <wodle name="cis-cat">
<disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled> <disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled>
<timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout> <timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout>
@ -193,6 +205,7 @@
{% endif %} {% endif %}
<ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path> <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
</wodle> </wodle>
{% endif %}
<!-- Osquery integration --> <!-- Osquery integration -->
<wodle name="osquery"> <wodle name="osquery">
@ -249,13 +262,17 @@
<syscheck> <syscheck>
<disabled>no</disabled> <disabled>no</disabled>
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) --> <!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %} {% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories> <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %} {% endfor %}
{% elif ansible_system == "Darwin" %}
{% for directory in wazuh_agent_config.syscheck.macos_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -267,7 +284,7 @@
{% endif %} {% endif %}
<!-- Files/directories to ignore --> <!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %} {% if wazuh_agent_config.syscheck.ignore is defined and (ansible_system == "Linux" or ansible_system == "Darwin") %}
{% for ignore in wazuh_agent_config.syscheck.ignore %} {% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore> <ignore>{{ ignore }}</ignore>
{% endfor %} {% endfor %}
@ -286,7 +303,7 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<!-- Files no diff --> <!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
@ -363,6 +380,27 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_system == "Darwin" %}
{% for localfile in wazuh_agent_config.localfiles.macos %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %}
<location>{{ localfile.location }}</location>
{% if localfile.format == 'macos' %}
<query type="{{ localfile.query.type }}" level="{{ localfile.query.level }}">{{ localfile.query.value }}</query>
{% endif %}
{% endif %}
</localfile>
{% endfor %}
{% endif %}
{% if ansible_os_family == "Debian" %} {% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %} {% for localfile in wazuh_agent_config.localfiles.debian %}
@ -439,7 +477,15 @@
<active-response> <active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled> <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store> <ca_store>
{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}
{% else %}
{% if ansible_system == "Darwin" %}{{ wazuh_agent_config.active_response.ca_store_macos }}
{% else %}
{{ wazuh_agent_config.active_response.ca_store }}
{% endif %}
{% endif %}
</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification> <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response> </active-response>

110
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_version: 4.7.2 wazuh_manager_version: 4.8.0
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present wazuh_manager_package_state: present
@ -9,32 +9,6 @@ wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
# Sources installation
wazuh_manager_sources_installation:
enabled: false
branch: "v4.7.2"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"
user_dir: "/var/ossec"
user_delete_dir: null
user_enable_active_response: null
user_enable_syscheck: "y"
user_enable_rootcheck: "y"
user_enable_openscap: "n"
user_enable_authd: "y"
user_generate_authd_cert: null
user_update: "y"
user_binaryinstall: null
user_enable_email: "n"
user_auto_start: "y"
user_email_address: null
user_email_smpt: null
user_enable_syslog: "n"
user_white_list: "n"
user_ca_store: null
threads: "2"
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
########################################## ##########################################
@ -170,69 +144,22 @@ wazuh_manager_sca:
time: '' time: ''
## Vulnerability Detector ## Vulnerability Detector
wazuh_manager_vulnerability_detector: filebeat_node_name: node-1
enabled: 'no' filebeat_output_indexer_hosts:
interval: '5m' - "localhost"
min_full_scan_interval: '6h' filebeat_output_indexer_port: 9200
run_on_start: 'yes' indexer_security_user: admin
providers: indexer_security_password: changeme
- enabled: 'no' filebeat_ssl_dir: /etc/pki/filebeat
os:
- 'trusty' wazuh_manager_vulnerability_detection:
- 'xenial' enabled: 'yes'
- 'bionic' indexer_status: 'yes'
- 'focal' feed_update_interval: '60m'
- 'jammy'
update_interval: '1h' wazuh_manager_indexer:
name: '"canonical"' enabled: 'yes'
- enabled: 'no' hosts: "{{ filebeat_output_indexer_hosts }}"
os:
- 'buster'
- 'bullseye'
- 'bookworm'
update_interval: '1h'
name: '"debian"'
- enabled: 'no'
os:
- '5'
- '6'
- '7'
- '8'
- '9'
update_interval: '1h'
name: '"redhat"'
- enabled: 'no'
os:
- '8'
- '9'
update_interval: '1h'
name: '"almalinux"'
- enabled: 'no'
os:
- 'amazon-linux'
- 'amazon-linux-2'
- 'amazon-linux-2023'
update_interval: '1h'
name: '"alas"'
- enabled: 'no'
os:
- '11-server'
- '11-desktop'
- '12-server'
- '12-desktop'
- '15-server'
- '15-desktop'
update_interval: '1h'
name: '"suse"'
- enabled: 'no'
update_interval: '1h'
name: '"arch"'
- enabled: 'no'
update_interval: '1h'
name: '"msu"'
- enabled: 'no'
update_interval: '1h'
name: '"nvd"'
## Syscheck ## Syscheck
wazuh_manager_syscheck: wazuh_manager_syscheck:
@ -474,7 +401,8 @@ wazuh_manager_config_defaults:
osquery: '{{ wazuh_manager_osquery }}' osquery: '{{ wazuh_manager_osquery }}'
syscollector: '{{ wazuh_manager_syscollector }}' syscollector: '{{ wazuh_manager_syscollector }}'
sca: '{{ wazuh_manager_sca }}' sca: '{{ wazuh_manager_sca }}'
vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
indexer: '{{ wazuh_manager_indexer }}'
log_level: '{{ wazuh_manager_log_level }}' log_level: '{{ wazuh_manager_log_level }}'
email_level: '{{ wazuh_manager_email_level }}' email_level: '{{ wazuh_manager_email_level }}'
localfiles: '{{ wazuh_manager_localfiles }}' localfiles: '{{ wazuh_manager_localfiles }}'

14
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -24,7 +24,6 @@
when: when:
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 - ansible_distribution_major_version | int == 14
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
@ -33,7 +32,6 @@
id: "{{ wazuh_manager_config.repo.key_id }}" id: "{{ wazuh_manager_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Add Wazuh repositories - name: Debian/Ubuntu | Add Wazuh repositories
@ -44,7 +42,6 @@
update_cache: true update_cache: true
changed_when: false changed_when: false
when: when:
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
@ -98,12 +95,6 @@
tags: tags:
- config - config
- name: Install dependencies to build from sources
apt:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: Debian/Ubuntu | Install wazuh-manager - name: Debian/Ubuntu | Install wazuh-manager
apt: apt:
name: name:
@ -111,13 +102,8 @@
state: present state: present
tags: init tags: init
when: when:
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- include_tasks: "installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled
- include_tasks: "installation_from_custom_packages.yml" - include_tasks: "installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_manager_enabled - wazuh_custom_packages_installation_manager_enabled

13
roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
View File

@ -10,7 +10,6 @@
when: when:
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5) - (ansible_distribution_major_version|int <= 5)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed register: repo_v5_manager_installed
@ -24,7 +23,6 @@
changed_when: false changed_when: false
when: when:
- repo_v5_manager_installed is skipped - repo_v5_manager_installed is skipped
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
- name: RedHat/CentOS/Fedora | Install openscap - name: RedHat/CentOS/Fedora | Install openscap
@ -93,12 +91,6 @@
when: when:
- ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
- name: Install dependencies to build from sources
yum:
name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++']
state: present
when: wazuh_manager_sources_installation.enabled
- name: CentOS/RedHat/Amazon | Install wazuh-manager - name: CentOS/RedHat/Amazon | Install wazuh-manager
package: package:
name: "wazuh-manager-{{ wazuh_manager_version }}" name: "wazuh-manager-{{ wazuh_manager_version }}"
@ -107,15 +99,10 @@
until: wazuh_manager_main_packages_installed is succeeded until: wazuh_manager_main_packages_installed is succeeded
when: when:
- ansible_os_family|lower == "redhat" - ansible_os_family|lower == "redhat"
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled - not wazuh_custom_packages_installation_manager_enabled
tags: tags:
- init - init
- include_tasks: "../tasks/installation_from_sources.yml"
when:
- wazuh_manager_sources_installation.enabled
- include_tasks: "../tasks/installation_from_custom_packages.yml" - include_tasks: "../tasks/installation_from_custom_packages.yml"
when: when:
- wazuh_custom_packages_installation_manager_enabled - wazuh_custom_packages_installation_manager_enabled

125
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
View File

@ -1,125 +0,0 @@
---
# Wazuh Manager
- name: Check if Wazuh Manager is already installed
stat:
path: "{{ wazuh_dir }}/bin/wazuh-control"
register: wazuh_control_path
- name: Installing Wazuh Manager from sources
block:
- name: Install dependencies to build Wazuh packages
package:
name:
- make
- gcc
- automake
- autoconf
- libtool
- tar
state: present
- name: Install CMake
include_tasks: install_cmake.yml
- name: Removing old files
file:
path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
state: absent
- name: Removing old folders
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
state: absent
- name: Installing policycoreutils-python (RedHat families)
package:
name:
- policycoreutils-python
when:
- ansible_os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
name:
- libc6-dev
- curl
- policycoreutils
when:
- ansible_os_family|lower == "debian"
- name: Remove old repository folder
file:
path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
state: absent
- name: Download required packages from github.com/wazuh/wazuh
get_url:
url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
delegate_to: "{{ inventory_hostname }}"
- name: Create folder to extract Wazuh branch
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
owner: root
group: root
mode: 0644
state: directory
# When downloading "v3.11.0" extracted folder name is 3.11.0.
# Explicitly creating the folder with proper naming and striping first level in .tar.gz file
- name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
command: >-
tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz
--strip 1
--directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
register: wazuh_untar
changed_when: wazuh_untar.rc ==0
args:
warn: false
- name: Clean remaining files from others builds
command: "make -C src {{ item }}"
args:
chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/"
with_items:
- "clean"
- "clean-deps"
register: clean_result
changed_when: clean_result.rc == 0
failed_when: false
- name: Render the "preloaded-vars.conf" file
template:
src: "templates/preloaded_vars_manager.conf.j2"
dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root
group: root
mode: 0644
- name: Executing "install.sh" script to build and install the Wazuh Manager
shell: ./install.sh > /tmp/build_wazuh_manager_log.txt
register: installation_result
changed_when: installation_result == 0
args:
chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
environment:
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: Cleanup downloaded files
file:
path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
state: absent
- name: Cleanup created folders
file:
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
state: absent
when:
- not wazuh_control_path.stat.exists
- wazuh_manager_sources_installation.enabled
tags:
- manager

1
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -336,4 +336,3 @@
- name: Run uninstall tasks - name: Run uninstall tasks
include_tasks: uninstall.yml include_tasks: uninstall.yml
when: not wazuh_manager_sources_installation.enabled

7
roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2
View File

@ -1,7 +0,0 @@
{% for key, value in wazuh_manager_sources_installation.items() %}
{% if "user_" in key %}
{% if value is defined and value is not none %}
{{ key|upper }}="{{ value }}"
{% endif %}
{% endif %}
{% endfor %}

55
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -258,37 +258,30 @@
{% endif %} {% endif %}
</sca> </sca>
<vulnerability-detector> <vulnerability-detection>
{% if wazuh_manager_config.vulnerability_detector.enabled is defined %} <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
<enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled> <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
{% endif %} <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
{% if wazuh_manager_config.vulnerability_detector.interval is defined %} </vulnerability-detection>
<interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
{% endif %} <indexer>
{% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %} <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
<min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval> <hosts>
{% endif %} {% for item in wazuh_manager_config.indexer.hosts %}
{% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>
<run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start> {% endfor %}
{% endif %} </hosts>
{% if wazuh_manager_config.vulnerability_detector.providers is defined %}
{% for provider_ in wazuh_manager_config.vulnerability_detector.providers %} <username>{{ indexer_security_user }}</username>
<provider name={{ provider_.name }}> <password>{{ indexer_security_password }}</password>
{% if provider_.enabled is defined %} <ssl>
<enabled>{{ provider_.enabled }}</enabled> <certificate_authorities>
{% endif %} <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca>
{% if provider_.os is defined %} </certificate_authorities>
{% for os_ in provider_.os %} <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate>
<os>{{ os_ }}</os> <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
{% endfor %} </ssl>
{% endif %} </indexer>
{% if provider_.update_interval is defined %}
<update_interval>{{ provider_.update_interval }}</update_interval>
{% endif %}
</provider>
{% endfor %}
{% endif %}
</vulnerability-detector>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>

2
roles/wazuh/check-packages/defaults/main.yml
View File

@ -1,2 +1,2 @@
--- ---
wazuh_version: 4.7.2 wazuh_version: 4.8.0

7
roles/wazuh/vars/repo.yml
View File

@ -8,7 +8,12 @@ wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
certs_gen_tool_version: 4.7 wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

7
roles/wazuh/vars/repo_pre-release.yml
View File

@ -8,7 +8,12 @@ wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat
certs_gen_tool_version: 4.7 wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

10
roles/wazuh/vars/repo_staging.yml
View File

@ -5,8 +5,16 @@ wazuh_repo:
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
check_sha512: False
filebeat_module_package_url: https://packages-dev.wazuh.com/staging/filebeat
certs_gen_tool_version: 4.7 wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

4
roles/wazuh/wazuh-dashboard/defaults/main.yml
View File

@ -8,12 +8,12 @@ dashboard_node_name: node-1
dashboard_server_host: "0.0.0.0" dashboard_server_host: "0.0.0.0"
dashboard_server_port: "443" dashboard_server_port: "443"
dashboard_server_name: "dashboard" dashboard_server_name: "dashboard"
wazuh_version: 4.7.2 wazuh_version: 4.8.0
indexer_cluster_nodes: indexer_cluster_nodes:
- 127.0.0.1 - 127.0.0.1
# The Wazuh dashboard package repository # The Wazuh dashboard package repository
dashboard_version: "4.7.2" dashboard_version: "4.8.0"
# API credentials # API credentials
wazuh_api_credentials: wazuh_api_credentials:

1
roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
View File

@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo - name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo
yum_repository: yum_repository:
file: wazuh
name: wazuh_repo name: wazuh_repo
description: Wazuh yum repository description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}" baseurl: "{{ wazuh_repo.yum }}"

2
roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2
View File

@ -12,4 +12,4 @@ server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem" server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh uiSettings.overrides.defaultRoute: /app/wz-home

2
roles/wazuh/wazuh-dashboard/vars/debian.yml
View File

@ -1,2 +1,2 @@
--- ---
dashboard_version: 4.7.2 dashboard_version: 4.8.0

3
roles/wazuh/wazuh-indexer/defaults/main.yml
View File

@ -1,6 +1,6 @@
--- ---
# Cluster Settings # Cluster Settings
indexer_version: 4.7.2 indexer_version: 4.8.0
single_node: false single_node: false
indexer_node_name: node-1 indexer_node_name: node-1
@ -28,6 +28,7 @@ domain_name: wazuh.com
indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security
indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
indexer_bin_path: /usr/share/wazuh-indexer/bin
indexer_conf_path: /etc/wazuh-indexer indexer_conf_path: /etc/wazuh-indexer
indexer_index_path: /var/lib/wazuh-indexer/ indexer_index_path: /var/lib/wazuh-indexer/

1
roles/wazuh/wazuh-indexer/tasks/RedHat.yml
View File

@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh indexer repo - name: RedHat/CentOS/Fedora | Add Wazuh indexer repo
yum_repository: yum_repository:
file: wazuh
name: wazuh_repo name: wazuh_repo
description: Wazuh yum repository description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}" baseurl: "{{ wazuh_repo.yum }}"

10
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -93,8 +93,16 @@
delay: 5 delay: 5
register: result register: result
until: result.rc == 0 until: result.rc == 0
run_once: true
- name: Initialize ISM script
command: >
{{ indexer_bin_path }}/indexer-ism-init.sh
-p {{ indexer_admin_password }}
-i {{ target_address }}
become: yes
become_user: root
run_once: true
- name: Create custom user - name: Create custom user
uri: uri: