From e8ad26a3ca217ad0895388817c675235ba62b7f9 Mon Sep 17 00:00:00 2001 From: manuasir Date: Tue, 3 Nov 2020 19:18:10 +0100 Subject: [PATCH 01/67] Removed deprecated option --- .../templates/var-ossec-etc-shared-agent.conf.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 78893385..85b82ff2 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -82,7 +82,6 @@ {% if agent_config.rootcheck is defined %} no - yes yes yes yes From 3d4345a70f1d710875c2a94f00071a435bec883c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Tue, 3 Nov 2020 16:45:30 -0300 Subject: [PATCH 02/67] ansible-lint: add role naming convention rule #106 to warn_list to allow molecule lint stage to continue with tests --- .ansible-lint | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..148ddda4 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +--- +warn_list: + - '106' From 534b5ddcd6d109dc89b07503621331579bacd1ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Tue, 3 Nov 2020 17:28:48 -0300 Subject: [PATCH 03/67] molecule/default: temporarily disable testinfra, as complying to these test would require role work outside of the scope of this PR --- molecule/default/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index cd184961..d810f1d0 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -43,7 +43,7 @@ scenario: - prepare - converge #- idempotence - - verify + #- verify - cleanup - destroy verifier: From f22e277c636169cb41561ec4afd22899f04281f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Wed, 4 Nov 2020 11:46:56 -0300 Subject: [PATCH 04/67] molecule: add scenario clustered-wazuh-only --- molecule/clustered-wazuh-only/Dockerfile.j2 | 14 + molecule/clustered-wazuh-only/INSTALL.rst | 16 + molecule/clustered-wazuh-only/converge.yml | 23 + .../clustered-wazuh-only/group_vars/all.yml | 11 + .../group_vars/elastic.yml | 15 + .../group_vars/managers.yml | 20 + molecule/clustered-wazuh-only/molecule.yml | 130 ++ .../tests/test_default.py | 65 + poetry.lock | 1207 +++++++++++++++++ pyproject.toml | 28 + 10 files changed, 1529 insertions(+) create mode 100644 molecule/clustered-wazuh-only/Dockerfile.j2 create mode 100644 molecule/clustered-wazuh-only/INSTALL.rst create mode 100644 molecule/clustered-wazuh-only/converge.yml create mode 100644 molecule/clustered-wazuh-only/group_vars/all.yml create mode 100644 molecule/clustered-wazuh-only/group_vars/elastic.yml create mode 100644 molecule/clustered-wazuh-only/group_vars/managers.yml create mode 100644 molecule/clustered-wazuh-only/molecule.yml create mode 100644 molecule/clustered-wazuh-only/tests/test_default.py create mode 100644 poetry.lock create mode 100644 pyproject.toml diff --git a/molecule/clustered-wazuh-only/Dockerfile.j2 b/molecule/clustered-wazuh-only/Dockerfile.j2 new file mode 100644 index 00000000..19692c20 --- /dev/null +++ b/molecule/clustered-wazuh-only/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/clustered-wazuh-only/INSTALL.rst b/molecule/clustered-wazuh-only/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/clustered-wazuh-only/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/clustered-wazuh-only/converge.yml b/molecule/clustered-wazuh-only/converge.yml new file mode 100644 index 00000000..63e7694f --- /dev/null +++ b/molecule/clustered-wazuh-only/converge.yml @@ -0,0 +1,23 @@ +--- + +- name: Converge + hosts: all + become: true + become_user: root + roles: + - role: ../../roles/elastic-stack/ansible-elasticsearch + when: inventory_hostname in groups['elastic'] + - role: ../../roles/wazuh/ansible-wazuh-manager + when: inventory_hostname in groups['managers'] + - role: ../../roles/wazuh/ansible-filebeat + when: inventory_hostname in groups['managers'] + pre_tasks: + - debug: + msg: | + ----------------------------------------- + managers: {{ managers_hostvars | length }} + addresses: {{ manager_addresses }} + ----------------------------------------- + elastic: {{ elastic_hostvars | length }} + addresses: {{ elastic_addresses }} + ----------------------------------------- \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/all.yml b/molecule/clustered-wazuh-only/group_vars/all.yml new file mode 100644 index 00000000..13205b13 --- /dev/null +++ b/molecule/clustered-wazuh-only/group_vars/all.yml @@ -0,0 +1,11 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/elastic.yml b/molecule/clustered-wazuh-only/group_vars/elastic.yml new file mode 100644 index 00000000..d3149867 --- /dev/null +++ b/molecule/clustered-wazuh-only/group_vars/elastic.yml @@ -0,0 +1,15 @@ +--- + +single_node: false +elasticsearch_node_master: true +minimum_master_nodes: 1 + +# ansible_default_ipv4.address +private_ip: '{{ ansible_host }}' +elasticsearch_network_host: '{{ private_ip }}' +elasticsearch_node_name: '{{ ansible_hostname }}' + +elasticsearch_cluster_nodes: '{{ elastic_addresses }}' + +elasticsearch_discovery_nodes: '{{ elastic_addresses }}' + diff --git a/molecule/clustered-wazuh-only/group_vars/managers.yml b/molecule/clustered-wazuh-only/group_vars/managers.yml new file mode 100644 index 00000000..e191ad10 --- /dev/null +++ b/molecule/clustered-wazuh-only/group_vars/managers.yml @@ -0,0 +1,20 @@ +--- + +wazuh_manager_fqdn: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' +filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' + +wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: '{{ ansible_hostname }}' + node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" + nodes: '{{ manager_addresses }}' + hidden: 'no' \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/molecule.yml b/molecule/clustered-wazuh-only/molecule.yml new file mode 100644 index 00000000..3b5106af --- /dev/null +++ b/molecule/clustered-wazuh-only/molecule.yml @@ -0,0 +1,130 @@ +--- +# Distributed scenario: clustered manager scenario + connected agents +# 2-core CPU +# 7 GB of RAM memory +# 14 GB of SSD disk space + +dependency: + name: galaxy +driver: + name: docker +#lint: +# name: yamllint +# enabled: false +platforms: + + ################################################ + # Wazuh Managers + ################################################ + - name: wazuh_manager_centos7 + hostname: wazuh-mgr01 + image: geerlingguy/docker-centos7-ansible + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_manager_ubuntu2004 + hostname: wazuh-mgr02 + image: geerlingguy/docker-ubuntu2004-ansible + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_manager_debian9 + hostname: wazuh-mgr03 + image: geerlingguy/docker-debian9-ansible + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Elastic Cluster + ################################################ + - name: wazuh_elasticsearch_centos7 + hostname: wazuh-es01 + image: geerlingguy/docker-centos7-ansible + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + env: + ES_JAVA_OPTS: '-Xms1g -Xmx1g' + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_elasticsearch_debian9 + hostname: wazuh-es03 + image: geerlingguy/docker-debian9-ansible + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + env: + ES_JAVA_OPTS: '-Xms1g -Xmx1g' + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +provisioner: + name: ansible + inventory: + links: + group_vars: group_vars + #host_vars: ../../../inventory/host_vars/ + playbooks: + create: create.yml + converge: converge.yml + #destroy: destroy.yml + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ./roles + lint: + name: ansible-lint + enabled: false +scenario: + name: clustered-wazuh-only + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + #- idempotence + #- verify + - cleanup + - destroy +verifier: + name: testinfra +# lint: +# name: flake8 +# enabled: false diff --git a/molecule/clustered-wazuh-only/tests/test_default.py b/molecule/clustered-wazuh-only/tests/test_default.py new file mode 100644 index 00000000..289e4f86 --- /dev/null +++ b/molecule/clustered-wazuh-only/tests/test_default.py @@ -0,0 +1,65 @@ +import os +import pytest +import testinfra.utils.ansible_runner +import re + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.0.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.9.1') diff --git a/poetry.lock b/poetry.lock new file mode 100644 index 00000000..478bac27 --- /dev/null +++ b/poetry.lock @@ -0,0 +1,1207 @@ +[[package]] +category = "main" +description = "Radically simple IT automation" +name = "ansible" +optional = false +python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*" +version = "2.9.5" + +[[package]] +category = "dev" +description = "Checks playbooks for practices and behaviour that could potentially be improved" +name = "ansible-lint" +optional = false +python-versions = ">=3.6" +version = "4.3.7" + +[package.dependencies] +ansible = ">=2.8" +pyyaml = "*" +rich = "*" + +[package.dependencies."ruamel.yaml"] +python = ">=3.7" +version = ">=0.15.37,<1" + +[[package]] +category = "main" +description = "Better dates & times for Python" +name = "arrow" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "0.17.0" + +[package.dependencies] +python-dateutil = ">=2.7.0" + +[[package]] +category = "main" +description = "Atomic file writes." +marker = "sys_platform == \"win32\"" +name = "atomicwrites" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "1.4.0" + +[[package]] +category = "main" +description = "Classes Without Boilerplate" +name = "attrs" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "20.2.0" + +[package.extras] +dev = ["coverage (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface", "sphinx", "sphinx-rtd-theme", "pre-commit"] +docs = ["sphinx", "sphinx-rtd-theme", "zope.interface"] +tests = ["coverage (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"] +tests_no_zope = ["coverage (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six"] + +[[package]] +category = "main" +description = "Modern password hashing for your software and your servers" +name = "bcrypt" +optional = false +python-versions = ">=3.6" +version = "3.2.0" + +[package.dependencies] +cffi = ">=1.1" +six = ">=1.4.1" + +[package.extras] +tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)"] +typecheck = ["mypy"] + +[[package]] +category = "main" +description = "Ultra-lightweight pure Python package to check if a file is binary or text." +name = "binaryornot" +optional = false +python-versions = "*" +version = "0.4.4" + +[package.dependencies] +chardet = ">=3.0.2" + +[[package]] +category = "main" +description = "Lightweight, extensible schema and data validation tool for Python dictionaries." +name = "cerberus" +optional = false +python-versions = ">=2.7" +version = "1.3.2" + +[package.dependencies] +setuptools = "*" + +[[package]] +category = "main" +description = "Python package for providing Mozilla's CA Bundle." +name = "certifi" +optional = false +python-versions = "*" +version = "2020.6.20" + +[[package]] +category = "main" +description = "Foreign Function Interface for Python calling C code." +name = "cffi" +optional = false +python-versions = "*" +version = "1.14.3" + +[package.dependencies] +pycparser = "*" + +[[package]] +category = "main" +description = "Universal encoding detector for Python 2 and 3" +name = "chardet" +optional = false +python-versions = "*" +version = "3.0.4" + +[[package]] +category = "main" +description = "Composable command line interface toolkit" +name = "click" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "7.1.2" + +[[package]] +category = "main" +description = "Fish, Bash, Zsh and PowerShell completion for Click" +name = "click-completion" +optional = false +python-versions = "*" +version = "0.5.2" + +[package.dependencies] +click = "*" +jinja2 = "*" +shellingham = "*" +six = "*" + +[[package]] +category = "main" +description = "Colorization of help messages in Click" +name = "click-help-colors" +optional = false +python-versions = "*" +version = "0.8" + +[package.dependencies] +click = ">=7.0" + +[package.extras] +dev = ["pytest"] + +[[package]] +category = "main" +description = "Cross-platform colored terminal text." +name = "colorama" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "0.4.4" + +[[package]] +category = "dev" +description = "Python parser for the CommonMark Markdown spec" +name = "commonmark" +optional = false +python-versions = "*" +version = "0.9.1" + +[package.extras] +test = ["flake8 (3.7.8)", "hypothesis (3.55.3)"] + +[[package]] +category = "main" +description = "A command-line utility that creates projects from project templates, e.g. creating a Python package project from a Python package project template." +name = "cookiecutter" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "1.7.2" + +[package.dependencies] +Jinja2 = "<3.0.0" +MarkupSafe = "<2.0.0" +binaryornot = ">=0.4.4" +click = ">=7.0" +jinja2-time = ">=0.2.0" +poyo = ">=0.5.0" +python-slugify = ">=4.0.0" +requests = ">=2.23.0" +six = ">=1.10" + +[[package]] +category = "main" +description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." +name = "cryptography" +optional = false +python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*" +version = "3.2.1" + +[package.dependencies] +cffi = ">=1.8,<1.11.3 || >1.11.3" +six = ">=1.4.1" + +[package.extras] +docs = ["sphinx (>=1.6.5,<1.8.0 || >1.8.0,<3.1.0 || >3.1.0,<3.1.1 || >3.1.1)", "sphinx-rtd-theme"] +docstest = ["doc8", "pyenchant (>=1.6.11)", "twine (>=1.12.0)", "sphinxcontrib-spelling (>=4.0.1)"] +pep8test = ["black", "flake8", "flake8-import-order", "pep8-naming"] +ssh = ["bcrypt (>=3.1.5)"] +test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"] + +[[package]] +category = "main" +description = "Distro - an OS platform information API" +name = "distro" +optional = false +python-versions = "*" +version = "1.5.0" + +[[package]] +category = "main" +description = "A Python library for the Docker Engine API." +name = "docker" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "4.3.1" + +[package.dependencies] +pywin32 = "227" +requests = ">=2.14.2,<2.18.0 || >2.18.0" +six = ">=1.4.0" +websocket-client = ">=0.32.0" + +[package.extras] +ssh = ["paramiko (>=2.4.2)"] +tls = ["pyOpenSSL (>=17.5.0)", "cryptography (>=1.3.4)", "idna (>=2.0.0)"] + +[[package]] +category = "main" +description = "A python package that provides useful locks." +name = "fasteners" +optional = false +python-versions = "*" +version = "0.15" + +[package.dependencies] +monotonic = ">=0.1" +six = "*" + +[[package]] +category = "dev" +description = "the modular source code checker: pep8 pyflakes and co" +name = "flake8" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" +version = "3.8.4" + +[package.dependencies] +mccabe = ">=0.6.0,<0.7.0" +pycodestyle = ">=2.6.0a1,<2.7.0" +pyflakes = ">=2.2.0,<2.3.0" + +[[package]] +category = "main" +description = "Internationalized Domain Names in Applications (IDNA)" +name = "idna" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.10" + +[[package]] +category = "main" +description = "A very fast and expressive template engine." +name = "jinja2" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "2.11.2" + +[package.dependencies] +MarkupSafe = ">=0.23" + +[package.extras] +i18n = ["Babel (>=0.8)"] + +[[package]] +category = "main" +description = "Jinja2 Extension for Dates and Times" +name = "jinja2-time" +optional = false +python-versions = "*" +version = "0.2.0" + +[package.dependencies] +arrow = "*" +jinja2 = "*" + +[[package]] +category = "main" +description = "Safely add untrusted strings to HTML/XML markup." +name = "markupsafe" +optional = false +python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" +version = "1.1.1" + +[[package]] +category = "dev" +description = "McCabe checker, plugin for flake8" +name = "mccabe" +optional = false +python-versions = "*" +version = "0.6.1" + +[[package]] +category = "main" +description = "Molecule aids in the development and testing of Ansible roles" +name = "molecule" +optional = false +python-versions = ">=3.6" +version = "3.0.8" + +[package.dependencies] +Jinja2 = ">=2.10.1" +PyYAML = ">=5.1,<6" +ansible = ">=2.8" +cerberus = ">=1.3.1" +click = ">=7.0" +click-completion = ">=0.5.1" +click-help-colors = ">=0.6" +colorama = ">=0.3.9" +cookiecutter = ">=1.6.0,<1.7.1 || >1.7.1" +paramiko = ">=2.5.0,<3" +pexpect = ">=4.6.0,<5" +pluggy = ">=0.7.1,<1.0" +python-gilt = ">=1.2.1,<2" +selinux = "*" +sh = ">=1.13.1,<1.14" +tabulate = ">=0.8.4" +tree-format = ">=0.1.2" +yamllint = ">=1.15.0,<2" + +[package.dependencies.docker] +optional = true +version = ">=2.0.0" + +[package.extras] +docker = ["docker (>=2.0.0)"] +docs = ["simplejson", "sphinx", "sphinx-ansible-theme (>=0.2.2)"] +lint = ["ansible-lint (>=4.2.0,<5)", "flake8 (>=3.6.0)", "pre-commit (>=1.21.0)", "yamllint (>=1.15.0)"] +test = ["ansi2html", "coverage (<5)", "mock (>=3.0.5,<4)", "packaging", "pytest-cov (>=2.7.1,<3)", "pytest-helpers-namespace (>=2019.1.8,<2020)", "pytest-html (>=1.21.0)", "pytest-mock (>=1.10.4,<2)", "pytest-verbose-parametrize (>=1.7.0,<2)", "pytest-plus", "pytest-xdist (>=1.29.0,<2)", "pytest (>=5.4.0,<5.5)", "testinfra (>=3.4.0)"] +windows = ["pywinrm"] + +[[package]] +category = "main" +description = "An implementation of time.monotonic() for Python 2 & < 3.3" +name = "monotonic" +optional = false +python-versions = "*" +version = "1.5" + +[[package]] +category = "main" +description = "More routines for operating on iterables, beyond itertools" +name = "more-itertools" +optional = false +python-versions = ">=3.5" +version = "8.6.0" + +[[package]] +category = "main" +description = "Core utilities for Python packages" +name = "packaging" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "20.4" + +[package.dependencies] +pyparsing = ">=2.0.2" +six = "*" + +[[package]] +category = "main" +description = "SSH2 protocol library" +name = "paramiko" +optional = false +python-versions = "*" +version = "2.7.2" + +[package.dependencies] +bcrypt = ">=3.1.3" +cryptography = ">=2.5" +pynacl = ">=1.0.1" + +[package.extras] +all = ["pyasn1 (>=0.1.7)", "pynacl (>=1.0.1)", "bcrypt (>=3.1.3)", "invoke (>=1.3)", "gssapi (>=1.4.1)", "pywin32 (>=2.1.8)"] +ed25519 = ["pynacl (>=1.0.1)", "bcrypt (>=3.1.3)"] +gssapi = ["pyasn1 (>=0.1.7)", "gssapi (>=1.4.1)", "pywin32 (>=2.1.8)"] +invoke = ["invoke (>=1.3)"] + +[[package]] +category = "main" +description = "Utility library for gitignore style pattern matching of file paths." +name = "pathspec" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "0.8.0" + +[[package]] +category = "main" +description = "Pexpect allows easy control of interactive console applications." +name = "pexpect" +optional = false +python-versions = "*" +version = "4.8.0" + +[package.dependencies] +ptyprocess = ">=0.5" + +[[package]] +category = "main" +description = "plugin and hook calling mechanisms for python" +name = "pluggy" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "0.13.1" + +[package.extras] +dev = ["pre-commit", "tox"] + +[[package]] +category = "main" +description = "A lightweight YAML Parser for Python. 🐓" +name = "poyo" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "0.5.0" + +[[package]] +category = "main" +description = "Run a subprocess in a pseudo terminal" +name = "ptyprocess" +optional = false +python-versions = "*" +version = "0.6.0" + +[[package]] +category = "main" +description = "library with cross-python path, ini-parsing, io, code, log facilities" +name = "py" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "1.9.0" + +[[package]] +category = "dev" +description = "Python style guide checker" +name = "pycodestyle" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.6.0" + +[[package]] +category = "main" +description = "C parser in Python" +name = "pycparser" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.20" + +[[package]] +category = "dev" +description = "passive checker of Python programs" +name = "pyflakes" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "2.2.0" + +[[package]] +category = "dev" +description = "Pygments is a syntax highlighting package written in Python." +name = "pygments" +optional = false +python-versions = ">=3.5" +version = "2.7.2" + +[[package]] +category = "main" +description = "Python binding to the Networking and Cryptography (NaCl) library" +name = "pynacl" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "1.4.0" + +[package.dependencies] +cffi = ">=1.4.1" +six = "*" + +[package.extras] +docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"] +tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)", "hypothesis (>=3.27.0)"] + +[[package]] +category = "main" +description = "Python parsing module" +name = "pyparsing" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +version = "2.4.7" + +[[package]] +category = "main" +description = "pytest: simple powerful testing with Python" +name = "pytest" +optional = false +python-versions = ">=3.5" +version = "5.4.3" + +[package.dependencies] +atomicwrites = ">=1.0" +attrs = ">=17.4.0" +colorama = "*" +more-itertools = ">=4.0.0" +packaging = "*" +pluggy = ">=0.12,<1.0" +py = ">=1.5.0" +wcwidth = "*" + +[package.extras] +checkqa-mypy = ["mypy (v0.761)"] +testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] + +[[package]] +category = "main" +description = "Extensions to the standard Python datetime module" +name = "python-dateutil" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" +version = "2.8.1" + +[package.dependencies] +six = ">=1.5" + +[[package]] +category = "main" +description = "gilt - A GIT layering tool." +name = "python-gilt" +optional = false +python-versions = ">=3.6" +version = "1.2.3" + +[package.dependencies] +PyYAML = "*" +click = "*" +colorama = "*" +fasteners = "*" +sh = "*" + +[package.extras] +test = ["black (19.10b0)", "flake8", "hacking", "pep517", "pytest", "pytest-cov", "pytest-helpers-namespace", "pytest-mock", "twine"] + +[[package]] +category = "main" +description = "A Python Slugify application that handles Unicode" +name = "python-slugify" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "4.0.1" + +[package.dependencies] +text-unidecode = ">=1.3" + +[package.extras] +unidecode = ["Unidecode (>=1.1.1)"] + +[[package]] +category = "main" +description = "Python for Window Extensions" +marker = "sys_platform == \"win32\"" +name = "pywin32" +optional = false +python-versions = "*" +version = "227" + +[[package]] +category = "main" +description = "YAML parser and emitter for Python" +name = "pyyaml" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "5.3.1" + +[[package]] +category = "main" +description = "Python HTTP for Humans." +name = "requests" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "2.24.0" + +[package.dependencies] +certifi = ">=2017.4.17" +chardet = ">=3.0.2,<4" +idna = ">=2.5,<3" +urllib3 = ">=1.21.1,<1.25.0 || >1.25.0,<1.25.1 || >1.25.1,<1.26" + +[package.extras] +security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"] +socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7)", "win-inet-pton"] + +[[package]] +category = "dev" +description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" +name = "rich" +optional = false +python-versions = ">=3.6,<4.0" +version = "9.1.0" + +[package.dependencies] +colorama = ">=0.4.0,<0.5.0" +commonmark = ">=0.9.0,<0.10.0" +pygments = ">=2.6.0,<3.0.0" +typing-extensions = ">=3.7.4,<4.0.0" + +[package.extras] +jupyter = ["ipywidgets (>=7.5.1,<8.0.0)"] + +[[package]] +category = "dev" +description = "ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map key order" +marker = "python_version >= \"3.7\"" +name = "ruamel.yaml" +optional = false +python-versions = "*" +version = "0.16.12" + +[package.dependencies] +[package.dependencies."ruamel.yaml.clib"] +python = "<3.9" +version = ">=0.1.2" + +[package.extras] +docs = ["ryd"] +jinja2 = ["ruamel.yaml.jinja2 (>=0.2)"] + +[[package]] +category = "dev" +description = "C version of reader, parser and emitter for ruamel.yaml derived from libyaml" +marker = "platform_python_implementation == \"CPython\" and python_version < \"3.9\" and python_version >= \"3.7\"" +name = "ruamel.yaml.clib" +optional = false +python-versions = "*" +version = "0.2.2" + +[[package]] +category = "main" +description = "shim selinux module" +name = "selinux" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" +version = "0.2.1" + +[package.dependencies] +distro = ">=1.3.0" +setuptools = ">=39.0" + +[[package]] +category = "main" +description = "Python subprocess replacement" +name = "sh" +optional = false +python-versions = "*" +version = "1.13.1" + +[[package]] +category = "main" +description = "Tool to Detect Surrounding Shell" +name = "shellingham" +optional = false +python-versions = "!=3.0,!=3.1,!=3.2,!=3.3,>=2.6" +version = "1.3.2" + +[[package]] +category = "main" +description = "Python 2 and 3 compatibility utilities" +name = "six" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" +version = "1.15.0" + +[[package]] +category = "main" +description = "Pretty-print tabular data" +name = "tabulate" +optional = false +python-versions = "*" +version = "0.8.7" + +[package.extras] +widechars = ["wcwidth"] + +[[package]] +category = "main" +description = "Test infrastructures" +name = "testinfra" +optional = false +python-versions = ">=3.5" +version = "5.3.1" + +[package.dependencies] +pytest = "!=3.0.2" + +[package.extras] +ansible = ["ansible"] +paramiko = ["paramiko"] +salt = ["salt"] +winrm = ["pywinrm"] + +[[package]] +category = "main" +description = "The most basic Text::Unidecode port" +name = "text-unidecode" +optional = false +python-versions = "*" +version = "1.3" + +[[package]] +category = "main" +description = "" +name = "tree-format" +optional = false +python-versions = "*" +version = "0.1.2" + +[package.extras] +dev = ["pytest (>=2.7.1)", "testtools (>=1.8.0)"] + +[[package]] +category = "dev" +description = "Backported and Experimental Type Hints for Python 3.5+" +name = "typing-extensions" +optional = false +python-versions = "*" +version = "3.7.4.3" + +[[package]] +category = "main" +description = "HTTP library with thread-safe connection pooling, file post, and more." +name = "urllib3" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" +version = "1.25.11" + +[package.extras] +brotli = ["brotlipy (>=0.6.0)"] +secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"] +socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"] + +[[package]] +category = "main" +description = "Measures the displayed width of unicode strings in a terminal" +name = "wcwidth" +optional = false +python-versions = "*" +version = "0.2.5" + +[[package]] +category = "main" +description = "WebSocket client for Python. hybi13 is supported." +name = "websocket-client" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "0.57.0" + +[package.dependencies] +six = "*" + +[[package]] +category = "main" +description = "A linter for YAML files." +name = "yamllint" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" +version = "1.25.0" + +[package.dependencies] +pathspec = ">=0.5.3" +pyyaml = "*" +setuptools = "*" + +[metadata] +content-hash = "438f2e02025d222b379d0a1b53c73cbd146aee0a6d009fb9141cba8f354519ae" +lock-version = "1.0" +python-versions = "^3.8" + +[metadata.files] +ansible = [ + {file = "ansible-2.9.5.tar.gz", hash = "sha256:51ae50d33264eb644ecb79a0208a20569a1127ec3440e8de60eda3a2b3d9caa5"}, +] +ansible-lint = [ + {file = "ansible-lint-4.3.7.tar.gz", hash = "sha256:1012fc3f5c4c0c58eece515860f19c34c5088faa5be412eec6fae5b45bda9c4f"}, + {file = "ansible_lint-4.3.7-py2.py3-none-any.whl", hash = "sha256:300e841f690b556a08d44902d6414283dc101079b27909e3a892f1cf1d10d7ff"}, +] +arrow = [ + {file = "arrow-0.17.0-py2.py3-none-any.whl", hash = "sha256:e098abbd9af3665aea81bdd6c869e93af4feb078e98468dd351c383af187aac5"}, + {file = "arrow-0.17.0.tar.gz", hash = "sha256:ff08d10cda1d36c68657d6ad20d74fbea493d980f8b2d45344e00d6ed2bf6ed4"}, +] +atomicwrites = [ + {file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"}, + {file = "atomicwrites-1.4.0.tar.gz", hash = "sha256:ae70396ad1a434f9c7046fd2dd196fc04b12f9e91ffb859164193be8b6168a7a"}, +] +attrs = [ + {file = "attrs-20.2.0-py2.py3-none-any.whl", hash = "sha256:fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc"}, + {file = "attrs-20.2.0.tar.gz", hash = "sha256:26b54ddbbb9ee1d34d5d3668dd37d6cf74990ab23c828c2888dccdceee395594"}, +] +bcrypt = [ + {file = "bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl", hash = "sha256:c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6"}, + {file = "bcrypt-3.2.0-cp36-abi3-manylinux1_x86_64.whl", hash = "sha256:63d4e3ff96188e5898779b6057878fecf3f11cfe6ec3b313ea09955d587ec7a7"}, + {file = "bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl", hash = "sha256:cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1"}, + {file = "bcrypt-3.2.0-cp36-abi3-manylinux2014_aarch64.whl", hash = "sha256:cdcdcb3972027f83fe24a48b1e90ea4b584d35f1cc279d76de6fc4b13376239d"}, + {file = "bcrypt-3.2.0-cp36-abi3-win32.whl", hash = "sha256:a67fb841b35c28a59cebed05fbd3e80eea26e6d75851f0574a9273c80f3e9b55"}, + {file = "bcrypt-3.2.0-cp36-abi3-win_amd64.whl", hash = "sha256:81fec756feff5b6818ea7ab031205e1d323d8943d237303baca2c5f9c7846f34"}, + {file = "bcrypt-3.2.0.tar.gz", hash = "sha256:5b93c1726e50a93a033c36e5ca7fdcd29a5c7395af50a6892f5d9e7c6cfbfb29"}, +] +binaryornot = [ + {file = "binaryornot-0.4.4-py2.py3-none-any.whl", hash = "sha256:b8b71173c917bddcd2c16070412e369c3ed7f0528926f70cac18a6c97fd563e4"}, + {file = "binaryornot-0.4.4.tar.gz", hash = "sha256:359501dfc9d40632edc9fac890e19542db1a287bbcfa58175b66658392018061"}, +] +cerberus = [ + {file = "Cerberus-1.3.2.tar.gz", hash = "sha256:302e6694f206dd85cb63f13fd5025b31ab6d38c99c50c6d769f8fa0b0f299589"}, +] +certifi = [ + {file = "certifi-2020.6.20-py2.py3-none-any.whl", hash = "sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41"}, + {file = "certifi-2020.6.20.tar.gz", hash = "sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3"}, +] +cffi = [ + {file = "cffi-1.14.3-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:485d029815771b9fe4fa7e1c304352fe57df6939afe835dfd0182c7c13d5e92e"}, + {file = "cffi-1.14.3-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:3cb3e1b9ec43256c4e0f8d2837267a70b0e1ca8c4f456685508ae6106b1f504c"}, + {file = "cffi-1.14.3-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:f0620511387790860b249b9241c2f13c3a80e21a73e0b861a2df24e9d6f56730"}, + {file = "cffi-1.14.3-cp27-cp27m-win32.whl", hash = "sha256:005f2bfe11b6745d726dbb07ace4d53f057de66e336ff92d61b8c7e9c8f4777d"}, + {file = "cffi-1.14.3-cp27-cp27m-win_amd64.whl", hash = "sha256:2f9674623ca39c9ebe38afa3da402e9326c245f0f5ceff0623dccdac15023e05"}, + {file = "cffi-1.14.3-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:09e96138280241bd355cd585148dec04dbbedb4f46128f340d696eaafc82dd7b"}, + {file = "cffi-1.14.3-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:3363e77a6176afb8823b6e06db78c46dbc4c7813b00a41300a4873b6ba63b171"}, + {file = "cffi-1.14.3-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:52bf29af05344c95136df71716bb60508bbd217691697b4307dcae681612db9f"}, + {file = "cffi-1.14.3-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:0ef488305fdce2580c8b2708f22d7785ae222d9825d3094ab073e22e93dfe51f"}, + {file = "cffi-1.14.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:0b1ad452cc824665ddc682400b62c9e4f5b64736a2ba99110712fdee5f2505c4"}, + {file = "cffi-1.14.3-cp35-cp35m-win32.whl", hash = "sha256:85ba797e1de5b48aa5a8427b6ba62cf69607c18c5d4eb747604b7302f1ec382d"}, + {file = "cffi-1.14.3-cp35-cp35m-win_amd64.whl", hash = "sha256:e66399cf0fc07de4dce4f588fc25bfe84a6d1285cc544e67987d22663393926d"}, + {file = "cffi-1.14.3-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:c687778dda01832555e0af205375d649fa47afeaeeb50a201711f9a9573323b8"}, + {file = "cffi-1.14.3-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:15f351bed09897fbda218e4db5a3d5c06328862f6198d4fb385f3e14e19decb3"}, + {file = "cffi-1.14.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:4d7c26bfc1ea9f92084a1d75e11999e97b62d63128bcc90c3624d07813c52808"}, + {file = "cffi-1.14.3-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:23e5d2040367322824605bc29ae8ee9175200b92cb5483ac7d466927a9b3d537"}, + {file = "cffi-1.14.3-cp36-cp36m-win32.whl", hash = "sha256:a624fae282e81ad2e4871bdb767e2c914d0539708c0f078b5b355258293c98b0"}, + {file = "cffi-1.14.3-cp36-cp36m-win_amd64.whl", hash = "sha256:de31b5164d44ef4943db155b3e8e17929707cac1e5bd2f363e67a56e3af4af6e"}, + {file = "cffi-1.14.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:03d3d238cc6c636a01cf55b9b2e1b6531a7f2f4103fabb5a744231582e68ecc7"}, + {file = "cffi-1.14.3-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:f92cdecb618e5fa4658aeb97d5eb3d2f47aa94ac6477c6daf0f306c5a3b9e6b1"}, + {file = "cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:22399ff4870fb4c7ef19fff6eeb20a8bbf15571913c181c78cb361024d574579"}, + {file = "cffi-1.14.3-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:f4eae045e6ab2bb54ca279733fe4eb85f1effda392666308250714e01907f394"}, + {file = "cffi-1.14.3-cp37-cp37m-win32.whl", hash = "sha256:b0358e6fefc74a16f745afa366acc89f979040e0cbc4eec55ab26ad1f6a9bfbc"}, + {file = "cffi-1.14.3-cp37-cp37m-win_amd64.whl", hash = "sha256:6642f15ad963b5092d65aed022d033c77763515fdc07095208f15d3563003869"}, + {file = "cffi-1.14.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:c2a33558fdbee3df370399fe1712d72464ce39c66436270f3664c03f94971aff"}, + {file = "cffi-1.14.3-cp38-cp38-manylinux1_i686.whl", hash = "sha256:2791f68edc5749024b4722500e86303a10d342527e1e3bcac47f35fbd25b764e"}, + {file = "cffi-1.14.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:529c4ed2e10437c205f38f3691a68be66c39197d01062618c55f74294a4a4828"}, + {file = "cffi-1.14.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:8f0f1e499e4000c4c347a124fa6a27d37608ced4fe9f7d45070563b7c4c370c9"}, + {file = "cffi-1.14.3-cp38-cp38-win32.whl", hash = "sha256:3b8eaf915ddc0709779889c472e553f0d3e8b7bdf62dab764c8921b09bf94522"}, + {file = "cffi-1.14.3-cp38-cp38-win_amd64.whl", hash = "sha256:bbd2f4dfee1079f76943767fce837ade3087b578aeb9f69aec7857d5bf25db15"}, + {file = "cffi-1.14.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5d9a7dc7cf8b1101af2602fe238911bcc1ac36d239e0a577831f5dac993856e9"}, + {file = "cffi-1.14.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:cc75f58cdaf043fe6a7a6c04b3b5a0e694c6a9e24050967747251fb80d7bce0d"}, + {file = "cffi-1.14.3-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:bf39a9e19ce7298f1bd6a9758fa99707e9e5b1ebe5e90f2c3913a47bc548747c"}, + {file = "cffi-1.14.3-cp39-cp39-win32.whl", hash = "sha256:d80998ed59176e8cba74028762fbd9b9153b9afc71ea118e63bbf5d4d0f9552b"}, + {file = "cffi-1.14.3-cp39-cp39-win_amd64.whl", hash = "sha256:c150eaa3dadbb2b5339675b88d4573c1be3cb6f2c33a6c83387e10cc0bf05bd3"}, + {file = "cffi-1.14.3.tar.gz", hash = "sha256:f92f789e4f9241cd262ad7a555ca2c648a98178a953af117ef7fad46aa1d5591"}, +] +chardet = [ + {file = "chardet-3.0.4-py2.py3-none-any.whl", hash = "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"}, + {file = "chardet-3.0.4.tar.gz", hash = "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"}, +] +click = [ + {file = "click-7.1.2-py2.py3-none-any.whl", hash = "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc"}, + {file = "click-7.1.2.tar.gz", hash = "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a"}, +] +click-completion = [ + {file = "click-completion-0.5.2.tar.gz", hash = "sha256:5bf816b81367e638a190b6e91b50779007d14301b3f9f3145d68e3cade7bce86"}, +] +click-help-colors = [ + {file = "click-help-colors-0.8.tar.gz", hash = "sha256:119e5faf69cfc919c995c5962326ac8fd87f11e56a371af594e3dfd8458f4c6e"}, + {file = "click_help_colors-0.8-py3-none-any.whl", hash = "sha256:0d841a4058ec88c47f93ff6f32547a055f8e0a0273f6bd6cb3e08430f195131d"}, +] +colorama = [ + {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, + {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, +] +commonmark = [ + {file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"}, + {file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"}, +] +cookiecutter = [ + {file = "cookiecutter-1.7.2-py2.py3-none-any.whl", hash = "sha256:430eb882d028afb6102c084bab6cf41f6559a77ce9b18dc6802e3bc0cc5f4a30"}, + {file = "cookiecutter-1.7.2.tar.gz", hash = "sha256:efb6b2d4780feda8908a873e38f0e61778c23f6a2ea58215723bcceb5b515dac"}, +] +cryptography = [ + {file = "cryptography-3.2.1-cp27-cp27m-macosx_10_10_x86_64.whl", hash = "sha256:6dc59630ecce8c1f558277ceb212c751d6730bd12c80ea96b4ac65637c4f55e7"}, + {file = "cryptography-3.2.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:75e8e6684cf0034f6bf2a97095cb95f81537b12b36a8fedf06e73050bb171c2d"}, + {file = "cryptography-3.2.1-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:4e7268a0ca14536fecfdf2b00297d4e407da904718658c1ff1961c713f90fd33"}, + {file = "cryptography-3.2.1-cp27-cp27m-win32.whl", hash = "sha256:7117319b44ed1842c617d0a452383a5a052ec6aa726dfbaffa8b94c910444297"}, + {file = "cryptography-3.2.1-cp27-cp27m-win_amd64.whl", hash = "sha256:a733671100cd26d816eed39507e585c156e4498293a907029969234e5e634bc4"}, + {file = "cryptography-3.2.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:a75f306a16d9f9afebfbedc41c8c2351d8e61e818ba6b4c40815e2b5740bb6b8"}, + {file = "cryptography-3.2.1-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:5849d59358547bf789ee7e0d7a9036b2d29e9a4ddf1ce5e06bb45634f995c53e"}, + {file = "cryptography-3.2.1-cp35-abi3-macosx_10_10_x86_64.whl", hash = "sha256:bd717aa029217b8ef94a7d21632a3bb5a4e7218a4513d2521c2a2fd63011e98b"}, + {file = "cryptography-3.2.1-cp35-abi3-manylinux1_x86_64.whl", hash = "sha256:efe15aca4f64f3a7ea0c09c87826490e50ed166ce67368a68f315ea0807a20df"}, + {file = "cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl", hash = "sha256:32434673d8505b42c0de4de86da8c1620651abd24afe91ae0335597683ed1b77"}, + {file = "cryptography-3.2.1-cp35-abi3-manylinux2014_aarch64.whl", hash = "sha256:7b8d9d8d3a9bd240f453342981f765346c87ade811519f98664519696f8e6ab7"}, + {file = "cryptography-3.2.1-cp35-cp35m-win32.whl", hash = "sha256:d3545829ab42a66b84a9aaabf216a4dce7f16dbc76eb69be5c302ed6b8f4a29b"}, + {file = "cryptography-3.2.1-cp35-cp35m-win_amd64.whl", hash = "sha256:a4e27ed0b2504195f855b52052eadcc9795c59909c9d84314c5408687f933fc7"}, + {file = "cryptography-3.2.1-cp36-abi3-win32.whl", hash = "sha256:13b88a0bd044b4eae1ef40e265d006e34dbcde0c2f1e15eb9896501b2d8f6c6f"}, + {file = "cryptography-3.2.1-cp36-abi3-win_amd64.whl", hash = "sha256:07ca431b788249af92764e3be9a488aa1d39a0bc3be313d826bbec690417e538"}, + {file = "cryptography-3.2.1-cp36-cp36m-win32.whl", hash = "sha256:a035a10686532b0587d58a606004aa20ad895c60c4d029afa245802347fab57b"}, + {file = "cryptography-3.2.1-cp36-cp36m-win_amd64.whl", hash = "sha256:d26a2557d8f9122f9bf445fc7034242f4375bd4e95ecda007667540270965b13"}, + {file = "cryptography-3.2.1-cp37-cp37m-win32.whl", hash = "sha256:545a8550782dda68f8cdc75a6e3bf252017aa8f75f19f5a9ca940772fc0cb56e"}, + {file = "cryptography-3.2.1-cp37-cp37m-win_amd64.whl", hash = "sha256:55d0b896631412b6f0c7de56e12eb3e261ac347fbaa5d5e705291a9016e5f8cb"}, + {file = "cryptography-3.2.1-cp38-cp38-win32.whl", hash = "sha256:3cd75a683b15576cfc822c7c5742b3276e50b21a06672dc3a800a2d5da4ecd1b"}, + {file = "cryptography-3.2.1-cp38-cp38-win_amd64.whl", hash = "sha256:d25cecbac20713a7c3bc544372d42d8eafa89799f492a43b79e1dfd650484851"}, + {file = "cryptography-3.2.1.tar.gz", hash = "sha256:d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3"}, +] +distro = [ + {file = "distro-1.5.0-py2.py3-none-any.whl", hash = "sha256:df74eed763e18d10d0da624258524ae80486432cd17392d9c3d96f5e83cd2799"}, + {file = "distro-1.5.0.tar.gz", hash = "sha256:0e58756ae38fbd8fc3020d54badb8eae17c5b9dcbed388b17bb55b8a5928df92"}, +] +docker = [ + {file = "docker-4.3.1-py2.py3-none-any.whl", hash = "sha256:13966471e8bc23b36bfb3a6fb4ab75043a5ef1dac86516274777576bed3b9828"}, + {file = "docker-4.3.1.tar.gz", hash = "sha256:bad94b8dd001a8a4af19ce4becc17f41b09f228173ffe6a4e0355389eef142f2"}, +] +fasteners = [ + {file = "fasteners-0.15-py2.py3-none-any.whl", hash = "sha256:007e4d2b2d4a10093f67e932e5166722d2eab83b77724156e92ad013c6226574"}, + {file = "fasteners-0.15.tar.gz", hash = "sha256:3a176da6b70df9bb88498e1a18a9e4a8579ed5b9141207762368a1017bf8f5ef"}, +] +flake8 = [ + {file = "flake8-3.8.4-py2.py3-none-any.whl", hash = "sha256:749dbbd6bfd0cf1318af27bf97a14e28e5ff548ef8e5b1566ccfb25a11e7c839"}, + {file = "flake8-3.8.4.tar.gz", hash = "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"}, +] +idna = [ + {file = "idna-2.10-py2.py3-none-any.whl", hash = "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"}, + {file = "idna-2.10.tar.gz", hash = "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6"}, +] +jinja2 = [ + {file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"}, + {file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"}, +] +jinja2-time = [ + {file = "jinja2-time-0.2.0.tar.gz", hash = "sha256:d14eaa4d315e7688daa4969f616f226614350c48730bfa1692d2caebd8c90d40"}, + {file = "jinja2_time-0.2.0-py2.py3-none-any.whl", hash = "sha256:d3eab6605e3ec8b7a0863df09cc1d23714908fa61aa6986a845c20ba488b4efa"}, +] +markupsafe = [ + {file = "MarkupSafe-1.1.1-cp27-cp27m-macosx_10_6_intel.whl", hash = "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161"}, + {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"}, + {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183"}, + {file = "MarkupSafe-1.1.1-cp27-cp27m-win32.whl", hash = "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b"}, + {file = "MarkupSafe-1.1.1-cp27-cp27m-win_amd64.whl", hash = "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e"}, + {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f"}, + {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1"}, + {file = "MarkupSafe-1.1.1-cp34-cp34m-macosx_10_6_intel.whl", hash = "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5"}, + {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_i686.whl", hash = "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1"}, + {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_x86_64.whl", hash = "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735"}, + {file = "MarkupSafe-1.1.1-cp34-cp34m-win32.whl", hash = "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21"}, + {file = "MarkupSafe-1.1.1-cp34-cp34m-win_amd64.whl", hash = "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235"}, + {file = "MarkupSafe-1.1.1-cp35-cp35m-macosx_10_6_intel.whl", hash = "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b"}, + {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f"}, + {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905"}, + {file = "MarkupSafe-1.1.1-cp35-cp35m-win32.whl", hash = "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1"}, + {file = "MarkupSafe-1.1.1-cp35-cp35m-win_amd64.whl", hash = "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d"}, + {file = "MarkupSafe-1.1.1-cp36-cp36m-macosx_10_6_intel.whl", hash = "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff"}, + {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473"}, + {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e"}, + {file = "MarkupSafe-1.1.1-cp36-cp36m-win32.whl", hash = "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66"}, + {file = "MarkupSafe-1.1.1-cp36-cp36m-win_amd64.whl", hash = "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5"}, + {file = "MarkupSafe-1.1.1-cp37-cp37m-macosx_10_6_intel.whl", hash = "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d"}, + {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e"}, + {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6"}, + {file = "MarkupSafe-1.1.1-cp37-cp37m-win32.whl", hash = "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2"}, + {file = "MarkupSafe-1.1.1-cp37-cp37m-win_amd64.whl", hash = "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c"}, + {file = "MarkupSafe-1.1.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15"}, + {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2"}, + {file = "MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42"}, + {file = "MarkupSafe-1.1.1-cp38-cp38-win32.whl", hash = "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b"}, + {file = "MarkupSafe-1.1.1-cp38-cp38-win_amd64.whl", hash = "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be"}, + {file = "MarkupSafe-1.1.1.tar.gz", hash = "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"}, +] +mccabe = [ + {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, + {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, +] +molecule = [ + {file = "molecule-3.0.8-py3-none-any.whl", hash = "sha256:6fb202099ff52bc427c6bd8f46f13b49b3d5812daa6880960a0fd0562e8a9be6"}, + {file = "molecule-3.0.8.tar.gz", hash = "sha256:42d0c661b52074b00a620466df367ddab9c3682875e6d685bfc93487ef0479cc"}, +] +monotonic = [ + {file = "monotonic-1.5-py2.py3-none-any.whl", hash = "sha256:552a91f381532e33cbd07c6a2655a21908088962bb8fa7239ecbcc6ad1140cc7"}, + {file = "monotonic-1.5.tar.gz", hash = "sha256:23953d55076df038541e648a53676fb24980f7a1be290cdda21300b3bc21dfb0"}, +] +more-itertools = [ + {file = "more-itertools-8.6.0.tar.gz", hash = "sha256:b3a9005928e5bed54076e6e549c792b306fddfe72b2d1d22dd63d42d5d3899cf"}, + {file = "more_itertools-8.6.0-py3-none-any.whl", hash = "sha256:8e1a2a43b2f2727425f2b5839587ae37093f19153dc26c0927d1048ff6557330"}, +] +packaging = [ + {file = "packaging-20.4-py2.py3-none-any.whl", hash = "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"}, + {file = "packaging-20.4.tar.gz", hash = "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"}, +] +paramiko = [ + {file = "paramiko-2.7.2-py2.py3-none-any.whl", hash = "sha256:4f3e316fef2ac628b05097a637af35685183111d4bc1b5979bd397c2ab7b5898"}, + {file = "paramiko-2.7.2.tar.gz", hash = "sha256:7f36f4ba2c0d81d219f4595e35f70d56cc94f9ac40a6acdf51d6ca210ce65035"}, +] +pathspec = [ + {file = "pathspec-0.8.0-py2.py3-none-any.whl", hash = "sha256:7d91249d21749788d07a2d0f94147accd8f845507400749ea19c1ec9054a12b0"}, + {file = "pathspec-0.8.0.tar.gz", hash = "sha256:da45173eb3a6f2a5a487efba21f050af2b41948be6ab52b6a1e3ff22bb8b7061"}, +] +pexpect = [ + {file = "pexpect-4.8.0-py2.py3-none-any.whl", hash = "sha256:0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937"}, + {file = "pexpect-4.8.0.tar.gz", hash = "sha256:fc65a43959d153d0114afe13997d439c22823a27cefceb5ff35c2178c6784c0c"}, +] +pluggy = [ + {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, + {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, +] +poyo = [ + {file = "poyo-0.5.0-py2.py3-none-any.whl", hash = "sha256:3e2ca8e33fdc3c411cd101ca395668395dd5dc7ac775b8e809e3def9f9fe041a"}, + {file = "poyo-0.5.0.tar.gz", hash = "sha256:e26956aa780c45f011ca9886f044590e2d8fd8b61db7b1c1cf4e0869f48ed4dd"}, +] +ptyprocess = [ + {file = "ptyprocess-0.6.0-py2.py3-none-any.whl", hash = "sha256:d7cc528d76e76342423ca640335bd3633420dc1366f258cb31d05e865ef5ca1f"}, + {file = "ptyprocess-0.6.0.tar.gz", hash = "sha256:923f299cc5ad920c68f2bc0bc98b75b9f838b93b599941a6b63ddbc2476394c0"}, +] +py = [ + {file = "py-1.9.0-py2.py3-none-any.whl", hash = "sha256:366389d1db726cd2fcfc79732e75410e5fe4d31db13692115529d34069a043c2"}, + {file = "py-1.9.0.tar.gz", hash = "sha256:9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342"}, +] +pycodestyle = [ + {file = "pycodestyle-2.6.0-py2.py3-none-any.whl", hash = "sha256:2295e7b2f6b5bd100585ebcb1f616591b652db8a741695b3d8f5d28bdc934367"}, + {file = "pycodestyle-2.6.0.tar.gz", hash = "sha256:c58a7d2815e0e8d7972bf1803331fb0152f867bd89adf8a01dfd55085434192e"}, +] +pycparser = [ + {file = "pycparser-2.20-py2.py3-none-any.whl", hash = "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705"}, + {file = "pycparser-2.20.tar.gz", hash = "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0"}, +] +pyflakes = [ + {file = "pyflakes-2.2.0-py2.py3-none-any.whl", hash = "sha256:0d94e0e05a19e57a99444b6ddcf9a6eb2e5c68d3ca1e98e90707af8152c90a92"}, + {file = "pyflakes-2.2.0.tar.gz", hash = "sha256:35b2d75ee967ea93b55750aa9edbbf72813e06a66ba54438df2cfac9e3c27fc8"}, +] +pygments = [ + {file = "Pygments-2.7.2-py3-none-any.whl", hash = "sha256:88a0bbcd659fcb9573703957c6b9cff9fab7295e6e76db54c9d00ae42df32773"}, + {file = "Pygments-2.7.2.tar.gz", hash = "sha256:381985fcc551eb9d37c52088a32914e00517e57f4a21609f48141ba08e193fa0"}, +] +pynacl = [ + {file = "PyNaCl-1.4.0-cp27-cp27m-macosx_10_10_x86_64.whl", hash = "sha256:ea6841bc3a76fa4942ce00f3bda7d436fda21e2d91602b9e21b7ca9ecab8f3ff"}, + {file = "PyNaCl-1.4.0-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:d452a6746f0a7e11121e64625109bc4468fc3100452817001dbe018bb8b08514"}, + {file = "PyNaCl-1.4.0-cp27-cp27m-win32.whl", hash = "sha256:2fe0fc5a2480361dcaf4e6e7cea00e078fcda07ba45f811b167e3f99e8cff574"}, + {file = "PyNaCl-1.4.0-cp27-cp27m-win_amd64.whl", hash = "sha256:f8851ab9041756003119368c1e6cd0b9c631f46d686b3904b18c0139f4419f80"}, + {file = "PyNaCl-1.4.0-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:7757ae33dae81c300487591c68790dfb5145c7d03324000433d9a2c141f82af7"}, + {file = "PyNaCl-1.4.0-cp35-abi3-macosx_10_10_x86_64.whl", hash = "sha256:757250ddb3bff1eecd7e41e65f7f833a8405fede0194319f87899690624f2122"}, + {file = "PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl", hash = "sha256:30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d"}, + {file = "PyNaCl-1.4.0-cp35-cp35m-win32.whl", hash = "sha256:06cbb4d9b2c4bd3c8dc0d267416aaed79906e7b33f114ddbf0911969794b1cc4"}, + {file = "PyNaCl-1.4.0-cp35-cp35m-win_amd64.whl", hash = "sha256:511d269ee845037b95c9781aa702f90ccc36036f95d0f31373a6a79bd8242e25"}, + {file = "PyNaCl-1.4.0-cp36-cp36m-win32.whl", hash = "sha256:11335f09060af52c97137d4ac54285bcb7df0cef29014a1a4efe64ac065434c4"}, + {file = "PyNaCl-1.4.0-cp36-cp36m-win_amd64.whl", hash = "sha256:cd401ccbc2a249a47a3a1724c2918fcd04be1f7b54eb2a5a71ff915db0ac51c6"}, + {file = "PyNaCl-1.4.0-cp37-cp37m-win32.whl", hash = "sha256:8122ba5f2a2169ca5da936b2e5a511740ffb73979381b4229d9188f6dcb22f1f"}, + {file = "PyNaCl-1.4.0-cp37-cp37m-win_amd64.whl", hash = "sha256:537a7ccbea22905a0ab36ea58577b39d1fa9b1884869d173b5cf111f006f689f"}, + {file = "PyNaCl-1.4.0-cp38-cp38-win32.whl", hash = "sha256:9c4a7ea4fb81536c1b1f5cc44d54a296f96ae78c1ebd2311bd0b60be45a48d96"}, + {file = "PyNaCl-1.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:7c6092102219f59ff29788860ccb021e80fffd953920c4a8653889c029b2d420"}, + {file = "PyNaCl-1.4.0.tar.gz", hash = "sha256:54e9a2c849c742006516ad56a88f5c74bf2ce92c9f67435187c3c5953b346505"}, +] +pyparsing = [ + {file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash = "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"}, + {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"}, +] +pytest = [ + {file = "pytest-5.4.3-py3-none-any.whl", hash = "sha256:5c0db86b698e8f170ba4582a492248919255fcd4c79b1ee64ace34301fb589a1"}, + {file = "pytest-5.4.3.tar.gz", hash = "sha256:7979331bfcba207414f5e1263b5a0f8f521d0f457318836a7355531ed1a4c7d8"}, +] +python-dateutil = [ + {file = "python-dateutil-2.8.1.tar.gz", hash = "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c"}, + {file = "python_dateutil-2.8.1-py2.py3-none-any.whl", hash = "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"}, +] +python-gilt = [ + {file = "python_gilt-1.2.3-py2.py3-none-any.whl", hash = "sha256:e220ea2e7e190ee06dbfa5fafe87967858b4ac0cf53f3072fa6ece4664a42082"}, +] +python-slugify = [ + {file = "python-slugify-4.0.1.tar.gz", hash = "sha256:69a517766e00c1268e5bbfc0d010a0a8508de0b18d30ad5a1ff357f8ae724270"}, +] +pywin32 = [ + {file = "pywin32-227-cp27-cp27m-win32.whl", hash = "sha256:371fcc39416d736401f0274dd64c2302728c9e034808e37381b5e1b22be4a6b0"}, + {file = "pywin32-227-cp27-cp27m-win_amd64.whl", hash = "sha256:4cdad3e84191194ea6d0dd1b1b9bdda574ff563177d2adf2b4efec2a244fa116"}, + {file = "pywin32-227-cp35-cp35m-win32.whl", hash = "sha256:f4c5be1a293bae0076d93c88f37ee8da68136744588bc5e2be2f299a34ceb7aa"}, + {file = "pywin32-227-cp35-cp35m-win_amd64.whl", hash = "sha256:a929a4af626e530383a579431b70e512e736e9588106715215bf685a3ea508d4"}, + {file = "pywin32-227-cp36-cp36m-win32.whl", hash = "sha256:300a2db938e98c3e7e2093e4491439e62287d0d493fe07cce110db070b54c0be"}, + {file = "pywin32-227-cp36-cp36m-win_amd64.whl", hash = "sha256:9b31e009564fb95db160f154e2aa195ed66bcc4c058ed72850d047141b36f3a2"}, + {file = "pywin32-227-cp37-cp37m-win32.whl", hash = "sha256:47a3c7551376a865dd8d095a98deba954a98f326c6fe3c72d8726ca6e6b15507"}, + {file = "pywin32-227-cp37-cp37m-win_amd64.whl", hash = "sha256:31f88a89139cb2adc40f8f0e65ee56a8c585f629974f9e07622ba80199057511"}, + {file = "pywin32-227-cp38-cp38-win32.whl", hash = "sha256:7f18199fbf29ca99dff10e1f09451582ae9e372a892ff03a28528a24d55875bc"}, + {file = "pywin32-227-cp38-cp38-win_amd64.whl", hash = "sha256:7c1ae32c489dc012930787f06244426f8356e129184a02c25aef163917ce158e"}, + {file = "pywin32-227-cp39-cp39-win32.whl", hash = "sha256:c054c52ba46e7eb6b7d7dfae4dbd987a1bb48ee86debe3f245a2884ece46e295"}, + {file = "pywin32-227-cp39-cp39-win_amd64.whl", hash = "sha256:f27cec5e7f588c3d1051651830ecc00294f90728d19c3bf6916e6dba93ea357c"}, +] +pyyaml = [ + {file = "PyYAML-5.3.1-cp27-cp27m-win32.whl", hash = "sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f"}, + {file = "PyYAML-5.3.1-cp27-cp27m-win_amd64.whl", hash = "sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76"}, + {file = "PyYAML-5.3.1-cp35-cp35m-win32.whl", hash = "sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2"}, + {file = "PyYAML-5.3.1-cp35-cp35m-win_amd64.whl", hash = "sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c"}, + {file = "PyYAML-5.3.1-cp36-cp36m-win32.whl", hash = "sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2"}, + {file = "PyYAML-5.3.1-cp36-cp36m-win_amd64.whl", hash = "sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648"}, + {file = "PyYAML-5.3.1-cp37-cp37m-win32.whl", hash = "sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a"}, + {file = "PyYAML-5.3.1-cp37-cp37m-win_amd64.whl", hash = "sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf"}, + {file = "PyYAML-5.3.1-cp38-cp38-win32.whl", hash = "sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97"}, + {file = "PyYAML-5.3.1-cp38-cp38-win_amd64.whl", hash = "sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee"}, + {file = "PyYAML-5.3.1.tar.gz", hash = "sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d"}, +] +requests = [ + {file = "requests-2.24.0-py2.py3-none-any.whl", hash = "sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898"}, + {file = "requests-2.24.0.tar.gz", hash = "sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b"}, +] +rich = [ + {file = "rich-9.1.0-py3-none-any.whl", hash = "sha256:5dd934a0f8953b59d9a5d8d58864012174f0b5ad2de687fd04f4df195f7f7066"}, + {file = "rich-9.1.0.tar.gz", hash = "sha256:05f1cf4dc191c483867b098d8572546de266440d61911d8270069023e325d14a"}, +] +"ruamel.yaml" = [ + {file = "ruamel.yaml-0.16.12-py2.py3-none-any.whl", hash = "sha256:012b9470a0ea06e4e44e99e7920277edf6b46eee0232a04487ea73a7386340a5"}, + {file = "ruamel.yaml-0.16.12.tar.gz", hash = "sha256:076cc0bc34f1966d920a49f18b52b6ad559fbe656a0748e3535cf7b3f29ebf9e"}, +] +"ruamel.yaml.clib" = [ + {file = "ruamel.yaml.clib-0.2.2-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:28116f204103cb3a108dfd37668f20abe6e3cafd0d3fd40dba126c732457b3cc"}, + {file = "ruamel.yaml.clib-0.2.2-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:daf21aa33ee9b351f66deed30a3d450ab55c14242cfdfcd377798e2c0d25c9f1"}, + {file = "ruamel.yaml.clib-0.2.2-cp27-cp27m-win32.whl", hash = "sha256:30dca9bbcbb1cc858717438218d11eafb78666759e5094dd767468c0d577a7e7"}, + {file = "ruamel.yaml.clib-0.2.2-cp27-cp27m-win_amd64.whl", hash = "sha256:f6061a31880c1ed6b6ce341215336e2f3d0c1deccd84957b6fa8ca474b41e89f"}, + {file = "ruamel.yaml.clib-0.2.2-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:73b3d43e04cc4b228fa6fa5d796409ece6fcb53a6c270eb2048109cbcbc3b9c2"}, + {file = "ruamel.yaml.clib-0.2.2-cp35-cp35m-macosx_10_6_intel.whl", hash = "sha256:53b9dd1abd70e257a6e32f934ebc482dac5edb8c93e23deb663eac724c30b026"}, + {file = "ruamel.yaml.clib-0.2.2-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:839dd72545ef7ba78fd2aa1a5dd07b33696adf3e68fae7f31327161c1093001b"}, + {file = "ruamel.yaml.clib-0.2.2-cp35-cp35m-win32.whl", hash = "sha256:b1e981fe1aff1fd11627f531524826a4dcc1f26c726235a52fcb62ded27d150f"}, + {file = "ruamel.yaml.clib-0.2.2-cp35-cp35m-win_amd64.whl", hash = "sha256:4e52c96ca66de04be42ea2278012a2342d89f5e82b4512fb6fb7134e377e2e62"}, + {file = "ruamel.yaml.clib-0.2.2-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:a873e4d4954f865dcb60bdc4914af7eaae48fb56b60ed6daa1d6251c72f5337c"}, + {file = "ruamel.yaml.clib-0.2.2-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ab845f1f51f7eb750a78937be9f79baea4a42c7960f5a94dde34e69f3cce1988"}, + {file = "ruamel.yaml.clib-0.2.2-cp36-cp36m-win32.whl", hash = "sha256:e9f7d1d8c26a6a12c23421061f9022bb62704e38211fe375c645485f38df34a2"}, + {file = "ruamel.yaml.clib-0.2.2-cp36-cp36m-win_amd64.whl", hash = "sha256:2602e91bd5c1b874d6f93d3086f9830f3e907c543c7672cf293a97c3fabdcd91"}, + {file = "ruamel.yaml.clib-0.2.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:44c7b0498c39f27795224438f1a6be6c5352f82cb887bc33d962c3a3acc00df6"}, + {file = "ruamel.yaml.clib-0.2.2-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:8e8fd0a22c9d92af3a34f91e8a2594eeb35cba90ab643c5e0e643567dc8be43e"}, + {file = "ruamel.yaml.clib-0.2.2-cp37-cp37m-win32.whl", hash = "sha256:464e66a04e740d754170be5e740657a3b3b6d2bcc567f0c3437879a6e6087ff6"}, + {file = "ruamel.yaml.clib-0.2.2-cp37-cp37m-win_amd64.whl", hash = "sha256:52ae5739e4b5d6317b52f5b040b1b6639e8af68a5b8fd606a8b08658fbd0cab5"}, + {file = "ruamel.yaml.clib-0.2.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4df5019e7783d14b79217ad9c56edf1ba7485d614ad5a385d1b3c768635c81c0"}, + {file = "ruamel.yaml.clib-0.2.2-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:5254af7d8bdf4d5484c089f929cb7f5bafa59b4f01d4f48adda4be41e6d29f99"}, + {file = "ruamel.yaml.clib-0.2.2-cp38-cp38-win32.whl", hash = "sha256:74161d827407f4db9072011adcfb825b5258a5ccb3d2cd518dd6c9edea9e30f1"}, + {file = "ruamel.yaml.clib-0.2.2-cp38-cp38-win_amd64.whl", hash = "sha256:058a1cc3df2a8aecc12f983a48bda99315cebf55a3b3a5463e37bb599b05727b"}, + {file = "ruamel.yaml.clib-0.2.2.tar.gz", hash = "sha256:2d24bd98af676f4990c4d715bcdc2a60b19c56a3fb3a763164d2d8ca0e806ba7"}, +] +selinux = [ + {file = "selinux-0.2.1-py2.py3-none-any.whl", hash = "sha256:820adcf1b4451c9cc7759848797703263ba0eb6a4cad76d73548a9e0d57b7926"}, + {file = "selinux-0.2.1.tar.gz", hash = "sha256:d435f514e834e3fdc0941f6a29d086b80b2ea51b28112aee6254bd104ee42a74"}, +] +sh = [ + {file = "sh-1.13.1-py2.py3-none-any.whl", hash = "sha256:6f792e45b45d039b423081558904981e8ab49572b0c38009fcc65feaab06bcda"}, + {file = "sh-1.13.1.tar.gz", hash = "sha256:97a3d2205e3c6a842d87ebbc9ae93acae5a352b1bc4609b428d0fd5bb9e286a3"}, +] +shellingham = [ + {file = "shellingham-1.3.2-py2.py3-none-any.whl", hash = "sha256:7f6206ae169dc1a03af8a138681b3f962ae61cc93ade84d0585cca3aaf770044"}, + {file = "shellingham-1.3.2.tar.gz", hash = "sha256:576c1982bea0ba82fb46c36feb951319d7f42214a82634233f58b40d858a751e"}, +] +six = [ + {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"}, + {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"}, +] +tabulate = [ + {file = "tabulate-0.8.7-py3-none-any.whl", hash = "sha256:ac64cb76d53b1231d364babcd72abbb16855adac7de6665122f97b593f1eb2ba"}, + {file = "tabulate-0.8.7.tar.gz", hash = "sha256:db2723a20d04bcda8522165c73eea7c300eda74e0ce852d9022e0159d7895007"}, +] +testinfra = [ + {file = "testinfra-5.3.1-py3-none-any.whl", hash = "sha256:9d3a01fb787253df76ac4ab46d18a84d4b01be877ed1b5812e590dcf480a627e"}, + {file = "testinfra-5.3.1.tar.gz", hash = "sha256:baf1d809ea2dc22c0cb5b9441bf4e17c1eb653e1ccc02cc63137d0ab467fa1de"}, +] +text-unidecode = [ + {file = "text-unidecode-1.3.tar.gz", hash = "sha256:bad6603bb14d279193107714b288be206cac565dfa49aa5b105294dd5c4aab93"}, + {file = "text_unidecode-1.3-py2.py3-none-any.whl", hash = "sha256:1311f10e8b895935241623731c2ba64f4c455287888b18189350b67134a822e8"}, +] +tree-format = [ + {file = "tree-format-0.1.2.tar.gz", hash = "sha256:a538523aa78ae7a4b10003b04f3e1b37708e0e089d99c9d3b9e1c71384c9a7f9"}, + {file = "tree_format-0.1.2-py2-none-any.whl", hash = "sha256:b5056228dbedde1fb81b79f71fb0c23c98e9d365230df9b29af76e8d8003de11"}, +] +typing-extensions = [ + {file = "typing_extensions-3.7.4.3-py2-none-any.whl", hash = "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"}, + {file = "typing_extensions-3.7.4.3-py3-none-any.whl", hash = "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918"}, + {file = "typing_extensions-3.7.4.3.tar.gz", hash = "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c"}, +] +urllib3 = [ + {file = "urllib3-1.25.11-py2.py3-none-any.whl", hash = "sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e"}, + {file = "urllib3-1.25.11.tar.gz", hash = "sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2"}, +] +wcwidth = [ + {file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"}, + {file = "wcwidth-0.2.5.tar.gz", hash = "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"}, +] +websocket-client = [ + {file = "websocket_client-0.57.0-py2.py3-none-any.whl", hash = "sha256:0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549"}, + {file = "websocket_client-0.57.0.tar.gz", hash = "sha256:d735b91d6d1692a6a181f2a8c9e0238e5f6373356f561bb9dc4c7af36f452010"}, +] +yamllint = [ + {file = "yamllint-1.25.0-py2.py3-none-any.whl", hash = "sha256:c7be4d0d2584a1b561498fa9acb77ad22eb434a109725c7781373ae496d823b3"}, + {file = "yamllint-1.25.0.tar.gz", hash = "sha256:b1549cbe5b47b6ba67bdeea31720f5c51431a4d0c076c1557952d841f7223519"}, +] diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 00000000..3740f1e3 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,28 @@ +[tool.poetry] +name = "wazuh-ansible" +version = "4.0.0" +description = "" +authors = ["neonmei "] + +[tool.poetry.dependencies] +python = "^3.8" + +# Pin ansible version to that currently present on awx +ansible = "==2.9.5" +jinja2 = "^2.11.2" +selinux = "^0.2.1" +#molecule = {extras = ["docker"], version = "^2.20"} + +# minimum version is 3.0.3, because we need docker memory limitation +# https://github.com/ansible-community/molecule/pull/2615 +molecule = {extras = ["docker"], version = "==3.0.8"} +testinfra = "^5.3.1" + +[tool.poetry.dev-dependencies] +pytest = "^5.2" +ansible-lint = "^4.3.5" +flake8 = "^3.8" + +[build-system] +requires = ["poetry>=0.12"] +build-backend = "poetry.masonry.api" From a9e6a087f092c27752d9e31df643e0c7fae3953b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Wed, 4 Nov 2020 11:58:24 -0300 Subject: [PATCH 05/67] molecule: remove extra var --- molecule/clustered-wazuh-only/group_vars/elastic.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/molecule/clustered-wazuh-only/group_vars/elastic.yml b/molecule/clustered-wazuh-only/group_vars/elastic.yml index d3149867..6ee4ba11 100644 --- a/molecule/clustered-wazuh-only/group_vars/elastic.yml +++ b/molecule/clustered-wazuh-only/group_vars/elastic.yml @@ -4,8 +4,6 @@ single_node: false elasticsearch_node_master: true minimum_master_nodes: 1 -# ansible_default_ipv4.address -private_ip: '{{ ansible_host }}' elasticsearch_network_host: '{{ private_ip }}' elasticsearch_node_name: '{{ ansible_hostname }}' From 8bc314f3baebe4dd0fa7c0f9879dc6a7ce03cff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Wed, 4 Nov 2020 16:11:09 -0300 Subject: [PATCH 06/67] molecule/flake8: remove unused import --- molecule/clustered-wazuh-only/tests/test_default.py | 1 - molecule/default/tests/test_default.py | 1 - 2 files changed, 2 deletions(-) diff --git a/molecule/clustered-wazuh-only/tests/test_default.py b/molecule/clustered-wazuh-only/tests/test_default.py index 289e4f86..a6a86674 100644 --- a/molecule/clustered-wazuh-only/tests/test_default.py +++ b/molecule/clustered-wazuh-only/tests/test_default.py @@ -1,7 +1,6 @@ import os import pytest import testinfra.utils.ansible_runner -import re testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 289e4f86..a6a86674 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -1,7 +1,6 @@ import os import pytest import testinfra.utils.ansible_runner -import re testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') From 65de34e3ad2116111400d78cf81f42d076bc83f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:12:59 -0300 Subject: [PATCH 07/67] molecule: update default scenario to v3.x, change images and update options for systemd and resource limiting --- molecule/default/Dockerfile.j2 | 14 ---------- molecule/default/converge.yml | 17 ++++++++++++ molecule/default/molecule.yml | 50 ++++++++++++++++++++++------------ molecule/default/playbook.yml | 7 ----- 4 files changed, 50 insertions(+), 38 deletions(-) delete mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/default/converge.yml delete mode 100644 molecule/default/playbook.yml diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 00000000..ef634b65 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,17 @@ +--- +- name: Converge + hosts: all + roles: + - role: ../../roles/wazuh/ansible-wazuh-manager + vars: + - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" } + vars: + pre_tasks: + - name: (converge) fix missing packages in cloud images + apt: + name: + - unzip + - gpg-agent + state: present + update_cache: yes + when: ansible_distribution == "Ubuntu" \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d810f1d0..3e21dce2 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,34 +1,53 @@ --- +# Smoke test: basic manager run dependency: name: galaxy driver: name: docker -lint: - name: yamllint - enabled: false +lint: | + yamllint . + ansible-lint roles + flake8 molecule platforms: - - - name: manager_centos7 - image: milcom/centos7-systemd + - name: wazuh_manager_centos7 + hostname: wazuh-mgr01 + image: geerlingguy/docker-centos7-ansible command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m ulimits: - nofile:262144:262144 - privileged: true - memory_reservation: 2048m + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: ubuntu20 - image: jrei/systemd-ubuntu:20.04 - privileged: true - - - name: debian9 - image: jrei/systemd-debian:9 + - name: wazuh_manager_debian9 + hostname: wazuh-mgr02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro provisioner: name: ansible + ansible_args: + - -vv config_options: defaults: hash_behaviour: merge + playbooks: + create: create.yml + converge: converge.yml + #destroy: destroy.yml env: ANSIBLE_ROLES_PATH: ./roles lint: @@ -48,6 +67,3 @@ scenario: - destroy verifier: name: testinfra - lint: - name: flake8 - enabled: false diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index 0e6bf98d..00000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: ../../roles/wazuh/ansible-wazuh-manager - vars: - - { role: ../../roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: "elasticsearch_centos7:9200" } From 422cf2d62758ae1901ed6ad0321a0e0111e790bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:13:59 -0300 Subject: [PATCH 08/67] molecule: add distributed-wazuh-elk scenario, which tests a distributed wazuh and elk stack with 2 agents --- molecule/distributed-wazuh-elk/INSTALL.rst | 16 ++ molecule/distributed-wazuh-elk/converge.yml | 60 +++++++ .../group_vars/agents.yml | 18 ++ .../distributed-wazuh-elk/group_vars/all.yml | 13 ++ .../group_vars/elastic.yml | 21 +++ .../group_vars/kibana.yml | 19 ++ .../group_vars/managers.yml | 20 +++ .../host_vars/wazuh_agent_centos7.yml | 7 + molecule/distributed-wazuh-elk/molecule.yml | 163 ++++++++++++++++++ .../tests/test_default.py | 64 +++++++ 10 files changed, 401 insertions(+) create mode 100644 molecule/distributed-wazuh-elk/INSTALL.rst create mode 100644 molecule/distributed-wazuh-elk/converge.yml create mode 100644 molecule/distributed-wazuh-elk/group_vars/agents.yml create mode 100644 molecule/distributed-wazuh-elk/group_vars/all.yml create mode 100644 molecule/distributed-wazuh-elk/group_vars/elastic.yml create mode 100644 molecule/distributed-wazuh-elk/group_vars/kibana.yml create mode 100644 molecule/distributed-wazuh-elk/group_vars/managers.yml create mode 100644 molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml create mode 100644 molecule/distributed-wazuh-elk/molecule.yml create mode 100644 molecule/distributed-wazuh-elk/tests/test_default.py diff --git a/molecule/distributed-wazuh-elk/INSTALL.rst b/molecule/distributed-wazuh-elk/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/distributed-wazuh-elk/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh-elk/converge.yml b/molecule/distributed-wazuh-elk/converge.yml new file mode 100644 index 00000000..be8c903d --- /dev/null +++ b/molecule/distributed-wazuh-elk/converge.yml @@ -0,0 +1,60 @@ +--- + +- name: Converge + hosts: all + become: true + become_user: root + vars: + # arguments common to all managers + wazuh_managers_common: + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + max_retries: 5 + retry_interval: 5 + roles: + # 1. Elasticsearch + - role: ../../roles/elastic-stack/ansible-elasticsearch + when: inventory_hostname in groups['elastic'] + # 2. Managers + - role: ../../roles/wazuh/ansible-wazuh-manager + when: inventory_hostname in groups['managers'] + - role: ../../roles/wazuh/ansible-filebeat + when: inventory_hostname in groups['managers'] + # 3. Kibana + - role: ../../roles/elastic-stack/ansible-kibana + when: inventory_hostname in groups['kibana'] + # 4. Agents: + - role: ../../roles/wazuh/ansible-wazuh-agent + vars: + wazuh_managers: '{{ wazuh_managers_list }}' + when: inventory_hostname in groups['agents'] + pre_tasks: + + - name: (converge) build wazuh_managers list dynamically for agents to consume + set_fact: + wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([merged_dict]) }}' + vars: + merged_dict: '{{ wazuh_managers_common | combine({"address": item}) }}' + loop: '{{ manager_addresses }}' + + - name: (converge) fix ubuntu repository key task in thin images where gpg-agent is missing + apt: + name: gpg-agent + state: present + update_cache: yes + when: + - ansible_distribution == "Ubuntu" + - inventory_hostname in groups['agents'] + + - debug: + msg: | + ----------------------------------------- + managers: {{ managers_hostvars | length }} + addresses: {{ manager_addresses }} + ----------------------------------------- + elastic: {{ elastic_hostvars | length }} + addresses: {{ elastic_addresses }} + ----------------------------------------- diff --git a/molecule/distributed-wazuh-elk/group_vars/agents.yml b/molecule/distributed-wazuh-elk/group_vars/agents.yml new file mode 100644 index 00000000..a4e064e3 --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/agents.yml @@ -0,0 +1,18 @@ +--- + +wazuh_agent_config: + enrollment: + enabled: 'yes' + #manager_address: '' + #port: 1515 + agent_name: '{{ ansible_hostname }}' + #groups: '' + #agent_address: '' + #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + #server_ca_path: '' + #agent_certificate_path: '' + #agent_key_path: '' + #authorization_pass_path : /var/ossec/etc/authd.pass + #auto_method: 'no' + #delay_after_enrollment: 20 + #use_source_ip: 'no' diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml new file mode 100644 index 00000000..a706caae --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -0,0 +1,13 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" + +elastic_stack_version: 7.9.1 diff --git a/molecule/distributed-wazuh-elk/group_vars/elastic.yml b/molecule/distributed-wazuh-elk/group_vars/elastic.yml new file mode 100644 index 00000000..f53be2a7 --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/elastic.yml @@ -0,0 +1,21 @@ +--- + +single_node: false +elasticsearch_node_master: true +minimum_master_nodes: 1 + +elasticsearch_network_host: '{{ private_ip }}' +elasticsearch_node_name: '{{ ansible_hostname }}' + +elasticsearch_reachable_host: '{{ private_ip }}' +elasticsearch_http_port: 9200 + +# This scenario runs without xpack-security +elasticsearch_xpack_security: false +node_certs_generator: false + +elasticsearch_bootstrap_node: true +elasticsearch_cluster_nodes: '{{ elastic_addresses }}' +elasticsearch_discovery_nodes: '{{ elastic_addresses }}' + +elasticsearch_jvm_xms: 1024 diff --git a/molecule/distributed-wazuh-elk/group_vars/kibana.yml b/molecule/distributed-wazuh-elk/group_vars/kibana.yml new file mode 100644 index 00000000..1c0861a2 --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/kibana.yml @@ -0,0 +1,19 @@ +--- + +kibana_node_name: '{{ ansible_hostname }}' +kibana_server_name: '{{ ansible_hostname }}' + +elasticsearch_network_host: "{{ elastic_addresses | random }}" +#elasticsearch_http_port: 9200 + +elasticsearch_node_master: false +elasticsearch_node_ingest: false +elasticsearch_node_data: false + +wazuh_api_credentials: + - id: default + url: 'https://{{ manager_addresses[0] }}' + port: 55000 + #port: 1514 + username: wazuh + password: wazuh \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/group_vars/managers.yml b/molecule/distributed-wazuh-elk/group_vars/managers.yml new file mode 100644 index 00000000..e191ad10 --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/managers.yml @@ -0,0 +1,20 @@ +--- + +wazuh_manager_fqdn: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' +filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' + +wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: '{{ ansible_hostname }}' + node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" + nodes: '{{ manager_addresses }}' + hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml new file mode 100644 index 00000000..b4b37153 --- /dev/null +++ b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml @@ -0,0 +1,7 @@ +--- +wazuh_agent_authd: + registration_address: '{{ manager_addresses | random }}' + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/molecule.yml b/molecule/distributed-wazuh-elk/molecule.yml new file mode 100644 index 00000000..cb2cc95b --- /dev/null +++ b/molecule/distributed-wazuh-elk/molecule.yml @@ -0,0 +1,163 @@ +--- +# Distributed scenario: clustered manager scenario + connected agents +# 2-core CPU +# 7 GB of RAM memory +# 14 GB of SSD disk space +# +# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners + +dependency: + name: galaxy +driver: + name: docker +lint: | + yamllint . + ansible-lint roles + flake8 molecule +platforms: + ################################################ + # Wazuh Managers + ################################################ + - name: wazuh_manager_centos7 + hostname: wazuh-mgr01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_manager_debian9 + hostname: wazuh-mgr02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Elastic Cluster + ################################################ + - name: wazuh_elasticsearch_centos7 + hostname: wazuh-es01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_elasticsearch_debian9 + hostname: wazuh-es02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Wazuh Agents + ################################################ + - name: wazuh_agent_centos7 + hostname: wazuh-agent01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: wazuh_agent_debian9 + hostname: wazuh-agent01 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Kibana + ################################################ + + - name: wazuh_kibana_centos7 + hostname: wazuh-kib01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 2048m + memory_reservation: 512m + groups: + - kibana + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +provisioner: + name: ansible + ansible_args: + - -vv + inventory: + links: + group_vars: group_vars + host_vars: host_vars + playbooks: + create: create.yml + converge: converge.yml + #destroy: destroy.yml + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ./roles + lint: + name: ansible-lint + enabled: false +scenario: + name: distributed-wazuh-elk + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + #- idempotence + #- verify + - cleanup + - destroy +verifier: + name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py new file mode 100644 index 00000000..a6a86674 --- /dev/null +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -0,0 +1,64 @@ +import os +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.0.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.9.1') From 6cee75e0578b8ef9355fb84ab7c08fa39c91a491 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:14:43 -0300 Subject: [PATCH 09/67] molecule: add distributed-wazuh-elk-xpack scenario, which tests a distributed wazuh and elk+xpack stack with 2 agents --- .../distributed-wazuh-elk-xpack/INSTALL.rst | 16 ++ .../distributed-wazuh-elk-xpack/converge.yml | 94 ++++++++++ .../group_vars/agents.yml | 25 +++ .../group_vars/all.yml | 27 +++ .../group_vars/elastic.yml | 17 ++ .../group_vars/kibana.yml | 19 ++ .../group_vars/managers.yml | 21 +++ .../distributed-wazuh-elk-xpack/molecule.yml | 162 ++++++++++++++++++ .../tests/test_default.py | 64 +++++++ 9 files changed, 445 insertions(+) create mode 100644 molecule/distributed-wazuh-elk-xpack/INSTALL.rst create mode 100644 molecule/distributed-wazuh-elk-xpack/converge.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/group_vars/all.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/molecule.yml create mode 100644 molecule/distributed-wazuh-elk-xpack/tests/test_default.py diff --git a/molecule/distributed-wazuh-elk-xpack/INSTALL.rst b/molecule/distributed-wazuh-elk-xpack/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh-elk-xpack/converge.yml b/molecule/distributed-wazuh-elk-xpack/converge.yml new file mode 100644 index 00000000..36186c89 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/converge.yml @@ -0,0 +1,94 @@ +--- + + +- name: Generate certificates prior to converging + hosts: all + become: true + become_user: root + vars: + endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' + roles: + - role: ../../roles/elastic-stack/ansible-elasticsearch + vars: + node_certs_generator: true + instances: '{{ elk_endpoint_list }}' + when: + - inventory_hostname in groups['elastic'] + - ansible_hostname == 'wazuh-es01' + pre_tasks: + - name: (converge) build instances list dynamically for cert generator consumption + set_fact: + elk_endpoint_list: "{{ elk_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" + vars: + instance_hostname: '{{ item.ansible_facts.hostname }}' + instance_item: + name: '{{ item.private_ip}}' + ip: '{{ item.private_ip }}' + loop: '{{ endpoints_hostvars }}' + no_log: true + - name: overview of cert configuration + debug: + var: elk_endpoint_list + +- name: Converge + hosts: all + become: true + become_user: root + vars: + endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' + # arguments common to all managers + wazuh_managers_common: + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + max_retries: 5 + retry_interval: 5 + roles: + # 1. Elasticsearch + - role: ../../roles/elastic-stack/ansible-elasticsearch + vars: + instances: '{{ elk_endpoint_list }}' + when: inventory_hostname in groups['elastic'] + # 2. Managers + - role: ../../roles/wazuh/ansible-wazuh-manager + when: inventory_hostname in groups['managers'] + - role: ../../roles/wazuh/ansible-filebeat + when: inventory_hostname in groups['managers'] + # 3. Kibana + - role: ../../roles/elastic-stack/ansible-kibana + when: inventory_hostname in groups['kibana'] + # 4. Agents: + - role: ../../roles/wazuh/ansible-wazuh-agent + vars: + wazuh_managers: '{{ wazuh_managers_list }}' + when: inventory_hostname in groups['agents'] + pre_tasks: + + - name: (converge) build wazuh_managers list dynamically for agents to consume + set_fact: + wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}' + vars: + manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}' + loop: '{{ manager_addresses }}' + + - name: (converge) build instances list dynamically for cert generator consumption + set_fact: + elk_endpoint_list: "{{ elk_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" + vars: + instance_hostname: '{{ item.ansible_facts.hostname }}' + instance_item: + name: '{{ item.private_ip}}' + ip: '{{ item.private_ip }}' + loop: '{{ endpoints_hostvars }}' + no_log: true + + - name: (converge) fix ubuntu repository key task in thin images where gpg-agent is missing + apt: + name: gpg-agent + state: present + update_cache: yes + when: + - ansible_distribution == "Ubuntu" + - inventory_hostname in groups['agents'] \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml new file mode 100644 index 00000000..042a77c5 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml @@ -0,0 +1,25 @@ +--- + +wazuh_agent_config: + enrollment: + enabled: 'yes' + #manager_address: '' + #port: 1515 + agent_name: '{{ ansible_hostname }}' + #groups: '' + #agent_address: '' + #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + #server_ca_path: '' + #agent_certificate_path: '' + #agent_key_path: '' + #authorization_pass_path : /var/ossec/etc/authd.pass + #auto_method: 'no' + #delay_after_enrollment: 20 + #use_source_ip: 'no' + +wazuh_agent_authd: + registration_address: '{{ manager_addresses | random }}' + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml new file mode 100644 index 00000000..fcf3b407 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -0,0 +1,27 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" +kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" +kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# General ELK stack variables + +# Xpack Security: autogenerate CA +generate_CA: true +filebeat_xpack_security: true +kibana_xpack_security: true +elasticsearch_xpack_security: true +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +elastic_stack_version: 7.9.1 +filebeat_version: 7.9.1 \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml new file mode 100644 index 00000000..1490dff3 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/elastic.yml @@ -0,0 +1,17 @@ +--- + +single_node: false +elasticsearch_node_master: true +minimum_master_nodes: 1 + +elasticsearch_network_host: '{{ private_ip }}' +elasticsearch_node_name: '{{ private_ip }}' + +elasticsearch_reachable_host: '{{ private_ip }}' +elasticsearch_http_port: 9200 + +elasticsearch_bootstrap_node: true +elasticsearch_cluster_nodes: '{{ elastic_addresses }}' +elasticsearch_discovery_nodes: '{{ elastic_addresses }}' + +elasticsearch_jvm_xms: 1024 \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml new file mode 100644 index 00000000..4d9142b4 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/kibana.yml @@ -0,0 +1,19 @@ +--- + +kibana_server_name: '{{ ansible_hostname }}' +kibana_node_name: '{{ private_ip }}' + +elasticsearch_network_host: "{{ elastic_addresses[0] }}" +#elasticsearch_http_port: 9200 + +elasticsearch_node_master: false +elasticsearch_node_ingest: false +elasticsearch_node_data: false + +wazuh_api_credentials: + - id: default + url: 'https://{{ manager_addresses[0] }}' + port: 55000 + #port: 1514 + username: wazuh + password: wazuh diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml new file mode 100644 index 00000000..6f9c9af3 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/managers.yml @@ -0,0 +1,21 @@ +--- + +wazuh_manager_fqdn: '{{ ansible_hostname }}' + +filebeat_node_name: '{{ private_ip }}' +filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' + +wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: '{{ ansible_hostname }}' + node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" + nodes: '{{ manager_addresses }}' + hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/molecule.yml b/molecule/distributed-wazuh-elk-xpack/molecule.yml new file mode 100644 index 00000000..6ed46105 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/molecule.yml @@ -0,0 +1,162 @@ +--- +# Distributed scenario: clustered manager scenario + connected agents +# 2-core CPU +# 7 GB of RAM memory +# 14 GB of SSD disk space +# +# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners + +dependency: + name: galaxy +driver: + name: docker +lint: | + yamllint . + ansible-lint roles + flake8 molecule +platforms: + ################################################ + # Wazuh Managers + ################################################ + - name: molecule_xpack_manager_centos7 + hostname: wazuh-mgr01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_xpack_manager_debian9 + hostname: wazuh-mgr02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Elastic Cluster + ################################################ + - name: molecule_xpack_elasticsearch_centos7 + hostname: wazuh-es01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_xpack_elasticsearch_debian9 + hostname: wazuh-es02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Wazuh Agents + ################################################ + - name: molecule_xpack_agent_centos7 + hostname: wazuh-agent01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_xpack_agent_debian9 + hostname: wazuh-agent02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Kibana + ################################################ + + - name: molecule_xpack_kibana_centos7 + hostname: wazuh-kib01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 2048m + memory_reservation: 512m + groups: + - kibana + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +provisioner: + name: ansible + ansible_args: + - -vv + inventory: + links: + group_vars: group_vars + playbooks: + create: create.yml + converge: converge.yml + #destroy: destroy.yml + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ./roles + lint: + name: ansible-lint + enabled: false +scenario: + name: distributed-wazuh-elk-xpack + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + #- idempotence + #- verify + - cleanup + - destroy +verifier: + name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py new file mode 100644 index 00000000..a6a86674 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -0,0 +1,64 @@ +import os +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.0.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.9.1') From 3a45bcc989398cc164171043eb5bd77c6ac1a4c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:16:29 -0300 Subject: [PATCH 10/67] molecule: add distributed-wazuh-odfe scenario, which tests a distributed wazuh+odfe stack with 2 agents. This test will not pass until opendistro-elastic role receives updates for how it determines when to run initial users tasks at security_actions.yml --- molecule/distributed-wazuh-odfe/INSTALL.rst | 16 ++ molecule/distributed-wazuh-odfe/converge.yml | 75 ++++++++ .../group_vars/agents.yml | 25 +++ .../distributed-wazuh-odfe/group_vars/all.yml | 37 ++++ .../group_vars/elastic.yml | 16 ++ .../group_vars/kibana.yml | 17 ++ .../group_vars/managers.yml | 19 ++ molecule/distributed-wazuh-odfe/molecule.yml | 162 ++++++++++++++++++ .../tests/test_default.py | 64 +++++++ 9 files changed, 431 insertions(+) create mode 100644 molecule/distributed-wazuh-odfe/INSTALL.rst create mode 100644 molecule/distributed-wazuh-odfe/converge.yml create mode 100644 molecule/distributed-wazuh-odfe/group_vars/agents.yml create mode 100644 molecule/distributed-wazuh-odfe/group_vars/all.yml create mode 100644 molecule/distributed-wazuh-odfe/group_vars/elastic.yml create mode 100644 molecule/distributed-wazuh-odfe/group_vars/kibana.yml create mode 100644 molecule/distributed-wazuh-odfe/group_vars/managers.yml create mode 100644 molecule/distributed-wazuh-odfe/molecule.yml create mode 100644 molecule/distributed-wazuh-odfe/tests/test_default.py diff --git a/molecule/distributed-wazuh-odfe/INSTALL.rst b/molecule/distributed-wazuh-odfe/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/distributed-wazuh-odfe/converge.yml b/molecule/distributed-wazuh-odfe/converge.yml new file mode 100644 index 00000000..874df159 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/converge.yml @@ -0,0 +1,75 @@ +--- + +- name: Build Facts + hosts: all + become: true + become_user: root + vars: + endpoints_hostvars: '{{ managers_hostvars | union(elastic_hostvars) | union(kibana_hostvars) }}' + wazuh_managers_common: + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + max_retries: 5 + retry_interval: 5 + pre_tasks: + - name: (converge) build instances list dynamically for cert generator consumption + set_fact: + odfe_endpoint_list: "{{ odfe_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}" + vars: + instance_hostname: '{{ item.ansible_facts.hostname }}' + instance_item: + name: '{{ instance_hostname }}' + ip: '{{ item.private_ip }}' + loop: '{{ endpoints_hostvars }}' + no_log: true + + - name: (converge) build wazuh_managers list dynamically for agents to consume + set_fact: + wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}' + vars: + manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}' + loop: '{{ manager_addresses }}' + + - name: overview of cert configuration + debug: + var: odfe_endpoint_list + +- name: Generate certificates prior to converging + hosts: molecule_odfe_elasticsearch_centos7 + become: true + become_user: root + roles: + - role: ../../roles/opendistro/opendistro-elasticsearch + vars: + generate_certs: true + perform_installation: false + instances: '{{ odfe_endpoint_list }}' + pre_tasks: + - name: overview of cert configuration + debug: + var: odfe_endpoint_list + +- name: Converge + hosts: all + become: true + become_user: root + roles: + # 1. Elasticsearch + - role: ../../roles/opendistro/opendistro-elasticsearch + when: inventory_hostname in groups['elastic'] + # 2. Managers + - role: ../../roles/wazuh/ansible-wazuh-manager + when: inventory_hostname in groups['managers'] + - role: ../../roles/wazuh/ansible-filebeat-oss + when: inventory_hostname in groups['managers'] + # 3. Kibana + - role: ../../roles/opendistro/opendistro-kibana + when: inventory_hostname in groups['kibana'] + # 4. Agents: + - role: ../../roles/wazuh/ansible-wazuh-agent + vars: + wazuh_managers: '{{ wazuh_managers_list }}' + when: inventory_hostname in groups['agents'] \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/group_vars/agents.yml b/molecule/distributed-wazuh-odfe/group_vars/agents.yml new file mode 100644 index 00000000..9fc66524 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/agents.yml @@ -0,0 +1,25 @@ +--- + +wazuh_agent_config: + enrollment: + enabled: 'yes' + #manager_address: '' + #port: 1515 + agent_name: '{{ ansible_hostname }}' + #groups: '' + #agent_address: '' + #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + #server_ca_path: '' + #agent_certificate_path: '' + #agent_key_path: '' + #authorization_pass_path : /var/ossec/etc/authd.pass + #auto_method: 'no' + #delay_after_enrollment: 20 + #use_source_ip: 'no' + +wazuh_agent_authd: + registration_address: '{{ manager_addresses[0] }}' + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml new file mode 100644 index 00000000..998bbbb5 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -0,0 +1,37 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" +kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" +kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# General ELK stack variables + +# Cluster Settings +#es_version: "7.9.1" +#es_major_version: "7.x" +#opendistro_version: 1.10.1 +filebeat_version: 7.9.1 + +# OpenDistro +kibana_opendistro_security: true + +opendistro_kibana_user: kibanaserver +opendistro_security_user: elastic + +opendistro_kibana_password: changeme +opendistro_security_password: admin +opendistro_admin_password: changeme + +# All nodes are called by IP name +elasticsearch_node_name: '{{ ansible_hostname }}' +kibana_node_name: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/group_vars/elastic.yml b/molecule/distributed-wazuh-odfe/group_vars/elastic.yml new file mode 100644 index 00000000..056f5184 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/elastic.yml @@ -0,0 +1,16 @@ +--- + +single_node: false +elasticsearch_node_master: true +minimum_master_nodes: 1 + +elasticsearch_network_host: '{{ private_ip }}' + +elasticsearch_reachable_host: '{{ private_ip }}' +elasticsearch_http_port: 9200 + +elasticsearch_bootstrap_node: true +elasticsearch_cluster_nodes: '{{ elastic_addresses }}' +elasticsearch_discovery_nodes: '{{ elastic_addresses }}' + +opendistro_jvm_xms: 1024 diff --git a/molecule/distributed-wazuh-odfe/group_vars/kibana.yml b/molecule/distributed-wazuh-odfe/group_vars/kibana.yml new file mode 100644 index 00000000..5101d76a --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/kibana.yml @@ -0,0 +1,17 @@ +--- + +kibana_server_name: '{{ ansible_hostname }}' +elasticsearch_network_host: "{{ elastic_addresses[0] }}" +#elasticsearch_http_port: 9200 + +elasticsearch_node_master: false +elasticsearch_node_ingest: false +elasticsearch_node_data: false + +wazuh_api_credentials: + - id: default + url: 'https://{{ manager_addresses[0] }}' + port: 55000 + #port: 1514 + username: wazuh + password: wazuh diff --git a/molecule/distributed-wazuh-odfe/group_vars/managers.yml b/molecule/distributed-wazuh-odfe/group_vars/managers.yml new file mode 100644 index 00000000..4f15afd5 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/managers.yml @@ -0,0 +1,19 @@ +--- + +wazuh_manager_fqdn: '{{ ansible_hostname }}' +filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' + +wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: '{{ ansible_hostname }}' + node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" + nodes: '{{ manager_addresses }}' + hidden: 'no' \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/molecule.yml b/molecule/distributed-wazuh-odfe/molecule.yml new file mode 100644 index 00000000..46c08695 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/molecule.yml @@ -0,0 +1,162 @@ +--- +# Distributed scenario: clustered manager scenario + connected agents +# 2-core CPU +# 7 GB of RAM memory +# 14 GB of SSD disk space +# +# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners + +dependency: + name: galaxy +driver: + name: docker +lint: | + yamllint . + ansible-lint roles + flake8 molecule +platforms: + ################################################ + # Wazuh Managers + ################################################ + - name: molecule_odfe_manager_centos7 + hostname: wazuh-mgr01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_odfe_manager_debian9 + hostname: wazuh-mgr02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory_reservation: 512m + memory: 1024m + groups: + - managers + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Elastic Cluster + ################################################ + - name: molecule_odfe_elasticsearch_centos7 + hostname: wazuh-es01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_odfe_elasticsearch_centos7_2 + hostname: wazuh-es02 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 4096m + memory_reservation: 2048m + groups: + - elastic + ulimits: + - nofile:262144:262144 + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Wazuh Agents + ################################################ + - name: molecule_odfe_agent_centos7 + hostname: wazuh-agent01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: molecule_odfe_agent_debian9 + hostname: wazuh-agent02 + image: geerlingguy/docker-debian9-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 1024m + memory_reservation: 512m + groups: + - agents + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + ################################################ + # Kibana + ################################################ + + - name: molecule_odfe_kibana_centos7 + hostname: wazuh-kib01 + image: geerlingguy/docker-centos7-ansible + command: /sbin/init + pre_build_image: true + privileged: true + memory: 2048m + memory_reservation: 512m + groups: + - kibana + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +provisioner: + name: ansible + ansible_args: + - -vv + inventory: + links: + group_vars: group_vars + playbooks: + create: create.yml + converge: converge.yml + #destroy: destroy.yml + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ./roles + lint: + name: ansible-lint + enabled: false +scenario: + name: distributed-wazuh-odfe + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + #- idempotence + #- verify + - cleanup + - destroy +verifier: + name: testinfra \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py new file mode 100644 index 00000000..a6a86674 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -0,0 +1,64 @@ +import os +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.0.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.9.1') From 2d2654c251540111ff58950824e8333d5ca4c05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:17:47 -0300 Subject: [PATCH 11/67] molecule: remove playground scenario clustered-wazuh-only --- molecule/clustered-wazuh-only/Dockerfile.j2 | 14 -- molecule/clustered-wazuh-only/INSTALL.rst | 16 --- molecule/clustered-wazuh-only/converge.yml | 23 ---- .../clustered-wazuh-only/group_vars/all.yml | 11 -- .../group_vars/elastic.yml | 13 -- .../group_vars/managers.yml | 20 --- molecule/clustered-wazuh-only/molecule.yml | 130 ------------------ .../tests/test_default.py | 64 --------- 8 files changed, 291 deletions(-) delete mode 100644 molecule/clustered-wazuh-only/Dockerfile.j2 delete mode 100644 molecule/clustered-wazuh-only/INSTALL.rst delete mode 100644 molecule/clustered-wazuh-only/converge.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/all.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/elastic.yml delete mode 100644 molecule/clustered-wazuh-only/group_vars/managers.yml delete mode 100644 molecule/clustered-wazuh-only/molecule.yml delete mode 100644 molecule/clustered-wazuh-only/tests/test_default.py diff --git a/molecule/clustered-wazuh-only/Dockerfile.j2 b/molecule/clustered-wazuh-only/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/clustered-wazuh-only/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/clustered-wazuh-only/INSTALL.rst b/molecule/clustered-wazuh-only/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/clustered-wazuh-only/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/clustered-wazuh-only/converge.yml b/molecule/clustered-wazuh-only/converge.yml deleted file mode 100644 index 63e7694f..00000000 --- a/molecule/clustered-wazuh-only/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- name: Converge - hosts: all - become: true - become_user: root - roles: - - role: ../../roles/elastic-stack/ansible-elasticsearch - when: inventory_hostname in groups['elastic'] - - role: ../../roles/wazuh/ansible-wazuh-manager - when: inventory_hostname in groups['managers'] - - role: ../../roles/wazuh/ansible-filebeat - when: inventory_hostname in groups['managers'] - pre_tasks: - - debug: - msg: | - ----------------------------------------- - managers: {{ managers_hostvars | length }} - addresses: {{ manager_addresses }} - ----------------------------------------- - elastic: {{ elastic_hostvars | length }} - addresses: {{ elastic_addresses }} - ----------------------------------------- \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/all.yml b/molecule/clustered-wazuh-only/group_vars/all.yml deleted file mode 100644 index 13205b13..00000000 --- a/molecule/clustered-wazuh-only/group_vars/all.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -######################################################## -# Helper variables -private_ip: '{{ ansible_default_ipv4.address }}' - -managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" -elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" - -manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" -elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/group_vars/elastic.yml b/molecule/clustered-wazuh-only/group_vars/elastic.yml deleted file mode 100644 index 6ee4ba11..00000000 --- a/molecule/clustered-wazuh-only/group_vars/elastic.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -single_node: false -elasticsearch_node_master: true -minimum_master_nodes: 1 - -elasticsearch_network_host: '{{ private_ip }}' -elasticsearch_node_name: '{{ ansible_hostname }}' - -elasticsearch_cluster_nodes: '{{ elastic_addresses }}' - -elasticsearch_discovery_nodes: '{{ elastic_addresses }}' - diff --git a/molecule/clustered-wazuh-only/group_vars/managers.yml b/molecule/clustered-wazuh-only/group_vars/managers.yml deleted file mode 100644 index e191ad10..00000000 --- a/molecule/clustered-wazuh-only/group_vars/managers.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -wazuh_manager_fqdn: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' -filebeat_output_elasticsearch_hosts: '{{ elastic_addresses }}' - -wazuh_manager_config: - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - api: - https: 'yes' - cluster: - disable: 'no' - node_name: '{{ ansible_hostname }}' - node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}" - nodes: '{{ manager_addresses }}' - hidden: 'no' \ No newline at end of file diff --git a/molecule/clustered-wazuh-only/molecule.yml b/molecule/clustered-wazuh-only/molecule.yml deleted file mode 100644 index 3b5106af..00000000 --- a/molecule/clustered-wazuh-only/molecule.yml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Distributed scenario: clustered manager scenario + connected agents -# 2-core CPU -# 7 GB of RAM memory -# 14 GB of SSD disk space - -dependency: - name: galaxy -driver: - name: docker -#lint: -# name: yamllint -# enabled: false -platforms: - - ################################################ - # Wazuh Managers - ################################################ - - name: wazuh_manager_centos7 - hostname: wazuh-mgr01 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_ubuntu2004 - hostname: wazuh-mgr02 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_manager_debian9 - hostname: wazuh-mgr03 - image: geerlingguy/docker-debian9-ansible - pre_build_image: true - privileged: true - memory_reservation: 512m - memory: 1024m - groups: - - managers - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - ################################################ - # Elastic Cluster - ################################################ - - name: wazuh_elasticsearch_centos7 - hostname: wazuh-es01 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - env: - ES_JAVA_OPTS: '-Xms1g -Xmx1g' - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: wazuh_elasticsearch_debian9 - hostname: wazuh-es03 - image: geerlingguy/docker-debian9-ansible - pre_build_image: true - privileged: true - memory: 4096m - memory_reservation: 2048m - env: - ES_JAVA_OPTS: '-Xms1g -Xmx1g' - groups: - - elastic - ulimits: - - nofile:262144:262144 - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - -provisioner: - name: ansible - inventory: - links: - group_vars: group_vars - #host_vars: ../../../inventory/host_vars/ - playbooks: - create: create.yml - converge: converge.yml - #destroy: destroy.yml - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ./roles - lint: - name: ansible-lint - enabled: false -scenario: - name: clustered-wazuh-only - test_sequence: - - dependency - - syntax - - create - - prepare - - converge - #- idempotence - #- verify - - cleanup - - destroy -verifier: - name: testinfra -# lint: -# name: flake8 -# enabled: false diff --git a/molecule/clustered-wazuh-only/tests/test_default.py b/molecule/clustered-wazuh-only/tests/test_default.py deleted file mode 100644 index a6a86674..00000000 --- a/molecule/clustered-wazuh-only/tests/test_default.py +++ /dev/null @@ -1,64 +0,0 @@ -import os -import pytest -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "4.0.0" - - -def test_wazuh_packages_are_installed(host): - """Test the main packages are installed.""" - manager = host.package("wazuh-manager") - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - # This currently doesn't work with out current Docker base images - # manager = host.service("wazuh-manager") - # api = host.service("wazuh-api") - # assert manager.is_running - # assert api.is_running - output = host.check_output( - 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' - ) - assert 'ossec-authd' in output - assert 'wazuh-modulesd' in output - assert 'wazuh-db' in output - assert 'ossec-execd' in output - assert 'ossec-monitord' in output - assert 'ossec-remoted' in output - assert 'ossec-logcollector' in output - assert 'ossec-analysisd' in output - assert 'ossec-syscheckd' in output - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_filebeat_is_installed(host): - """Test the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1') From 64ae425716355d6fce7caa2327c5551473a7a463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:18:24 -0300 Subject: [PATCH 12/67] poetry: update pyproject and lockfile --- poetry.lock | 191 ++++++++++++++++++++++++++++++++++--------------- pyproject.toml | 14 ++-- 2 files changed, 140 insertions(+), 65 deletions(-) diff --git a/poetry.lock b/poetry.lock index 478bac27..96daf99c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -19,12 +19,20 @@ ansible = ">=2.8" pyyaml = "*" rich = "*" -[package.dependencies."ruamel.yaml"] +[[package.dependencies."ruamel.yaml"]] +python = "<3.7" +version = ">=0.15.34,<1" + +[[package.dependencies."ruamel.yaml"]] python = ">=3.7" version = ">=0.15.37,<1" +[package.dependencies.typing-extensions] +python = "<3.8" +version = "*" + [[package]] -category = "main" +category = "dev" description = "Better dates & times for Python" name = "arrow" optional = false @@ -35,7 +43,7 @@ version = "0.17.0" python-dateutil = ">=2.7.0" [[package]] -category = "main" +category = "dev" description = "Atomic file writes." marker = "sys_platform == \"win32\"" name = "atomicwrites" @@ -44,7 +52,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "1.4.0" [[package]] -category = "main" +category = "dev" description = "Classes Without Boilerplate" name = "attrs" optional = false @@ -58,7 +66,7 @@ tests = ["coverage (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six tests_no_zope = ["coverage (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "six"] [[package]] -category = "main" +category = "dev" description = "Modern password hashing for your software and your servers" name = "bcrypt" optional = false @@ -74,7 +82,7 @@ tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)"] typecheck = ["mypy"] [[package]] -category = "main" +category = "dev" description = "Ultra-lightweight pure Python package to check if a file is binary or text." name = "binaryornot" optional = false @@ -85,7 +93,7 @@ version = "0.4.4" chardet = ">=3.0.2" [[package]] -category = "main" +category = "dev" description = "Lightweight, extensible schema and data validation tool for Python dictionaries." name = "cerberus" optional = false @@ -96,7 +104,7 @@ version = "1.3.2" setuptools = "*" [[package]] -category = "main" +category = "dev" description = "Python package for providing Mozilla's CA Bundle." name = "certifi" optional = false @@ -104,7 +112,7 @@ python-versions = "*" version = "2020.6.20" [[package]] -category = "main" +category = "dev" description = "Foreign Function Interface for Python calling C code." name = "cffi" optional = false @@ -115,7 +123,7 @@ version = "1.14.3" pycparser = "*" [[package]] -category = "main" +category = "dev" description = "Universal encoding detector for Python 2 and 3" name = "chardet" optional = false @@ -123,7 +131,7 @@ python-versions = "*" version = "3.0.4" [[package]] -category = "main" +category = "dev" description = "Composable command line interface toolkit" name = "click" optional = false @@ -131,7 +139,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" version = "7.1.2" [[package]] -category = "main" +category = "dev" description = "Fish, Bash, Zsh and PowerShell completion for Click" name = "click-completion" optional = false @@ -145,7 +153,7 @@ shellingham = "*" six = "*" [[package]] -category = "main" +category = "dev" description = "Colorization of help messages in Click" name = "click-help-colors" optional = false @@ -159,7 +167,7 @@ click = ">=7.0" dev = ["pytest"] [[package]] -category = "main" +category = "dev" description = "Cross-platform colored terminal text." name = "colorama" optional = false @@ -178,7 +186,7 @@ version = "0.9.1" test = ["flake8 (3.7.8)", "hypothesis (3.55.3)"] [[package]] -category = "main" +category = "dev" description = "A command-line utility that creates projects from project templates, e.g. creating a Python package project from a Python package project template." name = "cookiecutter" optional = false @@ -197,7 +205,7 @@ requests = ">=2.23.0" six = ">=1.10" [[package]] -category = "main" +category = "dev" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." name = "cryptography" optional = false @@ -216,7 +224,16 @@ ssh = ["bcrypt (>=3.1.5)"] test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"] [[package]] -category = "main" +category = "dev" +description = "A backport of the dataclasses module for Python 3.6" +marker = "python_version >= \"3.6\" and python_version < \"3.7\"" +name = "dataclasses" +optional = false +python-versions = ">=3.6, <3.7" +version = "0.7" + +[[package]] +category = "dev" description = "Distro - an OS platform information API" name = "distro" optional = false @@ -224,7 +241,7 @@ python-versions = "*" version = "1.5.0" [[package]] -category = "main" +category = "dev" description = "A Python library for the Docker Engine API." name = "docker" optional = false @@ -242,7 +259,7 @@ ssh = ["paramiko (>=2.4.2)"] tls = ["pyOpenSSL (>=17.5.0)", "cryptography (>=1.3.4)", "idna (>=2.0.0)"] [[package]] -category = "main" +category = "dev" description = "A python package that provides useful locks." name = "fasteners" optional = false @@ -266,14 +283,34 @@ mccabe = ">=0.6.0,<0.7.0" pycodestyle = ">=2.6.0a1,<2.7.0" pyflakes = ">=2.2.0,<2.3.0" +[package.dependencies.importlib-metadata] +python = "<3.8" +version = "*" + [[package]] -category = "main" +category = "dev" description = "Internationalized Domain Names in Applications (IDNA)" name = "idna" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "2.10" +[[package]] +category = "dev" +description = "Read metadata from Python packages" +marker = "python_version < \"3.8\"" +name = "importlib-metadata" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" +version = "2.0.0" + +[package.dependencies] +zipp = ">=0.5" + +[package.extras] +docs = ["sphinx", "rst.linker"] +testing = ["packaging", "pep517", "importlib-resources (>=1.3)"] + [[package]] category = "main" description = "A very fast and expressive template engine." @@ -289,7 +326,7 @@ MarkupSafe = ">=0.23" i18n = ["Babel (>=0.8)"] [[package]] -category = "main" +category = "dev" description = "Jinja2 Extension for Dates and Times" name = "jinja2-time" optional = false @@ -317,7 +354,7 @@ python-versions = "*" version = "0.6.1" [[package]] -category = "main" +category = "dev" description = "Molecule aids in the development and testing of Ansible roles" name = "molecule" optional = false @@ -356,7 +393,7 @@ test = ["ansi2html", "coverage (<5)", "mock (>=3.0.5,<4)", "packaging", "pytest- windows = ["pywinrm"] [[package]] -category = "main" +category = "dev" description = "An implementation of time.monotonic() for Python 2 & < 3.3" name = "monotonic" optional = false @@ -364,7 +401,7 @@ python-versions = "*" version = "1.5" [[package]] -category = "main" +category = "dev" description = "More routines for operating on iterables, beyond itertools" name = "more-itertools" optional = false @@ -372,7 +409,7 @@ python-versions = ">=3.5" version = "8.6.0" [[package]] -category = "main" +category = "dev" description = "Core utilities for Python packages" name = "packaging" optional = false @@ -384,7 +421,7 @@ pyparsing = ">=2.0.2" six = "*" [[package]] -category = "main" +category = "dev" description = "SSH2 protocol library" name = "paramiko" optional = false @@ -403,7 +440,7 @@ gssapi = ["pyasn1 (>=0.1.7)", "gssapi (>=1.4.1)", "pywin32 (>=2.1.8)"] invoke = ["invoke (>=1.3)"] [[package]] -category = "main" +category = "dev" description = "Utility library for gitignore style pattern matching of file paths." name = "pathspec" optional = false @@ -411,7 +448,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" version = "0.8.0" [[package]] -category = "main" +category = "dev" description = "Pexpect allows easy control of interactive console applications." name = "pexpect" optional = false @@ -422,18 +459,23 @@ version = "4.8.0" ptyprocess = ">=0.5" [[package]] -category = "main" +category = "dev" description = "plugin and hook calling mechanisms for python" name = "pluggy" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "0.13.1" +[package.dependencies] +[package.dependencies.importlib-metadata] +python = "<3.8" +version = ">=0.12" + [package.extras] dev = ["pre-commit", "tox"] [[package]] -category = "main" +category = "dev" description = "A lightweight YAML Parser for Python. 🐓" name = "poyo" optional = false @@ -441,7 +483,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "0.5.0" [[package]] -category = "main" +category = "dev" description = "Run a subprocess in a pseudo terminal" name = "ptyprocess" optional = false @@ -449,7 +491,7 @@ python-versions = "*" version = "0.6.0" [[package]] -category = "main" +category = "dev" description = "library with cross-python path, ini-parsing, io, code, log facilities" name = "py" optional = false @@ -465,7 +507,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "2.6.0" [[package]] -category = "main" +category = "dev" description = "C parser in Python" name = "pycparser" optional = false @@ -489,7 +531,7 @@ python-versions = ">=3.5" version = "2.7.2" [[package]] -category = "main" +category = "dev" description = "Python binding to the Networking and Cryptography (NaCl) library" name = "pynacl" optional = false @@ -505,7 +547,7 @@ docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"] tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)", "hypothesis (>=3.27.0)"] [[package]] -category = "main" +category = "dev" description = "Python parsing module" name = "pyparsing" optional = false @@ -513,7 +555,7 @@ python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" version = "2.4.7" [[package]] -category = "main" +category = "dev" description = "pytest: simple powerful testing with Python" name = "pytest" optional = false @@ -530,12 +572,16 @@ pluggy = ">=0.12,<1.0" py = ">=1.5.0" wcwidth = "*" +[package.dependencies.importlib-metadata] +python = "<3.8" +version = ">=0.12" + [package.extras] checkqa-mypy = ["mypy (v0.761)"] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] [[package]] -category = "main" +category = "dev" description = "Extensions to the standard Python datetime module" name = "python-dateutil" optional = false @@ -546,7 +592,7 @@ version = "2.8.1" six = ">=1.5" [[package]] -category = "main" +category = "dev" description = "gilt - A GIT layering tool." name = "python-gilt" optional = false @@ -564,7 +610,7 @@ sh = "*" test = ["black (19.10b0)", "flake8", "hacking", "pep517", "pytest", "pytest-cov", "pytest-helpers-namespace", "pytest-mock", "twine"] [[package]] -category = "main" +category = "dev" description = "A Python Slugify application that handles Unicode" name = "python-slugify" optional = false @@ -578,7 +624,7 @@ text-unidecode = ">=1.3" unidecode = ["Unidecode (>=1.1.1)"] [[package]] -category = "main" +category = "dev" description = "Python for Window Extensions" marker = "sys_platform == \"win32\"" name = "pywin32" @@ -587,7 +633,7 @@ python-versions = "*" version = "227" [[package]] -category = "main" +category = "dev" description = "YAML parser and emitter for Python" name = "pyyaml" optional = false @@ -595,7 +641,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" version = "5.3.1" [[package]] -category = "main" +category = "dev" description = "Python HTTP for Humans." name = "requests" optional = false @@ -626,13 +672,17 @@ commonmark = ">=0.9.0,<0.10.0" pygments = ">=2.6.0,<3.0.0" typing-extensions = ">=3.7.4,<4.0.0" +[package.dependencies.dataclasses] +python = ">=3.6,<3.7" +version = ">=0.7,<0.8" + [package.extras] jupyter = ["ipywidgets (>=7.5.1,<8.0.0)"] [[package]] category = "dev" description = "ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map key order" -marker = "python_version >= \"3.7\"" +marker = "python_version < \"3.7\" or python_version >= \"3.7\"" name = "ruamel.yaml" optional = false python-versions = "*" @@ -650,14 +700,14 @@ jinja2 = ["ruamel.yaml.jinja2 (>=0.2)"] [[package]] category = "dev" description = "C version of reader, parser and emitter for ruamel.yaml derived from libyaml" -marker = "platform_python_implementation == \"CPython\" and python_version < \"3.9\" and python_version >= \"3.7\"" +marker = "platform_python_implementation == \"CPython\" and python_version < \"3.7\" or platform_python_implementation == \"CPython\" and python_version < \"3.9\" and python_version >= \"3.7\"" name = "ruamel.yaml.clib" optional = false python-versions = "*" version = "0.2.2" [[package]] -category = "main" +category = "dev" description = "shim selinux module" name = "selinux" optional = false @@ -669,7 +719,7 @@ distro = ">=1.3.0" setuptools = ">=39.0" [[package]] -category = "main" +category = "dev" description = "Python subprocess replacement" name = "sh" optional = false @@ -677,7 +727,7 @@ python-versions = "*" version = "1.13.1" [[package]] -category = "main" +category = "dev" description = "Tool to Detect Surrounding Shell" name = "shellingham" optional = false @@ -685,7 +735,7 @@ python-versions = "!=3.0,!=3.1,!=3.2,!=3.3,>=2.6" version = "1.3.2" [[package]] -category = "main" +category = "dev" description = "Python 2 and 3 compatibility utilities" name = "six" optional = false @@ -693,7 +743,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" version = "1.15.0" [[package]] -category = "main" +category = "dev" description = "Pretty-print tabular data" name = "tabulate" optional = false @@ -704,7 +754,7 @@ version = "0.8.7" widechars = ["wcwidth"] [[package]] -category = "main" +category = "dev" description = "Test infrastructures" name = "testinfra" optional = false @@ -721,7 +771,7 @@ salt = ["salt"] winrm = ["pywinrm"] [[package]] -category = "main" +category = "dev" description = "The most basic Text::Unidecode port" name = "text-unidecode" optional = false @@ -729,7 +779,7 @@ python-versions = "*" version = "1.3" [[package]] -category = "main" +category = "dev" description = "" name = "tree-format" optional = false @@ -748,7 +798,7 @@ python-versions = "*" version = "3.7.4.3" [[package]] -category = "main" +category = "dev" description = "HTTP library with thread-safe connection pooling, file post, and more." name = "urllib3" optional = false @@ -761,7 +811,7 @@ secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "cer socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"] [[package]] -category = "main" +category = "dev" description = "Measures the displayed width of unicode strings in a terminal" name = "wcwidth" optional = false @@ -769,7 +819,7 @@ python-versions = "*" version = "0.2.5" [[package]] -category = "main" +category = "dev" description = "WebSocket client for Python. hybi13 is supported." name = "websocket-client" optional = false @@ -780,7 +830,7 @@ version = "0.57.0" six = "*" [[package]] -category = "main" +category = "dev" description = "A linter for YAML files." name = "yamllint" optional = false @@ -792,10 +842,23 @@ pathspec = ">=0.5.3" pyyaml = "*" setuptools = "*" +[[package]] +category = "dev" +description = "Backport of pathlib-compatible object wrapper for zip files" +marker = "python_version < \"3.8\"" +name = "zipp" +optional = false +python-versions = ">=3.6" +version = "3.4.0" + +[package.extras] +docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"] +testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"] + [metadata] -content-hash = "438f2e02025d222b379d0a1b53c73cbd146aee0a6d009fb9141cba8f354519ae" +content-hash = "4114e22097faba4d352cd5aa591e462e7d681179fea8b2f46c819dede8e54aee" lock-version = "1.0" -python-versions = "^3.8" +python-versions = "^3.6" [metadata.files] ansible = [ @@ -926,6 +989,10 @@ cryptography = [ {file = "cryptography-3.2.1-cp38-cp38-win_amd64.whl", hash = "sha256:d25cecbac20713a7c3bc544372d42d8eafa89799f492a43b79e1dfd650484851"}, {file = "cryptography-3.2.1.tar.gz", hash = "sha256:d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3"}, ] +dataclasses = [ + {file = "dataclasses-0.7-py3-none-any.whl", hash = "sha256:3459118f7ede7c8bea0fe795bff7c6c2ce287d01dd226202f7c9ebc0610a7836"}, + {file = "dataclasses-0.7.tar.gz", hash = "sha256:494a6dcae3b8bcf80848eea2ef64c0cc5cd307ffc263e17cdf42f3e5420808e6"}, +] distro = [ {file = "distro-1.5.0-py2.py3-none-any.whl", hash = "sha256:df74eed763e18d10d0da624258524ae80486432cd17392d9c3d96f5e83cd2799"}, {file = "distro-1.5.0.tar.gz", hash = "sha256:0e58756ae38fbd8fc3020d54badb8eae17c5b9dcbed388b17bb55b8a5928df92"}, @@ -946,6 +1013,10 @@ idna = [ {file = "idna-2.10-py2.py3-none-any.whl", hash = "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"}, {file = "idna-2.10.tar.gz", hash = "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6"}, ] +importlib-metadata = [ + {file = "importlib_metadata-2.0.0-py2.py3-none-any.whl", hash = "sha256:cefa1a2f919b866c5beb7c9f7b0ebb4061f30a8a9bf16d609b000e2dfaceb9c3"}, + {file = "importlib_metadata-2.0.0.tar.gz", hash = "sha256:77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da"}, +] jinja2 = [ {file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"}, {file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"}, @@ -1205,3 +1276,7 @@ yamllint = [ {file = "yamllint-1.25.0-py2.py3-none-any.whl", hash = "sha256:c7be4d0d2584a1b561498fa9acb77ad22eb434a109725c7781373ae496d823b3"}, {file = "yamllint-1.25.0.tar.gz", hash = "sha256:b1549cbe5b47b6ba67bdeea31720f5c51431a4d0c076c1557952d841f7223519"}, ] +zipp = [ + {file = "zipp-3.4.0-py3-none-any.whl", hash = "sha256:102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108"}, + {file = "zipp-3.4.0.tar.gz", hash = "sha256:ed5eee1974372595f9e416cc7bbeeb12335201d8081ca8a0743c954d4446e5cb"}, +] diff --git a/pyproject.toml b/pyproject.toml index 3740f1e3..aa98c6a0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,24 +5,24 @@ description = "" authors = ["neonmei "] [tool.poetry.dependencies] -python = "^3.8" +python = "^3.6" # Pin ansible version to that currently present on awx ansible = "==2.9.5" jinja2 = "^2.11.2" + +[tool.poetry.dev-dependencies] +pytest = "^5.2" +ansible-lint = "^4.3.5" +flake8 = "^3.8.4" selinux = "^0.2.1" -#molecule = {extras = ["docker"], version = "^2.20"} +yamllint = "^1.25.0" # minimum version is 3.0.3, because we need docker memory limitation # https://github.com/ansible-community/molecule/pull/2615 molecule = {extras = ["docker"], version = "==3.0.8"} testinfra = "^5.3.1" -[tool.poetry.dev-dependencies] -pytest = "^5.2" -ansible-lint = "^4.3.5" -flake8 = "^3.8" - [build-system] requires = ["poetry>=0.12"] build-backend = "poetry.masonry.api" From f771fb4dfd6961884fcdfb30bd9fee933ca20950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:19:47 -0300 Subject: [PATCH 13/67] lint: update ansible and lint for molecule lint matrix task --- .ansible-lint | 1 + .yamllint | 29 +++++++++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 148ddda4..b8c04701 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,4 @@ --- warn_list: - '106' + - '303' diff --git a/.yamllint b/.yamllint index a74c7d25..88276760 100644 --- a/.yamllint +++ b/.yamllint @@ -1,3 +1,5 @@ +--- +# Based on ansible-lint config extends: default rules: @@ -7,10 +9,25 @@ rules: brackets: max-spaces-inside: 1 level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable line-length: disable - # NOTE(retr0h): Templates no longer fail this lint rule. - # Uncomment if running old Molecule templates. - # truthy: disable -ignore: | - .travis.yml - config.yml + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable From c81f973963ee876c1119891cf2be24c2b3df88df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:21:00 -0300 Subject: [PATCH 14/67] github: update actions with 3 jobs for testing scenarios: default, distributed-wazuh-elk and distributed-wazuh-elk-xpack --- .github/actions/default/Dockerfile | 7 -- .github/actions/default/action.yml | 6 -- .github/actions/default/entrypoint.sh | 3 - .github/workflows/main.yml | 101 ++++++++++++++++++++++++-- 4 files changed, 95 insertions(+), 22 deletions(-) delete mode 100644 .github/actions/default/Dockerfile delete mode 100644 .github/actions/default/action.yml delete mode 100644 .github/actions/default/entrypoint.sh diff --git a/.github/actions/default/Dockerfile b/.github/actions/default/Dockerfile deleted file mode 100644 index 9dffbde8..00000000 --- a/.github/actions/default/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM quay.io/ansible/molecule:2.20 - -VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ] - -COPY ./entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/default/action.yml b/.github/actions/default/action.yml deleted file mode 100644 index a9b38478..00000000 --- a/.github/actions/default/action.yml +++ /dev/null @@ -1,6 +0,0 @@ -name: molecule-test -description: Molecule tests for Wazuh Ansible -runs: - using: docker - image: 'Dockerfile' - diff --git a/.github/actions/default/entrypoint.sh b/.github/actions/default/entrypoint.sh deleted file mode 100644 index 158e9f08..00000000 --- a/.github/actions/default/entrypoint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -eu - -molecule test \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 26cb0e32..7cec655f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,13 +1,102 @@ +--- name: Molecule tests for Wazuh Ansible - on: [push] jobs: - default: + + scenario-default: + name: Default scenario (smoke) runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Default scenario - uses: './.github/actions/default' + - name: Check out the codebase. + uses: actions/checkout@v2 + + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + # Hack to get setup-python to work on act + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install poetry + run: pip3 install poetry + + - name: Install dependencies + run: poetry install + + - name: Run Molecule tests. + run: poetry run molecule test -s default + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + + scenario-distributed-wazuh-elk: + name: Distributed ELK + Wazuh + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install poetry + run: pip3 install poetry + + - name: Install dependencies + run: poetry install + + + - name: Run Molecule tests. + run: poetry run molecule test -s distributed-wazuh-elk + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + + scenario-distributed-wazuh-elk-xpack: + name: Distributed ELK + XPack + Wazuh + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install poetry + run: pip3 install poetry + + - name: Install dependencies + run: poetry install + + + - name: Run Molecule tests. + run: poetry run molecule test -s distributed-wazuh-elk-xpack + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + + + From 603e68aab7856595bcb5cc1f7d4d6f491f762ea3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 13:21:43 -0300 Subject: [PATCH 15/67] gitignore: add certificate directories generated during molecule run and .mypy_cache --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 107a85d0..38bf9b6c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,8 @@ wazuh-elastic.yml wazuh-kibana.yml wazuh-manager.yml *.pyc +.mypy_cache Pipfile.lock *.swp +molecule/**/es_certs/ +molecule/**/opendistro/ \ No newline at end of file From dc2486b3394e43bace8c26e6b94a8001a4dba3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=85?= Date: Fri, 6 Nov 2020 14:21:19 -0300 Subject: [PATCH 16/67] roles/opendistro: switch from import_tasks to include_tasks, move block tag and conditional from security_actions.yml to main.yml --- .../opendistro-elasticsearch/tasks/main.yml | 5 +- .../tasks/security_actions.yml | 261 +++++++++--------- 2 files changed, 133 insertions(+), 133 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index b429af26..085d82ab 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -35,7 +35,10 @@ when: install.changed tags: install - - import_tasks: security_actions.yml + - include_tasks: security_actions.yml + tags: + - security + when: install.changed - name: Configure OpenDistro Elasticsearch JVM memmory. template: diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml index a3d98e46..6f2b1803 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml @@ -1,152 +1,149 @@ -- block: - - name: Remove demo certs - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ opendistro_conf_path }}/kirk.pem" - - "{{ opendistro_conf_path }}/kirk-key.pem" - - "{{ opendistro_conf_path }}/esnode.pem" - - "{{ opendistro_conf_path }}/esnode-key.pem" +- name: Remove demo certs + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ opendistro_conf_path }}/kirk.pem" + - "{{ opendistro_conf_path }}/kirk-key.pem" + - "{{ opendistro_conf_path }}/esnode.pem" + - "{{ opendistro_conf_path }}/esnode-key.pem" - - name: Configure node name - block: - - name: Setting node name (Elasticsearch) - set_fact: - od_node_name: "{{ elasticsearch_node_name }}" - when: - elasticsearch_node_name is defined and kibana_node_name is not defined +- name: Configure node name + block: + - name: Setting node name (Elasticsearch) + set_fact: + od_node_name: "{{ elasticsearch_node_name }}" + when: + elasticsearch_node_name is defined and kibana_node_name is not defined - - name: Setting node name (Kibana) - set_fact: - od_node_name: "{{ kibana_node_name }}" - when: - kibana_node_name is defined + - name: Setting node name (Kibana) + set_fact: + od_node_name: "{{ kibana_node_name }}" + when: + kibana_node_name is defined - - name: Setting node name (Filebeat) - set_fact: - od_node_name: "{{ kibana_node_name }}" - when: - filebeat_node_name is defined + - name: Setting node name (Filebeat) + set_fact: + od_node_name: "{{ kibana_node_name }}" + when: + filebeat_node_name is defined - - name: Configure IP (Private address) - set_fact: - target_address: "{{ hostvars[inventory_hostname]['private_ip'] }}" - when: - - hostvars[inventory_hostname]['private_ip'] is defined +- name: Configure IP (Private address) + set_fact: + target_address: "{{ hostvars[inventory_hostname]['private_ip'] }}" + when: + - hostvars[inventory_hostname]['private_ip'] is defined - - name: Configure IP (Public address) - set_fact: - target_address: "{{ inventory_hostname }}" - when: - - hostvars[inventory_hostname]['private_ip'] is not defined +- name: Configure IP (Public address) + set_fact: + target_address: "{{ inventory_hostname }}" + when: + - hostvars[inventory_hostname]['private_ip'] is not defined - - name: Copy the node & admin certificates to Elasticsearch cluster - copy: - src: "{{ local_certs_path }}/certs/{{ item }}" - dest: /etc/elasticsearch/ - mode: 0644 - with_items: - - root-ca.pem - - root-ca.key - - "{{ od_node_name }}.key" - - "{{ od_node_name }}.pem" - - "{{ od_node_name }}_http.key" - - "{{ od_node_name }}_http.pem" - - "{{ od_node_name }}_elasticsearch_config_snippet.yml" - - admin.key - - admin.pem +- name: Copy the node & admin certificates to Elasticsearch cluster + copy: + src: "{{ local_certs_path }}/certs/{{ item }}" + dest: /etc/elasticsearch/ + mode: 0644 + with_items: + - root-ca.pem + - root-ca.key + - "{{ od_node_name }}.key" + - "{{ od_node_name }}.pem" + - "{{ od_node_name }}_http.key" + - "{{ od_node_name }}_http.pem" + - "{{ od_node_name }}_elasticsearch_config_snippet.yml" + - admin.key + - admin.pem - - name: Copy the OpenDistro security configuration file to cluster - blockinfile: - block: "{{ lookup('file', '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml') }}" - dest: "{{ opendistro_conf_path }}/elasticsearch.yml" - insertafter: EOF - marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" +- name: Copy the OpenDistro security configuration file to cluster + blockinfile: + block: "{{ lookup('file', '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml') }}" + dest: "{{ opendistro_conf_path }}/elasticsearch.yml" + insertafter: EOF + marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" - - name: Prepare the OpenDistro security configuration file - replace: - path: "{{ opendistro_conf_path }}/elasticsearch.yml" - regexp: 'searchguard' - replace: 'opendistro_security' - tags: local +- name: Prepare the OpenDistro security configuration file + replace: + path: "{{ opendistro_conf_path }}/elasticsearch.yml" + regexp: 'searchguard' + replace: 'opendistro_security' + tags: local - - name: Restart elasticsearch with security configuration - systemd: - name: elasticsearch - state: restarted +- name: Restart elasticsearch with security configuration + systemd: + name: elasticsearch + state: restarted - - name: Copy the OpenDistro security internal users template - template: - src: "templates/internal_users.yml.j2" - dest: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" - mode: 0644 - run_once: true +- name: Copy the OpenDistro security internal users template + template: + src: "templates/internal_users.yml.j2" + dest: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" + mode: 0644 + run_once: true - - name: Hashing the custom admin password - command: "{{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_admin_password }}" - register: opendistro_admin_password_hashed - run_once: true +- name: Hashing the custom admin password + command: "{{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_admin_password }}" + register: opendistro_admin_password_hashed + run_once: true - - name: Filtering hash result in case java path is not defined - set_fact: - opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[1] }}" - when: - - opendistro_admin_password_hashed.stdout_lines[1] is defined - run_once: true +- name: Filtering hash result in case java path is not defined + set_fact: + opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[1] }}" + when: + - opendistro_admin_password_hashed.stdout_lines[1] is defined + run_once: true - - name: Setting admin hash result - set_fact: - opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[0] }}" - when: - - opendistro_admin_password_hashed.stdout_lines[1] is not defined - run_once: true +- name: Setting admin hash result + set_fact: + opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[0] }}" + when: + - opendistro_admin_password_hashed.stdout_lines[1] is not defined + run_once: true - - name: Set the Admin user password - replace: - path: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" - regexp: '(?<=admin:\n hash: )(.*)(?=)' - replace: "\"{{ opendistro_admin_password_hashed_filtered }}\"" - run_once: true +- name: Set the Admin user password + replace: + path: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" + regexp: '(?<=admin:\n hash: )(.*)(?=)' + replace: "\"{{ opendistro_admin_password_hashed_filtered }}\"" + run_once: true - - name: Set the kibanaserver role/user pasword - shell: > - sed -i 's,{{ opendistro_kibana_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_kibana_password }} | tail -1)',' - {{ opendistro_sec_plugin_conf_path }}/internal_users.yml - run_once: true +- name: Set the kibanaserver role/user pasword + shell: > + sed -i 's,{{ opendistro_kibana_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_kibana_password }} | tail -1)',' + {{ opendistro_sec_plugin_conf_path }}/internal_users.yml + run_once: true - - name: Initialize the OpenDistro security index in elasticsearch - command: > - {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh - -cacert {{ opendistro_conf_path }}/root-ca.pem - -cert {{ opendistro_conf_path }}/admin.pem - -key {{ opendistro_conf_path }}/admin.key - -cd {{ opendistro_sec_plugin_conf_path }}/ - -nhnv -icl - -h {{ target_address }} - run_once: true +- name: Initialize the OpenDistro security index in elasticsearch + command: > + {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh + -cacert {{ opendistro_conf_path }}/root-ca.pem + -cert {{ opendistro_conf_path }}/admin.pem + -key {{ opendistro_conf_path }}/admin.key + -cd {{ opendistro_sec_plugin_conf_path }}/ + -nhnv -icl + -h {{ target_address }} + run_once: true + +- name: Create custom user + uri: + url: "https://{{ target_address }}:{{ opendistro_http_port }}/_opendistro/_security/api/internalusers/{{ opendistro_custom_user }}" + method: PUT + user: "admin" # Default OpenDistro user is always "admin" + password: "{{ opendistro_admin_password }}" + body: | + { + "password": "{{ opendistro_admin_password }}", + "backend_roles": ["{{ opendistro_custom_user_role }}"] + } + body_format: json + validate_certs: no + status_code: 200,201,401 + return_content: yes + timeout: 4 + when: + - opendistro_custom_user is defined and opendistro_custom_user - - name: Create custom user - uri: - url: "https://{{ target_address }}:{{ opendistro_http_port }}/_opendistro/_security/api/internalusers/{{ opendistro_custom_user }}" - method: PUT - user: "admin" # Default OpenDistro user is always "admin" - password: "{{ opendistro_admin_password }}" - body: | - { - "password": "{{ opendistro_admin_password }}", - "backend_roles": ["{{ opendistro_custom_user_role }}"] - } - body_format: json - validate_certs: no - status_code: 200,201,401 - return_content: yes - timeout: 4 - when: - - opendistro_custom_user is defined and opendistro_custom_user - tags: - - security - when: install.changed From e5ccf1361d0e5db7a3b8172ea280e454e0894451 Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 6 Nov 2020 15:05:08 -0300 Subject: [PATCH 17/67] github: add scenario for Distributed ODFE+Wazuh --- .github/workflows/main.yml | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7cec655f..89ddfc3a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,3 @@ - --- name: Molecule tests for Wazuh Ansible on: [push] @@ -91,12 +90,38 @@ jobs: - name: Install dependencies run: poetry install - - name: Run Molecule tests. run: poetry run molecule test -s distributed-wazuh-elk-xpack env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + scenario-distributed-wazuh-odfe: + name: Distributed ODFE + Wazuh + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + - name: Hack to get setup-python to work on act. See act issue 251 + run: | + if [ ! -f "/etc/lsb-release" ] ; then + echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release + fi + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install poetry + run: pip3 install poetry + + - name: Install dependencies + run: poetry install + + - name: Run Molecule tests. + run: poetry run molecule test -s distributed-wazuh-odfe + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' From e7663c008b331acd7684a198c815539b74807d1f Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 6 Nov 2020 15:08:04 -0300 Subject: [PATCH 18/67] github: change workflow trigger for molecule tests --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 89ddfc3a..34184a9e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,6 @@ --- name: Molecule tests for Wazuh Ansible -on: [push] +on: [pull_request, workflow_dispatch, release] jobs: From 3b5d8651a64de2a588b16d74bf9ae1ff2513f6cf Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 11:37:48 -0300 Subject: [PATCH 19/67] roles/wazuh_manager: reduce depth of wazuh_manager_config by extracting contents into external dictionaries --- .../ansible-wazuh-manager/defaults/main.yml | 848 ++++++++++-------- 1 file changed, 477 insertions(+), 371 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ea73e74b..1d343003 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,12 @@ wazuh_manager_version: 4.0.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_10.x" + # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" @@ -35,381 +41,481 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" +wazuh_manager_repo: + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + + +########################################## +### Wazuh-OSSEC +########################################## + +# groups to create +agent_groups: [] + +## Global +wazuh_manager_json_output: 'yes' +wazuh_manager_alerts_log: 'yes' +wazuh_manager_logall: 'no' +wazuh_manager_logall_json: 'no' + +wazuh_manager_email_notification: 'no' +wazuh_manager_mailto: + - 'admin@example.net' + +wazuh_manager_email_smtp_server: smtp.example.wazuh.com +wazuh_manager_email_from: ossecm@example.wazuh.com +wazuh_manager_email_maxperhour: 12 +wazuh_manager_email_queue_size: 131072 +wazuh_manager_email_log_source: 'alerts.log' + +wazuh_manager_globals: + - '127.0.0.1' + - '^localhost.localdomain$' + - '127.0.0.53' + +## Alerts +wazuh_manager_log_level: 3 +wazuh_manager_email_level: 12 + +## Logging +wazuh_manager_log_format: 'plain' + +## Email alerts +wazuh_manager_extra_emails: + - enable: false + mail_to: 'recipient@example.wazuh.com' + format: full + level: 7 + event_location: null + group: null + do_not_delay: false + do_not_group: false + rule_id: null + + +## Remote +wazuh_manager_connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + +## Reports +wazuh_manager_reports: + - enable: false + category: 'syscheck' + title: 'Daily report: File changes' + email_to: 'recipient@example.wazuh.com' + location: null + group: null + rule: null + level: null + srcip: null + user: null + showlogs: null + +## Woodles +wazuh_manager_rootcheck: + frequency: 43200 + +wazuh_manager_openscap: + disable: 'yes' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + +wazuh_manager_ciscat: + disable: 'yes' + install_java: 'yes' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' + ciscat_path: 'wodles/ciscat' + +wazuh_manager_osquery: + disable: 'yes' + run_daemon: 'yes' + log_path: '/var/log/osquery/osqueryd.results.log' + config_path: '/etc/osquery/osquery.conf' + ad_labels: 'yes' + +wazuh_manager_syscollector: + disable: 'no' + interval: '1h' + scan_on_start: 'yes' + hardware: 'yes' + os: 'yes' + network: 'yes' + packages: 'yes' + ports_no: 'yes' + processes: 'yes' + +wazuh_manager_monitor_aws: + disabled: 'yes' + interval: '10m' + run_on_start: 'yes' + skip_on_error: 'yes' + s3: + - name: null + bucket_type: null + path: null + only_logs_after: null + access_key: null + secret_key: null + +## SCA +wazuh_manager_sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' + +## Vulnerability Detector +wazuh_manager_vulnerability_detector: + enabled: 'no' + interval: '5m' + ignore_time: '6h' + run_on_start: 'yes' + providers: + - enabled: 'no' + os: + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: '1h' + name: '"canonical"' + - enabled: 'no' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: '1h' + name: '"debian"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"redhat"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"nvd"' + +## Syscheck +wazuh_manager_syscheck: + disable: 'no' + frequency: 43200 + scan_on_start: 'yes' + auto_ignore: 'no' + ignore: + - /etc/mtab + - /etc/hosts.deny + - /etc/mail/statistics + - /etc/random-seed + - /etc/random.seed + - /etc/adjtime + - /etc/httpd/logs + - /etc/utmpx + - /etc/wtmpx + - /etc/cups/certs + - /etc/dumpdates + - /etc/svc/volatile + ignore_linux_type: + - '.log$|.swp$' + no_diff: + - /etc/ssl/private.key + directories: + - dirs: /etc,/usr/bin,/usr/sbin + checks: '' + - dirs: /bin,/sbin,/boot + checks: '' + auto_ignore_frequency: + frequency: 'frequency="10"' + timeframe: 'timeframe="3600"' + value: 'no' + skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 + +## Command +wazuh_manager_commands: + - name: 'disable-account' + executable: 'disable-account.sh' + expect: 'user' + timeout_allowed: 'yes' + - name: 'restart-ossec' + executable: 'restart-ossec.sh' + expect: '' + - name: 'firewall-drop' + executable: 'firewall-drop.sh' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'host-deny' + executable: 'host-deny.sh' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'route-null' + executable: 'route-null.sh' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'win_route-null' + executable: 'route-null.cmd' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'win_route-null-2012' + executable: 'route-null-2012.cmd' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'netsh' + executable: 'netsh.cmd' + expect: 'srcip' + timeout_allowed: 'yes' + - name: 'netsh-win-2016' + executable: 'netsh-win-2016.cmd' + expect: 'srcip' + timeout_allowed: 'yes' + +## Localfile +wazuh_manager_localfiles: + common: + - format: 'command' + command: df -P + frequency: '360' + - format: 'full_command' + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + alias: 'netstat listening ports' + frequency: '360' + - format: 'full_command' + command: 'last -n 20' + frequency: '360' + - format: 'syslog' + location: '/var/ossec/logs/active-responses.log' + debian: + - format: 'syslog' + location: '/var/log/auth.log' + - format: 'syslog' + location: '/var/log/syslog' + - format: 'syslog' + location: '/var/log/dpkg.log' + - format: 'syslog' + location: '/var/log/kern.log' + centos: + - format: 'syslog' + location: '/var/log/messages' + - format: 'syslog' + location: '/var/log/secure' + - format: 'syslog' + location: '/var/log/maillog' + - format: 'audit' + location: '/var/log/audit/audit.log' + +## Syslog outputs +wazuh_manager_syslog_outputs: + - server: null + port: null + format: null + +## Integrations +wazuh_manager_integrations: + # slack + - name: null + hook_url: '' + alert_level: 10 + alert_format: 'json' + rule_id: null + # pagerduty + - name: null + api_key: '' + alert_level: 12 + +## Labels +wazuh_manager_labels: + enable: false + list: + - key: Env + value: Production + +## Ruleset +wazuh_manager_ruleset: + rules_path: 'custom_ruleset/rules/' + decoders_path: 'custom_ruleset/decoders/' + cdb_lists: + - 'audit-keys' + - 'security-eventchannel' + - 'amazon/aws-eventnames' + +wazuh_manager_rule_exclude: + - '0215-policy_rules.xml' + +## Auth +wazuh_manager_authd: + enable: true + port: 1515 + use_source_ip: 'no' + force_insert: 'yes' + force_time: 0 + purge: 'yes' + use_password: 'no' + limit_maxagents: 'yes' + ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' + ssl_agent_ca: null + ssl_verify_host: 'no' + ssl_manager_cert: 'sslmanager.cert' + ssl_manager_key: 'sslmanager.key' + ssl_auto_negotiate: 'no' + +## Cluster +wazuh_manager_cluster: + disable: 'yes' + name: 'wazuh' + node_name: 'manager_01' + node_type: 'master' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager' + hidden: 'no' + +## Wazuh API setup +wazuh_manager_api: + bind_addr: 0.0.0.0 + port: 55000 + behind_proxy_server: no + https: yes + https_key: "api/configuration/ssl/server.key" + https_cert: "api/configuration/ssl/server.crt" + https_use_ca: False + https_ca: "api/configuration/ssl/ca.crt" + logging_level: "info" + logging_path: "logs/api.log" + cors: no + cors_source_route: "*" + cors_expose_headers: "*" + cors_allow_headers: "*" + cors_allow_credentials: no + cache: yes + cache_time: 0.750 + access_max_login_attempts: 5 + access_block_time: 300 + access_max_request_per_minute: 300 + use_only_authd: no + drop_privileges: yes + experimental_features: no + # wazuh_api_users: # - username: custom-user # password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars) +## Other/Wrappers wazuh_manager_config: - repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - json_output: 'yes' - alerts_log: 'yes' - logall: 'no' - logall_json: 'no' - log_format: 'plain' - api: - bind_addr: 0.0.0.0 - port: 55000 - behind_proxy_server: no - https: yes - https_key: "api/configuration/ssl/server.key" - https_cert: "api/configuration/ssl/server.crt" - https_use_ca: False - https_ca: "api/configuration/ssl/ca.crt" - logging_level: "info" - logging_path: "logs/api.log" - cors: no - cors_source_route: "*" - cors_expose_headers: "*" - cors_allow_headers: "*" - cors_allow_credentials: no - cache: yes - cache_time: 0.750 - access_max_login_attempts: 5 - access_block_time: 300 - access_max_request_per_minute: 300 - use_only_authd: no - drop_privileges: yes - experimental_features: no - cluster: - disable: 'yes' - name: 'wazuh' - node_name: 'manager_01' - node_type: 'master' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager' - hidden: 'no' - connection: - - type: 'secure' - port: '1514' - protocol: 'tcp' - queue_size: 131072 - authd: - enable: true - port: 1515 - use_source_ip: 'no' - force_insert: 'yes' - force_time: 0 - purge: 'yes' - use_password: 'no' - limit_maxagents: 'yes' - ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' - ssl_agent_ca: null - ssl_verify_host: 'no' - ssl_manager_cert: 'sslmanager.cert' - ssl_manager_key: 'sslmanager.key' - ssl_auto_negotiate: 'no' - email_notification: 'no' - mail_to: - - 'admin@example.net' - mail_smtp_server: smtp.example.wazuh.com - mail_from: ossecm@example.wazuh.com - mail_maxperhour: 12 - mail_queue_size: 131072 - email_log_source: 'alerts.log' - extra_emails: - - enable: false - mail_to: 'recipient@example.wazuh.com' - format: full - level: 7 - event_location: null - group: null - do_not_delay: false - do_not_group: false - rule_id: null - reports: - - enable: false - category: 'syscheck' - title: 'Daily report: File changes' - email_to: 'recipient@example.wazuh.com' - location: null - group: null - rule: null - level: null - srcip: null - user: null - showlogs: null - syscheck: - disable: 'no' - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - ignore: - - /etc/mtab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/random-seed - - /etc/random.seed - - /etc/adjtime - - /etc/httpd/logs - - /etc/utmpx - - /etc/wtmpx - - /etc/cups/certs - - /etc/dumpdates - - /etc/svc/volatile - ignore_linux_type: - - '.log$|.swp$' - no_diff: - - /etc/ssl/private.key - directories: - - dirs: /etc,/usr/bin,/usr/sbin - checks: '' - - dirs: /bin,/sbin,/boot - checks: '' - auto_ignore_frequency: - frequency: 'frequency="10"' - timeframe: 'timeframe="3600"' - value: 'no' - skip_nfs: 'yes' - skip_dev: 'yes' - skip_proc: 'yes' - skip_sys: 'yes' - process_priority: 10 - max_eps: 100 - sync_enabled: 'yes' - sync_interval: '5m' - sync_max_interval: '1h' - sync_max_eps: 10 - rootcheck: - frequency: 43200 - openscap: - disable: 'yes' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - cis_cat: - disable: 'yes' - install_java: 'yes' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' - ciscat_path: 'wodles/ciscat' - osquery: - disable: 'yes' - run_daemon: 'yes' - log_path: '/var/log/osquery/osqueryd.results.log' - config_path: '/etc/osquery/osquery.conf' - ad_labels: 'yes' - syscollector: - disable: 'no' - interval: '1h' - scan_on_start: 'yes' - hardware: 'yes' - os: 'yes' - network: 'yes' - packages: 'yes' - ports_no: 'yes' - processes: 'yes' - sca: - enabled: 'yes' - scan_on_start: 'yes' - interval: '12h' - skip_nfs: 'yes' - day: '' - wday: '' - time: '' - vulnerability_detector: - enabled: 'no' - interval: '5m' - ignore_time: '6h' - run_on_start: 'yes' - providers: - - enabled: 'no' - os: - - 'trusty' - - 'xenial' - - 'bionic' - update_interval: '1h' - name: '"canonical"' - - enabled: 'no' - os: - - 'wheezy' - - 'stretch' - - 'jessie' - - 'buster' - update_interval: '1h' - name: '"debian"' - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: '"redhat"' - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: '"nvd"' - log_level: 3 - email_level: 12 - localfiles: - common: - - format: 'command' - command: df -P - frequency: '360' - - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - alias: 'netstat listening ports' - frequency: '360' - - format: 'full_command' - command: 'last -n 20' - frequency: '360' - - format: 'syslog' - location: '/var/ossec/logs/active-responses.log' - debian: - - format: 'syslog' - location: '/var/log/auth.log' - - format: 'syslog' - location: '/var/log/syslog' - - format: 'syslog' - location: '/var/log/dpkg.log' - - format: 'syslog' - location: '/var/log/kern.log' - centos: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'audit' - location: '/var/log/audit/audit.log' - globals: - - '127.0.0.1' - - '^localhost.localdomain$' - - '127.0.0.53' - commands: - - name: 'disable-account' - executable: 'disable-account.sh' - expect: 'user' - timeout_allowed: 'yes' - - name: 'restart-ossec' - executable: 'restart-ossec.sh' - expect: '' - - name: 'firewall-drop' - executable: 'firewall-drop.sh' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'host-deny' - executable: 'host-deny.sh' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'route-null' - executable: 'route-null.sh' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'win_route-null' - executable: 'route-null.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'win_route-null-2012' - executable: 'route-null-2012.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'netsh' - executable: 'netsh.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'netsh-win-2016' - executable: 'netsh-win-2016.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - ruleset: - rules_path: 'custom_ruleset/rules/' - decoders_path: 'custom_ruleset/decoders/' - cdb_lists: - - 'audit-keys' - - 'security-eventchannel' - - 'amazon/aws-eventnames' - rule_exclude: - - '0215-policy_rules.xml' - syslog_outputs: - - server: null - port: null - format: null - integrations: - #slack - - name: null - hook_url: '' - alert_level: 10 - alert_format: 'json' - rule_id: null - #pagerduty - - name: null - api_key: '' - alert_level: 12 - monitor_aws: - disabled: 'yes' - interval: '10m' - run_on_start: 'yes' - skip_on_error: 'yes' - s3: - - name: null - bucket_type: null - path: null - only_logs_after: null - access_key: null - secret_key: null - labels: - enable: false - list: - - key: Env - value: Production + repo: '{{ wazuh_manager_repo }}' + json_output: '{{ wazuh_manager_json_output }}' + alerts_log: '{{ wazuh_manager_alerts_log }}' + logall: '{{ wazuh_manager_logall }}' + logall_json: '{{ wazuh_manager_logall_json }}' + log_format: '{{ wazuh_manager_log_format }}' + api: '{{ wazuh_manager_api }}' + cluster: '{{ wazuh_manager_cluster }}' + connection: '{{ wazuh_manager_connection }}' + authd: '{{ wazuh_manager_authd }}' + email_notification: '{{ wazuh_manager_email_notification }}' + mail_to: '{{ wazuh_manager_mailto }}' + + mail_smtp_server: '{{ wazuh_manager_email_smtp_server }}' + mail_from: '{{ wazuh_manager_email_from }}' + mail_maxperhour: '{{ wazuh_manager_email_maxperhour }}' + mail_queue_size: '{{ wazuh_manager_email_queue_size }}' + email_log_source: '{{ wazuh_manager_email_log_source }}' + extra_emails: '{{ wazuh_manager_extra_emails }}' + reports: '{{ wazuh_manager_reports}}' + + syscheck: '{{ wazuh_manager_syscheck }}' + rootcheck: '{{ wazuh_manager_rootcheck }}' + + + openscap: '{{ wazuh_manager_openscap }}' + cis_cat: '{{ wazuh_manager_ciscat }}' + + osquery: '{{ wazuh_manager_osquery }}' + syscollector: '{{ wazuh_manager_syscollector }}' + sca: '{{ wazuh_manager_sca }}' + vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' + + log_level: '{{ wazuh_manager_log_level }}' + email_level: '{{ wazuh_manager_email_level }}' + localfiles: '{{ wazuh_manager_localfiles }}' + + globals: '{{ wazuh_manager_globals }}' + commands: '{{ wazuh_manager_commands }}' + ruleset: '{{ wazuh_manager_ruleset }}' + + rule_exclude: '{{ wazuh_manager_rule_exclude }}' + syslog_outputs: '{{ wazuh_manager_syslog_outputs }}' + integrations: '{{ wazuh_manager_integrations }}' + + monitor_aws: '{{ wazuh_manager_monitor_aws }}' + + labels: '{{ wazuh_manager_labels }}' + +# shared-agent.conf # shared_agent_config: - # - type: os - # type_value: Linux - # syscheck: - # frequency: 43200 - # scan_on_start: 'yes' - # ignore: - # - /etc/mtab - # - /etc/mnttab - # - /etc/hosts.deny - # - /etc/mail/statistics - # - /etc/svc/volatile - # no_diff: - # - /etc/ssl/private.key - # rootcheck: - # frequency: 43200 - # cis_distribution_filename: null - # localfiles: - # - format: 'syslog' - # location: '/var/log/messages' - # - format: 'syslog' - # location: '/var/log/secure' - # - format: 'syslog' - # location: '/var/log/maillog' - # - format: 'apache' - # location: '/var/log/httpd/error_log' - # - format: 'apache' - # location: '/var/log/httpd/access_log' - # - format: 'apache' - # location: '/var/ossec/logs/active-responses.log' - # - type: os - # type_value: Windows - # syscheck: - # frequency: 43200 - # scan_on_start: 'yes' - # auto_ignore: 'no' - # windows_registry: - # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - # arch: 'both' - # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - # localfiles: - # - location: 'Security' - # format: 'eventchannel' - # - location: 'System' - # format: 'eventlog' - -nodejs: - repo_dict: - debian: "deb" - redhat: "rpm" - repo_url_ext: "nodesource.com/setup_10.x" - -agent_groups: [] # groups to create +# - type: os +# type_value: Linux +# syscheck: +# frequency: 43200 +# scan_on_start: 'yes' +# ignore: +# - /etc/mtab +# - /etc/mnttab +# - /etc/hosts.deny +# - /etc/mail/statistics +# - /etc/svc/volatile +# no_diff: +# - /etc/ssl/private.key +# rootcheck: +# frequency: 43200 +# cis_distribution_filename: null +# localfiles: +# - format: 'syslog' +# location: '/var/log/messages' +# - format: 'syslog' +# location: '/var/log/secure' +# - format: 'syslog' +# location: '/var/log/maillog' +# - format: 'apache' +# location: '/var/log/httpd/error_log' +# - format: 'apache' +# location: '/var/log/httpd/access_log' +# - format: 'apache' +# location: '/var/ossec/logs/active-responses.log' +# - type: os +# type_value: Windows +# syscheck: +# frequency: 43200 +# scan_on_start: 'yes' +# auto_ignore: 'no' +# windows_registry: +# - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' +# arch: 'both' +# - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' +# localfiles: +# - location: 'Security' +# format: 'eventchannel' +# - location: 'System' +# format: 'eventlog' From bda7de57ece7f7b6f954d8012bb5fa6185cb9fbd Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 9 Nov 2020 16:29:43 +0100 Subject: [PATCH 20/67] Elastic API check fix --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index b429af26..82515328 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -64,7 +64,7 @@ return_content: yes timeout: 4 register: _result - until: ( _result.json is defined) and (_result.json.status == "green") + until: ( _result.json is defined) and (_result.json.status == "green" or _result.json.status == "yellow" ) retries: 24 delay: 5 tags: debug @@ -82,7 +82,7 @@ return_content: yes timeout: 4 register: _result - until: ( _result.json is defined) and (_result.json.status == "green") + until: ( _result.json is defined) and (_result.json.status == "green" or _result.json.status == "yellow" ) retries: 24 delay: 5 tags: debug From a1f4a16fd91f592da07257116f3499df7d993c87 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 13:03:54 -0300 Subject: [PATCH 21/67] roles/wazuh_manager: add support for role-distributed ansible.cfg setting for hash_behaviour --- .../ansible-wazuh-manager/defaults/main.yml | 21 +++++++++---------- .../ansible-wazuh-manager/tasks/main.yml | 8 +++++++ 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1d343003..57e9d5e2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -421,8 +421,17 @@ wazuh_manager_api: # - username: custom-user # password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars) +# NOTE: As wazuh_manager_config is built dynamically per playbooks and ansible.cfg provided in the repo, +# we should also cover the case for partial settings in inventory variables overlayed on top of role's +# defaults with merge hash_behaviour. If you do a full replace instead of the hash_behaviour, set this to false. +# +# Please do notice this behaviour is deprecated in 2.13 and role will move away from it in future versions: +# https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-hash-behaviour +# +wazuh_manager_config_overlay: true + ## Other/Wrappers -wazuh_manager_config: +wazuh_manager_config_defaults: repo: '{{ wazuh_manager_repo }}' json_output: '{{ wazuh_manager_json_output }}' alerts_log: '{{ wazuh_manager_alerts_log }}' @@ -435,7 +444,6 @@ wazuh_manager_config: authd: '{{ wazuh_manager_authd }}' email_notification: '{{ wazuh_manager_email_notification }}' mail_to: '{{ wazuh_manager_mailto }}' - mail_smtp_server: '{{ wazuh_manager_email_smtp_server }}' mail_from: '{{ wazuh_manager_email_from }}' mail_maxperhour: '{{ wazuh_manager_email_maxperhour }}' @@ -443,33 +451,24 @@ wazuh_manager_config: email_log_source: '{{ wazuh_manager_email_log_source }}' extra_emails: '{{ wazuh_manager_extra_emails }}' reports: '{{ wazuh_manager_reports}}' - syscheck: '{{ wazuh_manager_syscheck }}' rootcheck: '{{ wazuh_manager_rootcheck }}' - - openscap: '{{ wazuh_manager_openscap }}' cis_cat: '{{ wazuh_manager_ciscat }}' - osquery: '{{ wazuh_manager_osquery }}' syscollector: '{{ wazuh_manager_syscollector }}' sca: '{{ wazuh_manager_sca }}' vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' - log_level: '{{ wazuh_manager_log_level }}' email_level: '{{ wazuh_manager_email_level }}' localfiles: '{{ wazuh_manager_localfiles }}' - globals: '{{ wazuh_manager_globals }}' commands: '{{ wazuh_manager_commands }}' ruleset: '{{ wazuh_manager_ruleset }}' - rule_exclude: '{{ wazuh_manager_rule_exclude }}' syslog_outputs: '{{ wazuh_manager_syslog_outputs }}' integrations: '{{ wazuh_manager_integrations }}' - monitor_aws: '{{ wazuh_manager_monitor_aws }}' - labels: '{{ wazuh_manager_labels }}' # shared-agent.conf diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index fb0be0e0..24274b4a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,4 +1,12 @@ --- + +- name: Overlay wazuh_manager_config on top of defaults + set_fact: + wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' + vars: + config_layer: '{{ wazuh_manager_config | default({}) }}' + when: wazuh_manager_config_overlay | bool + - name: "Install dependencies" package: name: From d23feddedec43a1ae37b956ec66241c62249fb7d Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 9 Nov 2020 17:57:12 +0100 Subject: [PATCH 22/67] Refactor test conditions --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 82515328..998cdd32 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -64,13 +64,12 @@ return_content: yes timeout: 4 register: _result - until: ( _result.json is defined) and (_result.json.status == "green" or _result.json.status == "yellow" ) + until: ( _result.json is defined) and (_result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) ) retries: 24 delay: 5 tags: debug when: - hostvars[inventory_hostname]['private_ip'] is not defined or not hostvars[inventory_hostname]['private_ip'] - - single_node == false - name: Wait for Elasticsearch API (Private IP) uri: @@ -82,13 +81,12 @@ return_content: yes timeout: 4 register: _result - until: ( _result.json is defined) and (_result.json.status == "green" or _result.json.status == "yellow" ) + until: ( _result.json is defined) and (_result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) ) retries: 24 delay: 5 tags: debug when: - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] - - single_node == false - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From d44532482a3bdd5db2316d4edfd65c6081927ffa Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 13:58:23 -0300 Subject: [PATCH 23/67] roles/wazuh_manager: remove nodejs as wazuh-api was migrated to python For more information, see: https://github.com/wazuh/wazuh/releases/tag/v4.0.0 --- .../ansible-wazuh-manager/defaults/main.yml | 6 -- .../ansible-wazuh-manager/tasks/RMDebian.yml | 6 -- .../ansible-wazuh-manager/tasks/RMRedHat.yml | 5 - .../ansible-wazuh-manager/tasks/main.yml | 22 ----- .../var-ossec-api-configuration-config.js.j2 | 95 ------------------- 5 files changed, 134 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 57e9d5e2..72227a5f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,12 +4,6 @@ wazuh_manager_version: 4.0.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present -nodejs: - repo_dict: - debian: "deb" - redhat: "rpm" - repo_url_ext: "nodesource.com/setup_10.x" - # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml index 05094cfd..2b22dfbc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml @@ -4,9 +4,3 @@ repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: absent changed_when: false - -- name: Debian/Ubuntu | Remove Nodejs repository. - apt_repository: - repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml index 76b7f29f..c725859e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml @@ -1,9 +1,4 @@ --- -- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata) - yum_repository: - name: NodeJS - state: absent - changed_when: false - name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) yum_repository: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 24274b4a..bdd5ce83 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -15,28 +15,6 @@ - tar state: present -- name: Check if NodeJS service exists - stat: - path: /usr/bin/node - register: node_service_status - -- name: Install NodeJS repository - block: - - name: Download NodeJS repository script - get_url: - url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" - dest: /etc/nodejs.sh - mode: 0775 - changed_when: false - - - name: Run NodeJS bash script - command: sh /etc/nodejs.sh - register: nodejs_script - changed_when: nodejs_script.rc == 0 - when: - - not node_service_status.stat.exists - - wazuh_manager_config.cluster.node_type == "master" - - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 deleted file mode 100644 index bc909dc7..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 +++ /dev/null @@ -1,95 +0,0 @@ - -var config = {}; - -// Basic configuration - -// Path -config.ossec_path = "/var/ossec"; -// The host to bind the API to. -config.host = "{{ wazuh_manager_config.api.bind_addr }}"; -// TCP Port used by the API. -config.port = "{{ wazuh_manager_config.api.port }}"; -// Use HTTP protocol over TLS/SSL. Values: yes, no. -config.https = "{{ wazuh_manager_config.api.https }}"; -// Use HTTP authentication. Values: yes, no. -config.basic_auth = "{{ wazuh_manager_config.api.basic_auth }}"; -//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no. -config.BehindProxyServer = "{{ wazuh_manager_config.api.behind_proxy_server }}"; - -// HTTPS Certificates -config.https_key = "{{ wazuh_manager_config.api.https_key }}" -config.https_cert = "{{ wazuh_manager_config.api.https_cert }}" -config.https_use_ca = "{{ wazuh_manager_config.api.https_use_ca }}" -config.https_ca = "{{ wazuh_manager_config.api.https_ca }}" - -// Advanced configuration - -// Values for API log: disabled, info, warning, error, debug (each level includes the previous level). -config.logs = "info"; -// Cross-origin resource sharing. Values: yes, no. -config.cors = "yes"; -// Cache (time in milliseconds) -config.cache_enabled = "yes"; -config.cache_debug = "no"; -config.cache_time = "750"; -// Log path -config.log_path = config.ossec_path + "/logs/api.log"; -// Python -config.python = [ - // Default installation - { - bin: "python", - lib: "" - }, - // Python 3 - { - bin: "python3", - lib: "" - }, - // Package 'python27' for CentOS 6 - { - bin: "/opt/rh/python27/root/usr/bin/python", - lib: "/opt/rh/python27/root/usr/lib64" - } -]; -// Shared library path -config.ld_library_path = config.ossec_path + "/framework/lib" - -// Option to force the use of authd to remove and add agents -config.use_only_authd = {{ wazuh_manager_config.api.use_only_authd }}; - -// Option to drop privileges (run as ossec) -config.drop_privileges = {{ wazuh_manager_config.api.drop_privileges }}; - -// Activate features still under development -config.experimental_features = {{ wazuh_manager_config.api.experimental_features }}; - -/************************* SSL OPTIONS ****************************************/ -// SSL protocol - -// SSL protocol to use. All available secure protocols available at: -// https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS -config.secureProtocol = "{{ wazuh_manager_config.api.secure_protocol }}"; -try { - // Disable the use of SSLv3, TLSv1.1 and TLSv1.0. All available secureOptions at: - // https://nodejs.org/api/crypto.html#crypto_openssl_options - const crypto = require('crypto'); - config.secureOptions = crypto.constants.SSL_OP_NO_SSLv3 | - crypto.constants.SSL_OP_NO_TLSv1 | - crypto.constants.SSL_OP_NO_TLSv1_1; -} catch (err) { - console.log("Could not configure NodeJS to avoid unsecure SSL/TLS protocols: " + err) -} - -// SSL ciphersuit - -// When choosing a cipher, use the server's preferences instead of the client -// preferences. When not set, the SSL server will always follow the clients -// preferences. More info at: -// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html -config.honorCipherOrder = {{ wazuh_manager_config.api.honor_cipher_order }}; -// Modify default ciphersuit. More info: -// https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite -config.ciphers = "{{ wazuh_manager_config.api.ciphers }}"; - -module.exports = config; From 0f6ea26123aaf97d60c2769ad69441fc8bfd7540 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 14:04:55 -0300 Subject: [PATCH 24/67] roles/wazuh_manager: merge uninstall tasks in a single file --- .../ansible-wazuh-manager/tasks/RMDebian.yml | 6 ------ .../ansible-wazuh-manager/tasks/RMRedHat.yml | 7 ------- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 12 +++--------- .../ansible-wazuh-manager/tasks/uninstall.yml | 15 +++++++++++++++ 4 files changed, 18 insertions(+), 22 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml deleted file mode 100644 index 2b22dfbc..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Debian/Ubuntu | Remove Wazuh repository. - apt_repository: - repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml deleted file mode 100644 index c725859e..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) - yum_repository: - name: wazuh_repo - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index bdd5ce83..72c995b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -321,12 +321,6 @@ - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest -- include_tasks: "RMRedHat.yml" - when: - - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - - not wazuh_manager_sources_installation.enabled - -- include_tasks: "RMDebian.yml" - when: - - ansible_os_family == "Debian" - - not wazuh_manager_sources_installation.enabled +- name: Run uninstall tasks + include_tasks: uninstall.yml + when: not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml new file mode 100644 index 00000000..b74f61a4 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml @@ -0,0 +1,15 @@ +--- + +- name: Debian/Ubuntu | Remove Wazuh repository. + apt_repository: + repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main + state: absent + changed_when: false + when: not wazuh_manager_sources_installation.enabled + +- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) + yum_repository: + name: wazuh_repo + state: absent + changed_when: false + when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" From af948dff018c380c224abe651362143a6bb53969 Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 9 Nov 2020 19:08:33 +0100 Subject: [PATCH 25/67] Fix ES API test task until statement. Fix block indentation --- .../opendistro-elasticsearch/tasks/main.yml | 155 +++++++++--------- 1 file changed, 78 insertions(+), 77 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 998cdd32..4a20b542 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -5,90 +5,91 @@ - generate_certs - block: + - import_tasks: RedHat.yml + when: ansible_os_family == 'RedHat' - - import_tasks: RedHat.yml - when: ansible_os_family == 'RedHat' + - name: Install OpenDistro + package: + name: opendistroforelasticsearch-{{ opendistro_version }} + state: present + register: install + tags: install + - name: Remove elasticsearch configuration file + file: + path: "{{ opendistro_conf_path }}/elasticsearch.yml" + state: absent + when: install.changed + tags: install - - name: Install OpenDistro - package: - name: opendistroforelasticsearch-{{ opendistro_version }} - state: present - register: install - tags: install + - name: Copy Configuration File + blockinfile: + block: "{{ lookup('template', 'elasticsearch.yml.j2') }}" + dest: "{{ opendistro_conf_path }}/elasticsearch.yml" + create: true + group: elasticsearch + mode: 0640 + marker: "## {mark} Opendistro general settings ##" + when: install.changed + tags: install - - name: Remove elasticsearch configuration file - file: - path: "{{ opendistro_conf_path }}/elasticsearch.yml" - state: absent - when: install.changed - tags: install + - import_tasks: security_actions.yml - - name: Copy Configuration File - blockinfile: - block: "{{ lookup('template', 'elasticsearch.yml.j2') }}" - dest: "{{ opendistro_conf_path }}/elasticsearch.yml" - create: true - group: elasticsearch - mode: 0640 - marker: "## {mark} Opendistro general settings ##" - when: install.changed - tags: install + - name: Configure OpenDistro Elasticsearch JVM memmory. + template: + src: "templates/jvm.options.j2" + dest: /etc/elasticsearch/jvm.options + owner: root + group: elasticsearch + mode: 0644 + force: yes + notify: restart elasticsearch + tags: install - - import_tasks: security_actions.yml + - name: Ensure Elasticsearch started and enabled + service: + name: elasticsearch + enabled: true + state: started - - name: Configure OpenDistro Elasticsearch JVM memmory. - template: - src: "templates/jvm.options.j2" - dest: /etc/elasticsearch/jvm.options - owner: root - group: elasticsearch - mode: 0644 - force: yes - notify: restart elasticsearch - tags: install + - name: Wait for Elasticsearch API + uri: + url: "https://{{ inventory_hostname }}:{{ opendistro_http_port }}/_cluster/health/" + user: "admin" # Default OpenDistro user is always "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: + - _result.json is defined + - _result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) + retries: 24 + delay: 5 + tags: debug + when: + - hostvars[inventory_hostname]['private_ip'] is not defined or not hostvars[inventory_hostname]['private_ip'] - - name: Ensure Elasticsearch started and enabled - service: - name: elasticsearch - enabled: true - state: started - - - name: Wait for Elasticsearch API - uri: - url: "https://{{ inventory_hostname }}:{{ opendistro_http_port }}/_cluster/health/" - user: "admin" # Default OpenDistro user is always "admin" - password: "{{ opendistro_admin_password }}" - validate_certs: no - status_code: 200,401 - return_content: yes - timeout: 4 - register: _result - until: ( _result.json is defined) and (_result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) ) - retries: 24 - delay: 5 - tags: debug - when: - - hostvars[inventory_hostname]['private_ip'] is not defined or not hostvars[inventory_hostname]['private_ip'] - - - name: Wait for Elasticsearch API (Private IP) - uri: - url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:{{ opendistro_http_port }}/_cluster/health/" - user: "admin" # Default OpenDistro user is always "admin" - password: "{{ opendistro_admin_password }}" - validate_certs: no - status_code: 200,401 - return_content: yes - timeout: 4 - register: _result - until: ( _result.json is defined) and (_result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) ) - retries: 24 - delay: 5 - tags: debug - when: - - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] - - - import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + - name: Wait for Elasticsearch API (Private IP) + uri: + url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:{{ opendistro_http_port }}/_cluster/health/" + user: "admin" # Default OpenDistro user is always "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: + - _result.json is defined + - _result.json.status == "green" or ( _result.json.status == "yellow" and single_node ) + retries: 24 + delay: 5 + tags: debug + when: + - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] + - import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" when: perform_installation From 0afaba51fc52ad09ab04463d86e1f62c580f9356 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 10 Nov 2020 13:05:05 +0100 Subject: [PATCH 26/67] Fix repository removal task condition --- roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml index b74f61a4..0ab111f2 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml @@ -5,7 +5,7 @@ repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: absent changed_when: false - when: not wazuh_manager_sources_installation.enabled + when: ansible_os_family == "Debian" - name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) yum_repository: From 53fbc82931aa2ad677eab593b7ae193d38d63c08 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 10:45:43 -0300 Subject: [PATCH 27/67] roles/agent: reduce depth of wazuh_agent_config by extracting internal dicts to outside variables --- .../ansible-wazuh-agent/defaults/main.yml | 528 ++++++++++-------- 1 file changed, 290 insertions(+), 238 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 38ff1151..b7dcd7ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -32,19 +32,11 @@ wazuh_agent_sources_installation: user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" -wazuh_managers: - - address: 127.0.0.1 - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - max_retries: 5 - retry_interval: 5 wazuh_api_reachable_from_agent: false wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' + wazuh_agent_authd: registration_address: 127.0.0.1 enable: false @@ -69,234 +61,294 @@ wazuh_winagent_config: md5: f9737cbd7df7104c1bee9f3e8b9ca26e wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi -wazuh_agent_config: - repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - active_response: - ar_disabled: 'no' - ca_store: '/var/ossec/etc/wpk_root.pem' - ca_store_win: 'wpk_root.pem' - ca_verification: 'yes' - log_format: 'plain' - client_buffer: - disable: 'no' - queue_size: '5000' - events_per_sec: '500' - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - win_audit_interval: 60 - skip_nfs: 'yes' - skip_dev: 'yes' - skip_proc: 'yes' - skip_sys: 'yes' - process_priority: 10 - max_eps: 100 - sync_enabled: 'yes' - sync_interval: '5m' - sync_max_interval: '1h' - sync_max_eps: 10 - ignore: - - /etc/mtab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/random-seed - - /etc/random.seed - - /etc/adjtime - - /etc/httpd/logs - - /etc/utmpx - - /etc/wtmpx - - /etc/cups/certs - - /etc/dumpdates - - /etc/svc/volatile - ignore_linux_type: - - '.log$|.swp$' - ignore_win: - - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - no_diff: - - /etc/ssl/private.key - directories: - - dirs: /etc,/usr/bin,/usr/sbin - checks: '' - - dirs: /bin,/sbin,/boot - checks: '' - win_directories: - - dirs: '%WINDIR%' - checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' - - dirs: '%WINDIR%\SysNative' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| - net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" - - dirs: '%WINDIR%\SysNative\drivers\etc%' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\SysNative\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\SysNative' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%WINDIR%\System32' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| - netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\System32\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\System32' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'realtime="yes"' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Security' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components' - arch: "both" - windows_registry_ignore: - - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets' - - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users' - - key: '\Enum$' - type: "sregex" - rootcheck: - frequency: 43200 - openscap: - disable: 'yes' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - osquery: - disable: 'yes' - run_daemon: 'yes' - bin_path_win: 'C:\Program Files\osquery\osqueryd' - log_path: '/var/log/osquery/osqueryd.results.log' - log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' - config_path: '/etc/osquery/osquery.conf' - config_path_win: 'C:\Program Files\osquery\osquery.conf' - add_labels: 'yes' - syscollector: - disable: 'no' - interval: '1h' - scan_on_start: 'yes' - hardware: 'yes' - os: 'yes' - network: 'yes' - packages: 'yes' - ports_no: 'yes' - processes: 'yes' - sca: - enabled: 'yes' - scan_on_start: 'yes' - interval: '12h' - skip_nfs: 'yes' - day: '' - wday: '' - time: '' - cis_cat: - disable: 'yes' - install_java: 'no' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - java_path: 'wodles/java' - java_path_win: '\\server\jre\bin\java.exe' - ciscat_path: 'wodles/ciscat' - ciscat_path_win: 'C:\cis-cat' - localfiles: - debian: - - format: 'syslog' - location: '/var/log/auth.log' - - format: 'syslog' - location: '/var/log/syslog' - - format: 'syslog' - location: '/var/log/dpkg.log' - - format: 'syslog' - location: '/var/log/kern.log' - centos: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'audit' - location: '/var/log/audit/audit.log' - linux: - - format: 'syslog' - location: '/var/ossec/logs/active-responses.log' - - format: 'full_command' - command: 'last -n 20' - frequency: '360' - - format: 'command' - command: df -P - frequency: '360' - - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - alias: 'netstat listening ports' - frequency: '360' - windows: - - format: 'eventlog' - location: 'Application' - - format: 'eventchannel' - location: 'Security' - query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]' - - format: 'eventlog' - location: 'System' - - format: 'syslog' - location: 'active-response\active-responses.log' - labels: - enable: false - list: - - key: Env - value: Production - enrollment: - enabled: '' - manager_address: '' - port: 1515 - agent_name: 'testname' - groups: '' - agent_address: '' - ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - server_ca_path: '' - agent_certificate_path: '' - agent_key_path: '' - authorization_pass_path : /var/ossec/etc/authd.pass - auto_method: 'no' - delay_after_enrollment: 20 - use_source_ip: 'no' +wazuh_agent_repo: + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + wazuh_agent_nat: false + +########################################## +### Wazuh-OSSEC +########################################## + +wazuh_agent_config_overlay: yes + +## Client +wazuh_managers: + - address: 127.0.0.1 + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: null + max_retries: 5 + retry_interval: 5 + +## Enrollment +wazuh_agent_enrollment: + enabled: '' + manager_address: '' + port: 1515 + agent_name: 'testname' + groups: '' + agent_address: '' + ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + server_ca_path: '' + agent_certificate_path: '' + agent_key_path: '' + authorization_pass_path: /var/ossec/etc/authd.pass + auto_method: 'no' + delay_after_enrollment: 20 + use_source_ip: 'no' + +## Client buffer +wazuh_agent_client_buffer: + disable: 'no' + queue_size: '5000' + events_per_sec: '500' + +## Rootcheck +wazuh_agent_rootcheck: + frequency: 43200 + +## Wodles +wazuh_agent_openscap: + disable: 'yes' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + +wazuh_agent_cis_cat: + disable: 'yes' + install_java: 'no' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + java_path: 'wodles/java' + java_path_win: '\\server\jre\bin\java.exe' + ciscat_path: 'wodles/ciscat' + ciscat_path_win: 'C:\cis-cat' + +wazuh_agent_osquery: + disable: 'yes' + run_daemon: 'yes' + bin_path_win: 'C:\Program Files\osquery\osqueryd' + log_path: '/var/log/osquery/osqueryd.results.log' + log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' + config_path: '/etc/osquery/osquery.conf' + config_path_win: 'C:\Program Files\osquery\osquery.conf' + add_labels: 'yes' + +wazuh_agent_syscollector: + disable: 'no' + interval: '1h' + scan_on_start: 'yes' + hardware: 'yes' + os: 'yes' + network: 'yes' + packages: 'yes' + ports_no: 'yes' + processes: 'yes' + +## SCA +wazuh_agent_sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' + +## Syscheck +wazuh_agent_syscheck: + frequency: 43200 + scan_on_start: 'yes' + auto_ignore: 'no' + win_audit_interval: 60 + skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 + ignore: + - /etc/mtab + - /etc/hosts.deny + - /etc/mail/statistics + - /etc/random-seed + - /etc/random.seed + - /etc/adjtime + - /etc/httpd/logs + - /etc/utmpx + - /etc/wtmpx + - /etc/cups/certs + - /etc/dumpdates + - /etc/svc/volatile + ignore_linux_type: + - '.log$|.swp$' + ignore_win: + - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' + no_diff: + - /etc/ssl/private.key + directories: + - dirs: /etc,/usr/bin,/usr/sbin + checks: '' + - dirs: /bin,/sbin,/boot + checks: '' + win_directories: + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" + - dirs: '%WINDIR%\System32\drivers\etc' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' + checks: 'realtime="yes"' + windows_registry: + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Policies' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Security' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services' + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs' + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components' + arch: "both" + windows_registry_ignore: + - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets' + - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users' + - key: '\Enum$' + type: "sregex" + +## Localfile +wazuh_agent_localfiles: + debian: + - format: 'syslog' + location: '/var/log/auth.log' + - format: 'syslog' + location: '/var/log/syslog' + - format: 'syslog' + location: '/var/log/dpkg.log' + - format: 'syslog' + location: '/var/log/kern.log' + centos: + - format: 'syslog' + location: '/var/log/messages' + - format: 'syslog' + location: '/var/log/secure' + - format: 'syslog' + location: '/var/log/maillog' + - format: 'audit' + location: '/var/log/audit/audit.log' + linux: + - format: 'syslog' + location: '/var/ossec/logs/active-responses.log' + - format: 'full_command' + command: 'last -n 20' + frequency: '360' + - format: 'command' + command: df -P + frequency: '360' + - format: 'full_command' + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + alias: 'netstat listening ports' + frequency: '360' + windows: + - format: 'eventlog' + location: 'Application' + - format: 'eventchannel' + location: 'Security' + query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]' + - format: 'eventlog' + location: 'System' + - format: 'syslog' + location: 'active-response\active-responses.log' + +## Labels +wazuh_agent_labels: + enable: false + list: + - key: Env + value: Production + +## Active response +wazuh_agent_active_response: + ar_disabled: 'no' + ca_store: '/var/ossec/etc/wpk_root.pem' + ca_store_win: 'wpk_root.pem' + ca_verification: 'yes' + +## Logging +wazuh_agent_log_format: 'plain' + +# wazuh_agent_config +wazuh_agent_config_defaults: + repo: '{{ wazuh_agent_repo }}' + active_response: '{{ wazuh_agent_active_response }}' + log_format: '{{ wazuh_agent_log_format }}' + client_buffer: '{{ wazuh_agent_client_buffer }}' + syscheck: '{{ wazuh_agent_syscheck }}' + + rootcheck: '{{ wazuh_agent_rootcheck }}' + openscap: '{{ wazuh_agent_openscap }}' + + osquery: '{{ wazuh_agent_osquery }}' + syscollector: '{{ wazuh_agent_syscollector }}' + sca: '{{ wazuh_agent_sca }}' + cis_cat: '{{ wazuh_agent_cis_cat }}' + localfiles: '{{ wazuh_agent_localfiles }}' + + labels: '{{ wazuh_agent_labels }}' + enrollment: '{{ wazuh_agent_enrollment }}' From 2a5da5f78d7eecd81c66ec9e81323ef2b8e05cd1 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 10:48:12 -0300 Subject: [PATCH 28/67] roles/agent: add support for overlaying like role-distributed ansible.cfg setting for hash_behaviour --- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 25c7b955..43aa2ca3 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,4 +1,12 @@ --- + +- name: Overlay wazuh_agent_config on top of defaults + set_fact: + wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}' + vars: + config_layer: '{{ wazuh_agent_config | default({}) }}' + when: wazuh_agent_config_overlay | bool + - include_tasks: "Windows.yml" when: ansible_os_family == "Windows" From 52a809158a6afc42858cb67a4225ddf9b7c7f22d Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 10 Nov 2020 17:03:12 +0100 Subject: [PATCH 29/67] roles/filebeat-oss: allow installing fixed filebeat version --- roles/wazuh/ansible-filebeat-oss/tasks/main.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml index 2c5d3de1..b23faa40 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -5,14 +5,25 @@ - include_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Install Filebeat +- name: Install Filebeat | Redhat package: - name: filebeat + name: "filebeat-{{ filebeat_version }}" state: present register: install tags: - install - init + when: ansible_os_family == 'RedHat' + +- name: Install Filebeat | Debian + package: + name: "filebeat={{ filebeat_version }}" + state: present + register: install + tags: + - install + - init + when: ansible_os_family == 'Debian' - name: Checking if Filebeat Module folder file exists stat: From ed8bccb3a4004ff8baed5170e7aeb950f26c4ca4 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 10 Nov 2020 18:30:13 +0100 Subject: [PATCH 30/67] roles/filebeat-oss: use apt/yum module instead of package --- roles/wazuh/ansible-filebeat-oss/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml index b23faa40..73ffe040 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -6,7 +6,7 @@ when: ansible_os_family == 'Debian' - name: Install Filebeat | Redhat - package: + apt: name: "filebeat-{{ filebeat_version }}" state: present register: install @@ -16,7 +16,7 @@ when: ansible_os_family == 'RedHat' - name: Install Filebeat | Debian - package: + yum: name: "filebeat={{ filebeat_version }}" state: present register: install From 0866c54e2b3d9aea56e2d33550a7203d790ab151 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 10 Nov 2020 18:36:26 +0100 Subject: [PATCH 31/67] roles/filebeat-oss: minor fix --- roles/wazuh/ansible-filebeat-oss/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml index 73ffe040..f86de14b 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -6,7 +6,7 @@ when: ansible_os_family == 'Debian' - name: Install Filebeat | Redhat - apt: + yum: name: "filebeat-{{ filebeat_version }}" state: present register: install @@ -16,7 +16,7 @@ when: ansible_os_family == 'RedHat' - name: Install Filebeat | Debian - yum: + apt: name: "filebeat={{ filebeat_version }}" state: present register: install From aa04ebad90e2e571d9389fd38adec3134b32b2df Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:04:21 -0300 Subject: [PATCH 32/67] roles/opendistro-elasticsearch: remove unused variables --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 22709024..9d624025 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,8 +1,5 @@ --- # Cluster Settings -es_version: "7.9.1" -es_major_version: "7.x" - opendistro_version: 1.10.1 single_node: false @@ -44,7 +41,6 @@ es_nodes: |- {%- endfor %} # Security password -opendistro_security_password: admin opendistro_custom_user: "" opendistro_custom_user_role: "admin" From fad82ba7d171e609501c9d3e00d55de59a74fbfc Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:04:31 -0300 Subject: [PATCH 33/67] roles/opendistro-kibana: remove unused variables --- roles/opendistro/opendistro-kibana/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 2974bf3d..464302aa 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -44,7 +44,6 @@ kibana_newsfeed_enabled: "false" kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" -opendistro_security_user: elastic opendistro_admin_password: changeme opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme From e90ddb73e6d05a70a0570bf3761f0dc3d2740c59 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:05:38 -0300 Subject: [PATCH 34/67] roles/filebeat-oss: remove unused variables --- roles/wazuh/ansible-filebeat-oss/README.md | 1 - roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 3 --- 2 files changed, 4 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/README.md b/roles/wazuh/ansible-filebeat-oss/README.md index bed47531..02311817 100644 --- a/roles/wazuh/ansible-filebeat-oss/README.md +++ b/roles/wazuh/ansible-filebeat-oss/README.md @@ -19,7 +19,6 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index ace9077f..44c8465e 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -3,9 +3,6 @@ filebeat_version: 7.9.1 wazuh_template_branch: v4.0.0 -filebeat_create_config: true - -filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" From eb5e74bb0217e01003bb00d31a3cf342fa34d208 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:06:42 -0300 Subject: [PATCH 35/67] roles/filebeat: remove unused variables --- roles/wazuh/ansible-filebeat/README.md | 1 - roles/wazuh/ansible-filebeat/defaults/main.yml | 18 +----------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md index 416f7da0..3bbc2b32 100644 --- a/roles/wazuh/ansible-filebeat/README.md +++ b/roles/wazuh/ansible-filebeat/README.md @@ -19,7 +19,6 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index f2c02a48..db70ffe1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -5,28 +5,12 @@ wazuh_template_branch: v4.0.0 filebeat_create_config: true -filebeat_prospectors: - - input_type: log - paths: - - "/var/ossec/logs/alerts/alerts.json" - document_type: json - json.message_key: log - json.keys_under_root: true - json.overwrite_keys: true - filebeat_node_name: node-1 -filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_enable_logging: true -filebeat_log_level: debug -filebeat_log_dir: /var/log/mybeat -filebeat_log_filename: mybeat.log filebeat_ssl_dir: /etc/pki/filebeat -filebeat_ssl_certificate_file: "" -filebeat_ssl_insecure: "false" filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz @@ -40,7 +24,7 @@ filebeat_xpack_security: false elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -node_certs_generator : false +node_certs_generator: false node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/filebeat/certs From b928bc81fe324eb29e1c5ed90312987f1d1d8e4c Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:23:39 -0300 Subject: [PATCH 36/67] roles/opendistro-elasticsearch: remove unused variable elasticrepo --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 9d624025..7476410d 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -54,11 +54,6 @@ certs_gen_tool_version: 1.8 # Url of Search Guard certificates generator tool certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" -elasticrepo: - apt: 'https://artifacts.elastic.co/packages/7.x/apt' - yum: 'https://artifacts.elastic.co/packages/7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-opendistro' - key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' opendistro_admin_password: changeme opendistro_kibana_password: changeme From 200efb981c66b5d9399cbb15e917c8f908896a8f Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:24:11 -0300 Subject: [PATCH 37/67] roles/opendistro-kibana: remove unused variable elasticsearch_nodes --- roles/opendistro/opendistro-kibana/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 464302aa..170e72b5 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -2,10 +2,6 @@ # Kibana configuration elasticsearch_http_port: 9200 -elasticsearch_nodes: |- - {% for item in groups['es_cluster'] -%} - {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} - {%- endfor %} elastic_api_protocol: https kibana_conf_path: /etc/kibana kibana_node_name: node-1 From 04e242e2071c303cf083966140a64ab2f1beb647 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:24:52 -0300 Subject: [PATCH 38/67] roles/filebeat-oss: remove unused variables filebeat_security_user and filebeat_security_password --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 44c8465e..e77112c8 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -15,8 +15,6 @@ elasticsearch_security_user: admin elasticsearch_security_password: changeme # Security plugin filebeat_security: true -filebeat_security_user: admin -filebeat_security_password: changeme filebeat_ssl_dir: /etc/pki/filebeat # Local path to store the generated certificates (OpenDistro security plugin) From 1d93181625a2bb80b7b74491d32003aeb7c00326 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:25:41 -0300 Subject: [PATCH 39/67] roles/filebeat: remove unused variables node_certs_generator and node_certs_source --- roles/wazuh/ansible-filebeat/defaults/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index db70ffe1..9369e7b7 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -24,11 +24,8 @@ filebeat_xpack_security: false elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -node_certs_generator: false -node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/filebeat/certs - # CA Generation master_certs_path: "{{ playbook_dir }}/es_certs" generate_CA: true From 1511649944a95b930f414ec20a1b9d6f7746ab49 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:52:29 -0300 Subject: [PATCH 40/67] roles/elasticsearch: remove unused variable elasticsearch_xpack_security_user --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5a638104..3556489d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -27,9 +27,8 @@ elasticsearch_discovery_nodes: elasticsearch_node_data: true elasticsearch_node_ingest: true -# X-Pack Security +# X-Pack Security elasticsearch_xpack_security: false -elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false From e466b3c35e3f1ce328adeca5d467b6f57766e8db Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:52:58 -0300 Subject: [PATCH 41/67] roles/kibana: remove unused variables node_certs_generator and node_certs_source --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 35bae043..014910d7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -31,8 +31,6 @@ kibana_ssl_verification_mode: "full" elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -node_certs_generator: false -node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/kibana/certs # CA Generation From f5f80aa588b206781bd3fb927f85b96ea8fd7b6a Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:53:21 -0300 Subject: [PATCH 42/67] roles/opendistro-elasticsearch: remove unused variable es_nodes --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 7476410d..cfe22df8 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -35,10 +35,6 @@ package_repos: opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_conf_path: /etc/elasticsearch/ -es_nodes: |- - {% for item in groups['es_cluster'] -%} - {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} - {%- endfor %} # Security password opendistro_custom_user: "" From 36e235c877f5b3551b7d3489c418c8e7de7526a0 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 10 Nov 2020 15:53:43 -0300 Subject: [PATCH 43/67] roles/filebeat: remove unused variable filebeat_ssl_dir --- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 9369e7b7..99dd3358 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -10,8 +10,6 @@ filebeat_node_name: node-1 filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_ssl_dir: /etc/pki/filebeat - filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ From 15f15170f3cc24ee7a7f3900d86bbb2d608c4473 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:00:36 -0300 Subject: [PATCH 44/67] roles/opendistro-elasticsearch: remove nested jinja pattern and move it to a task-local variable for clarity --- .../opendistro-elasticsearch/tasks/security_actions.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml index 6f2b1803..0749d8a9 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml @@ -60,10 +60,12 @@ - name: Copy the OpenDistro security configuration file to cluster blockinfile: - block: "{{ lookup('file', '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml') }}" + block: "{{ lookup('file', snippet_path ) }}" dest: "{{ opendistro_conf_path }}/elasticsearch.yml" insertafter: EOF marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##" + vars: + snippet_path: '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml' - name: Prepare the OpenDistro security configuration file replace: From c0d48e3ad45cc00b73b23bbad744907794d65b03 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:04:32 -0300 Subject: [PATCH 45/67] roles/opendistro-elasticsearch: remove use of command module with sed and change it to replace module. Also add a nolog to the tasks guarded by opendistro_nolog_sensible to avoid outputting non-hashed passwords in deploy log --- .../tasks/security_actions.yml | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml index 0749d8a9..d0543e88 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml @@ -87,35 +87,34 @@ run_once: true - name: Hashing the custom admin password - command: "{{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_admin_password }}" + command: "{{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_admin_password }}" # noqa 301 register: opendistro_admin_password_hashed - run_once: true - -- name: Filtering hash result in case java path is not defined - set_fact: - opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[1] }}" - when: - - opendistro_admin_password_hashed.stdout_lines[1] is defined - run_once: true - -- name: Setting admin hash result - set_fact: - opendistro_admin_password_hashed_filtered: "{{ opendistro_admin_password_hashed.stdout_lines[0] }}" - when: - - opendistro_admin_password_hashed.stdout_lines[1] is not defined + no_log: '{{ opendistro_nolog_sensible | bool }}' run_once: true - name: Set the Admin user password replace: path: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" regexp: '(?<=admin:\n hash: )(.*)(?=)' - replace: "\"{{ opendistro_admin_password_hashed_filtered }}\"" + replace: "{{ odfe_password_hash | quote }}" + vars: + odfe_password_hash: "{{ opendistro_admin_password_hashed.stdout_lines | last }}" run_once: true -- name: Set the kibanaserver role/user pasword - shell: > - sed -i 's,{{ opendistro_kibana_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_kibana_password }} | tail -1)',' - {{ opendistro_sec_plugin_conf_path }}/internal_users.yml +# this can also be achieved with password_hash, but it requires dependencies on the controller +- name: Hash the kibanaserver role/user pasword + command: "{{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ opendistro_kibana_password }}" # noqa 301 + register: opendistro_kibanaserver_password_hashed + no_log: '{{ opendistro_nolog_sensible | bool }}' + run_once: true + +- name: Set the kibanaserver user password + replace: + path: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml" + regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)' + replace: "{{ odfe_password_hash | quote }}" + vars: + odfe_password_hash: "{{ opendistro_kibanaserver_password_hashed.stdout_lines | last }}" run_once: true - name: Initialize the OpenDistro security index in elasticsearch @@ -127,7 +126,7 @@ -cd {{ opendistro_sec_plugin_conf_path }}/ -nhnv -icl -h {{ target_address }} - run_once: true + run_once: true # noqa 301 - name: Create custom user uri: From 8fdfecc06f3122d000f915fc212ca1a59da10f81 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:05:47 -0300 Subject: [PATCH 46/67] roles/opendistro-elasticsearch: add missing mode for file module --- .../opendistro/opendistro-elasticsearch/tasks/local_actions.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml index 04f20378..6e54fdf2 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml @@ -14,6 +14,7 @@ - name: Local action | Create local temporary directory for certificates generation file: path: "{{ local_certs_path }}" + mode: 0755 state: directory - name: Local action | Check that the generation tool exists @@ -41,6 +42,7 @@ template: src: "templates/tlsconfig.yml.j2" dest: "{{ local_certs_path }}/config/tlsconfig.yml" + mode: 0644 register: tlsconfig_template - name: Create a directory if it does not exist From 878c55a18041f7138f024d5daaf082d3199930a7 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:07:07 -0300 Subject: [PATCH 47/67] roles/opendistro-elasticsearch: add new variable opendistro_nolog_sensible to role defaults --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 22709024..9925c3eb 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -70,3 +70,5 @@ opendistro_kibana_password: changeme # Deployment settings generate_certs: true perform_installation: true + +opendistro_nolog_sensible: true From 84744fe8abcb4e7e3bacf7494d0ef9ceafcd0580 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:16:09 -0300 Subject: [PATCH 48/67] roles/elasticsearch: add missing mode and ownership to template module at tasks/xpack_security.yml --- .../ansible-elasticsearch/tasks/xpack_security.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index a203cfd4..0bc62231 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -8,6 +8,9 @@ template: src: instances.yml.j2 dest: "{{ node_certs_source }}/instances.yml" + owner: root + group: root + mode: 0644 force: no register: instances_file_exists tags: From bc2702386178c14bbec3459c548807acc55b0cfd Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:17:34 -0300 Subject: [PATCH 49/67] roles/elasticsearch: expand task, add missing mode and ownership to file module --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 7c453bad..b5086166 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -6,7 +6,12 @@ when: ansible_os_family == "Debian" - name: Create elasticsearch.service.d folder. - file: path=/etc/systemd/system/elasticsearch.service.d/ state=directory + file: + path: /etc/systemd/system/elasticsearch.service.d + state: directory + owner: root + group: root + mode: 0755 when: - ansible_service_mgr == "systemd" From bc9b5b58498e1ee8c1ea60039d0190e917170ce2 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:18:35 -0300 Subject: [PATCH 50/67] roles/elasticsearch: add missing mode and ownership to lineinfile module --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index b5086166..20877867 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -97,6 +97,9 @@ lineinfile: path: /etc/security/limits.d/elasticsearch.conf line: elasticsearch - memlock unlimited + owner: root + group: root + mode: 0644 create: yes become: true changed_when: false From 17e4e687a45f82c240cff10ef7ac6acaba35dcc5 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:20:02 -0300 Subject: [PATCH 51/67] roles/elasticsearch: add linting exception to lineinfile module to avoid changing permissions of global /etc/security/limits.conf --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 20877867..c0e8ca22 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -83,7 +83,7 @@ tags: configure - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf - lineinfile: + lineinfile: # noqa 208 path: /etc/security/limits.conf line: elasticsearch - memlock unlimited create: yes From 87e9c8fc2343dd022d33973f39a8e581632d0c42 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:26:57 -0300 Subject: [PATCH 52/67] roles/wazuh-manager: add missing mode and ownership to file module --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 62aa5cac..7c0e8605 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -58,6 +58,9 @@ - name: Create folder to extract Wazuh branch file: path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + owner: root + group: root + mode: 0644 state: directory # When downloading "v3.11.0" extracted folder name is 3.11.0. From 68b8c6b5a0383913527aa14a8312f8f9ed1d6172 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:32:49 -0300 Subject: [PATCH 53/67] roles/filebeat-oss: add missing file mode and ownership for security_actions tasks --- roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml index 95503159..8a6c5aad 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml @@ -4,11 +4,16 @@ file: path: "{{ filebeat_ssl_dir }}" state: directory + owner: root + group: root + mode: 0774 - name: Copy the certificates from local to the Manager instance copy: src: "{{ local_certs_path }}/certs/{{ item }}" dest: "{{ filebeat_ssl_dir }}" + owner: root + group: root mode: 0644 with_items: - "{{ filebeat_node_name }}.key" From 8be12f0c5aa4e26679356c064183ad8bbcf8d908 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:33:09 -0300 Subject: [PATCH 54/67] roles/filebeat-oss: remove extra file permissions task --- .../wazuh/ansible-filebeat-oss/tasks/security_actions.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml index 8a6c5aad..fdec3c04 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml @@ -20,13 +20,6 @@ - "{{ filebeat_node_name }}.pem" - "root-ca.pem" - - name: Ensuring folder & certs permissions - file: - path: "{{ filebeat_ssl_dir }}/" - mode: 0774 - state: directory - recurse: yes - tags: - security when: From 55d3039519869731fb201022dbf25448ecfd5341 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:37:10 -0300 Subject: [PATCH 55/67] roles/wazuh-agent: change comparison to literal bool --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index e2bedc16..e5d8286e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -69,7 +69,7 @@ register: agent_auth_output notify: Windows | Restart Wazuh Agent when: - - wazuh_agent_authd.enable == true + - wazuh_agent_authd.enable | bool - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - wazuh_agent_authd.registration_address is not none tags: From 7634f8cf9b100b0c592b0a45aba7d02ec4100f49 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:37:55 -0300 Subject: [PATCH 56/67] roles/wazuh-agent: add noqa 208 exception for Windows template task --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index e5d8286e..c778933c 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -81,7 +81,7 @@ state: directory - name: Windows | Installing agent configuration (ossec.conf) - template: + template: # noqa 208 src: var-ossec-etc-ossec-agent.conf.j2 dest: "{{ wazuh_agent_win_path }}ossec.conf" notify: Windows | Restart Wazuh Agent From 6f5f1106b342061cff1115e70d7fd351cecfd3e1 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 11:38:19 -0300 Subject: [PATCH 57/67] roles/wazuh-agent: add missing mode for file task --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 73b3e6ce..fbfecd5b 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -46,6 +46,7 @@ - name: Create folder to extract Wazuh branch file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + mode: 0755 state: directory changed_when: false From a0f32789c46e59e5ac79af280682b6eae1f1228b Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 12:01:25 -0300 Subject: [PATCH 58/67] roles/kibana: add noqa to task, as we only intend to ensure owner/group and keep mode --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 0181a262..43de44e9 100755 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -100,6 +100,7 @@ - name: Ensuring Kibana directory owner file: + # noqa 208 path: "/usr/share/kibana" state: directory owner: kibana From 7bc8ea365be9899857d308733f6b0835fcef633f Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 12:04:38 -0300 Subject: [PATCH 59/67] lint: add ansible-lint configuration with skip_list and settings for better output --- .ansible-lint | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index b8c04701..6a6a1587 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,15 @@ --- +use_default_rules: true +parseable: true +quiet: true +verbosity: 1 + +# State that naming for now should be a warning +# 106: ansible role name does not conform to pattern [a-z][a-z0-9_]+$ warn_list: - '106' - - '303' + +# This is for false positives +# 504: Do not use 'local_action', use 'delegate_to: localhost' +skip_list: + - '504' \ No newline at end of file From 8e827552a775845571735380987af7c3ec7bc3a7 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 13:15:42 -0300 Subject: [PATCH 60/67] roles/opendistro-kibana: add missing noqa for rule 503 false positive --- roles/opendistro/opendistro-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index f43fecba..a723216a 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -20,6 +20,7 @@ - name: Remove Kibana configuration file file: + # noqa 503 path: "{{ kibana_conf_path }}/kibana.yml" state: absent when: install.changed From 88873a1759039670436d29547425505fae145f8b Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 13:18:45 -0300 Subject: [PATCH 61/67] roles/opendistro-kibana: add missing noqa for rules 208 and 503 false positive I forgot to push --- roles/opendistro/opendistro-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index a723216a..4cc73140 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -44,6 +44,7 @@ - name: Ensuring Kibana directory owner file: + # noqa 208 path: "/usr/share/kibana" state: directory owner: kibana From dac3ddc1fb1b5e2de7b7785bacd7c534dd912412 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 13 Nov 2020 10:57:20 +0100 Subject: [PATCH 62/67] wazuh-ansible: bump versions, update README --- CHANGELOG.md | 28 +++++++++++++++++-- README.md | 2 +- molecule/default/tests/test_default.py | 2 +- .../group_vars/all.yml | 4 +-- .../tests/test_default.py | 4 +-- .../distributed-wazuh-elk/group_vars/all.yml | 2 +- .../tests/test_default.py | 4 +-- .../tests/test_default.py | 2 +- pyproject.toml | 2 +- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-kibana/defaults/main.yml | 4 +-- .../defaults/main.yml | 2 +- .../opendistro-kibana/defaults/main.yml | 4 +-- .../ansible-filebeat-oss/defaults/main.yml | 2 +- .../wazuh/ansible-filebeat/defaults/main.yml | 4 +-- .../ansible-wazuh-agent/defaults/main.yml | 10 +++---- .../ansible-wazuh-manager/defaults/main.yml | 4 +-- 17 files changed, 52 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 295cafaf..af2fd0e4 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,42 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.0.1] + +### Added + +- Update to Wazuh v4.0.1 +- Allow installing fixed Filebeat-oss version ([@Zenidd](https://github.com/Zenidd)) [PR#486](https://github.com/wazuh/wazuh-ansible/pull/486) +- Feature adapt molecule tests ([@neonmei](https://github.com/neonmei)) [PR#477](https://github.com/wazuh/wazuh-ansible/pull/477) + +### Fixed + +- Improve linting history ([@neonmei](https://github.com/neonmei)) + - Fix lint opendistro kibana [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) + - Feature lint roles configurations [PR#496](https://github.com/wazuh/wazuh-ansible/pull/496) + - Feature lint role wazuh agent [PR#495](https://github.com/wazuh/wazuh-ansible/pull/495) + - Feature lint role filebeat oss [PR#494](https://github.com/wazuh/wazuh-ansible/pull/494) + - Lint role wazuh-manager [PR#493](https://github.com/wazuh/wazuh-ansible/pull/493) + - Feature lint role elasticsearch [PR#492](https://github.com/wazuh/wazuh-ansible/pull/492) + - Feature lint role opendistro-elasticsearch [PR#491](https://github.com/wazuh/wazuh-ansible/pull/491) +- Remove unnecesary nodejs dependency ([@neonmei](https://github.com/neonmei)) [PR#482](https://github.com/wazuh/wazuh-ansible/pull/482) +- Feature manager configuration unnest ([@neonmei](https://github.com/neonmei)) [PR#481](https://github.com/wazuh/wazuh-ansible/pull/481) +- Elastic API check fix ([@Zenidd](https://github.com/Zenidd)) [PR#480](https://github.com/wazuh/wazuh-ansible/pull/480) +- Improve handling of run_once at opendistro-elasticsearch role ([@neonmei](https://github.com/neonmei)) [PR#478](https://github.com/wazuh/wazuh-ansible/pull/478) + + ## [v4.0.0] ### Added - Update to Wazuh v4.0.0 +- New example playbooks on README ([@Zenidd](https://github.com/Zenidd)) [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) ### Fixed - Ensure recursive /usr/share/kibana permissions before installing WUI ([@Zenidd](https://github.com/Zenidd)) [PR#471](https://github.com/wazuh/wazuh-ansible/pull/471) - Remove vuls integration ([@manuasir](https://github.com/manuasir)) [PR#469](https://github.com/wazuh/wazuh-ansible/pull/469) -### Added - -- New example playbooks on README ([@Zenidd](https://github.com/Zenidd)) [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) ## [v3.13.2] diff --git a/README.md b/README.md index 47235d22..42cae4e4 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.0.0 | 7.9.2 | 1.10.1 | +| v4.0.1 | 7.9.3 | 1.11.0 | ## Documentation diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index a6a86674..762c593e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.0" + return "4.0.1" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index fcf3b407..715e921c 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -23,5 +23,5 @@ elasticsearch_xpack_security: true elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -elastic_stack_version: 7.9.1 -filebeat_version: 7.9.1 \ No newline at end of file +elastic_stack_version: 7.9.3 +filebeat_version: 7.9.3 \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index a6a86674..e9192994 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.0" + return "4.0.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1') + assert filebeat.version.startswith('7.9.3') diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index a706caae..c5d04fe9 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -10,4 +10,4 @@ elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" -elastic_stack_version: 7.9.1 +elastic_stack_version: 7.9.3 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index a6a86674..e9192994 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.0" + return "4.0.1" def test_wazuh_packages_are_installed(host): @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.9.1') + assert filebeat.version.startswith('7.9.3') diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index a6a86674..762c593e 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.0.0" + return "4.0.1" def test_wazuh_packages_are_installed(host): diff --git a/pyproject.toml b/pyproject.toml index aa98c6a0..8db66cca 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.0.0" +version = "4.0.1" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5a638104..5c80ad7a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.9.1 +elastic_stack_version: 7.9.3 elasticsearch_lower_disk_requirements: false elasticsearch_path_repo: [] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 35bae043..99d6da9a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,8 +6,8 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana -elastic_stack_version: 7.9.2 -wazuh_version: 4.0.0 +elastic_stack_version: 7.9.3 +wazuh_version: 4.0.1 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 9925c3eb..9f58cf70 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -3,7 +3,7 @@ es_version: "7.9.1" es_major_version: "7.x" -opendistro_version: 1.10.1 +opendistro_version: 1.11.0 single_node: false elasticsearch_node_name: node-1 diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 2974bf3d..cbd56062 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -14,11 +14,11 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.9.1 -wazuh_version: 4.0.0 +wazuh_version: 4.0.1 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository -kibana_opendistro_version: -1.10.1-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +kibana_opendistro_version: -1.11.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts package_repos: yum: diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index ace9077f..98288be6 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.9.1 -wazuh_template_branch: v4.0.0 +wazuh_template_branch: v4.0.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index f2c02a48..17ffede0 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- -filebeat_version: 7.9.2 +filebeat_version: 7.9.3 -wazuh_template_branch: v4.0.0 +wazuh_template_branch: v4.0.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 38ff1151..51d5f72e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.0.0-1 +wazuh_agent_version: 4.0.1-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.0.0" + branch: "v4.0.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -66,9 +66,9 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: f9737cbd7df7104c1bee9f3e8b9ca26e -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi -wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi + md5: f2444d89dab2c4c31bbdef454c95eb28 +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.1-1.msi +wazuh_winagent_package_name: wazuh-agent-4.0.1-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 72227a5f..9d496170 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.0.0-1 +wazuh_manager_version: 4.0.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.0.0" + branch: "v4.0.1" user_language: "en" user_no_stop: "y" user_install_type: "server" From f902bd52699cabbf6ef2647734d0926756a82cdc Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 13 Nov 2020 12:07:26 -0300 Subject: [PATCH 63/67] roles/wazuh-agent: update comment at role defaults --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b7dcd7ce..86c1e21f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -71,7 +71,7 @@ wazuh_agent_repo: wazuh_agent_nat: false ########################################## -### Wazuh-OSSEC +### Wazuh ########################################## wazuh_agent_config_overlay: yes From 64cc04f5b094a6ddf62a4fe980abc41624d428e4 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 13 Nov 2020 16:55:47 +0100 Subject: [PATCH 64/67] Merge master changes --- .../ansible-elasticsearch/defaults/main.yml | 3 +- .../ansible-kibana/defaults/main.yml | 2 - .../defaults/main.yml | 13 - .../opendistro-kibana/defaults/main.yml | 5 - roles/wazuh/ansible-filebeat-oss/README.md | 1 - .../ansible-filebeat-oss/defaults/main.yml | 5 - roles/wazuh/ansible-filebeat/README.md | 1 - .../wazuh/ansible-filebeat/defaults/main.yml | 21 - .../ansible-wazuh-agent/defaults/main.yml | 528 ++++++++++-------- .../wazuh/ansible-wazuh-agent/tasks/main.yml | 8 + 10 files changed, 299 insertions(+), 288 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5c80ad7a..34d44890 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -27,9 +27,8 @@ elasticsearch_discovery_nodes: elasticsearch_node_data: true elasticsearch_node_ingest: true -# X-Pack Security +# X-Pack Security elasticsearch_xpack_security: false -elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass node_certs_generator: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 99d6da9a..e61495a0 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -31,8 +31,6 @@ kibana_ssl_verification_mode: "full" elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -node_certs_generator: false -node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/kibana/certs # CA Generation diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 9f58cf70..a4ffeeab 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,8 +1,5 @@ --- # Cluster Settings -es_version: "7.9.1" -es_major_version: "7.x" - opendistro_version: 1.11.0 single_node: false @@ -38,13 +35,8 @@ package_repos: opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_conf_path: /etc/elasticsearch/ -es_nodes: |- - {% for item in groups['es_cluster'] -%} - {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} - {%- endfor %} # Security password -opendistro_security_password: admin opendistro_custom_user: "" opendistro_custom_user_role: "admin" @@ -58,11 +50,6 @@ certs_gen_tool_version: 1.8 # Url of Search Guard certificates generator tool certs_gen_tool_url: "https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" -elasticrepo: - apt: 'https://artifacts.elastic.co/packages/7.x/apt' - yum: 'https://artifacts.elastic.co/packages/7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-opendistro' - key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' opendistro_admin_password: changeme opendistro_kibana_password: changeme diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index cbd56062..4fe1c819 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -2,10 +2,6 @@ # Kibana configuration elasticsearch_http_port: 9200 -elasticsearch_nodes: |- - {% for item in groups['es_cluster'] -%} - {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %} - {%- endfor %} elastic_api_protocol: https kibana_conf_path: /etc/kibana kibana_node_name: node-1 @@ -44,7 +40,6 @@ kibana_newsfeed_enabled: "false" kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" -opendistro_security_user: elastic opendistro_admin_password: changeme opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme diff --git a/roles/wazuh/ansible-filebeat-oss/README.md b/roles/wazuh/ansible-filebeat-oss/README.md index bed47531..02311817 100644 --- a/roles/wazuh/ansible-filebeat-oss/README.md +++ b/roles/wazuh/ansible-filebeat-oss/README.md @@ -19,7 +19,6 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 98288be6..be1eae13 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -3,9 +3,6 @@ filebeat_version: 7.9.1 wazuh_template_branch: v4.0.1 -filebeat_create_config: true - -filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" @@ -18,8 +15,6 @@ elasticsearch_security_user: admin elasticsearch_security_password: changeme # Security plugin filebeat_security: true -filebeat_security_user: admin -filebeat_security_password: changeme filebeat_ssl_dir: /etc/pki/filebeat # Local path to store the generated certificates (OpenDistro security plugin) diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md index 416f7da0..3bbc2b32 100644 --- a/roles/wazuh/ansible-filebeat/README.md +++ b/roles/wazuh/ansible-filebeat/README.md @@ -19,7 +19,6 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 17ffede0..401983ff 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -5,29 +5,11 @@ wazuh_template_branch: v4.0.1 filebeat_create_config: true -filebeat_prospectors: - - input_type: log - paths: - - "/var/ossec/logs/alerts/alerts.json" - document_type: json - json.message_key: log - json.keys_under_root: true - json.overwrite_keys: true - filebeat_node_name: node-1 -filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_enable_logging: true -filebeat_log_level: debug -filebeat_log_dir: /var/log/mybeat -filebeat_log_filename: mybeat.log -filebeat_ssl_dir: /etc/pki/filebeat -filebeat_ssl_certificate_file: "" -filebeat_ssl_insecure: "false" - filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ @@ -40,11 +22,8 @@ filebeat_xpack_security: false elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass -node_certs_generator : false -node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/filebeat/certs - # CA Generation master_certs_path: "{{ playbook_dir }}/es_certs" generate_CA: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 51d5f72e..21ccb4f7 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -32,19 +32,11 @@ wazuh_agent_sources_installation: user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" -wazuh_managers: - - address: 127.0.0.1 - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - max_retries: 5 - retry_interval: 5 wazuh_api_reachable_from_agent: false wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' + wazuh_agent_authd: registration_address: 127.0.0.1 enable: false @@ -69,234 +61,294 @@ wazuh_winagent_config: md5: f2444d89dab2c4c31bbdef454c95eb28 wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.1-1.msi wazuh_winagent_package_name: wazuh-agent-4.0.1-1.msi -wazuh_agent_config: - repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - active_response: - ar_disabled: 'no' - ca_store: '/var/ossec/etc/wpk_root.pem' - ca_store_win: 'wpk_root.pem' - ca_verification: 'yes' - log_format: 'plain' - client_buffer: - disable: 'no' - queue_size: '5000' - events_per_sec: '500' - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - win_audit_interval: 60 - skip_nfs: 'yes' - skip_dev: 'yes' - skip_proc: 'yes' - skip_sys: 'yes' - process_priority: 10 - max_eps: 100 - sync_enabled: 'yes' - sync_interval: '5m' - sync_max_interval: '1h' - sync_max_eps: 10 - ignore: - - /etc/mtab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/random-seed - - /etc/random.seed - - /etc/adjtime - - /etc/httpd/logs - - /etc/utmpx - - /etc/wtmpx - - /etc/cups/certs - - /etc/dumpdates - - /etc/svc/volatile - ignore_linux_type: - - '.log$|.swp$' - ignore_win: - - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - no_diff: - - /etc/ssl/private.key - directories: - - dirs: /etc,/usr/bin,/usr/sbin - checks: '' - - dirs: /bin,/sbin,/boot - checks: '' - win_directories: - - dirs: '%WINDIR%' - checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' - - dirs: '%WINDIR%\SysNative' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| - net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" - - dirs: '%WINDIR%\SysNative\drivers\etc%' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\SysNative\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\SysNative' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%WINDIR%\System32' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| - netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\System32\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\System32' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'realtime="yes"' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Security' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components' - arch: "both" - windows_registry_ignore: - - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets' - - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users' - - key: '\Enum$' - type: "sregex" - rootcheck: - frequency: 43200 - openscap: - disable: 'yes' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - osquery: - disable: 'yes' - run_daemon: 'yes' - bin_path_win: 'C:\Program Files\osquery\osqueryd' - log_path: '/var/log/osquery/osqueryd.results.log' - log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' - config_path: '/etc/osquery/osquery.conf' - config_path_win: 'C:\Program Files\osquery\osquery.conf' - add_labels: 'yes' - syscollector: - disable: 'no' - interval: '1h' - scan_on_start: 'yes' - hardware: 'yes' - os: 'yes' - network: 'yes' - packages: 'yes' - ports_no: 'yes' - processes: 'yes' - sca: - enabled: 'yes' - scan_on_start: 'yes' - interval: '12h' - skip_nfs: 'yes' - day: '' - wday: '' - time: '' - cis_cat: - disable: 'yes' - install_java: 'no' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - java_path: 'wodles/java' - java_path_win: '\\server\jre\bin\java.exe' - ciscat_path: 'wodles/ciscat' - ciscat_path_win: 'C:\cis-cat' - localfiles: - debian: - - format: 'syslog' - location: '/var/log/auth.log' - - format: 'syslog' - location: '/var/log/syslog' - - format: 'syslog' - location: '/var/log/dpkg.log' - - format: 'syslog' - location: '/var/log/kern.log' - centos: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'audit' - location: '/var/log/audit/audit.log' - linux: - - format: 'syslog' - location: '/var/ossec/logs/active-responses.log' - - format: 'full_command' - command: 'last -n 20' - frequency: '360' - - format: 'command' - command: df -P - frequency: '360' - - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - alias: 'netstat listening ports' - frequency: '360' - windows: - - format: 'eventlog' - location: 'Application' - - format: 'eventchannel' - location: 'Security' - query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]' - - format: 'eventlog' - location: 'System' - - format: 'syslog' - location: 'active-response\active-responses.log' - labels: - enable: false - list: - - key: Env - value: Production - enrollment: - enabled: '' - manager_address: '' - port: 1515 - agent_name: 'testname' - groups: '' - agent_address: '' - ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - server_ca_path: '' - agent_certificate_path: '' - agent_key_path: '' - authorization_pass_path : /var/ossec/etc/authd.pass - auto_method: 'no' - delay_after_enrollment: 20 - use_source_ip: 'no' +wazuh_agent_repo: + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + wazuh_agent_nat: false + +########################################## +### Wazuh +########################################## + +wazuh_agent_config_overlay: yes + +## Client +wazuh_managers: + - address: 127.0.0.1 + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: null + max_retries: 5 + retry_interval: 5 + +## Enrollment +wazuh_agent_enrollment: + enabled: '' + manager_address: '' + port: 1515 + agent_name: 'testname' + groups: '' + agent_address: '' + ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + server_ca_path: '' + agent_certificate_path: '' + agent_key_path: '' + authorization_pass_path: /var/ossec/etc/authd.pass + auto_method: 'no' + delay_after_enrollment: 20 + use_source_ip: 'no' + +## Client buffer +wazuh_agent_client_buffer: + disable: 'no' + queue_size: '5000' + events_per_sec: '500' + +## Rootcheck +wazuh_agent_rootcheck: + frequency: 43200 + +## Wodles +wazuh_agent_openscap: + disable: 'yes' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + +wazuh_agent_cis_cat: + disable: 'yes' + install_java: 'no' + timeout: 1800 + interval: '1d' + scan_on_start: 'yes' + java_path: 'wodles/java' + java_path_win: '\\server\jre\bin\java.exe' + ciscat_path: 'wodles/ciscat' + ciscat_path_win: 'C:\cis-cat' + +wazuh_agent_osquery: + disable: 'yes' + run_daemon: 'yes' + bin_path_win: 'C:\Program Files\osquery\osqueryd' + log_path: '/var/log/osquery/osqueryd.results.log' + log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' + config_path: '/etc/osquery/osquery.conf' + config_path_win: 'C:\Program Files\osquery\osquery.conf' + add_labels: 'yes' + +wazuh_agent_syscollector: + disable: 'no' + interval: '1h' + scan_on_start: 'yes' + hardware: 'yes' + os: 'yes' + network: 'yes' + packages: 'yes' + ports_no: 'yes' + processes: 'yes' + +## SCA +wazuh_agent_sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' + +## Syscheck +wazuh_agent_syscheck: + frequency: 43200 + scan_on_start: 'yes' + auto_ignore: 'no' + win_audit_interval: 60 + skip_nfs: 'yes' + skip_dev: 'yes' + skip_proc: 'yes' + skip_sys: 'yes' + process_priority: 10 + max_eps: 100 + sync_enabled: 'yes' + sync_interval: '5m' + sync_max_interval: '1h' + sync_max_eps: 10 + ignore: + - /etc/mtab + - /etc/hosts.deny + - /etc/mail/statistics + - /etc/random-seed + - /etc/random.seed + - /etc/adjtime + - /etc/httpd/logs + - /etc/utmpx + - /etc/wtmpx + - /etc/cups/certs + - /etc/dumpdates + - /etc/svc/volatile + ignore_linux_type: + - '.log$|.swp$' + ignore_win: + - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' + no_diff: + - /etc/ssl/private.key + directories: + - dirs: /etc,/usr/bin,/usr/sbin + checks: '' + - dirs: /bin,/sbin,/boot + checks: '' + win_directories: + - dirs: '%WINDIR%' + checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' + - dirs: '%WINDIR%\SysNative' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| + net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" + - dirs: '%WINDIR%\SysNative\drivers\etc%' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\SysNative\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\SysNative' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%WINDIR%\System32' + checks: >- + recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| + netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" + - dirs: '%WINDIR%\System32\drivers\etc' + checks: 'recursion_level="0"' + - dirs: '%WINDIR%\System32\wbem' + checks: 'recursion_level="0" restrict="WMIC.exe$"' + - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' + checks: 'recursion_level="0" restrict="powershell.exe$"' + - dirs: '%WINDIR%\System32' + checks: 'recursion_level="0" restrict="winrm.vbs$"' + - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' + checks: 'realtime="yes"' + windows_registry: + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Policies' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Security' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services' + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs' + - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx' + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' + arch: "both" + - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components' + arch: "both" + windows_registry_ignore: + - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets' + - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users' + - key: '\Enum$' + type: "sregex" + +## Localfile +wazuh_agent_localfiles: + debian: + - format: 'syslog' + location: '/var/log/auth.log' + - format: 'syslog' + location: '/var/log/syslog' + - format: 'syslog' + location: '/var/log/dpkg.log' + - format: 'syslog' + location: '/var/log/kern.log' + centos: + - format: 'syslog' + location: '/var/log/messages' + - format: 'syslog' + location: '/var/log/secure' + - format: 'syslog' + location: '/var/log/maillog' + - format: 'audit' + location: '/var/log/audit/audit.log' + linux: + - format: 'syslog' + location: '/var/ossec/logs/active-responses.log' + - format: 'full_command' + command: 'last -n 20' + frequency: '360' + - format: 'command' + command: df -P + frequency: '360' + - format: 'full_command' + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + alias: 'netstat listening ports' + frequency: '360' + windows: + - format: 'eventlog' + location: 'Application' + - format: 'eventchannel' + location: 'Security' + query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]' + - format: 'eventlog' + location: 'System' + - format: 'syslog' + location: 'active-response\active-responses.log' + +## Labels +wazuh_agent_labels: + enable: false + list: + - key: Env + value: Production + +## Active response +wazuh_agent_active_response: + ar_disabled: 'no' + ca_store: '/var/ossec/etc/wpk_root.pem' + ca_store_win: 'wpk_root.pem' + ca_verification: 'yes' + +## Logging +wazuh_agent_log_format: 'plain' + +# wazuh_agent_config +wazuh_agent_config_defaults: + repo: '{{ wazuh_agent_repo }}' + active_response: '{{ wazuh_agent_active_response }}' + log_format: '{{ wazuh_agent_log_format }}' + client_buffer: '{{ wazuh_agent_client_buffer }}' + syscheck: '{{ wazuh_agent_syscheck }}' + + rootcheck: '{{ wazuh_agent_rootcheck }}' + openscap: '{{ wazuh_agent_openscap }}' + + osquery: '{{ wazuh_agent_osquery }}' + syscollector: '{{ wazuh_agent_syscollector }}' + sca: '{{ wazuh_agent_sca }}' + cis_cat: '{{ wazuh_agent_cis_cat }}' + localfiles: '{{ wazuh_agent_localfiles }}' + + labels: '{{ wazuh_agent_labels }}' + enrollment: '{{ wazuh_agent_enrollment }}' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 25c7b955..43aa2ca3 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,4 +1,12 @@ --- + +- name: Overlay wazuh_agent_config on top of defaults + set_fact: + wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}' + vars: + config_layer: '{{ wazuh_agent_config | default({}) }}' + when: wazuh_agent_config_overlay | bool + - include_tasks: "Windows.yml" when: ansible_os_family == "Windows" From 158750c9a8337362ec34c4e644404017c2a1f079 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 13 Nov 2020 17:06:11 +0100 Subject: [PATCH 65/67] Changelog update --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af2fd0e4..926a64b8 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,13 +12,16 @@ All notable changes to this project will be documented in this file. ### Fixed - Improve linting history ([@neonmei](https://github.com/neonmei)) - - Fix lint opendistro kibana [PR#468](https://github.com/wazuh/wazuh-ansible/pull/468) + - Fix lint opendistro kibana [PR#497](https://github.com/wazuh/wazuh-ansible/pull/497) - Feature lint roles configurations [PR#496](https://github.com/wazuh/wazuh-ansible/pull/496) - Feature lint role wazuh agent [PR#495](https://github.com/wazuh/wazuh-ansible/pull/495) - Feature lint role filebeat oss [PR#494](https://github.com/wazuh/wazuh-ansible/pull/494) - Lint role wazuh-manager [PR#493](https://github.com/wazuh/wazuh-ansible/pull/493) - Feature lint role elasticsearch [PR#492](https://github.com/wazuh/wazuh-ansible/pull/492) - Feature lint role opendistro-elasticsearch [PR#491](https://github.com/wazuh/wazuh-ansible/pull/491) + - Feature lint remove unused variables [PR#487](https://github.com/wazuh/wazuh-ansible/pull/487) + - Feature agent default vars depth reduction [PR#485](https://github.com/wazuh/wazuh-ansible/pull/485) + - Remove unnecesary nodejs dependency ([@neonmei](https://github.com/neonmei)) [PR#482](https://github.com/wazuh/wazuh-ansible/pull/482) - Feature manager configuration unnest ([@neonmei](https://github.com/neonmei)) [PR#481](https://github.com/wazuh/wazuh-ansible/pull/481) - Elastic API check fix ([@Zenidd](https://github.com/Zenidd)) [PR#480](https://github.com/wazuh/wazuh-ansible/pull/480) From b2f9bc9901f635758c13aff2d76c17434da137b8 Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 13 Nov 2020 14:01:01 -0300 Subject: [PATCH 66/67] roles/elastic-stack: update jvm.options template per upstream elasticsearch updates --- .../templates/jvm.options.j2 | 41 +++++++++++++++---- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 index c43ce401..320bd579 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2 @@ -47,9 +47,22 @@ ################################################################ ## GC configuration --XX:+UseConcMarkSweepGC --XX:CMSInitiatingOccupancyFraction=75 --XX:+UseCMSInitiatingOccupancyOnly +8-13:-XX:+UseConcMarkSweepGC +8-13:-XX:CMSInitiatingOccupancyFraction=75 +8-13:-XX:+UseCMSInitiatingOccupancyOnly + +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10-13:-XX:-UseConcMarkSweepGC +# 10-13:-XX:-UseCMSInitiatingOccupancyOnly +14-:-XX:+UseG1GC +14-:-XX:G1ReservePercent=25 +14-:-XX:InitiatingHeapOccupancyPercent=30 + +## JVM temporary directory +-Djava.io.tmpdir=${ES_TMPDIR} ## optimizations @@ -96,14 +109,24 @@ # ensure the directory exists and has sufficient space -XX:HeapDumpPath=/var/lib/elasticsearch +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log + ## GC logging -#-XX:+PrintGCDetails -#-XX:+PrintGCTimeStamps -#-XX:+PrintGCDateStamps -#-XX:+PrintClassHistogram -#-XX:+PrintTenuringDistribution -#-XX:+PrintGCApplicationStoppedTime +## JDK 8 GC logging + +# 8:-XX:+PrintGCDetails +# 8:-XX:+PrintGCDateStamps +# 8:-XX:+PrintTenuringDistribution +# 8:-XX:+PrintGCApplicationStoppedTime +# 8:-Xloggc:/var/log/elasticsearch/gc.log +# 8:-XX:+UseGCLogFileRotation +# 8:-XX:NumberOfGCLogFiles=32 +# 8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +# 9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m # log GC status to a file with time stamps # ensure the directory exists From 277df071bd7d8feea1546a8985f9cc9ad7c33351 Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 16 Nov 2020 17:14:58 +0100 Subject: [PATCH 67/67] include latest PR on release --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 926a64b8..5032bf99 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file. ### Fixed +- Roles/elastic-stack: update jvm.options template per upstream updates ([@neonmei](https://github.com/neonmei)) [PR#501](https://github.com/wazuh/wazuh-ansible/pull/501) - Improve linting history ([@neonmei](https://github.com/neonmei)) - Fix lint opendistro kibana [PR#497](https://github.com/wazuh/wazuh-ansible/pull/497) - Feature lint roles configurations [PR#496](https://github.com/wazuh/wazuh-ansible/pull/496) @@ -21,7 +22,6 @@ All notable changes to this project will be documented in this file. - Feature lint role opendistro-elasticsearch [PR#491](https://github.com/wazuh/wazuh-ansible/pull/491) - Feature lint remove unused variables [PR#487](https://github.com/wazuh/wazuh-ansible/pull/487) - Feature agent default vars depth reduction [PR#485](https://github.com/wazuh/wazuh-ansible/pull/485) - - Remove unnecesary nodejs dependency ([@neonmei](https://github.com/neonmei)) [PR#482](https://github.com/wazuh/wazuh-ansible/pull/482) - Feature manager configuration unnest ([@neonmei](https://github.com/neonmei)) [PR#481](https://github.com/wazuh/wazuh-ansible/pull/481) - Elastic API check fix ([@Zenidd](https://github.com/Zenidd)) [PR#480](https://github.com/wazuh/wazuh-ansible/pull/480)