Added changes for ELK 7
This commit is contained in:
Manuel J. Bernal
parent
a92b7ad284
commit
7619b44426
@ -1,7 +1,6 @@
|
|||||||
---
|
---
|
||||||
- hosts: <your single server host>
|
- hosts: <your server host>
|
||||||
roles:
|
roles:
|
||||||
- {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager}
|
- {role: ../roles/wazuh/ansible-wazuh-manager}
|
||||||
- {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'}
|
- {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true}
|
||||||
- { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: 'localhost' }
|
- { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' }
|
||||||
- { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' }
|
|
||||||
|
|||||||
@ -5,6 +5,8 @@ elasticsearch_http_port: 9200
|
|||||||
elasticsearch_network_host: 127.0.0.1
|
elasticsearch_network_host: 127.0.0.1
|
||||||
elasticsearch_jvm_xms: null
|
elasticsearch_jvm_xms: null
|
||||||
elastic_stack_version: 7.1.1
|
elastic_stack_version: 7.1.1
|
||||||
elasticsearch_shards: 5
|
single_node: false
|
||||||
elasticsearch_replicas: 1
|
elasticsearch_bootstrap_node: false
|
||||||
elasticsearch_install_java: true
|
elasticsearch_master_candidate: false
|
||||||
|
elasticsearch_cluster_nodes:
|
||||||
|
- 127.0.0.1
|
||||||
@ -4,12 +4,6 @@
|
|||||||
name: ['apt-transport-https', 'ca-certificates']
|
name: ['apt-transport-https', 'ca-certificates']
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- when: elasticsearch_install_java
|
|
||||||
block:
|
|
||||||
- name: Debian/Ubuntu | Install OpenJDK 1.8
|
|
||||||
apt: name=openjdk-8-jre state=present cache_valid_time=3600
|
|
||||||
tags: install
|
|
||||||
|
|
||||||
- name: Debian/Ubuntu | Add Elasticsearch GPG key.
|
- name: Debian/Ubuntu | Add Elasticsearch GPG key.
|
||||||
apt_key:
|
apt_key:
|
||||||
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
|
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||||
state: absent
|
state: absent
|
||||||
|
|||||||
@ -1,10 +1,4 @@
|
|||||||
---
|
---
|
||||||
- when: elasticsearch_install_java
|
|
||||||
block:
|
|
||||||
- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8
|
|
||||||
yum: name=java-1.8.0-openjdk state=present
|
|
||||||
register: oracle_java_task_rpm_installed
|
|
||||||
tags: install
|
|
||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Install Elastic repo
|
- name: RedHat/CentOS/Fedora | Install Elastic repo
|
||||||
yum_repository:
|
yum_repository:
|
||||||
@ -16,5 +10,4 @@
|
|||||||
|
|
||||||
- name: RedHat/CentOS/Fedora | Install Elasticsarch
|
- name: RedHat/CentOS/Fedora | Install Elasticsarch
|
||||||
package: name=elasticsearch-{{ elastic_stack_version }} state=present
|
package: name=elasticsearch-{{ elastic_stack_version }} state=present
|
||||||
when: not elasticsearch_install_java or oracle_java_task_rpm_installed is defined
|
|
||||||
tags: install
|
tags: install
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
|
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||||
state: absent
|
state: absent
|
||||||
|
|||||||
@ -12,6 +12,6 @@
|
|||||||
|
|
||||||
- name: Debian/Ubuntu | Add Filebeat repository.
|
- name: Debian/Ubuntu | Add Filebeat repository.
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main'
|
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
|
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
|
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||||
state: absent
|
state: absent
|
||||||
|
|||||||
@ -3,6 +3,6 @@
|
|||||||
yum_repository:
|
yum_repository:
|
||||||
name: elastic_repo
|
name: elastic_repo
|
||||||
description: Elastic repository for 6.x packages
|
description: Elastic repository for 6.x packages
|
||||||
baseurl: https://artifacts.elastic.co/packages/6.x/yum
|
baseurl: https://artifacts.elastic.co/packages/7.x/yum
|
||||||
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||||
gpgcheck: true
|
gpgcheck: true
|
||||||
|
|||||||
@ -9,6 +9,16 @@
|
|||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
tags: configure
|
tags: configure
|
||||||
|
|
||||||
|
- name: Copy Elasticsearch template.
|
||||||
|
template:
|
||||||
|
src: elasticsearch.yml.j2
|
||||||
|
dest: "/etc/filebeat/wazuh-template.json"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: restart filebeat
|
||||||
|
tags: configure
|
||||||
|
|
||||||
- name: Ensure Filebeat SSL key pair directory exists.
|
- name: Ensure Filebeat SSL key pair directory exists.
|
||||||
file:
|
file:
|
||||||
path: "{{ filebeat_ssl_dir }}"
|
path: "{{ filebeat_ssl_dir }}"
|
||||||
|
|||||||
1455
roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
Normal file
1455
roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,7 @@
|
|||||||
<!-- Local rules -->
|
<!-- Local rules -->
|
||||||
|
|
||||||
<!-- Modify it at your will. -->
|
<!-- Modify it at your will. -->
|
||||||
|
<!-- Copyright (C) 2015-2019, Wazuh Inc. -->
|
||||||
|
|
||||||
<!-- Example -->
|
<!-- Example -->
|
||||||
<group name="local,syslog,sshd,">
|
<group name="local,syslog,sshd,">
|
||||||
@ -16,20 +17,3 @@
|
|||||||
</rule>
|
</rule>
|
||||||
|
|
||||||
</group>
|
</group>
|
||||||
|
|
||||||
<!--
|
|
||||||
Used with active-response to restart an agent when agent.conf file
|
|
||||||
is successfully retrieved.
|
|
||||||
-->
|
|
||||||
<group name="local,ossec,">
|
|
||||||
<rule id="100002" level="1">
|
|
||||||
<if_group>syscheck</if_group>
|
|
||||||
<match>/var/ossec/etc/shared/agent.conf</match>
|
|
||||||
<description>Linux | agent.conf was modified</description>
|
|
||||||
</rule>
|
|
||||||
<rule id="100003" level="1">
|
|
||||||
<if_group>syscheck</if_group>
|
|
||||||
<match>C:\wazuh-agent/shared/agent.conf</match>
|
|
||||||
<description>Windows | agent.conf was modified</description>
|
|
||||||
</rule>
|
|
||||||
</group>
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user