diff --git a/CHANGELOG.md b/CHANGELOG.md index 987939a3..213cb432 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.4_7.6.1] + +### Added + +- Update to Wazuh v3.11.4 +- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377) + +### Changed + +- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369) +- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375) +- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348) + +### Fixed + +- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371) +- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372) +- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352) +- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360) + ## [v3.11.3_7.5.2] ### Added diff --git a/VERSION b/VERSION index a70bc633..d6be8992 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.3" -REVISION="31130" +WAZUH-ANSIBLE_VERSION="v4" +REVISION="31140" diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 5f4213f5..16abfcf5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -4,7 +4,7 @@ roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: - node_name: node-1 + elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - @@ -88,4 +88,4 @@ # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 # node_certs_generator: false -# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file +# elasticsearch_xpack_security_password: elastic_pass diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index b9aa470d..e04f9527 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.2 +elastic_stack_version: 7.6.1 elasticsearch_lower_disk_requirements: false elasticrepo: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e9261956..47438f98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0664' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0664' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -100,7 +100,7 @@ file: path: "{{ master_certs_path }}" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -109,7 +109,7 @@ file: path: "{{ master_certs_path }}/ca/" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -149,6 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -163,6 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -176,7 +178,7 @@ - name: Ensuring folder permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 774f819e..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.2 -wazuh_version: 3.11.3 +elastic_stack_version: 7.6.1 +wazuh_version: 3.11.4 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: @@ -43,8 +43,11 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.5 +wazuh_plugin_branch: 3.11-7.6 + +#Nodejs NODE_OPTIONS +node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 6a3dc514..b7ceb87f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -14,7 +14,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + mode: 0700 - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh @@ -63,12 +63,11 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4926e19d..efd16de5 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,6 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -41,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0664' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -65,7 +66,7 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: 0770 recurse: yes when: - kibana_xpack_security @@ -78,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: 0644 notify: restart kibana tags: configure @@ -117,14 +118,14 @@ - build_from_sources is defined - build_from_sources - - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: >- + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana @@ -134,6 +135,16 @@ when: - not build_from_sources +- name: Kibana optimization (can take a while) + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize + args: + executable: /bin/bash + become: yes + become_user: kibana + changed_when: false + tags: + - skip_ansible_lint + - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c54d62e7..8f06aaf4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.2 +filebeat_version: 7.6.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index ce63503d..d45b06e8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -5,7 +5,7 @@ dest: "/etc/filebeat/filebeat.yml" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -15,7 +15,7 @@ dest: "/etc/filebeat/wazuh-template.json" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0644 + mode: 0400 with_items: - "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_certificate_file }}" diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 07bc94ea..4948c252 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -43,6 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -55,7 +57,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 51ba5302..ffa94f60 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,18 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.11.4-1 + + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: false +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_agent_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -52,10 +61,10 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.3' - revision: '1' - repo: https://packages.wazuh.com/3.x/windows/ - md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba + check_md5: True + md5: 87ce22038688efb44d95f9daff472056 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 68c0b726..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,6 +21,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -29,6 +30,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -38,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 27819956..2d75e960 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index ee0aced7..461249e9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -14,38 +14,41 @@ - name: Windows | Set Win Path (x64) set_fact: wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" when: - not check_path.stat.exists - name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" register: wazuh_package_downloaded - name: Windows | Download Wazuh Agent package win_get_url: - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: "{{ wazuh_winagent_config_url }}" dest: "{{ wazuh_winagent_config.download_dir }}" when: - not wazuh_package_downloaded.stat.exists - name: Windows | Verify the Wazuh Agent installer win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" get_checksum: true checksum_algorithm: md5 register: wazuh_agent_status failed_when: - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + when: + - wazuh_winagent_config.check_md5 - name: Windows | Install Agent if not already installed win_package: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}client.keys" + win_stat: + path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: - config @@ -94,5 +97,5 @@ - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: absent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..aa50004f --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,28 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh Agent from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 69934631..73b3e6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -76,7 +76,7 @@ dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 19b1eae9..199e7810 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -20,7 +20,7 @@ This role has some variables which you can or need to override. ``` wazuh_manager_fqdn: ~ wazuh_manager_config: [] -wazuh_agent_configs: [] +shared_agent_config: [] ``` Vault variables @@ -157,7 +157,7 @@ wazuh_manager_config: level: 6 timeout: 600 -wazuh_agent_configs: +shared_agent_config: - type: os type_value: linux frequency_check: 79200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 52de8dab..86b0205b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,21 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.11.4-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: false +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: false +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" update: "y" remove: "y" directory: null @@ -47,6 +56,9 @@ wazuh_api_sources_installation: common_name: null password: null +wazuh_api_user: + - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' @@ -344,53 +356,53 @@ wazuh_manager_config: - key: Env value: Production -wazuh_agent_configs: - - type: os - type_value: Linux - syscheck: - frequency: 43200 - scan_on_start: 'yes' - alert_new_files: 'yes' - ignore: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - rootcheck: - frequency: 43200 - cis_distribution_filename: null - localfiles: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'apache' - location: '/var/log/httpd/error_log' - - format: 'apache' - location: '/var/log/httpd/access_log' - - format: 'apache' - location: '/var/ossec/logs/active-responses.log' - - type: os - type_value: Windows - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - alert_new_files: 'yes' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - arch: 'both' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - localfiles: - - location: 'Security' - format: 'eventchannel' - - location: 'System' - format: 'eventlog' +# shared_agent_config: + # - type: os + # type_value: Linux + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # alert_new_files: 'yes' + # ignore: + # - /etc/mtab + # - /etc/mnttab + # - /etc/hosts.deny + # - /etc/mail/statistics + # - /etc/svc/volatile + # no_diff: + # - /etc/ssl/private.key + # rootcheck: + # frequency: 43200 + # cis_distribution_filename: null + # localfiles: + # - format: 'syslog' + # location: '/var/log/messages' + # - format: 'syslog' + # location: '/var/log/secure' + # - format: 'syslog' + # location: '/var/log/maillog' + # - format: 'apache' + # location: '/var/log/httpd/error_log' + # - format: 'apache' + # location: '/var/log/httpd/access_log' + # - format: 'apache' + # location: '/var/ossec/logs/active-responses.log' + # - type: os + # type_value: Windows + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # auto_ignore: 'no' + # alert_new_files: 'yes' + # windows_registry: + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + # arch: 'both' + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + # localfiles: + # - location: 'Security' + # format: 'eventchannel' + # - location: 'System' + # format: 'eventlog' nodejs: repo_dict: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 36fe4ff5..da27042f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,6 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,6 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -42,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -106,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -122,4 +130,6 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled + - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..cb0dbf5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,8 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..0dc9808d --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,61 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" + + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh API from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - wazuh_manager_config.cluster.node_type == "master" + + - name: Install Wazuh API from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - wazuh_manager_config.cluster.node_type == "master" + + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 10203cb9..e019d2f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file @@ -91,7 +91,7 @@ dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Executing "install.sh" script to build and install the Wazuh Manager shell: ./install.sh > /tmp/build_wazuh_manager_log.txt @@ -122,6 +122,8 @@ stat: path: /var/ossec/api/app.js register: wazuh_api + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources block: @@ -165,7 +167,7 @@ dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Execute Wazuh API installation script shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt @@ -178,5 +180,6 @@ when: - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 6a2ccf95..254b7e88 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -18,14 +18,16 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh - mode: '0775' + mode: 0775 changed_when: false - name: Run NodeJS bash script command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: not node_service_status.stat.exists + when: + - not node_service_status.stat.exists + - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: @@ -33,6 +35,9 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: init - include_tasks: "RedHat.yml" @@ -158,6 +163,8 @@ tags: - init - config + when: + - shared_agent_config is defined - name: Installing the config.js (api configuration) template: src=var-ossec-api-configuration-config.js.j2 @@ -166,6 +173,9 @@ group=ossec mode=0740 notify: restart wazuh-api + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: - init - config @@ -191,12 +201,6 @@ tags: - config -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) - tags: - - config - name: Check if syslog output is enabled set_fact: syslog_output=true @@ -308,6 +312,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined + - wazuh_manager_config.cluster.node_type == "master" tags: - config @@ -329,31 +334,22 @@ tags: - config -- name: Ensure Wazuh Manager, wazuh API service is started and enabled +- name: Ensure Wazuh Manager service is started and enabled. service: - name: "{{ item }}" + name: "wazuh-manager" enabled: true state: started - with_items: - - wazuh-manager - - wazuh-api tags: - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 -- name: Ensure Wazuh Manager is started and enabled (EL5) +- name: Ensure Wazuh API service is started and enabled. service: - name: wazuh-manager + name: "wazuh-api" enabled: true state: started + when: wazuh_manager_config.cluster.node_type == "master" tags: - config - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index dd1c8d9a..00fdcd01 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -1,6 +1,6 @@ #jinja2: trim_blocks: False -{% if wazuh_agent_configs is defined %} -{% for agent_config in wazuh_agent_configs %} +{% if shared_agent_config is defined %} +{% for agent_config in shared_agent_config %} {% if agent_config.syscheck is defined %} diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml deleted file mode 100644 index 2d5f8c73..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"