From 62ac174880772dd874b884dbff89da919287453e Mon Sep 17 00:00:00 2001 From: sgargel Date: Thu, 24 Oct 2019 18:24:32 +0200 Subject: [PATCH 01/54] Fix for Wazuh-API User skipped on debian This should fix that Wazuh-API User task is being skipped on debian > 6 --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..40b51863 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,8 +322,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config @@ -379,8 +378,7 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - name: Ensure Wazuh Manager is started and enabled (EL5) service: From ec0104cda58d4acca20422a63a40268e00354536 Mon Sep 17 00:00:00 2001 From: sgargel Date: Wed, 30 Oct 2019 11:05:46 +0100 Subject: [PATCH 02/54] Update main.yml --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 40b51863..7b2ca34e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,7 +322,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config From 867df7b870ef30fee5325b7e3031d8bb76b2409a Mon Sep 17 00:00:00 2001 From: francobep Date: Wed, 22 Jan 2020 10:50:37 -0300 Subject: [PATCH 03/54] Fix playbook template In the first host of the elastic cluster, the "node_name" property, will be "elasticsearch_node_name" --- playbooks/wazuh-elastic_stack-distributed.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 5f4213f5..16abfcf5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -4,7 +4,7 @@ roles: - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: - node_name: node-1 + elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - @@ -88,4 +88,4 @@ # kibana_node_name: node-3 # elasticsearch_network_host: 172.16.0.161 # node_certs_generator: false -# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file +# elasticsearch_xpack_security_password: elastic_pass From 01fb6b1d361236ed9d8231e288c630f55d9e93ff Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 11 Feb 2020 14:51:10 +0100 Subject: [PATCH 04/54] Sanatizing the Manager and API active status verification task --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 58c3f763..dd4fa04a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -339,20 +339,6 @@ - wazuh-api tags: - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - -- name: Ensure Wazuh Manager is started and enabled (EL5) - service: - name: wazuh-manager - enabled: true - state: started - tags: - - config - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" when: From abdbab92474556add24b3d672e7a3b6be9d769de Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 14 Feb 2020 15:09:40 +0100 Subject: [PATCH 05/54] Fix auth path for 64bits Windows --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index ee0aced7..61e2412d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -14,7 +14,7 @@ - name: Windows | Set Win Path (x64) set_fact: wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" when: - not check_path.stat.exists From 1366a745696aa9304021683d48433c98d8614ba5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 14 Feb 2020 17:13:42 +0100 Subject: [PATCH 06/54] Remove API credentials as variable files and move to defaults --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ------ roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml | 3 --- 3 files changed, 3 insertions(+), 9 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5f32a0f1..8c71671b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -47,6 +47,9 @@ wazuh_api_sources_installation: common_name: null password: null +wazuh_api_user: + - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index dd4fa04a..faf13d05 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -191,12 +191,6 @@ tags: - config -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) - tags: - - config - name: Check if syslog output is enabled set_fact: syslog_output=true diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml deleted file mode 100644 index 2d5f8c73..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" From 9bc6d550be6de3b42b3bfc07a5adbf73a7537baa Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:46:41 +0100 Subject: [PATCH 07/54] Create required variables for Wazuh Manager installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c71671b..f1e9866b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,15 @@ wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false branch: "v3.11.3" From 7fb76b42e65993b925355b513aea31c40aa8be11 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:13 +0100 Subject: [PATCH 08/54] Create required tasks to download and install .rpm and .deb packages --- .../installation_from_custom_packages.yml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..ae837c9a --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,34 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file From bf6f72039cccac7fb0f9ebcce28a4084f4247ad9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:49 +0100 Subject: [PATCH 09/54] Update conditionals in Managers tasks to filter installation from packages --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 11 ++++++++++- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 36fe4ff5..ca4820fc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,6 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,6 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -42,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -106,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -122,4 +130,5 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..c0ff9ee4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled tags: - init From aa33bd353140783b798b3036a71df4ab0077d681 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:26 +0100 Subject: [PATCH 10/54] Add required variables to install agents from custom packages --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..202f5d3a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,15 @@ --- wazuh_agent_version: 3.11.3-1 + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation + wazuh_agent_sources_installation: enabled: false branch: "v3.11.3" From 281d54557afcd46c564effee58d637be9f6e186b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:48 +0100 Subject: [PATCH 11/54] Create tasks to download and install Agent from .rpm and .deb packages --- .../tasks/installation_from_custom_packages.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..01ce540c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,16 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file From 8f0d54b274ffdc93c26fbe811f2a6042e0a7bcce Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:10:26 +0100 Subject: [PATCH 12/54] Update Agent conditionals to make them work with custom packages install --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 +++ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 ++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 68c0b726..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,6 +21,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -29,6 +30,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -38,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..c1c701fc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..d93052c4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: @@ -34,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 53cee9a7be1602777bbc4a40667f3c86750dabcb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:11:39 +0100 Subject: [PATCH 13/54] Fix trailing whitespace in `RedHat.yml` tasks from Agent --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index d93052c4..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -36,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 807a816cf226215a565ba7af0a6b49b1da3cb06b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:12:44 +0100 Subject: [PATCH 14/54] Set Wazuh version to 3.12.0 for testing purposes --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 202f5d3a..8b4d197e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f1e9866b..3c5712d2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present From 9dddd2b26e176410fe0439345a1a55d00f3e5b99 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 19:19:16 +0100 Subject: [PATCH 15/54] Restore Wazuh installation to default configuration --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8b4d197e..ccd96e1c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,10 +1,10 @@ --- -wazuh_agent_version: 3.12.0-1 +wazuh_agent_version: 3.11.3-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3c5712d2..ffd1d90d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,14 +1,14 @@ --- -wazuh_manager_version: 3.12.0-1 +wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present # Custom packages installation -wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" -wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_enabled: false wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" From 2a7241b31a87da9289933e0358690dba64f15b6c Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:26 +0100 Subject: [PATCH 16/54] Adapt Windows Agent package related variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ccd96e1c..a5e0a8c0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,10 +60,9 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.3' - revision: '1' - repo: https://packages.wazuh.com/3.x/windows/ md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From c32b1ed1bd667addd29785aaa3029e79d025f996 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:45 +0100 Subject: [PATCH 17/54] Change Window spackage occurences to adapt it to the new variables --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 61e2412d..11f15255 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -20,19 +20,19 @@ - name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" register: wazuh_package_downloaded - name: Windows | Download Wazuh Agent package win_get_url: - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: "{{ wazuh_winagent_config_url }}" dest: "{{ wazuh_winagent_config.download_dir }}" when: - not wazuh_package_downloaded.stat.exists - name: Windows | Verify the Wazuh Agent installer win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" get_checksum: true checksum_algorithm: md5 register: wazuh_agent_status @@ -41,11 +41,12 @@ - name: Windows | Install Agent if not already installed win_package: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}client.keys" + win_stat: + path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: - config @@ -94,5 +95,5 @@ - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: absent From 4f8d3c6c0c17d40488b1551f452c62319a6cb0ff Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:46:41 +0100 Subject: [PATCH 18/54] Remove traling whitespace in win_package task --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 11f15255..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -45,7 +45,7 @@ state: present - name: Windows | Check if client.keys exists - win_stat: + win_stat: path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: From ca8b8684cfb251e5c972498c13049f5dc02e7adf Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 21 Feb 2020 16:31:45 +0100 Subject: [PATCH 19/54] Disable shared config by default. Update occurrences --- roles/wazuh/ansible-wazuh-manager/README.md | 4 +- .../ansible-wazuh-manager/defaults/main.yml | 94 +++++++++---------- .../ansible-wazuh-manager/tasks/main.yml | 2 + .../var-ossec-etc-shared-agent.conf.j2 | 4 +- 4 files changed, 53 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 19b1eae9..199e7810 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -20,7 +20,7 @@ This role has some variables which you can or need to override. ``` wazuh_manager_fqdn: ~ wazuh_manager_config: [] -wazuh_agent_configs: [] +shared_agent_config: [] ``` Vault variables @@ -157,7 +157,7 @@ wazuh_manager_config: level: 6 timeout: 600 -wazuh_agent_configs: +shared_agent_config: - type: os type_value: linux frequency_check: 79200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ffd1d90d..f955ddc4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -356,53 +356,53 @@ wazuh_manager_config: - key: Env value: Production -wazuh_agent_configs: - - type: os - type_value: Linux - syscheck: - frequency: 43200 - scan_on_start: 'yes' - alert_new_files: 'yes' - ignore: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - rootcheck: - frequency: 43200 - cis_distribution_filename: null - localfiles: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'apache' - location: '/var/log/httpd/error_log' - - format: 'apache' - location: '/var/log/httpd/access_log' - - format: 'apache' - location: '/var/ossec/logs/active-responses.log' - - type: os - type_value: Windows - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - alert_new_files: 'yes' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - arch: 'both' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - localfiles: - - location: 'Security' - format: 'eventchannel' - - location: 'System' - format: 'eventlog' +# shared_agent_config: + # - type: os + # type_value: Linux + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # alert_new_files: 'yes' + # ignore: + # - /etc/mtab + # - /etc/mnttab + # - /etc/hosts.deny + # - /etc/mail/statistics + # - /etc/svc/volatile + # no_diff: + # - /etc/ssl/private.key + # rootcheck: + # frequency: 43200 + # cis_distribution_filename: null + # localfiles: + # - format: 'syslog' + # location: '/var/log/messages' + # - format: 'syslog' + # location: '/var/log/secure' + # - format: 'syslog' + # location: '/var/log/maillog' + # - format: 'apache' + # location: '/var/log/httpd/error_log' + # - format: 'apache' + # location: '/var/log/httpd/access_log' + # - format: 'apache' + # location: '/var/ossec/logs/active-responses.log' + # - type: os + # type_value: Windows + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # auto_ignore: 'no' + # alert_new_files: 'yes' + # windows_registry: + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + # arch: 'both' + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + # localfiles: + # - location: 'Security' + # format: 'eventchannel' + # - location: 'System' + # format: 'eventlog' nodejs: repo_dict: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index faf13d05..88b3628f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -158,6 +158,8 @@ tags: - init - config + when: + - shared_agent_config is defined - name: Installing the config.js (api configuration) template: src=var-ossec-api-configuration-config.js.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index dd1c8d9a..00fdcd01 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -1,6 +1,6 @@ #jinja2: trim_blocks: False -{% if wazuh_agent_configs is defined %} -{% for agent_config in wazuh_agent_configs %} +{% if shared_agent_config is defined %} +{% for agent_config in shared_agent_config %} {% if agent_config.syscheck is defined %} From abd4f57106e5dddda336a150c24ee27807f7b70d Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 16:11:44 +0100 Subject: [PATCH 20/54] Avoid to install Wazuh API in worker nodes, fixes #370 --- .../ansible-wazuh-manager/tasks/Debian.yml | 3 +- .../ansible-wazuh-manager/tasks/RedHat.yml | 1 + .../installation_from_custom_packages.yml | 3 ++ .../tasks/installation_from_sources.yml | 3 ++ .../ansible-wazuh-manager/tasks/main.yml | 29 +++++++++++++++---- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..4712b573 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -131,4 +131,5 @@ tags: init when: - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file + - not wazuh_custom_packages_installation_manager_enabled + - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c0ff9ee4..cb0dbf5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -142,6 +142,7 @@ - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled - not wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..c4081a08 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -13,6 +13,8 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" + when: - ansible_os_family|lower == "debian" @@ -30,5 +32,6 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" when: - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 10203cb9..484f4b58 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,6 +122,8 @@ stat: path: /var/ossec/api/app.js register: wazuh_api + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources block: @@ -178,5 +180,6 @@ when: - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 88b3628f..d2ab8237 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,6 +11,8 @@ stat: path: /usr/bin/node register: node_service_status + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: @@ -25,7 +27,9 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: not node_service_status.stat.exists + when: + - not node_service_status.stat.exists + - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: @@ -33,6 +37,9 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: init - include_tasks: "RedHat.yml" @@ -168,6 +175,9 @@ group=ossec mode=0740 notify: restart wazuh-api + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: - init - config @@ -304,6 +314,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined + - wazuh_manager_config.cluster.node_type == "master" tags: - config @@ -325,14 +336,20 @@ tags: - config -- name: Ensure Wazuh Manager, wazuh API service is started and enabled +- name: Ensure Wazuh Manager service is started and enabled. service: - name: "{{ item }}" + name: "wazuh-manager" enabled: true state: started - with_items: - - wazuh-manager - - wazuh-api + tags: + - config + +- name: Ensure Wazuh API service is started and enabled. + service: + name: "wazuh-api" + enabled: true + state: started + when: wazuh_manager_config.cluster.node_type == "master" tags: - config From 543eff6342647d9834cc3d55d12e984202f8523c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 26 Feb 2020 17:06:48 +0100 Subject: [PATCH 21/54] Fix conditions in tasks: Replace variables --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..c8980bfa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,7 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -33,7 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -117,7 +117,7 @@ - include_tasks: "installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Install wazuh-api apt: From 079273eb353cf180010a84a3e4d3e5f8e8d0bf0c Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 17:26:01 +0100 Subject: [PATCH 22/54] Fix linting --- .../tasks/installation_from_sources.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 484f4b58..c83aaff1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,7 +122,7 @@ stat: path: /var/ossec/api/app.js register: wazuh_api - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d2ab8237..c1d91434 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,7 +11,7 @@ stat: path: /usr/bin/node register: node_service_status - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository @@ -27,7 +27,7 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: + when: - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" @@ -37,7 +37,7 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: init @@ -175,7 +175,7 @@ group=ossec mode=0740 notify: restart wazuh-api - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: From fde6d65723a0097183489a2602c49e106bd5dab8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 27 Feb 2020 15:17:43 +0100 Subject: [PATCH 23/54] Add chdir argument to Wazuh Kibana Plugin installation tasks --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 6a3dc514..37cfd7dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -69,6 +69,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4926e19d..c0d663cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana From ac8a0c83082e590953ba79339dc3249861aa94c7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:15 +0100 Subject: [PATCH 24/54] Adapt Agent installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index 01ce540c..ddd9b50d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -7,10 +7,24 @@ - ansible_os_family|lower == "debian" - wazuh_custom_packages_installation_agent_enabled - - name: Install Wazuh Agent from .rpm packages + - name: Install Wazuh Agent from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" state: present when: - ansible_os_family|lower == "redhat" - - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file + - wazuh_custom_packages_installation_agent_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Agent from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file From 03e35ada29493d6011d686b1aa1425feab4f6ebf Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:26 +0100 Subject: [PATCH 25/54] Adapt Manager installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..fcc61a22 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -17,18 +17,46 @@ - ansible_os_family|lower == "debian" - block: - - name: Install Wazuh Manager from .rpm packages + - name: Install Wazuh Manager from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" state: present when: - wazuh_custom_packages_installation_manager_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh API from .rpm packages + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + + - name: Install Wazuh API from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present when: - wazuh_custom_packages_installation_api_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From cf20e52938e9ca1ba45f9fcdd39d7c5f89d5913b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:47:53 +0100 Subject: [PATCH 26/54] Fix typo in .rpm package installation task using dnf --- .../tasks/installation_from_custom_packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index fcc61a22..6472a3d6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -48,7 +48,7 @@ - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh Manager from .rpm packages | dnf + - name: Install Wazuh API from .rpm packages | dnf dnf: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present From 4982b2868d4e23a7bd9f40833104fc8a7283e95e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 3 Mar 2020 13:14:13 +0100 Subject: [PATCH 27/54] Fix conditionals error related with AL2 custom packages installation --- .../tasks/installation_from_custom_packages.yml | 4 +--- .../tasks/installation_from_custom_packages.yml | 11 +++-------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index ddd9b50d..aa50004f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -16,7 +16,6 @@ - wazuh_custom_packages_installation_agent_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Agent from .rpm packages | dnf dnf: @@ -26,5 +25,4 @@ - ansible_os_family|lower == "redhat" - wazuh_custom_packages_installation_agent_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index 0fb46187..0dc9808d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -27,7 +27,6 @@ - wazuh_custom_packages_installation_manager_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Manager from .rpm packages | dnf dnf: @@ -36,9 +35,7 @@ when: - wazuh_custom_packages_installation_manager_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - name: Install Wazuh API from .rpm packages | yum yum: @@ -48,7 +45,6 @@ - wazuh_custom_packages_installation_api_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from .rpm packages | dnf @@ -58,9 +54,8 @@ when: - wazuh_custom_packages_installation_api_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - wazuh_manager_config.cluster.node_type == "master" - + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From 3f0e0325806eb77f678cef30d45515a2d78d1e29 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:44:02 +0100 Subject: [PATCH 28/54] Bump version --- CHANGELOG.md | 20 +++++++++++++++++++ VERSION | 4 ++-- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-kibana/defaults/main.yml | 6 +++--- .../wazuh/ansible-filebeat/defaults/main.yml | 2 +- .../ansible-wazuh-agent/defaults/main.yml | 8 ++++---- .../ansible-wazuh-manager/defaults/main.yml | 6 +++--- 7 files changed, 34 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 987939a3..213cb432 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.4_7.6.1] + +### Added + +- Update to Wazuh v3.11.4 +- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377) + +### Changed + +- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369) +- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375) +- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348) + +### Fixed + +- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371) +- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372) +- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352) +- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360) + ## [v3.11.3_7.5.2] ### Added diff --git a/VERSION b/VERSION index a70bc633..d6be8992 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.3" -REVISION="31130" +WAZUH-ANSIBLE_VERSION="v4" +REVISION="31140" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index b9aa470d..e04f9527 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.2 +elastic_stack_version: 7.6.1 elasticsearch_lower_disk_requirements: false elasticrepo: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 774f819e..cd25eec2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.2 -wazuh_version: 3.11.3 +elastic_stack_version: 7.6.1 +wazuh_version: 3.11.4 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: @@ -47,4 +47,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.5 +wazuh_plugin_branch: 3.11-7.6 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c54d62e7..8f06aaf4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.2 +filebeat_version: 7.6.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index a5e0a8c0..6270b94d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.11.4-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw wazuh_agent_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -61,8 +61,8 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi -wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f955ddc4..0da6165c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.11.4-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws. # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -40,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" update: "y" remove: "y" directory: null From c3dd95c8cea59021da8a8fc60071c098210498b6 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:53:15 +0100 Subject: [PATCH 29/54] Bump MD5 agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 6270b94d..186cac9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,8 +60,8 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi + md5: 87ce22038688efb44d95f9daff472056 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: From 3fe48ea7fd5cd4ba49858e648f0f36a8e4ecd343 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:45:23 +0100 Subject: [PATCH 30/54] Remove conditioinal from task that checks NodeJS --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index c1d91434..8ef1c2cb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,8 +11,6 @@ stat: path: /usr/bin/node register: node_service_status - when: - - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: From 58f0484cdaa6c3e10bba2117b6a44552d5b94e3b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 09:47:27 +0100 Subject: [PATCH 31/54] Bump Windows Agent version --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 186cac9d..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -61,7 +61,7 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: 87ce22038688efb44d95f9daff472056 -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: From ab0a6aaaf39493a556791ce5399b40591995479a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:08:12 +0100 Subject: [PATCH 32/54] Remove Windows MD5 verification --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 - roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 --------- 2 files changed, 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..fbb278eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,7 +60,6 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..0b844d0a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,15 +30,6 @@ when: - not wazuh_package_downloaded.stat.exists -- name: Windows | Verify the Wazuh Agent installer - win_stat: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - get_checksum: true - checksum_algorithm: md5 - register: wazuh_agent_status - failed_when: - - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 - - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 91948198a093ad10c0f2b208877f44c8034e853b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 14:56:32 +0100 Subject: [PATCH 33/54] Revert "Merge pull request #381 from wazuh/remove_windows_md5_check" This reverts commit 4cc3e077a01750a8386fd486dc7a72dd790a01c2, reversing changes made to 52a81af988a00abd60483f1ccacab34ddd2c9b76. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fbb278eb..c7014e2a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0b844d0a..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -30,6 +30,15 @@ when: - not wazuh_package_downloaded.stat.exists +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + get_checksum: true + checksum_algorithm: md5 + register: wazuh_agent_status + failed_when: + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" From 3b166ea617801ea54658af109f03184d13b01d63 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Mar 2020 15:07:21 +0100 Subject: [PATCH 34/54] Add flag to enable/disable Windows MD5 check --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c7014e2a..039e5960 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe + check_md5: True md5: 87ce22038688efb44d95f9daff472056 wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index dc9b8fe0..461249e9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -38,6 +38,8 @@ register: wazuh_agent_status failed_when: - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 + when: + - wazuh_winagent_config.check_md5 - name: Windows | Install Agent if not already installed win_package: From efcb55b52362b517b3b9343f0b2183d7a8ef149e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 9 Mar 2020 18:27:05 +0100 Subject: [PATCH 35/54] Setting restrictive permissions on filebeat related files --- roles/wazuh/ansible-filebeat/tasks/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index ce63503d..d45b06e8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -5,7 +5,7 @@ dest: "/etc/filebeat/filebeat.yml" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -15,7 +15,7 @@ dest: "/etc/filebeat/wazuh-template.json" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0644 + mode: 0400 with_items: - "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_certificate_file }}" From ba424e944a5d9b1c004094ad0a89fc6a7acc4d62 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:26:33 +0100 Subject: [PATCH 36/54] Minor style fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..300efaff 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false From 163c89dbabcb822d18d58a7d4ddae65c16587dd6 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 10 Mar 2020 15:23:35 +0100 Subject: [PATCH 37/54] Adding nodejs recommended node_options and plugin optimization --- .../ansible-kibana/defaults/main.yml | 5 ++++- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 4 +--- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..dcc2bf8a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,8 +43,11 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false wazuh_plugin_branch: 3.11-7.6 + +#Nodejs NODE_OPTIONS +node_options: --max-old-space-size=4096 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 37cfd7dc..5fb74823 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,9 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0d663cc..72f229ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,6 +62,12 @@ - kibana_xpack_security tags: xpack-security +- name: Node configuration + replace: + path: /usr/share/kibana/bin/kibana + regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -119,9 +125,7 @@ - name: Install Wazuh Plugin (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - environment: - NODE_OPTIONS: "--max-old-space-size=3072" + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -135,6 +139,13 @@ when: - not build_from_sources +- name: Kibana optimization (can take a while) + shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + args: + executable: /bin/bash + become: yes + become_user: kibana + - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From cfd2de0610c40f9c99d27f313ebbcb1ecfa34dc1 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 15:59:48 +0100 Subject: [PATCH 38/54] node_options scope improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 3 ++- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcc2bf8a..a237607a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,4 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -node_options: --max-old-space-size=4096 \ No newline at end of file +# kibana_script_node_options: --max-old-space-size=4096 +node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 72f229ae..163605cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,11 +62,12 @@ - kibana_xpack_security tags: xpack-security -- name: Node configuration +- name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options is defined - name: Ensuring certificates folder owner file: From a4465eb82fd9c87778712c035330a977558bbf46 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 16:27:44 +0100 Subject: [PATCH 39/54] node options variable improvements --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index a237607a..f62e114a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -# kibana_script_node_options: --max-old-space-size=4096 +kibana_script_node_options: "--max-old-space-size=4096" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 163605cc..8fad346a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -67,7 +67,7 @@ path: /usr/share/kibana/bin/kibana regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options is defined + when: kibana_script_node_options != "" - name: Ensuring certificates folder owner file: From 9dc91b88775e901c91f34b3ea591431b78e4c683 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 17:55:28 +0100 Subject: [PATCH 40/54] Adding lint fixes --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- .../elastic-stack/ansible-kibana/tasks/main.yml | 17 ++++++++++++----- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f62e114a..79078f7b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,5 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "--max-old-space-size=4096" +kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 5fb74823..e2b0bb50 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8fad346a..e6c7f52d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -65,9 +65,14 @@ - name: Kibana script additional configuration for node replace: path: /usr/share/kibana/bin/kibana - regexp: 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' - replace: 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' - when: kibana_script_node_options != "" + regexp: >- + 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + replace: >- + 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + when: kibana_script_node_options | length > 0 + - name: Ensuring certificates folder owner file: @@ -126,7 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: >- + 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -141,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS="{{node_options}}" /usr/share/kibana/bin/kibana --optimize --allow-root' + shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From efd55e5a5b0717f1957f10ed811a06bd233c1383 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Wed, 11 Mar 2020 18:11:00 +0100 Subject: [PATCH 41/54] Minor linting fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e6c7f52d..7c78baa6 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,8 @@ executable: /bin/bash become: yes become_user: kibana + tags: + - skip_ansible_lint - name: Wait for Elasticsearch port wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} From 83aa5de3ef9e3df80d582f1a4ad313b6ec5c0469 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 11 Mar 2020 18:21:25 +0100 Subject: [PATCH 42/54] Bump NodeJS version to 10.x --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index cd25eec2..692b85ad 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,7 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" # Build from sources build_from_sources: false From c0670f02afd26e1314f9287b1604024d786a3599 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 09:06:18 +0100 Subject: [PATCH 43/54] Lint fixes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index e2b0bb50..141438af 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 7c78baa6..2241c900 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -69,7 +69,7 @@ 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' replace: >- - 'NODE_OPTIONS="--no-warnings {{kibana_script_node_options}} --max-http-header-size=65536 ${NODE_OPTIONS}" + 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' when: kibana_script_node_options | length > 0 @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{node_options}} " /usr/share/kibana/bin/kibana --optimize' + shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' args: executable: /bin/bash become: yes From b4bd4b334cea2262b5413344d5839a2146e8d530 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 10:47:28 +0100 Subject: [PATCH 44/54] multiline wrap with whitespace in a correct column --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 2241c900..53571026 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,8 +132,8 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }} - -{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From 3d2cce76fa7ee8a972f4f6ef86bed4982744bc73 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 11:50:02 +0100 Subject: [PATCH 45/54] multiline wrapping fix --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 53571026..118945ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -131,9 +131,8 @@ - name: Install Wazuh Plugin (can take a while) - shell: >- - 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install - {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip' + shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ + install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json From dab2f69b68dc7246c0a0356395d7c6354b962a64 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Thu, 12 Mar 2020 15:02:28 +0100 Subject: [PATCH 46/54] removing single quotes --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 141438af..cd22f42e 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 118945ae..8c8ed588 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -66,11 +66,11 @@ replace: path: /usr/share/kibana/bin/kibana regexp: >- - 'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\}' + NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" + NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} replace: >- - 'NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@}' + NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" + NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} when: kibana_script_node_options | length > 0 @@ -131,8 +131,9 @@ - name: Install Wazuh Plugin (can take a while) - shell: "NODE_OPTIONS=\" {{ node_options }} \" /usr/share/kibana/bin/kibana-plugin \ - install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: >- + NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json @@ -147,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: 'NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize' + shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From b9a8dfff8abcbe123f9baa125f498b6a18d5457e Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 09:29:54 +0100 Subject: [PATCH 47/54] fix to pass the indempotence test --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8c8ed588..1900777b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -153,6 +153,7 @@ executable: /bin/bash become: yes become_user: kibana + changed_when: false tags: - skip_ansible_lint From 84b5510e3010f88da3863a53d416c789786fbded Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:11:07 +0100 Subject: [PATCH 48/54] Removing whitespaces surrounding node_options var --- .../elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index cd22f42e..a674a95f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -63,7 +63,7 @@ chdir: "/tmp/app/build" - name: Install Wazuh Plugin (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }} args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 1900777b..dc7c3696 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -132,7 +132,7 @@ - name: Install Wazuh Plugin (can take a while) shell: >- - NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana-plugin install + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip args: executable: /bin/bash @@ -148,7 +148,7 @@ - not build_from_sources - name: Kibana optimization (can take a while) - shell: NODE_OPTIONS=" {{ node_options }} " /usr/share/kibana/bin/kibana --optimize + shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize args: executable: /bin/bash become: yes From f4b70ab1c643b60b71236802ed04d143b76ea1ca Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 12:27:18 +0100 Subject: [PATCH 49/54] removing kibana script extra node options --- .../elastic-stack/ansible-kibana/defaults/main.yml | 1 - roles/elastic-stack/ansible-kibana/tasks/main.yml | 13 ------------- 2 files changed, 14 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index da865a38..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -50,5 +50,4 @@ build_from_sources: false wazuh_plugin_branch: 3.11-7.6 #Nodejs NODE_OPTIONS -kibana_script_node_options: "" node_options: --max-old-space-size=4096 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dc7c3696..b43b3755 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -62,18 +62,6 @@ - kibana_xpack_security tags: xpack-security -- name: Kibana script additional configuration for node - replace: - path: /usr/share/kibana/bin/kibana - regexp: >- - NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$\{NODE_OPTIONS\}\" - NODE_ENV=production exec \"\$\{NODE}\" \"\$\{DIR\}/src/cli\" \$\{@\} - replace: >- - NODE_OPTIONS="--no-warnings {{ kibana_script_node_options }} --max-http-header-size=65536 ${NODE_OPTIONS}" - NODE_ENV=production exec "${NODE}" "${DIR}/src/cli" ${@} - when: kibana_script_node_options | length > 0 - - - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" @@ -129,7 +117,6 @@ - build_from_sources is defined - build_from_sources - - name: Install Wazuh Plugin (can take a while) shell: >- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install From 3ba86f7cd8d30da34a81373881f7bf7ada71b681 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Fri, 13 Mar 2020 14:15:50 +0100 Subject: [PATCH 50/54] minor fix --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 7f5d17c8..e930eae7 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -43,11 +43,7 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" -<<<<<<< HEAD - repo_url_ext: "nodesource.com/setup_8.x" -======= repo_url_ext: "nodesource.com/setup_10.x" ->>>>>>> feature-node_options-variable # Build from sources build_from_sources: false From eff4b38bedf6091786e26bf55c8ceef51f47cf61 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 12:17:49 +0100 Subject: [PATCH 51/54] Restricting too open xpack and kibana permissions --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e9261956..82f3b081 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0664' + mode: '0440' when: - not generate_CA - node_certs_generator diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b43b3755..ad4a3e4c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -41,7 +41,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0664' + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" From c6a3dda23ac56d0e35bc208586d1a7cb8ffa3af8 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 15:50:22 +0100 Subject: [PATCH 52/54] Restricting already existing cert permissions and setting missing ones --- .../ansible-elasticsearch/tasks/xpack_security.yml | 2 ++ roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 82f3b081..664d1b4d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,6 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -163,6 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index ad4a3e4c..80bdeca9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,6 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 07bc94ea..b5b4cba8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -43,6 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: '0444' with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" From 33fceff612a3f97c291c03158759b0ea0ad356f4 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 16:40:39 +0100 Subject: [PATCH 53/54] Normalization to octal for permissions asignations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 14 +++++++------- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/main.yml | 8 ++++---- .../tasks/installation_from_sources.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 664d1b4d..6eff899f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0440' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -100,7 +100,7 @@ file: path: "{{ master_certs_path }}" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -109,7 +109,7 @@ file: path: "{{ master_certs_path }}/ca/" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -178,7 +178,7 @@ - name: Ensuring folder permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a674a95f..b7ceb87f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -14,7 +14,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + mode: 0700 - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 80bdeca9..a31950bf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0444 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -66,7 +66,7 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: 0770 recurse: yes when: - kibana_xpack_security @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: 0664 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c83aaff1..e019d2f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file @@ -91,7 +91,7 @@ dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Executing "install.sh" script to build and install the Wazuh Manager shell: ./install.sh > /tmp/build_wazuh_manager_log.txt @@ -167,7 +167,7 @@ dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Execute Wazuh API installation script shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8ef1c2cb..1f354ca3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -18,7 +18,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh - mode: '0775' + mode: 0775 changed_when: false - name: Run NodeJS bash script From 4b9fb53549acd8a0fd2712ce59953827a3125f05 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 17 Mar 2020 18:21:33 +0100 Subject: [PATCH 54/54] Removing readall perms in certs files. Minor syntax normalizations --- .../ansible-elasticsearch/tasks/xpack_security.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- roles/wazuh/ansible-filebeat/tasks/main.yml | 6 +++--- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 6eff899f..47438f98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -149,7 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -164,7 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a31950bf..efd16de5 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,7 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -42,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: 0444 + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -79,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: 0664 + mode: 0644 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b5b4cba8..4948c252 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -44,7 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0444' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -57,7 +57,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 69934631..73b3e6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -76,7 +76,7 @@ dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent