diff --git a/ansible-role-elasticsearch/defaults/main.yml b/ansible-role-elasticsearch/defaults/main.yml index ed97d539..003dc319 100644 --- a/ansible-role-elasticsearch/defaults/main.yml +++ b/ansible-role-elasticsearch/defaults/main.yml @@ -1 +1,7 @@ --- +elasticsearch_cluster_name: wazuh +elasticsearch_node_name: node-1 +elasticsearch_http_port: 9200 +elasticsearch_network_host: 127.0.0.1 +elasticsearch_jvm_xms: 1g +elk_stack_version: 5.4.0 diff --git a/ansible-role-elasticsearch/tasks/Debian.yml b/ansible-role-elasticsearch/tasks/Debian.yml new file mode 100644 index 00000000..654afc6b --- /dev/null +++ b/ansible-role-elasticsearch/tasks/Debian.yml @@ -0,0 +1,46 @@ +--- +- name: Debian/Ubuntu | apt-transport-https + apt: + name: apt-transport-https + state: present + update_cache: yes + +- name: Debian/Ubuntu | ca-certificates + apt: + name: ca-certificates + state: present + +- name: Debian/Ubuntu | Setting webupd8 repository + apt_repository: + repo: 'ppa:webupd8team/java' + codename: 'xenial' + update_cache: yes + +- name: Debian/Ubuntu | Accept Oracle Java 8 license + debconf: + name: oracle-java8-installer + question: shared/accepted-oracle-license-v1-1 + value: true + vtype: boolean + +- name: Debian/Ubuntu | Oracle Java 8 installer + apt: + name: oracle-java8-installer + state: present + +- name: Debian/Ubuntu | Add Elasticsearch GPG key. + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + +- name: Debian/Ubuntu | Install Elastic repo + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: present + filename: 'elk_repo' + update_cache: yes + +- name: Debian/Ubuntu | Install Elasticsarch + apt: + name: elasticsearch={{ elk_stack_version }} + state: present diff --git a/ansible-role-elasticsearch/tasks/RMDebian.yml b/ansible-role-elasticsearch/tasks/RMDebian.yml new file mode 100644 index 00000000..f352bc4b --- /dev/null +++ b/ansible-role-elasticsearch/tasks/RMDebian.yml @@ -0,0 +1,6 @@ +--- + +- name: Debian/Ubuntu | Removing Elasticsearch repository + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: absent diff --git a/ansible-role-elasticsearch/tasks/RMRedHat.yml b/ansible-role-elasticsearch/tasks/RMRedHat.yml index 7465026b..7fcaae61 100644 --- a/ansible-role-elasticsearch/tasks/RMRedHat.yml +++ b/ansible-role-elasticsearch/tasks/RMRedHat.yml @@ -2,5 +2,5 @@ # Remove logstash repository - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: logstash + name: elk_repo state: absent diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/ansible-role-elasticsearch/tasks/RedHat.yml index b8dc89ef..18a0469d 100644 --- a/ansible-role-elasticsearch/tasks/RedHat.yml +++ b/ansible-role-elasticsearch/tasks/RedHat.yml @@ -1,27 +1,23 @@ --- -- name: download Java RPM - shell: - "curl -L -H 'Cookie:oraclelicense=accept-securebackup-cookie' -o /tmp/jdk-8-linux-x64.rpm http://download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.rpm" - args: - creates: "/tmp/jdk-8-linux-x64.rpm" +- name: RedHat | download Oracle Java RPM + get_url: + url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm + dest: /tmp/jdk-8-linux-x64.rpm + headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download become: yes - tags: - - installation -- name: install RPM +- name: RedHat | Install Oracle Java RPM action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present" when: not oracle_java_task_rpm_download|skipped become: yes - tags: - - installation -- name: Add Elasticsearch GPG key. +- name: RedHat | Add Elasticsearch GPG key rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Elasticsearch repo +- name: RedHat | Install Elastic repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages @@ -30,7 +26,4 @@ gpgcheck: yes - name: RedHat | Install Elasticsarch - yum: pkg=elasticsearch-5.3.0 - state=present - tags: - - init + yum: pkg=elasticsearch-{{ elk_stack_version }} state=present diff --git a/ansible-role-elasticsearch/tasks/main.yml b/ansible-role-elasticsearch/tasks/main.yml index d15e6d4c..cfb5d253 100644 --- a/ansible-role-elasticsearch/tasks/main.yml +++ b/ansible-role-elasticsearch/tasks/main.yml @@ -2,9 +2,8 @@ - include: RedHat.yml when: ansible_os_family == 'RedHat' -- name: 'check parm is null or invalid' - fail: msg="This playbook is not compatible with Debian/Ubuntu" - when: ansible_os_family == 'Debian' +- include: Debian.yml + when: ansible_os_family == "Debian" - name: Configure Elasticsearch. template: @@ -36,3 +35,7 @@ - name: Remove the correct repository include: "RMRedHat.yml" when: ansible_os_family == "RedHat" + +- name: Remove the correct repository + include: "RMDebian.yml" + when: ansible_os_family == "Debian" diff --git a/ansible-role-elasticsearch/vars/main.yml b/ansible-role-elasticsearch/vars/main.yml deleted file mode 100644 index 2e988791..00000000 --- a/ansible-role-elasticsearch/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -elasticsearch_cluster_name: wazuh -elasticsearch_node_name: node-1 -elasticsearch_http_port: 9200 -elasticsearch_network_host: 192.168.33.182 -elasticsearch_jvm_xms: 1g diff --git a/ansible-role-filebeat/tasks/setup-Debian.yml b/ansible-role-filebeat/tasks/Debian.yml similarity index 100% rename from ansible-role-filebeat/tasks/setup-Debian.yml rename to ansible-role-filebeat/tasks/Debian.yml diff --git a/ansible-role-filebeat/tasks/RMDebian.yml b/ansible-role-filebeat/tasks/RMDebian.yml index cff461bc..4bc800c7 100644 --- a/ansible-role-filebeat/tasks/RMDebian.yml +++ b/ansible-role-filebeat/tasks/RMDebian.yml @@ -2,5 +2,5 @@ # Remove ELK REPOSITORY and Wazuh repositories from sources list. - name: Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: ddeb https://artifacts.elastic.co/packages/5.x/apt stable main + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent diff --git a/ansible-role-filebeat/tasks/RMRedHat.yml b/ansible-role-filebeat/tasks/RMRedHat.yml index 3d16c46e..bc63edde 100644 --- a/ansible-role-filebeat/tasks/RMRedHat.yml +++ b/ansible-role-filebeat/tasks/RMRedHat.yml @@ -2,5 +2,5 @@ # Remove repositories - name: Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: filebeat + name: elk_repo state: absent diff --git a/ansible-role-filebeat/tasks/setup-RedHat.yml b/ansible-role-filebeat/tasks/RedHat.yml similarity index 95% rename from ansible-role-filebeat/tasks/setup-RedHat.yml rename to ansible-role-filebeat/tasks/RedHat.yml index c4b87e87..d52e10e3 100644 --- a/ansible-role-filebeat/tasks/setup-RedHat.yml +++ b/ansible-role-filebeat/tasks/RedHat.yml @@ -6,7 +6,7 @@ - name: RedHat | Install Filebeats repo yum_repository: - name: filebeat + name: elk_repo description: Elastic repository for 5.x packages baseurl: https://artifacts.elastic.co/packages/5.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/ansible-role-filebeat/tasks/main.yml b/ansible-role-filebeat/tasks/main.yml index 0fd216ee..9ace5a29 100644 --- a/ansible-role-filebeat/tasks/main.yml +++ b/ansible-role-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: setup-RedHat.yml +- include: RedHat.yml when: ansible_os_family == 'RedHat' -- include: setup-Debian.yml +- include: Debian.yml when: ansible_os_family == 'Debian' - name: Install Filebeat. diff --git a/ansible-role-kibana/defaults/main.yml b/ansible-role-kibana/defaults/main.yml index ed97d539..7e758287 100644 --- a/ansible-role-kibana/defaults/main.yml +++ b/ansible-role-kibana/defaults/main.yml @@ -1 +1,5 @@ --- +elasticsearch_http_port: "9200" +elasticsearch_network_host: "127.0.0.1" +kibana_server_host: "0.0.0.0" +elk_stack_version: 5.4.0 diff --git a/ansible-role-kibana/tasks/Debian.yml b/ansible-role-kibana/tasks/Debian.yml new file mode 100644 index 00000000..7abe7f94 --- /dev/null +++ b/ansible-role-kibana/tasks/Debian.yml @@ -0,0 +1,17 @@ +--- +- name: Debian/Ubuntu | Add Elasticsearch GPG key + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + +- name: Debian/Ubuntu | Install Elastic repo + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: present + filename: 'elk_repo' + update_cache: yes + +- name: Debian/Ubuntu | Install Kibana + apt: + name: kibana={{ elk_stack_version }} + state: present diff --git a/ansible-role-kibana/tasks/RMDebian.yml b/ansible-role-kibana/tasks/RMDebian.yml new file mode 100644 index 00000000..f352bc4b --- /dev/null +++ b/ansible-role-kibana/tasks/RMDebian.yml @@ -0,0 +1,6 @@ +--- + +- name: Debian/Ubuntu | Removing Elasticsearch repository + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: absent diff --git a/ansible-role-kibana/tasks/RMRedHat.yml b/ansible-role-kibana/tasks/RMRedHat.yml index 7465026b..7fcaae61 100644 --- a/ansible-role-kibana/tasks/RMRedHat.yml +++ b/ansible-role-kibana/tasks/RMRedHat.yml @@ -2,5 +2,5 @@ # Remove logstash repository - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: logstash + name: elk_repo state: absent diff --git a/ansible-role-kibana/tasks/RedHat.yml b/ansible-role-kibana/tasks/RedHat.yml index e3fbcf98..f83f7ef1 100644 --- a/ansible-role-kibana/tasks/RedHat.yml +++ b/ansible-role-kibana/tasks/RedHat.yml @@ -1,10 +1,10 @@ --- -- name: Add Elasticsearch GPG key. +- name: RedHat | Add Elasticsearch GPG key rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Kibana repo +- name: RedHat | Install Elastic repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages @@ -13,11 +13,4 @@ gpgcheck: yes - name: RedHat | Install Kibana - yum: pkg=kibana-5.3.0 - state=present - tags: - - init - -- name: Remove the correct repository - include: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + yum: pkg=kibana-{{ elk_stack_version }} state=present diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml index 21afed28..f2af793c 100644 --- a/ansible-role-kibana/tasks/main.yml +++ b/ansible-role-kibana/tasks/main.yml @@ -2,8 +2,7 @@ - include: RedHat.yml when: ansible_os_family == 'RedHat' -- name: 'check parm is null or invalid' - fail: msg="This playbook is not compatible with Debian/Ubuntu" +- include: Debian.yml when: ansible_os_family == 'Debian' - name: Make sure Elasticsearch is running before proceeding. @@ -18,17 +17,30 @@ mode: 0664 notify: restart kibana +- name: Checking Wazuh-APP version compatibility + shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json + removes=/usr/share/kibana/plugins/wazuh/package.json + register: wazuh_app_notok + ignore_errors: yes + changed_when: "wazuh_app_notok.rc != 0" -- name: Verify if Wazuh-APP is installed - command: /bin/bash /usr/share/kibana/bin/kibana-plugin list - register: kibanainstalled +- name: Removing Wazuh-APP by compatibility issues + shell: /usr/share/kibana/bin/kibana-plugin remove wazuh + when: wazuh_app_notok.rc != 0 - name: Install Wazuh-APP (can take a while) - shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.3.0.zip && service kibana restart - when: kibanainstalled.stdout.find('wazuh') == -1 + shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip + creates=/usr/share/kibana/plugins/wazuh/package.json + notify: restart kibana -- name: Ensure Logstash, Kibana and Elasticsearch started and enabled +- name: Ensure Kibana started and enabled service: name: kibana enabled: yes state: started + +- include: RMRedHat.yml + when: ansible_os_family == 'RedHat' + +- include: RMDebian.yml + when: ansible_os_family == 'Debian' diff --git a/ansible-role-kibana/vars/main.yml b/ansible-role-kibana/vars/main.yml deleted file mode 100644 index 408eb898..00000000 --- a/ansible-role-kibana/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -elasticsearch_http_port: "9200" -elasticsearch_network_host: "192.168.33.182" - -kibana_server_host: "0.0.0.0" diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml index ed97d539..e8f4adc9 100644 --- a/ansible-role-logstash/defaults/main.yml +++ b/ansible-role-logstash/defaults/main.yml @@ -1 +1,4 @@ --- +elasticsearch_network_host: "127.0.0.1" +elasticsearch_http_port: "9200" +elk_stack_version: 5.4.0 diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml new file mode 100644 index 00000000..7cdfafb2 --- /dev/null +++ b/ansible-role-logstash/tasks/Debian.yml @@ -0,0 +1,47 @@ +--- +- name: Debian/Ubuntu | apt-transport-https + apt: + name: apt-transport-https + state: present + update_cache: yes + +- name: Debian/Ubuntu | ca-certificates + apt: + name: ca-certificates + state: present + +- name: Debian/Ubuntu | Setting webupd8 repository + apt_repository: + repo: 'ppa:webupd8team/java' + codename: 'xenial' + update_cache: yes + +- name: Debian/Ubuntu | Accept Oracle Java 8 license + debconf: + name: oracle-java8-installer + question: shared/accepted-oracle-license-v1-1 + value: true + vtype: boolean + +- name: Debian/Ubuntu | Oracle Java 8 installer + apt: + name: oracle-java8-installer + update_cache: yes + state: present + +- name: Debian/Ubuntu | Add Elasticsearch GPG key + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + state: present + +- name: Debian/Ubuntu | Install Elasticsearch repo + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: present + filename: 'elk_repo' + update_cache: yes + +- name: Debian/Ubuntu | Install Logstash + apt: + name: logstash=1:{{ elk_stack_version }}-1 + state: present diff --git a/ansible-role-logstash/tasks/RMDebian.yml b/ansible-role-logstash/tasks/RMDebian.yml new file mode 100644 index 00000000..f352bc4b --- /dev/null +++ b/ansible-role-logstash/tasks/RMDebian.yml @@ -0,0 +1,6 @@ +--- + +- name: Debian/Ubuntu | Removing Elasticsearch repository + apt_repository: + repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + state: absent diff --git a/ansible-role-logstash/tasks/RMRedHat.yml b/ansible-role-logstash/tasks/RMRedHat.yml index 9d6f51a2..427b846e 100644 --- a/ansible-role-logstash/tasks/RMRedHat.yml +++ b/ansible-role-logstash/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- # Remove logstash repository -- name: Remove logstash repository (and clean up left-over metadata) +- name: RedHat | Remove logstash repository (and clean up left-over metadata) yum_repository: - name: logstash + name: elk_repo state: absent diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml index 5cff11b3..65eb6449 100644 --- a/ansible-role-logstash/tasks/RedHat.yml +++ b/ansible-role-logstash/tasks/RedHat.yml @@ -1,36 +1,30 @@ --- -- name: download Java RPM - shell: - "curl -L -H 'Cookie:oraclelicense=accept-securebackup-cookie' -o /tmp/jdk-8-linux-x64.rpm http://download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.rpm" - args: - creates: "/tmp/jdk-8-linux-x64.rpm" +- name: RedHat | Download Java RPM + get_url: + url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm + dest: /tmp/jdk-8-linux-x64.rpm + headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download become: yes - tags: - - installation -- name: install RPM +- name: RedHat | Install Oracle Java RPM action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present" when: not oracle_java_task_rpm_download|skipped become: yes - tags: - - installation -- name: Add Elasticsearch GPG key. +- name: RedHat | Add Elasticsearch GPG key. rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present - name: RedHat | Install Logstash repo yum_repository: - name: logstash + name: elk_repo description: Elastic repository for 5.x packages baseurl: https://artifacts.elastic.co/packages/5.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: yes - name: RedHat | Install Logstash - yum: pkg=logstash-5.3.0 + yum: pkg=logstash-{{ elk_stack_version }} state=present - tags: - - init diff --git a/ansible-role-logstash/tasks/main.yml b/ansible-role-logstash/tasks/main.yml index 7f5660f3..ca4ffcec 100644 --- a/ansible-role-logstash/tasks/main.yml +++ b/ansible-role-logstash/tasks/main.yml @@ -2,9 +2,8 @@ - include: RedHat.yml when: ansible_os_family == 'RedHat' -- name: 'check parm is null or invalid' - fail: msg="This playbook is not compatible with Debian/Ubuntu" - when: ansible_os_family == 'Debian' +- include: Debian.yml + when: ansible_os_family == "Debian" - name: Logstash configuration template: @@ -22,7 +21,6 @@ group: root notify: restart logstash - - name: Ensure Logstash started and enabled service: name: logstash @@ -32,3 +30,7 @@ - name: Remove the correct repository include: "RMRedHat.yml" when: ansible_os_family == "RedHat" + +- name: Remove the correct repository + include: "RMDebian.yml" + when: ansible_os_family == "Debian" diff --git a/ansible-role-logstash/vars/main.yml b/ansible-role-logstash/vars/main.yml deleted file mode 100644 index afab9e7e..00000000 --- a/ansible-role-logstash/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch_network_host: "192.168.33.182" -elasticsearch_http_port: "9200" diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml index ec137f2a..421cb9d5 100644 --- a/ansible-wazuh-agent/defaults/main.yml +++ b/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,4 @@ --- -# defaults file for ossec-agent - ossec_server_ip: 127.0.0.1 ossec_server_name: "" ossec_managed_server: true