diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 5ccbdbab..e4a61c07 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 -wazuh_version: 3.7.2 +wazuh_version: 3.8.0 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index db85a112..c0dc824b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,7 +46,8 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + #shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 42e13eec..52521a7d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.7.0' + version: '3.8.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..22a4210d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8aebbda8..29b0b632 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int > 5 @@ -13,8 +13,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 @@ -23,8 +23,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 913f2453..08bf1f14 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -23,7 +23,8 @@ - name: Windows | Downloading windows Wazuh agent installer win_get_url: dest: C:\wazuh-agent-installer.msi - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi when: - correct_version is not defined diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..6d8de4f0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 27eea91b..c83d3388 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -36,8 +36,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") @@ -46,8 +46,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b1c6fcf2..f5c8ba3d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -235,25 +235,6 @@ tags: - config -- name: Check if ossec-authd is enabled - shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: authd_enabled - tags: - - config - -- name: Enable ossec-authd - command: /var/ossec/bin/ossec-control enable auth - notify: restart wazuh-manager - when: - - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout - - wazuh_manager_config.authd.enable == true - tags: - - config - - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save new file mode 100644 index 00000000..26b5f5ac --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save @@ -0,0 +1,383 @@ +--- +- import_tasks: "RedHat.yml" + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") + +- import_tasks: "Debian.yml" + when: ansible_os_family == "Debian" + +- name: Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - wazuh-api + - expect + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6' + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install wazuh-manager and expect (EL5) + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - expect + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + tags: + - init + +- name: Generate SSL files for authd + command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" + args: + creates: sslmanager.cert + chdir: /var/ossec/etc/ + tags: + - config + when: not wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Copy CA, SSL key and cert for authd + copy: + src: "{{ item }}" + dest: "/var/ossec/etc/{{ item | basename }}" + mode: 0644 + with_items: + - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" + - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" + - "{{ wazuh_manager_config.authd.ssl_manager_key }}" + tags: + - config + when: wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Verifying for old init authd service + stat: path=/etc/init.d/ossec-authd + register: old_authd_service + tags: + - config + +- name: Verifying for old systemd authd service + stat: path=/lib/systemd/system/ossec-authd.service + register: old_authd_service + tags: + - config + +- name: Ensure ossec-authd service is disabled + service: name=ossec-authd enabled=no state=stopped + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Removing old init authd services + file: path="{{ item }}" state=absent + with_items: + - "/etc/init.d/ossec-authd" + - "/lib/systemd/system/ossec-authd.service" + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Installing the local_rules.xml (default local_rules.xml) + template: src=var-ossec-rules-local_rules.xml.j2 + dest=/var/ossec/etc/rules/local_rules.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local rules files + copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" + dest=/var/ossec/etc/rules/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Installing the local_decoder.xml + template: src=var-ossec-rules-local_decoder.xml.j2 + dest=/var/ossec/etc/decoders/local_decoder.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local decoders files + copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" + dest=/var/ossec/etc/decoders/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Configure the shared-agent.conf + template: + src: var-ossec-etc-shared-agent.conf.j2 + dest: /var/ossec/etc/shared/default/agent.conf + owner: ossec + group: ossec + mode: 0640 + validate: '/var/ossec/bin/verify-agent-conf -f %s' + notify: restart wazuh-manager + tags: + - init + - config + +- name: Installing the config.js (api configuration) + template: src=var-ossec-api-configuration-config.js.j2 + dest=/var/ossec/api/configuration/config.js + owner=root + group=ossec + mode=0740 + notify: restart wazuh-api + tags: + - init + - config + +- name: Installing the local_internal_options.conf + template: src=var-ossec-etc-local-internal-options.conf.j2 + dest=/var/ossec/etc/local_internal_options.conf + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Retrieving Agentless Credentials + include_vars: agentless_creds.yml + tags: + - config + +- name: Retrieving authd Credentials + include_vars: authd_pass.yml + tags: + - config + +- name: Retrieving Wazuh-API User Credentials + include_vars: wazuh_api_creds.yml + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Retrieving CDB lists + include_vars: cdb_lists.yml + tags: + - config + +- name: Check if syslog output is enabled + set_fact: syslog_output=true + when: item.server is not none + with_items: + - "{{ wazuh_manager_config.syslog_outputs }}" + tags: + - config + +- name: Check if client-syslog is enabled + shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: csyslog_enabled + tags: + - config + +- name: Enable client-syslog + command: /var/ossec/bin/ossec-control enable client-syslog + notify: restart wazuh-manager + when: + - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout + - syslog_output is defined and syslog_output == true + tags: + - config + +- name: Check if ossec-agentlessd is enabled + shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: agentlessd_enabled + tags: + - config + +- name: Enable ossec-agentlessd + command: /var/ossec/bin/ossec-control enable agentless + notify: restart wazuh-manager + when: + - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout + - agentless_creds is defined + tags: + - config + +#- name: Check if ossec-authd is enabled +# shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" + args: + @# removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: authd_enabled + tags: + - config + +#- name: Enable ossec-authd +# command: /var/ossec/bin/ossec-control enable auth +# notify: restart wazuh-manager +# when: +# - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout +# - wazuh_manager_config.authd.enable == true +# tags: +# - config + +- name: Checking alert log output settings + fail: msg="Please enable json_output or alerts_log options." + when: + - wazuh_manager_config.json_output == 'no' + - wazuh_manager_config.alerts_log == 'no' + tags: + - init + - config + +- name: Linux | Vuls integration deploy (runs in background, can take a while) + command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} + args: + creates: /var/ossec/wodles/vuls/config.toml + async: 3600 + poll: 0 + when: + - wazuh_manager_config.vuls.disable != 'yes' + - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle' + tags: + - init + +- name: Configure ossec.conf + template: src=var-ossec-etc-ossec-server.conf.j2 + dest=/var/ossec/etc/ossec.conf + owner=root + group=ossec + mode=0644 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Ossec-authd password + template: + src: authd_pass.j2 + dest: "/var/ossec/etc/authd.pass" + owner: ossec + group: ossec + mode: 0640 + no_log: true + notify: restart wazuh-manager + when: + - wazuh_manager_config.authd.use_password is defined + - wazuh_manager_config.authd.use_password == 'yes' + tags: + - config + +- name: Wazuh-API User + template: + src: api_user.j2 + dest: "/var/ossec/api/configuration/auth/user" + owner: root + group: root + mode: 0750 + no_log: true + notify: restart wazuh-api + when: + - wazuh_api_user is defined + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Agentless Hosts & Passwd + template: + src: agentless.j2 + dest: "/var/ossec/agentless/.passlist_tmp" + owner: root + group: root + mode: 0644 + no_log: true + when: agentless_creds is defined + tags: + - config + +- name: Encode the secret + shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp + when: agentless_creds is defined + tags: + - config + +- name: CDB Lists + template: + src: cdb_lists.j2 + dest: "/var/ossec/etc/lists/{{ item.name }}" + owner: root + group: ossec + mode: 0640 + no_log: true + notify: + - rebuild cdb_lists + - restart wazuh-manager + with_items: + - "{{ cdb_lists }}" + when: cdb_lists is defined + tags: + - config + +- name: Ensure Wazuh Manager, wazuh API service is started and enabled + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - wazuh-manager + - wazuh-api + tags: + - config + environment: + LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + +- name: Ensure Wazuh Manager is started and enabled (EL5) + service: + name: wazuh-manager + enabled: yes + state: started + tags: + - config + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- import_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian"