adapt new version (3.8.0-6.5.4)

2019-01-17 15:42:11 +00:00 · 2019-01-17 15:42:11 +00:00 · 949aa7f043
commit 949aa7f043
parent 3e1fcda11b
10 changed files with 403 additions and 37 deletions
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 6.5.4
-wazuh_version: 3.7.2
+wazuh_version: 3.8.0

--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@ -46,7 +46,8 @@
  tags: install

 - name: Install Wazuh-APP (can take a while)
-  shell: "/usr/share/kibana/bin/kibana-plugin install  https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
+  #shell: "/usr/share/kibana/bin/kibana-plugin install  https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
+  shell: "/usr/share/kibana/bin/kibana-plugin install  https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip"
  environment:
    NODE_OPTIONS: "--max-old-space-size=3072"
  args:
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -23,7 +23,7 @@ wazuh_winagent_config:
  install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
  auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
  auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  version: '3.7.0'
+  version: '3.8.0'
  revision: '1'
  repo: https://packages.wazuh.com/3.x/windows/
  md5: 43936e7bc7eb51bd186f47dac4a6f477
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@ -9,11 +9,11 @@
    - ca-certificates

 - name: Debian/Ubuntu | Installing repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH

 - name: Debian/Ubuntu | Add Wazuh repositories
  apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main'
    state: present
    update_cache: yes

--- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@ -3,8 +3,8 @@
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/
+    gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  when:
    - ansible_distribution_major_version|int > 5
@ -13,8 +13,8 @@
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5
+    baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/
+    gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  when:
    - ansible_distribution_major_version|int == 5
@ -23,8 +23,8 @@
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/
+    gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  when:
    - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
@ -23,7 +23,8 @@
 - name: Windows | Downloading windows Wazuh agent installer
  win_get_url:
    dest: C:\wazuh-agent-installer.msi
-    url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+    #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
+    url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi
  when:
    - correct_version is not defined

--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@ -9,11 +9,11 @@
    - ca-certificates

 - name: Debian/Ubuntu | Installing Wazuh repository key
-  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH

 - name: Debian/Ubuntu | Add Wazuh repositories
  apt_repository:
-    repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
+    repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main'
    state: present
    update_cache: yes

--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@ -36,8 +36,8 @@
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/
+    gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  when:
    - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
@ -46,8 +46,8 @@
  yum_repository:
    name: wazuh_repo
    description: Wazuh repository
-    baseurl: https://packages.wazuh.com/3.x/yum/5/
-    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/
+    gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH
    gpgcheck: yes
  when:
    - ansible_distribution_major_version|int == 5
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@ -235,25 +235,6 @@
  tags:
    - config

- name: Check if ossec-authd is enabled
-  shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo"
-  args:
-    removes: /var/ossec/bin/.process_list
-  changed_when: False
-  check_mode: no
-  register: authd_enabled
-  tags:
-    - config
-
- name: Enable ossec-authd
-  command: /var/ossec/bin/ossec-control enable auth
-  notify: restart wazuh-manager
-  when:
-    - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout
-    - wazuh_manager_config.authd.enable == true
-  tags:
-    - config
-
 - name: Checking alert log output settings
  fail: msg="Please enable json_output or alerts_log options."
  when:
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save
@ -0,0 +1,383 @@
+---
+- import_tasks: "RedHat.yml"
+  when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family  == "RedHat" and ansible_distribution == "Amazon")
+
+- import_tasks: "Debian.yml"
+  when: ansible_os_family == "Debian"
+
+- name: Install wazuh-manager, wazuh-api and expect
+  package: pkg={{ item }} state=latest
+  with_items:
+    - wazuh-manager
+    - wazuh-api
+    - expect
+  when:
+    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+  tags:
+    - init
+
+- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3
+  replace:
+    path: /etc/init.d/wazuh-manager
+    regexp: 'echo -n "Starting Wazuh-manager: "'
+    replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib'
+  when:
+    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'
+    - wazuh_manager_config.cluster.disable != 'yes'
+
+- name: Install wazuh-manager and expect (EL5)
+  package: pkg={{ item }} state=latest
+  with_items:
+    - wazuh-manager
+    - expect
+  when:
+    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and  ansible_distribution_major_version|int < 6
+  tags:
+    - init
+
+- name: Generate SSL files for authd
+  command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/"
+  args:
+    creates: sslmanager.cert
+    chdir: /var/ossec/etc/
+  tags:
+      - config
+  when: not wazuh_manager_config.authd.ssl_agent_ca is not none
+
+- name: Copy CA, SSL key and cert for authd
+  copy:
+    src: "{{ item }}"
+    dest: "/var/ossec/etc/{{ item | basename }}"
+    mode: 0644
+  with_items:
+    - "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
+    - "{{ wazuh_manager_config.authd.ssl_manager_cert }}"
+    - "{{ wazuh_manager_config.authd.ssl_manager_key }}"
+  tags:
+    - config
+  when: wazuh_manager_config.authd.ssl_agent_ca is not none
+
+- name: Verifying for old init authd service
+  stat: path=/etc/init.d/ossec-authd
+  register: old_authd_service
+  tags:
+    - config
+
+- name: Verifying for old systemd authd service
+  stat: path=/lib/systemd/system/ossec-authd.service
+  register: old_authd_service
+  tags:
+    - config
+
+- name: Ensure ossec-authd service is disabled
+  service: name=ossec-authd enabled=no state=stopped
+  when: old_authd_service.stat.exists == True
+  tags:
+    - config
+
+- name: Removing old init authd services
+  file: path="{{ item }}" state=absent
+  with_items:
+    - "/etc/init.d/ossec-authd"
+    - "/lib/systemd/system/ossec-authd.service"
+  when: old_authd_service.stat.exists == True
+  tags:
+    - config
+
+- name: Installing the local_rules.xml (default local_rules.xml)
+  template: src=var-ossec-rules-local_rules.xml.j2
+            dest=/var/ossec/etc/rules/local_rules.xml
+            owner=root
+            group=ossec
+            mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+    - rules
+
+- name: Adding local rules files
+  copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
+        dest=/var/ossec/etc/rules/
+        owner=root
+        group=ossec
+        mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+    - rules
+
+- name: Installing the local_decoder.xml
+  template: src=var-ossec-rules-local_decoder.xml.j2
+            dest=/var/ossec/etc/decoders/local_decoder.xml
+            owner=root
+            group=ossec
+            mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+    - rules
+
+- name: Adding local decoders files
+  copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
+        dest=/var/ossec/etc/decoders/
+        owner=root
+        group=ossec
+        mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+    - rules
+
+- name: Configure the shared-agent.conf
+  template:
+    src: var-ossec-etc-shared-agent.conf.j2
+    dest: /var/ossec/etc/shared/default/agent.conf
+    owner: ossec
+    group: ossec
+    mode: 0640
+    validate: '/var/ossec/bin/verify-agent-conf -f %s'
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
+- name: Installing the config.js (api configuration)
+  template: src=var-ossec-api-configuration-config.js.j2
+            dest=/var/ossec/api/configuration/config.js
+            owner=root
+            group=ossec
+            mode=0740
+  notify: restart wazuh-api
+  tags:
+    - init
+    - config
+
+- name: Installing the local_internal_options.conf
+  template: src=var-ossec-etc-local-internal-options.conf.j2
+            dest=/var/ossec/etc/local_internal_options.conf
+            owner=root
+            group=ossec
+            mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
+- name: Retrieving Agentless Credentials
+  include_vars: agentless_creds.yml
+  tags:
+    - config
+
+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
+- name: Retrieving Wazuh-API User Credentials
+  include_vars: wazuh_api_creds.yml
+  when:
+    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+  tags:
+    - config
+
+- name: Retrieving CDB lists
+  include_vars: cdb_lists.yml
+  tags:
+    - config
+
+- name: Check if syslog output is enabled
+  set_fact: syslog_output=true
+  when: item.server is not none
+  with_items:
+    - "{{ wazuh_manager_config.syslog_outputs }}"
+  tags:
+    - config
+
+- name: Check if client-syslog is enabled
+  shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+    removes: /var/ossec/bin/.process_list
+  changed_when: False
+  check_mode: no
+  register: csyslog_enabled
+  tags:
+    - config
+
+- name: Enable client-syslog
+  command: /var/ossec/bin/ossec-control enable client-syslog
+  notify: restart wazuh-manager
+  when:
+    - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
+    - syslog_output is defined and syslog_output == true
+  tags:
+    - config
+
+- name: Check if ossec-agentlessd is enabled
+  shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+    removes: /var/ossec/bin/.process_list
+  changed_when: False
+  check_mode: no
+  register: agentlessd_enabled
+  tags:
+    - config
+
+- name: Enable ossec-agentlessd
+  command: /var/ossec/bin/ossec-control enable agentless
+  notify: restart wazuh-manager
+  when:
+    - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout
+    - agentless_creds is defined
+  tags:
+    - config
+
+#- name: Check if ossec-authd is enabled
+#  shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+ @#   removes: /var/ossec/bin/.process_list
+  changed_when: False
+  check_mode: no
+  register: authd_enabled
+  tags:
+    - config
+
+#- name: Enable ossec-authd
+#  command: /var/ossec/bin/ossec-control enable auth
+#  notify: restart wazuh-manager
+#  when:
+#    - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout
+#    - wazuh_manager_config.authd.enable == true
+#  tags:
+#    - config
+
+- name: Checking alert log output settings
+  fail: msg="Please enable json_output or alerts_log options."
+  when:
+    - wazuh_manager_config.json_output == 'no'
+    - wazuh_manager_config.alerts_log == 'no'
+  tags:
+    - init
+    - config
+
+- name: Linux | Vuls integration deploy (runs in background, can take a while)
+  command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}
+  args:
+    creates: /var/ossec/wodles/vuls/config.toml
+  async: 3600
+  poll: 0
+  when:
+    - wazuh_manager_config.vuls.disable != 'yes'
+    - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle'
+  tags:
+    - init
+
+- name: Configure ossec.conf
+  template: src=var-ossec-etc-ossec-server.conf.j2
+            dest=/var/ossec/etc/ossec.conf
+            owner=root
+            group=ossec
+            mode=0644
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
+- name: Ossec-authd password
+  template:
+    src: authd_pass.j2
+    dest: "/var/ossec/etc/authd.pass"
+    owner: ossec
+    group: ossec
+    mode: 0640
+  no_log: true
+  notify: restart wazuh-manager
+  when:
+    - wazuh_manager_config.authd.use_password is defined
+    - wazuh_manager_config.authd.use_password == 'yes'
+  tags:
+    - config
+
+- name: Wazuh-API User
+  template:
+    src: api_user.j2
+    dest: "/var/ossec/api/configuration/auth/user"
+    owner: root
+    group: root
+    mode: 0750
+  no_log: true
+  notify: restart wazuh-api
+  when:
+    - wazuh_api_user is defined
+    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+  tags:
+    - config
+
+- name: Agentless Hosts & Passwd
+  template:
+    src: agentless.j2
+    dest: "/var/ossec/agentless/.passlist_tmp"
+    owner: root
+    group: root
+    mode: 0644
+  no_log: true
+  when: agentless_creds is defined
+  tags:
+    - config
+
+- name: Encode the secret
+  shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
+  when: agentless_creds is defined
+  tags:
+    - config
+
+- name: CDB Lists
+  template:
+    src: cdb_lists.j2
+    dest: "/var/ossec/etc/lists/{{ item.name }}"
+    owner: root
+    group: ossec
+    mode: 0640
+  no_log: true
+  notify:
+    - rebuild cdb_lists
+    - restart wazuh-manager
+  with_items:
+    - "{{ cdb_lists }}"
+  when: cdb_lists is defined
+  tags:
+    - config
+
+- name: Ensure Wazuh Manager, wazuh API service is started and enabled
+  service:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  with_items:
+    - wazuh-manager
+    - wazuh-api
+  tags:
+    - config
+  environment:
+    LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib"
+  when:
+    - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 )
+
+- name: Ensure Wazuh Manager is started and enabled (EL5)
+  service:
+    name: wazuh-manager
+    enabled: yes
+    state: started
+  tags:
+    - config
+  when:
+    - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6
+
+- import_tasks: "RMRedHat.yml"
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: "RMDebian.yml"
+  when: ansible_os_family == "Debian"