afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '3.9' into active_response

Browse Source
This commit is contained in:
Manuel J. Bernal 2019-04-04 10:45:17 +02:00 committed by GitHub
commit 96012df2fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 64 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGELOG.md
View File

@ -1,11 +1,22 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v3.9.0]
## [v3.8.2]
### Changed
- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150))
## [v3.8.1] ## [v3.8.1]
### Changed ### Changed
- Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148)) - Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148))
## [v3.8.0] ## [v3.8.0]
### Added ### Added

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v3.8.1" WAZUH-ANSIBLE_VERSION="v3.8.3"
REVISION="3800" REVISION="3802"

6
roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- when: elasticsearch_install_java - when: elasticsearch_install_java
block: block:

2
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 6.5.4 elastic_stack_version: 6.5.4
wazuh_version: 3.8.1 wazuh_version: 3.8.2

6
roles/elastic-stack/ansible-kibana/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch GPG key - name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key: apt_key:

6
roles/elastic-stack/ansible-logstash/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- when: logstash_install_java - when: logstash_install_java
block: block:

7
roles/wazuh/ansible-filebeat/tasks/Debian.yml
View File

@ -1,12 +1,9 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch apt key. - name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key: apt_key:

6
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -23,7 +23,7 @@ wazuh_winagent_config:
install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
version: '3.8.1' version: '3.8.2'
revision: '1' revision: '1'
repo: https://packages.wazuh.com/3.x/windows/ repo: https://packages.wazuh.com/3.x/windows/
md5: 43936e7bc7eb51bd186f47dac4a6f477 md5: 43936e7bc7eb51bd186f47dac4a6f477
@ -281,10 +281,10 @@ wazuh_agent_config:
- format: 'syslog' - format: 'syslog'
location: '/var/ossec/logs/active-responses.log' location: '/var/ossec/logs/active-responses.log'
- format: 'command' - format: 'command'
command: 'df -P' command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'

12
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing repository key - name: Debian/Ubuntu | Installing repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
@ -49,13 +45,9 @@
- name: Debian/Ubuntu | Install OpenScap - name: Debian/Ubuntu | Install OpenScap
apt: apt:
name: "{{ item }}" name: ['libopenscap8', 'xsltproc']
state: present state: present
cache_valid_time: 3600
when: wazuh_agent_config.openscap.disable == 'no' when: wazuh_agent_config.openscap.disable == 'no'
with_items:
- libopenscap8
- xsltproc
tags: tags:
- init - init

4
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2
View File

@ -10,3 +10,7 @@
# This is the template of Ansible for the file local_internal_options.conf # This is the template of Ansible for the file local_internal_options.conf
# In this file you could include the configuration settings for your agents # In this file you could include the configuration settings for your agents
# Logcollector - If it should accept remote commands from the manager
logcollector.remote_commands=1

9
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -291,6 +291,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
@ -305,6 +308,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
@ -319,6 +325,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}

16
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -29,7 +29,6 @@ wazuh_manager_config:
node_name: 'manager_01' node_name: 'manager_01'
node_type: 'master' node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
interval: '2m'
port: '1516' port: '1516'
bind_addr: '0.0.0.0' bind_addr: '0.0.0.0'
nodes: nodes:
@ -183,10 +182,10 @@ wazuh_manager_config:
localfiles: localfiles:
common: common:
- format: 'command' - format: 'command'
command: 'df -P' command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
@ -256,17 +255,6 @@ wazuh_manager_config:
decoders_path: 'custom_ruleset/decoders/' decoders_path: 'custom_ruleset/decoders/'
rule_exclude: rule_exclude:
- '0215-policy_rules.xml' - '0215-policy_rules.xml'
active_responses:
- command: 'restart-ossec'
location: 'local'
rules_id: '100002'
- command: 'win_restart-ossec'
location: 'local'
rules_id: '100003'
- command: 'host-deny'
location: 'local'
level: 6
timeout: 600
syslog_outputs: syslog_outputs:
- server: null - server: null
port: null port: null

6
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -1,12 +1,8 @@
--- ---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: apt:
name: "{{ item }}" name: ['apt-transport-https', 'ca-certificates']
state: present state: present
cache_valid_time: 3600
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH

15
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -11,11 +11,7 @@
<alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log> <alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log>
<logall>{{ wazuh_manager_config.logall }}</logall> <logall>{{ wazuh_manager_config.logall }}</logall>
<logall_json>{{ wazuh_manager_config.logall_json }}</logall_json> <logall_json>{{ wazuh_manager_config.logall_json }}</logall_json>
{% if wazuh_manager_config.email_notification | lower == "yes" %} <email_notification>{{ wazuh_manager_config.email_notification }}</email_notification>
<email_notification>yes</email_notification>
{% else %}
<email_notification>no</email_notification>
{% endif %}
{% for to in wazuh_manager_config.mail_to %} {% for to in wazuh_manager_config.mail_to %}
<email_to>{{ to }}</email_to> <email_to>{{ to }}</email_to>
{% endfor %} {% endfor %}
@ -235,7 +231,7 @@
<disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled> <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval> <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
</feed> </feed>
<feed name="redhat-7"> <feed name="redhat">
<disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled> <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval> <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
</feed> </feed>
@ -392,7 +388,9 @@
{% endif %} {% endif %}
{% for response in wazuh_manager_config.active_responses %}
{% if wazuh_manager_config.active_responses is defined %}
{% for response in wazuh_manager_config.active_responses %}
<active-response> <active-response>
<disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled> <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
{%if response.command is defined %}<command>{{ response.command }}</command>{% endif %} {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
@ -404,7 +402,8 @@
{%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %} {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
{%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %} {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
</active-response> </active-response>
{% endfor %} {% endfor %}
{% endif %}
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_manager_config.localfiles.common %} {% for localfile in wazuh_manager_config.localfiles.common %}