diff --git a/ansible-role-elasticsearch/meta/main.yml b/ansible-role-elasticsearch/meta/main.yml
index eebb284f..be846c52 100644
--- a/ansible-role-elasticsearch/meta/main.yml
+++ b/ansible-role-elasticsearch/meta/main.yml
@@ -1,14 +1,23 @@
---
galaxy_info:
author: Jose Luis Ruiz
- description: Elasticsearch for Linux.
- company: "Wazuh"
- license: "license (BSD, MIT)"
- min_ansible_version: 1.8
+ description: Installing and maintaining Elasticsearch.
+ company: wazuh.com
+ license: license (GPLv3)
+ min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
+ - name: Ubuntu
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - all
+ - name: Fedora
+ versions:
+ - all
galaxy_tags:
- web
- system
diff --git a/ansible-role-elasticsearch/tasks/Debian.yml b/ansible-role-elasticsearch/tasks/Debian.yml
index 95978154..e32929fc 100644
--- a/ansible-role-elasticsearch/tasks/Debian.yml
+++ b/ansible-role-elasticsearch/tasks/Debian.yml
@@ -1,20 +1,14 @@
---
-- name: Debian/Ubuntu | apt-transport-https
- apt:
- name: apt-transport-https
- state: present
- update_cache: yes
-
-- name: Debian/Ubuntu | ca-certificates
- apt:
- name: ca-certificates
- state: present
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
- name: Debian/Ubuntu | Setting webupd8 repository
apt_repository:
repo: 'ppa:webupd8team/java'
codename: 'xenial'
- update_cache: yes
- name: Debian/Ubuntu | Accept Oracle Java 8 license
debconf:
@@ -24,9 +18,7 @@
vtype: boolean
- name: Debian/Ubuntu | Oracle Java 8 installer
- apt:
- name: oracle-java8-installer
- state: present
+ apt: name=oracle-java8-installer state=present update_cache=yes
tags: install
- name: Debian/Ubuntu | Add Elasticsearch GPG key.
@@ -39,10 +31,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
- update_cache: yes
- name: Debian/Ubuntu | Install Elasticsarch
- apt:
- name: elasticsearch={{ elk_stack_version }}
- state: present
+ apt: name=elasticsearch={{ elk_stack_version }} state=present update_cache=yes
tags: install
diff --git a/ansible-role-elasticsearch/tasks/RMDebian.yml b/ansible-role-elasticsearch/tasks/RMDebian.yml
index f352bc4b..74c59c37 100644
--- a/ansible-role-elasticsearch/tasks/RMDebian.yml
+++ b/ansible-role-elasticsearch/tasks/RMDebian.yml
@@ -1,5 +1,4 @@
---
-
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
diff --git a/ansible-role-elasticsearch/tasks/RMRedHat.yml b/ansible-role-elasticsearch/tasks/RMRedHat.yml
index 7fcaae61..3a074165 100644
--- a/ansible-role-elasticsearch/tasks/RMRedHat.yml
+++ b/ansible-role-elasticsearch/tasks/RMRedHat.yml
@@ -1,6 +1,5 @@
---
-# Remove logstash repository
-- name: Remove Elasticsearch repository (and clean up left-over metadata)
+- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent
diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/ansible-role-elasticsearch/tasks/RedHat.yml
index f141d230..df21a989 100644
--- a/ansible-role-elasticsearch/tasks/RedHat.yml
+++ b/ansible-role-elasticsearch/tasks/RedHat.yml
@@ -1,24 +1,23 @@
---
-- name: RedHat | download Oracle Java RPM
+- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
dest: /tmp/jdk-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
- become: yes
-- name: RedHat | Install Oracle Java RPM
- action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
- when: not oracle_java_task_rpm_download|skipped
- become: yes
+- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
+ package: name=/tmp/jdk-8-linux-x64.rpm state=present
+ when: oracle_java_task_rpm_download is defined
+ register: oracle_java_task_rpm_installed
tags: install
-- name: RedHat | Add Elasticsearch GPG key
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
-- name: RedHat | Install Elastic repo
+- name: RedHat/CentOS/Fedora | Install Elastic repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@@ -26,6 +25,7 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
-- name: RedHat | Install Elasticsarch
- yum: pkg=elasticsearch-{{ elk_stack_version }} state=present
+- name: RedHat/CentOS/Fedora | Install Elasticsarch
+ package: name=elasticsearch-{{ elk_stack_version }} state=present
+ when: oracle_java_task_rpm_installed is defined
tags: install
diff --git a/ansible-role-elasticsearch/tasks/main.yml b/ansible-role-elasticsearch/tasks/main.yml
index b6559767..59c02bbb 100644
--- a/ansible-role-elasticsearch/tasks/main.yml
+++ b/ansible-role-elasticsearch/tasks/main.yml
@@ -31,10 +31,8 @@
enabled: yes
state: started
-- name: Remove the correct repository
- include: "RMRedHat.yml"
+- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Remove the correct repository
- include: "RMDebian.yml"
+- include: "RMDebian.yml"
when: ansible_os_family == "Debian"
diff --git a/ansible-role-filebeat/meta/main.yml b/ansible-role-filebeat/meta/main.yml
index 5ac2a409..9fa1e4de 100644
--- a/ansible-role-filebeat/meta/main.yml
+++ b/ansible-role-filebeat/meta/main.yml
@@ -12,6 +12,9 @@ galaxy_info:
versions:
- 6
- 7
+ - name: Fedora
+ versions:
+ - all
- name: Debian
versions:
- jessie
diff --git a/ansible-role-filebeat/tasks/Debian.yml b/ansible-role-filebeat/tasks/Debian.yml
index cad5b4d6..1d9c7850 100644
--- a/ansible-role-filebeat/tasks/Debian.yml
+++ b/ansible-role-filebeat/tasks/Debian.yml
@@ -1,13 +1,16 @@
---
-- name: Ensure depdency is installed (Ubuntu).
- apt: name=apt-transport-https state=present
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
-- name: Add Elasticsearch apt key.
+- name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
-- name: Add Filebeat repository.
+- name: Debian/Ubuntu | Add Filebeat repository.
apt_repository:
repo: 'deb https://artifacts.elastic.co/packages/5.x/apt stable main'
state: present
diff --git a/ansible-role-filebeat/tasks/RMDebian.yml b/ansible-role-filebeat/tasks/RMDebian.yml
index 4bc800c7..580e6d86 100644
--- a/ansible-role-filebeat/tasks/RMDebian.yml
+++ b/ansible-role-filebeat/tasks/RMDebian.yml
@@ -1,6 +1,5 @@
---
-# Remove ELK REPOSITORY and Wazuh repositories from sources list.
-- name: Remove Filebeat repository (and clean up left-over metadata)
+- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: absent
diff --git a/ansible-role-filebeat/tasks/RMRedHat.yml b/ansible-role-filebeat/tasks/RMRedHat.yml
index bc63edde..08e176e0 100644
--- a/ansible-role-filebeat/tasks/RMRedHat.yml
+++ b/ansible-role-filebeat/tasks/RMRedHat.yml
@@ -1,6 +1,5 @@
---
-# Remove repositories
-- name: Remove Filebeat repository (and clean up left-over metadata)
+- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent
diff --git a/ansible-role-filebeat/tasks/RedHat.yml b/ansible-role-filebeat/tasks/RedHat.yml
index d52e10e3..47180b24 100644
--- a/ansible-role-filebeat/tasks/RedHat.yml
+++ b/ansible-role-filebeat/tasks/RedHat.yml
@@ -1,10 +1,10 @@
---
-- name: Add Elasticsearch GPG key.
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
-- name: RedHat | Install Filebeats repo
+- name: RedHat/CentOS/Fedora | Install Filebeats repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
diff --git a/ansible-role-filebeat/tasks/main.yml b/ansible-role-filebeat/tasks/main.yml
index 3455f45c..71867d87 100644
--- a/ansible-role-filebeat/tasks/main.yml
+++ b/ansible-role-filebeat/tasks/main.yml
@@ -19,10 +19,8 @@
state: started
enabled: yes
-- name: Remove the correct repository
- include: "RMRedHat.yml"
+- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Remove the correct repository
- include: "RMDebian.yml"
+- include: "RMDebian.yml"
when: ansible_os_family == "Debian"
diff --git a/ansible-role-kibana/meta/main.yml b/ansible-role-kibana/meta/main.yml
index ee1b06b5..7ca3a5fc 100644
--- a/ansible-role-kibana/meta/main.yml
+++ b/ansible-role-kibana/meta/main.yml
@@ -1,14 +1,17 @@
---
galaxy_info:
author: Jose Luis Ruiz
- description: Elasticsearch Logstash and Kibana for Linux.
- company: "Wazuh"
- license: "license (BSD, MIT)"
- min_ansible_version: 1.8
+ description: Kibana for Linux.
+ company: wazuh.com
+ license: license (GPLv3)
+ min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
+ - name: Fedora
+ versions:
+ - all
- name: Debian
versions:
- all
diff --git a/ansible-role-kibana/tasks/Debian.yml b/ansible-role-kibana/tasks/Debian.yml
index b1bf164b..2a9d265c 100644
--- a/ansible-role-kibana/tasks/Debian.yml
+++ b/ansible-role-kibana/tasks/Debian.yml
@@ -1,4 +1,10 @@
---
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
+
- name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
@@ -9,10 +15,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
- update_cache: yes
- name: Debian/Ubuntu | Install Kibana
- apt:
- name: kibana={{ elk_stack_version }}
- state: present
+ apt: name=kibana={{ elk_stack_version }} state=present update_cache=yes
tags: install
diff --git a/ansible-role-kibana/tasks/RMDebian.yml b/ansible-role-kibana/tasks/RMDebian.yml
index f352bc4b..74c59c37 100644
--- a/ansible-role-kibana/tasks/RMDebian.yml
+++ b/ansible-role-kibana/tasks/RMDebian.yml
@@ -1,5 +1,4 @@
---
-
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
diff --git a/ansible-role-kibana/tasks/RMRedHat.yml b/ansible-role-kibana/tasks/RMRedHat.yml
index 7fcaae61..d3bd6332 100644
--- a/ansible-role-kibana/tasks/RMRedHat.yml
+++ b/ansible-role-kibana/tasks/RMRedHat.yml
@@ -1,5 +1,4 @@
---
-# Remove logstash repository
- name: Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
diff --git a/ansible-role-kibana/tasks/RedHat.yml b/ansible-role-kibana/tasks/RedHat.yml
index c81c202c..8ceb03e7 100644
--- a/ansible-role-kibana/tasks/RedHat.yml
+++ b/ansible-role-kibana/tasks/RedHat.yml
@@ -1,10 +1,10 @@
---
-- name: RedHat | Add Elasticsearch GPG key
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
-- name: RedHat | Install Elastic repo
+- name: RedHat/CentOS/Fedora | Install Elastic repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@@ -12,6 +12,6 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
-- name: RedHat | Install Kibana
- yum: pkg=kibana-{{ elk_stack_version }} state=present
+- name: RedHat/CentOS/Fedora | Install Kibana
+ package: name=kibana-{{ elk_stack_version }} state=present
tags: install
diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml
index 5483c46a..da62fe11 100644
--- a/ansible-role-kibana/tasks/main.yml
+++ b/ansible-role-kibana/tasks/main.yml
@@ -20,21 +20,21 @@
tags: configure
- name: Checking Wazuh-APP version compatibility
- shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json
- removes=/usr/share/kibana/plugins/wazuh/package.json
- register: wazuh_app_notok
- ignore_errors: yes
- changed_when: "wazuh_app_notok.rc != 0"
+ shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo"
+ args:
+ removes: /usr/share/kibana/plugins/wazuh/package.json
+ register: wazuh_app_verify
tags: install
- name: Removing Wazuh-APP by compatibility issues
shell: /usr/share/kibana/bin/kibana-plugin remove wazuh
- when: wazuh_app_notok.rc != 0
+ when: wazuh_app_verify.stdout == "0"
tags: install
- name: Install Wazuh-APP (can take a while)
- shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip
- creates=/usr/share/kibana/plugins/wazuh/package.json
+ shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip"
+ args:
+ creates: /usr/share/kibana/plugins/wazuh/package.json
notify: restart kibana
tags: install
diff --git a/ansible-role-logstash/meta/main.yml b/ansible-role-logstash/meta/main.yml
index 49cebc4c..d51fabdd 100644
--- a/ansible-role-logstash/meta/main.yml
+++ b/ansible-role-logstash/meta/main.yml
@@ -2,13 +2,22 @@
galaxy_info:
author: Jose Luis Ruiz
description: Logstash for Linux.
- company: "Wazuh"
- license: "license (BSD, MIT)"
- min_ansible_version: 1.8
+ company: wazuh.com
+ license: license (GPLv3)
+ min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
+ - name: Fedora
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - all
+ - name: Ubuntu
+ versions:
+ - all
galaxy_tags:
- web
- system
diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml
index 4c6ebd13..c982c465 100644
--- a/ansible-role-logstash/tasks/Debian.yml
+++ b/ansible-role-logstash/tasks/Debian.yml
@@ -1,20 +1,14 @@
---
-- name: Debian/Ubuntu | apt-transport-https
- apt:
- name: apt-transport-https
- state: present
- update_cache: yes
-
-- name: Debian/Ubuntu | ca-certificates
- apt:
- name: ca-certificates
- state: present
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
- name: Debian/Ubuntu | Setting webupd8 repository
apt_repository:
repo: 'ppa:webupd8team/java'
codename: 'xenial'
- update_cache: yes
- name: Debian/Ubuntu | Accept Oracle Java 8 license
debconf:
@@ -40,10 +34,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
- update_cache: yes
- name: Debian/Ubuntu | Install Logstash
- apt:
- name: logstash=1:{{ elk_stack_version }}-1
- state: present
+ apt: name=logstash=1:{{ elk_stack_version }}-1 state=present update_cache=yes
tags: install
diff --git a/ansible-role-logstash/tasks/RMDebian.yml b/ansible-role-logstash/tasks/RMDebian.yml
index f352bc4b..74c59c37 100644
--- a/ansible-role-logstash/tasks/RMDebian.yml
+++ b/ansible-role-logstash/tasks/RMDebian.yml
@@ -1,5 +1,4 @@
---
-
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
diff --git a/ansible-role-logstash/tasks/RMRedHat.yml b/ansible-role-logstash/tasks/RMRedHat.yml
index 427b846e..c4e92ff8 100644
--- a/ansible-role-logstash/tasks/RMRedHat.yml
+++ b/ansible-role-logstash/tasks/RMRedHat.yml
@@ -1,6 +1,5 @@
---
-# Remove logstash repository
-- name: RedHat | Remove logstash repository (and clean up left-over metadata)
+- name: RedHat/CentOS/Fedora | Remove logstash repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent
diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml
index a40ad41f..31540239 100644
--- a/ansible-role-logstash/tasks/RedHat.yml
+++ b/ansible-role-logstash/tasks/RedHat.yml
@@ -1,23 +1,23 @@
---
-- name: RedHat | Download Java RPM
+- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
dest: /tmp/jdk-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
- become: yes
-- name: RedHat | Install Oracle Java RPM
- action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
- when: not oracle_java_task_rpm_download|skipped
- become: yes
+- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
+ package: name=/tmp/jdk-8-linux-x64.rpm state=present
+ when: oracle_java_task_rpm_download is defined
+ register: oracle_java_task_rpm_installed
+ tags: install
-- name: RedHat | Add Elasticsearch GPG key.
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
-- name: RedHat | Install Logstash repo
+- name: RedHat/CentOS/Fedora | Install Logstash repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@@ -25,6 +25,7 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
-- name: RedHat | Install Logstash
- yum: pkg=logstash-{{ elk_stack_version }} state=present
+- name: RedHat/CentOS/Fedora | Install Logstash
+ package: name=logstash-{{ elk_stack_version }} state=present
+ when: oracle_java_task_rpm_installed is defined
tags: install
diff --git a/ansible-role-logstash/tasks/main.yml b/ansible-role-logstash/tasks/main.yml
index f146ecbc..d01ed205 100644
--- a/ansible-role-logstash/tasks/main.yml
+++ b/ansible-role-logstash/tasks/main.yml
@@ -29,10 +29,8 @@
enabled: yes
state: started
-- name: Remove the correct repository
- include: "RMRedHat.yml"
+- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Remove the correct repository
- include: "RMDebian.yml"
+- include: "RMDebian.yml"
when: ansible_os_family == "Debian"
diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml
index 2fec51df..5986d569 100644
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/ansible-wazuh-agent/defaults/main.yml
@@ -1,7 +1,6 @@
---
ossec_server_ip: 127.0.0.1
-ossec_server_name: ""
-ossec_managed_server: true
+ossec_register_client: false
ossec_agent_config:
frequency_check: 43200
syscheck_scan_on_start: 'yes'
@@ -40,6 +39,3 @@ ossec_agent_config:
- format: 'full_command'
command: 'last -n 20'
frequency: '360'
- globals:
- - '127.0.0.1'
- - '192.168.2.1'
diff --git a/ansible-wazuh-agent/handlers/main.yml b/ansible-wazuh-agent/handlers/main.yml
index 6039b620..f778a145 100644
--- a/ansible-wazuh-agent/handlers/main.yml
+++ b/ansible-wazuh-agent/handlers/main.yml
@@ -1,7 +1,3 @@
---
-# handlers file for ossec-agent
-
- name: restart wazuh-agent
- service: name=wazuh-agent
- state=restarted
- enabled=yes
+ service: name=wazuh-agent state=restarted enabled=yes
diff --git a/ansible-wazuh-agent/meta/main.yml b/ansible-wazuh-agent/meta/main.yml
index cb11a41c..487537cc 100644
--- a/ansible-wazuh-agent/meta/main.yml
+++ b/ansible-wazuh-agent/meta/main.yml
@@ -1,47 +1,23 @@
---
galaxy_info:
- author: Werner Dijkerman
- description: INstalling and maintaining the ossec-agent.
- company: myCompany.Dotcom
+ author: Jose Luis Ruiz
+ description: Installing and maintaining the wazuh-agent.
+ company: wazuh.com
license: license (GPLv3)
- min_ansible_version: 1.4
+ min_ansible_version: 2.0
platforms:
- name: EL
versions:
- - 5
- - 6
- - 7
- - name: Fedora
+ - all
+ - name: Ubuntu
versions:
- all
- #- name: opensuse
- # versions:
- # - all
- # - 12.1
- # - 12.2
- # - 12.3
- # - 13.1
- # - 13.2
- #- name: Ubuntu
- # versions:
- # - all
- # - lucid
- # - maverick
- # - natty
- # - oneiric
- # - precise
- # - quantal
- # - raring
- # - saucy
- # - trusty
- name: Debian
versions:
- all
+ - name: Fedora
+ versions:
+ - all
categories:
- monitoring
dependencies: []
- # List your role dependencies here, one per line. Only
- # dependencies available via galaxy should be listed here.
- # Be sure to remove the '[]' above if you add dependencies
- # to this list.
-
diff --git a/ansible-wazuh-agent/tasks/Debian.yml b/ansible-wazuh-agent/tasks/Debian.yml
index a9a7c4e8..957e5089 100644
--- a/ansible-wazuh-agent/tasks/Debian.yml
+++ b/ansible-wazuh-agent/tasks/Debian.yml
@@ -1,33 +1,23 @@
---
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
+
- name: Debian/Ubuntu | Installing repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-- name: Debian/Ubuntu | Install apt-transport-https
- apt: pkg=apt-transport-https
- state=present
- update_cache=yes
- cache_valid_time=3600
-
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-- name: Add Wazuh epositories.
+- name: Debian/Ubuntu | Add Wazuh repositories.
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: present
update_cache: yes
-
+
- name: Set Distribution CIS filename for debian
set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt
when: ansible_os_family == "Debian"
-
-- name: Debian/Ubuntu | Install wazuh-agent
- apt: pkg={{ item }}
- state=present
- update_cache=yes
- cache_valid_time=3600
- with_items:
- - wazuh-agent
- tags:
- - init
diff --git a/ansible-wazuh-agent/tasks/RMDebian.yml b/ansible-wazuh-agent/tasks/RMDebian.yml
index 3c56a9db..81befd12 100644
--- a/ansible-wazuh-agent/tasks/RMDebian.yml
+++ b/ansible-wazuh-agent/tasks/RMDebian.yml
@@ -1,5 +1,4 @@
---
-# Remove Nodejs and Wazuh repositories from sources list.
- apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: absent
diff --git a/ansible-wazuh-agent/tasks/RMRedHat.yml b/ansible-wazuh-agent/tasks/RMRedHat.yml
index fe04a176..0d131cca 100644
--- a/ansible-wazuh-agent/tasks/RMRedHat.yml
+++ b/ansible-wazuh-agent/tasks/RMRedHat.yml
@@ -1,5 +1,4 @@
---
-# Remove repositories
- name: Remove Wazuh repository (and clean up left-over metadata)
yum_repository:
name: wazuh_repo
diff --git a/ansible-wazuh-agent/tasks/RedHat.yml b/ansible-wazuh-agent/tasks/RedHat.yml
index 74e731a4..38048aa3 100644
--- a/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/ansible-wazuh-agent/tasks/RedHat.yml
@@ -1,6 +1,5 @@
---
-# Tasks specific for RedHat/CentOS systems
-- name: RedHat | Install Wazuh repo
+- name: CentOS | Install Wazuh repo
yum_repository:
name: wazuh_repo
description: CentOS-$releasever - Wazuh
@@ -9,7 +8,15 @@
gpgcheck: yes
when: ansible_distribution == 'CentOS'
-# Tasks specific for RedHat systems
+- name: Fedora | Install Wazuh repo
+ yum_repository:
+ name: wazuh_repo
+ description: Fedora-$releasever - Wazuh
+ baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
+ gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+ gpgcheck: yes
+ when: ansible_distribution == 'Fedora'
+
- name: RedHat | Install Wazuh repo
yum_repository:
name: wazuh_repo
@@ -34,17 +41,7 @@
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
-- name: RedHat | Install openscap
- yum: pkg=openscap-scanner
- state=present
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
- tags:
- - init
-
-- name: RedHat | Install Wazuh Agent
- yum: pkg={{ item }}
- state=present
- with_items:
- - wazuh-agent
+- name: RedHat/CentOS/RedHat | Install openscap
+ package: name=openscap-scanner state=present
tags:
- init
diff --git a/ansible-wazuh-agent/tasks/main.yml b/ansible-wazuh-agent/tasks/main.yml
index b5af50a1..6ae59ce1 100644
--- a/ansible-wazuh-agent/tasks/main.yml
+++ b/ansible-wazuh-agent/tasks/main.yml
@@ -1,14 +1,15 @@
---
-# tasks file for ossec-agent
-
-- name: "Install the correct repository"
- include: "RedHat.yml"
+- include: "RedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Install the correct repository
- include: "Debian.yml"
+- include: "Debian.yml"
when: ansible_os_family == "Debian"
+- name: Install wazuh-agent
+ package: name=wazuh-agent state=present
+ tags:
+ - init
+
- name: "Check if client.keys exists"
stat: path=/var/ossec/etc/client.keys
register: check_keys
@@ -17,7 +18,7 @@
- name: "Register client"
shell: /var/ossec/bin/agent-auth -m {{ ossec_server_ip }} -p 1515
- when: ossec_server_ip and check_keys.stat.size == 0
+ when: ossec_register_client == true and check_keys.stat.size == 0
tags:
- config
@@ -25,7 +26,7 @@
template: src=var-ossec-etc-ossec-agent.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
- group=root
+ group=ossec
mode=0644
notify: restart wazuh-agent
tags:
@@ -34,17 +35,12 @@
- name: Ensure Wazuh Manager service is started and enabled
service:
- name: "{{ item }}"
+ name: wazuh-agent
enabled: yes
state: started
- with_items:
- - wazuh-agent
-
-- name: Remove the correct repository
- include: "RMRedHat.yml"
+- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Remove the correct repository
- include: "RMDebian.yml"
+- include: "RMDebian.yml"
when: ansible_os_family == "Debian"
diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 876d539e..692a15d9 100644
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -6,7 +6,7 @@
{% if ossec_profile is defined %}
{{ ossec_profile }}
{% endif %}
- tcp
+ udp
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
@@ -34,22 +34,34 @@
xccdf_org.ssgproject.content_profile_common
-{% elif ansible_distribution == 'RedHat' %}
-
- 1800
- 1d
- yes
+ {% elif ansible_distribution == 'RedHat' %}
+
+ 1800
+ 1d
+ yes
- {% if ansible_distribution_major_version == '7' %}
-
- {% elif ansible_distribution_major_version == '6' %}
-
+ {% if ansible_distribution_major_version == '7' %}
+
+ {% elif ansible_distribution_major_version == '6' %}
+
+ {% endif %}
+ xccdf_org.ssgproject.content_profile_pci-dss
+ xccdf_org.ssgproject.content_profile_common
+
+
+ {% elif ansible_distribution == 'Fedora' %}
+
+ yes
+ 1800
+ 1d
+ yes
+
+
+ xccdf_org.ssgproject.content_profile_pci-dss
+ xccdf_org.ssgproject.content_profile_common
+
+
{% endif %}
- xccdf_org.ssgproject.content_profile_pci-dss
- xccdf_org.ssgproject.content_profile_common
-
-
-{% endif %}
no
@@ -68,7 +80,10 @@
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
+ /var/ossec/etc/shared/system_audit_ssh.txt
+ {% if cis_distribution_filename is defined %}
/var/ossec/etc/shared/{{ cis_distribution_filename }}
+ {% endif %}
yes
diff --git a/ansible-wazuh-server/handlers/main.yml b/ansible-wazuh-server/handlers/main.yml
index c7714a8f..2d799c45 100644
--- a/ansible-wazuh-server/handlers/main.yml
+++ b/ansible-wazuh-server/handlers/main.yml
@@ -1,6 +1,4 @@
---
-# handlers file for wazuh-manager
-
- name: restart wazuh-manager
service: name=wazuh-manager
state=restarted
diff --git a/ansible-wazuh-server/meta/main.yml b/ansible-wazuh-server/meta/main.yml
index 86b379a1..51eef519 100644
--- a/ansible-wazuh-server/meta/main.yml
+++ b/ansible-wazuh-server/meta/main.yml
@@ -4,7 +4,7 @@ galaxy_info:
description: Installing and maintaining the wazuh-manager.
company: wazuh.com
license: license (GPLv3)
- min_ansible_version: 1.4
+ min_ansible_version: 2.0
platforms:
- name: EL
versions:
@@ -15,6 +15,9 @@ galaxy_info:
- name: Debian
versions:
- all
+ - name: Fedora
+ versions:
+ - all
categories:
- monitoring
dependencies: []
diff --git a/ansible-wazuh-server/tasks/Debian.yml b/ansible-wazuh-server/tasks/Debian.yml
index a3863689..f96f07ce 100644
--- a/ansible-wazuh-server/tasks/Debian.yml
+++ b/ansible-wazuh-server/tasks/Debian.yml
@@ -1,13 +1,14 @@
---
-- name: Debian/Ubuntu | Install apt-transport-https
- apt: pkg=apt-transport-https
- state=present
- update_cache=yes
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+ apt: name="{{ item }}" state=present update_cache=yes
+ with_items:
+ - apt-transport-https
+ - ca-certificates
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-- name: Add Wazuh repositories.
+- name: Debian/Ubuntu | Add Wazuh repositories
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: present
@@ -16,25 +17,12 @@
- name: Debian/Ubuntu | Installing NodeJS repository key
apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
-- name: Add NodeSource repositories for Node.js.
+- name: Debian/Ubuntu | Add NodeSource repositories for Node.js
apt_repository:
repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
state: present
update_cache: yes
-- name: Debian/Ubuntu | Install wazuh-manager
- apt: pkg={{ item }}
- state=present
- update_cache=yes
- cache_valid_time=3600
- with_items:
- - wazuh-manager
- - wazuh-api
- - expect
- tags:
- - init
-
-- name: Set Distribution CIS filename for Debian/Ubuntu
+- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt
- when: ansible_os_family == "Debian"
diff --git a/ansible-wazuh-server/tasks/RMDebian.yml b/ansible-wazuh-server/tasks/RMDebian.yml
index 3f842e23..1fb9b04d 100644
--- a/ansible-wazuh-server/tasks/RMDebian.yml
+++ b/ansible-wazuh-server/tasks/RMDebian.yml
@@ -1,11 +1,10 @@
---
-# Remove Nodejs and Wazuh repositories from sources list.
-- name: Remove Wazuh repository.
+- name: Debian/Ubuntu | Remove Wazuh repository.
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: absent
-- name: Remove Nodejs repository.
+- name: Debian/Ubuntu | Remove Nodejs repository.
apt_repository:
repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
state: absent
diff --git a/ansible-wazuh-server/tasks/RMRedHat.yml b/ansible-wazuh-server/tasks/RMRedHat.yml
index 52577c31..6349dc6a 100644
--- a/ansible-wazuh-server/tasks/RMRedHat.yml
+++ b/ansible-wazuh-server/tasks/RMRedHat.yml
@@ -1,12 +1,10 @@
---
-# Remove repositories
-- name: Remove NodeJS repository (and clean up left-over metadata)
+- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata)
yum_repository:
name: NodeJS
state: absent
-
-- name: Remove Wazuh repository (and clean up left-over metadata)
+- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
yum_repository:
name: wazuh_repo
state: absent
diff --git a/ansible-wazuh-server/tasks/RedHat.yml b/ansible-wazuh-server/tasks/RedHat.yml
index 3d71647d..cdc79998 100644
--- a/ansible-wazuh-server/tasks/RedHat.yml
+++ b/ansible-wazuh-server/tasks/RedHat.yml
@@ -1,12 +1,21 @@
---
-# Tasks specific for RedHat systems
-- name: RedHat | Install Nodejs repo
+- name: RedHat/CentOS | Install Nodejs repo
yum_repository:
name: NodeJS
description: NodeJS-$releasever
baseurl: https://rpm.nodesource.com/pub_6.x/el/$releasever/x86_64
gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
gpgcheck: yes
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
+
+- name: Fedora | Install Nodejs repo
+ yum_repository:
+ name: NodeJS
+ description: NodeJS-$releasever
+ baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64
+ gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
+ gpgcheck: yes
+ when: ansible_distribution == 'Fedora'
- name: CentOS | Install Wazuh repo
yum_repository:
@@ -17,7 +26,15 @@
gpgcheck: yes
when: ansible_distribution == 'CentOS'
-# Tasks specific for RedHat systems
+- name: Fedora | Install Wazuh repo
+ yum_repository:
+ name: wazuh_repo
+ description: Fedora-$releasever - Wazuh
+ baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
+ gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+ gpgcheck: yes
+ when: ansible_distribution == 'Fedora'
+
- name: RedHat | Install Wazuh repo
yum_repository:
name: wazuh_repo
@@ -27,20 +44,8 @@
gpgcheck: yes
when: ansible_distribution == 'RedHat'
-- name: RedHat | Install Wazuh Manager and Wazuh Api
- yum: pkg={{ item }}
- state=present
- with_items:
- - wazuh-manager
- - wazuh-api
- - expect
- tags:
- - init
-
-- name: RedHat | Install openscap
- yum: pkg=openscap-scanner
- state=present
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
+- name: RedHat/CentOS/Fedora | Install openscap
+ package: name=openscap-scanner state=present
tags:
- init
diff --git a/ansible-wazuh-server/tasks/main.yml b/ansible-wazuh-server/tasks/main.yml
index 8c57e048..8b89a80c 100644
--- a/ansible-wazuh-server/tasks/main.yml
+++ b/ansible-wazuh-server/tasks/main.yml
@@ -1,13 +1,19 @@
---
-# tasks file for wazuh-manager
-- name: Install the correct repository
- include: "RedHat.yml"
+- include: "RedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Install the correct repository
- include: "Debian.yml"
+- include: "Debian.yml"
when: ansible_os_family == "Debian"
+- name: Install wazuh-manager, wazuh-api and expect
+ package: pkg={{ item }} state=present
+ with_items:
+ - wazuh-manager
+ - wazuh-api
+ - expect
+ tags:
+ - init
+
- name: Generate SSL files
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
args:
@@ -43,7 +49,7 @@
- name: Configure the shared-agent.conf
template: src=var-ossec-etc-shared-agent.conf.j2
dest=/var/ossec/etc/shared/agent.conf
- owner=ossec
+ owner=root
group=ossec
mode=0640
notify: restart wazuh-manager
@@ -56,11 +62,11 @@
register: csyslog_running
changed_when: False
-- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Enable client-syslog
command: /var/ossec/bin/ossec-control enable client-syslog
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
-- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Start client-syslog
command: /var/ossec/bin/ossec-control start client-syslog
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
@@ -71,11 +77,11 @@
- name: Enable ossec-agentlessd
command: /var/ossec/bin/ossec-control enable agentless
- when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+ when: agentless_running.stdout == '0' and agentless_creeds is defined
-- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Start client-syslog
command: /var/ossec/bin/ossec-control start agentless
- when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+ when: agentless_running.stdout == '0' and agentless_creeds is defined
- name: Retrieving Agentless Credentials
include_vars: agentless_creeds.yml
@@ -87,7 +93,7 @@
template: src=var-ossec-etc-ossec-server.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
- group=root
+ group=ossec
mode=0644
notify: restart wazuh-manager
tags:
@@ -149,10 +155,8 @@
- wazuh-api
- ossec-authd
-- name: Remove the correct repository
- include: "RMRedHat.yml"
+- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
-- name: Remove the correct repository
- include: "RMDebian.yml"
+- include: "RMDebian.yml"
when: ansible_os_family == "Debian"
diff --git a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
index ffea23d2..5f5dc1db 100644
--- a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
@@ -79,7 +79,10 @@
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
+ /var/ossec/etc/shared/system_audit_ssh.txt
+ {% if cis_distribution_filename is defined %}
/var/ossec/etc/shared/{{ cis_distribution_filename }}
+ {% endif %}
yes
@@ -130,22 +133,34 @@
xccdf_org.ssgproject.content_profile_common
-{% elif ansible_distribution == 'RedHat' %}
+ {% elif ansible_distribution == 'RedHat' %}
- 1800
- 1d
- yes
+ 1800
+ 1d
+ yes
- {% if ansible_distribution_major_version == '7' %}
-
- {% elif ansible_distribution_major_version == '6' %}
-
+ {% if ansible_distribution_major_version == '7' %}
+
+ {% elif ansible_distribution_major_version == '6' %}
+
+ {% endif %}
+ xccdf_org.ssgproject.content_profile_pci-dss
+ xccdf_org.ssgproject.content_profile_common
+
+
+ {% elif ansible_distribution == 'Fedora' %}
+
+ yes
+ 1800
+ 1d
+ yes
+
+
+ xccdf_org.ssgproject.content_profile_pci-dss
+ xccdf_org.ssgproject.content_profile_common
+
+
{% endif %}
- xccdf_org.ssgproject.content_profile_pci-dss
- xccdf_org.ssgproject.content_profile_common
-
-
-{% endif %}
{% if agentless_creeds is defined %}
{% for agentless in agentless_creeds %}