From 97959b50b7933a6bbf3acea2c07f5868ad43d66f Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Fri, 2 Jun 2017 16:51:04 -0400 Subject: [PATCH] Updating tasks and meta.yml --- ansible-role-elasticsearch/meta/main.yml | 17 +++++-- ansible-role-elasticsearch/tasks/Debian.yml | 25 +++-------- ansible-role-elasticsearch/tasks/RMDebian.yml | 1 - ansible-role-elasticsearch/tasks/RMRedHat.yml | 3 +- ansible-role-elasticsearch/tasks/RedHat.yml | 20 ++++----- ansible-role-elasticsearch/tasks/main.yml | 6 +-- ansible-role-filebeat/meta/main.yml | 3 ++ ansible-role-filebeat/tasks/Debian.yml | 11 +++-- ansible-role-filebeat/tasks/RMDebian.yml | 3 +- ansible-role-filebeat/tasks/RMRedHat.yml | 3 +- ansible-role-filebeat/tasks/RedHat.yml | 4 +- ansible-role-filebeat/tasks/main.yml | 6 +-- ansible-role-kibana/meta/main.yml | 11 +++-- ansible-role-kibana/tasks/Debian.yml | 11 +++-- ansible-role-kibana/tasks/RMDebian.yml | 1 - ansible-role-kibana/tasks/RMRedHat.yml | 1 - ansible-role-kibana/tasks/RedHat.yml | 8 ++-- ansible-role-kibana/tasks/main.yml | 16 +++---- ansible-role-logstash/meta/main.yml | 15 +++++-- ansible-role-logstash/tasks/Debian.yml | 21 +++------ ansible-role-logstash/tasks/RMDebian.yml | 1 - ansible-role-logstash/tasks/RMRedHat.yml | 3 +- ansible-role-logstash/tasks/RedHat.yml | 21 ++++----- ansible-role-logstash/tasks/main.yml | 6 +-- ansible-wazuh-agent/defaults/main.yml | 6 +-- ansible-wazuh-agent/handlers/main.yml | 6 +-- ansible-wazuh-agent/meta/main.yml | 42 ++++------------- ansible-wazuh-agent/tasks/Debian.yml | 26 ++++------- ansible-wazuh-agent/tasks/RMDebian.yml | 1 - ansible-wazuh-agent/tasks/RMRedHat.yml | 1 - ansible-wazuh-agent/tasks/RedHat.yml | 27 +++++------ ansible-wazuh-agent/tasks/main.yml | 28 +++++------- .../var-ossec-etc-ossec-agent.conf.j2 | 45 ++++++++++++------- ansible-wazuh-server/handlers/main.yml | 2 - ansible-wazuh-server/meta/main.yml | 5 ++- ansible-wazuh-server/tasks/Debian.yml | 28 ++++-------- ansible-wazuh-server/tasks/RMDebian.yml | 5 +-- ansible-wazuh-server/tasks/RMRedHat.yml | 6 +-- ansible-wazuh-server/tasks/RedHat.yml | 39 +++++++++------- ansible-wazuh-server/tasks/main.yml | 36 ++++++++------- .../var-ossec-etc-ossec-server.conf.j2 | 41 +++++++++++------ 41 files changed, 266 insertions(+), 295 deletions(-) diff --git a/ansible-role-elasticsearch/meta/main.yml b/ansible-role-elasticsearch/meta/main.yml index eebb284f..be846c52 100644 --- a/ansible-role-elasticsearch/meta/main.yml +++ b/ansible-role-elasticsearch/meta/main.yml @@ -1,14 +1,23 @@ --- galaxy_info: author: Jose Luis Ruiz - description: Elasticsearch for Linux. - company: "Wazuh" - license: "license (BSD, MIT)" - min_ansible_version: 1.8 + description: Installing and maintaining Elasticsearch. + company: wazuh.com + license: license (GPLv3) + min_ansible_version: 2.0 platforms: - name: EL versions: - all + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + - name: Fedora + versions: + - all galaxy_tags: - web - system diff --git a/ansible-role-elasticsearch/tasks/Debian.yml b/ansible-role-elasticsearch/tasks/Debian.yml index 95978154..e32929fc 100644 --- a/ansible-role-elasticsearch/tasks/Debian.yml +++ b/ansible-role-elasticsearch/tasks/Debian.yml @@ -1,20 +1,14 @@ --- -- name: Debian/Ubuntu | apt-transport-https - apt: - name: apt-transport-https - state: present - update_cache: yes - -- name: Debian/Ubuntu | ca-certificates - apt: - name: ca-certificates - state: present +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates - name: Debian/Ubuntu | Setting webupd8 repository apt_repository: repo: 'ppa:webupd8team/java' codename: 'xenial' - update_cache: yes - name: Debian/Ubuntu | Accept Oracle Java 8 license debconf: @@ -24,9 +18,7 @@ vtype: boolean - name: Debian/Ubuntu | Oracle Java 8 installer - apt: - name: oracle-java8-installer - state: present + apt: name=oracle-java8-installer state=present update_cache=yes tags: install - name: Debian/Ubuntu | Add Elasticsearch GPG key. @@ -39,10 +31,7 @@ repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: present filename: 'elk_repo' - update_cache: yes - name: Debian/Ubuntu | Install Elasticsarch - apt: - name: elasticsearch={{ elk_stack_version }} - state: present + apt: name=elasticsearch={{ elk_stack_version }} state=present update_cache=yes tags: install diff --git a/ansible-role-elasticsearch/tasks/RMDebian.yml b/ansible-role-elasticsearch/tasks/RMDebian.yml index f352bc4b..74c59c37 100644 --- a/ansible-role-elasticsearch/tasks/RMDebian.yml +++ b/ansible-role-elasticsearch/tasks/RMDebian.yml @@ -1,5 +1,4 @@ --- - - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main diff --git a/ansible-role-elasticsearch/tasks/RMRedHat.yml b/ansible-role-elasticsearch/tasks/RMRedHat.yml index 7fcaae61..3a074165 100644 --- a/ansible-role-elasticsearch/tasks/RMRedHat.yml +++ b/ansible-role-elasticsearch/tasks/RMRedHat.yml @@ -1,6 +1,5 @@ --- -# Remove logstash repository -- name: Remove Elasticsearch repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: name: elk_repo state: absent diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/ansible-role-elasticsearch/tasks/RedHat.yml index f141d230..df21a989 100644 --- a/ansible-role-elasticsearch/tasks/RedHat.yml +++ b/ansible-role-elasticsearch/tasks/RedHat.yml @@ -1,24 +1,23 @@ --- -- name: RedHat | download Oracle Java RPM +- name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm dest: /tmp/jdk-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download - become: yes -- name: RedHat | Install Oracle Java RPM - action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present" - when: not oracle_java_task_rpm_download|skipped - become: yes +- name: RedHat/CentOS/Fedora | Install Oracle Java RPM + package: name=/tmp/jdk-8-linux-x64.rpm state=present + when: oracle_java_task_rpm_download is defined + register: oracle_java_task_rpm_installed tags: install -- name: RedHat | Add Elasticsearch GPG key +- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Elastic repo +- name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages @@ -26,6 +25,7 @@ gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: yes -- name: RedHat | Install Elasticsarch - yum: pkg=elasticsearch-{{ elk_stack_version }} state=present +- name: RedHat/CentOS/Fedora | Install Elasticsarch + package: name=elasticsearch-{{ elk_stack_version }} state=present + when: oracle_java_task_rpm_installed is defined tags: install diff --git a/ansible-role-elasticsearch/tasks/main.yml b/ansible-role-elasticsearch/tasks/main.yml index b6559767..59c02bbb 100644 --- a/ansible-role-elasticsearch/tasks/main.yml +++ b/ansible-role-elasticsearch/tasks/main.yml @@ -31,10 +31,8 @@ enabled: yes state: started -- name: Remove the correct repository - include: "RMRedHat.yml" +- include: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Remove the correct repository - include: "RMDebian.yml" +- include: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-role-filebeat/meta/main.yml b/ansible-role-filebeat/meta/main.yml index 5ac2a409..9fa1e4de 100644 --- a/ansible-role-filebeat/meta/main.yml +++ b/ansible-role-filebeat/meta/main.yml @@ -12,6 +12,9 @@ galaxy_info: versions: - 6 - 7 + - name: Fedora + versions: + - all - name: Debian versions: - jessie diff --git a/ansible-role-filebeat/tasks/Debian.yml b/ansible-role-filebeat/tasks/Debian.yml index cad5b4d6..1d9c7850 100644 --- a/ansible-role-filebeat/tasks/Debian.yml +++ b/ansible-role-filebeat/tasks/Debian.yml @@ -1,13 +1,16 @@ --- -- name: Ensure depdency is installed (Ubuntu). - apt: name=apt-transport-https state=present +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates -- name: Add Elasticsearch apt key. +- name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: Add Filebeat repository. +- name: Debian/Ubuntu | Add Filebeat repository. apt_repository: repo: 'deb https://artifacts.elastic.co/packages/5.x/apt stable main' state: present diff --git a/ansible-role-filebeat/tasks/RMDebian.yml b/ansible-role-filebeat/tasks/RMDebian.yml index 4bc800c7..580e6d86 100644 --- a/ansible-role-filebeat/tasks/RMDebian.yml +++ b/ansible-role-filebeat/tasks/RMDebian.yml @@ -1,6 +1,5 @@ --- -# Remove ELK REPOSITORY and Wazuh repositories from sources list. -- name: Remove Filebeat repository (and clean up left-over metadata) +- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: absent diff --git a/ansible-role-filebeat/tasks/RMRedHat.yml b/ansible-role-filebeat/tasks/RMRedHat.yml index bc63edde..08e176e0 100644 --- a/ansible-role-filebeat/tasks/RMRedHat.yml +++ b/ansible-role-filebeat/tasks/RMRedHat.yml @@ -1,6 +1,5 @@ --- -# Remove repositories -- name: Remove Filebeat repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: name: elk_repo state: absent diff --git a/ansible-role-filebeat/tasks/RedHat.yml b/ansible-role-filebeat/tasks/RedHat.yml index d52e10e3..47180b24 100644 --- a/ansible-role-filebeat/tasks/RedHat.yml +++ b/ansible-role-filebeat/tasks/RedHat.yml @@ -1,10 +1,10 @@ --- -- name: Add Elasticsearch GPG key. +- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key. rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Filebeats repo +- name: RedHat/CentOS/Fedora | Install Filebeats repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages diff --git a/ansible-role-filebeat/tasks/main.yml b/ansible-role-filebeat/tasks/main.yml index 3455f45c..71867d87 100644 --- a/ansible-role-filebeat/tasks/main.yml +++ b/ansible-role-filebeat/tasks/main.yml @@ -19,10 +19,8 @@ state: started enabled: yes -- name: Remove the correct repository - include: "RMRedHat.yml" +- include: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Remove the correct repository - include: "RMDebian.yml" +- include: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-role-kibana/meta/main.yml b/ansible-role-kibana/meta/main.yml index ee1b06b5..7ca3a5fc 100644 --- a/ansible-role-kibana/meta/main.yml +++ b/ansible-role-kibana/meta/main.yml @@ -1,14 +1,17 @@ --- galaxy_info: author: Jose Luis Ruiz - description: Elasticsearch Logstash and Kibana for Linux. - company: "Wazuh" - license: "license (BSD, MIT)" - min_ansible_version: 1.8 + description: Kibana for Linux. + company: wazuh.com + license: license (GPLv3) + min_ansible_version: 2.0 platforms: - name: EL versions: - all + - name: Fedora + versions: + - all - name: Debian versions: - all diff --git a/ansible-role-kibana/tasks/Debian.yml b/ansible-role-kibana/tasks/Debian.yml index b1bf164b..2a9d265c 100644 --- a/ansible-role-kibana/tasks/Debian.yml +++ b/ansible-role-kibana/tasks/Debian.yml @@ -1,4 +1,10 @@ --- +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates + - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" @@ -9,10 +15,7 @@ repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: present filename: 'elk_repo' - update_cache: yes - name: Debian/Ubuntu | Install Kibana - apt: - name: kibana={{ elk_stack_version }} - state: present + apt: name=kibana={{ elk_stack_version }} state=present update_cache=yes tags: install diff --git a/ansible-role-kibana/tasks/RMDebian.yml b/ansible-role-kibana/tasks/RMDebian.yml index f352bc4b..74c59c37 100644 --- a/ansible-role-kibana/tasks/RMDebian.yml +++ b/ansible-role-kibana/tasks/RMDebian.yml @@ -1,5 +1,4 @@ --- - - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main diff --git a/ansible-role-kibana/tasks/RMRedHat.yml b/ansible-role-kibana/tasks/RMRedHat.yml index 7fcaae61..d3bd6332 100644 --- a/ansible-role-kibana/tasks/RMRedHat.yml +++ b/ansible-role-kibana/tasks/RMRedHat.yml @@ -1,5 +1,4 @@ --- -# Remove logstash repository - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: name: elk_repo diff --git a/ansible-role-kibana/tasks/RedHat.yml b/ansible-role-kibana/tasks/RedHat.yml index c81c202c..8ceb03e7 100644 --- a/ansible-role-kibana/tasks/RedHat.yml +++ b/ansible-role-kibana/tasks/RedHat.yml @@ -1,10 +1,10 @@ --- -- name: RedHat | Add Elasticsearch GPG key +- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Elastic repo +- name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages @@ -12,6 +12,6 @@ gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: yes -- name: RedHat | Install Kibana - yum: pkg=kibana-{{ elk_stack_version }} state=present +- name: RedHat/CentOS/Fedora | Install Kibana + package: name=kibana-{{ elk_stack_version }} state=present tags: install diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml index 5483c46a..da62fe11 100644 --- a/ansible-role-kibana/tasks/main.yml +++ b/ansible-role-kibana/tasks/main.yml @@ -20,21 +20,21 @@ tags: configure - name: Checking Wazuh-APP version compatibility - shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json - removes=/usr/share/kibana/plugins/wazuh/package.json - register: wazuh_app_notok - ignore_errors: yes - changed_when: "wazuh_app_notok.rc != 0" + shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" + args: + removes: /usr/share/kibana/plugins/wazuh/package.json + register: wazuh_app_verify tags: install - name: Removing Wazuh-APP by compatibility issues shell: /usr/share/kibana/bin/kibana-plugin remove wazuh - when: wazuh_app_notok.rc != 0 + when: wazuh_app_verify.stdout == "0" tags: install - name: Install Wazuh-APP (can take a while) - shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip - creates=/usr/share/kibana/plugins/wazuh/package.json + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip" + args: + creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana tags: install diff --git a/ansible-role-logstash/meta/main.yml b/ansible-role-logstash/meta/main.yml index 49cebc4c..d51fabdd 100644 --- a/ansible-role-logstash/meta/main.yml +++ b/ansible-role-logstash/meta/main.yml @@ -2,13 +2,22 @@ galaxy_info: author: Jose Luis Ruiz description: Logstash for Linux. - company: "Wazuh" - license: "license (BSD, MIT)" - min_ansible_version: 1.8 + company: wazuh.com + license: license (GPLv3) + min_ansible_version: 2.0 platforms: - name: EL versions: - all + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all galaxy_tags: - web - system diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml index 4c6ebd13..c982c465 100644 --- a/ansible-role-logstash/tasks/Debian.yml +++ b/ansible-role-logstash/tasks/Debian.yml @@ -1,20 +1,14 @@ --- -- name: Debian/Ubuntu | apt-transport-https - apt: - name: apt-transport-https - state: present - update_cache: yes - -- name: Debian/Ubuntu | ca-certificates - apt: - name: ca-certificates - state: present +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates - name: Debian/Ubuntu | Setting webupd8 repository apt_repository: repo: 'ppa:webupd8team/java' codename: 'xenial' - update_cache: yes - name: Debian/Ubuntu | Accept Oracle Java 8 license debconf: @@ -40,10 +34,7 @@ repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main state: present filename: 'elk_repo' - update_cache: yes - name: Debian/Ubuntu | Install Logstash - apt: - name: logstash=1:{{ elk_stack_version }}-1 - state: present + apt: name=logstash=1:{{ elk_stack_version }}-1 state=present update_cache=yes tags: install diff --git a/ansible-role-logstash/tasks/RMDebian.yml b/ansible-role-logstash/tasks/RMDebian.yml index f352bc4b..74c59c37 100644 --- a/ansible-role-logstash/tasks/RMDebian.yml +++ b/ansible-role-logstash/tasks/RMDebian.yml @@ -1,5 +1,4 @@ --- - - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main diff --git a/ansible-role-logstash/tasks/RMRedHat.yml b/ansible-role-logstash/tasks/RMRedHat.yml index 427b846e..c4e92ff8 100644 --- a/ansible-role-logstash/tasks/RMRedHat.yml +++ b/ansible-role-logstash/tasks/RMRedHat.yml @@ -1,6 +1,5 @@ --- -# Remove logstash repository -- name: RedHat | Remove logstash repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove logstash repository (and clean up left-over metadata) yum_repository: name: elk_repo state: absent diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml index a40ad41f..31540239 100644 --- a/ansible-role-logstash/tasks/RedHat.yml +++ b/ansible-role-logstash/tasks/RedHat.yml @@ -1,23 +1,23 @@ --- -- name: RedHat | Download Java RPM +- name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm dest: /tmp/jdk-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download - become: yes -- name: RedHat | Install Oracle Java RPM - action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present" - when: not oracle_java_task_rpm_download|skipped - become: yes +- name: RedHat/CentOS/Fedora | Install Oracle Java RPM + package: name=/tmp/jdk-8-linux-x64.rpm state=present + when: oracle_java_task_rpm_download is defined + register: oracle_java_task_rpm_installed + tags: install -- name: RedHat | Add Elasticsearch GPG key. +- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key. rpm_key: key: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present -- name: RedHat | Install Logstash repo +- name: RedHat/CentOS/Fedora | Install Logstash repo yum_repository: name: elk_repo description: Elastic repository for 5.x packages @@ -25,6 +25,7 @@ gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: yes -- name: RedHat | Install Logstash - yum: pkg=logstash-{{ elk_stack_version }} state=present +- name: RedHat/CentOS/Fedora | Install Logstash + package: name=logstash-{{ elk_stack_version }} state=present + when: oracle_java_task_rpm_installed is defined tags: install diff --git a/ansible-role-logstash/tasks/main.yml b/ansible-role-logstash/tasks/main.yml index f146ecbc..d01ed205 100644 --- a/ansible-role-logstash/tasks/main.yml +++ b/ansible-role-logstash/tasks/main.yml @@ -29,10 +29,8 @@ enabled: yes state: started -- name: Remove the correct repository - include: "RMRedHat.yml" +- include: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Remove the correct repository - include: "RMDebian.yml" +- include: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml index 2fec51df..5986d569 100644 --- a/ansible-wazuh-agent/defaults/main.yml +++ b/ansible-wazuh-agent/defaults/main.yml @@ -1,7 +1,6 @@ --- ossec_server_ip: 127.0.0.1 -ossec_server_name: "" -ossec_managed_server: true +ossec_register_client: false ossec_agent_config: frequency_check: 43200 syscheck_scan_on_start: 'yes' @@ -40,6 +39,3 @@ ossec_agent_config: - format: 'full_command' command: 'last -n 20' frequency: '360' - globals: - - '127.0.0.1' - - '192.168.2.1' diff --git a/ansible-wazuh-agent/handlers/main.yml b/ansible-wazuh-agent/handlers/main.yml index 6039b620..f778a145 100644 --- a/ansible-wazuh-agent/handlers/main.yml +++ b/ansible-wazuh-agent/handlers/main.yml @@ -1,7 +1,3 @@ --- -# handlers file for ossec-agent - - name: restart wazuh-agent - service: name=wazuh-agent - state=restarted - enabled=yes + service: name=wazuh-agent state=restarted enabled=yes diff --git a/ansible-wazuh-agent/meta/main.yml b/ansible-wazuh-agent/meta/main.yml index cb11a41c..487537cc 100644 --- a/ansible-wazuh-agent/meta/main.yml +++ b/ansible-wazuh-agent/meta/main.yml @@ -1,47 +1,23 @@ --- galaxy_info: - author: Werner Dijkerman - description: INstalling and maintaining the ossec-agent. - company: myCompany.Dotcom + author: Jose Luis Ruiz + description: Installing and maintaining the wazuh-agent. + company: wazuh.com license: license (GPLv3) - min_ansible_version: 1.4 + min_ansible_version: 2.0 platforms: - name: EL versions: - - 5 - - 6 - - 7 - - name: Fedora + - all + - name: Ubuntu versions: - all - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: Ubuntu - # versions: - # - all - # - lucid - # - maverick - # - natty - # - oneiric - # - precise - # - quantal - # - raring - # - saucy - # - trusty - name: Debian versions: - all + - name: Fedora + versions: + - all categories: - monitoring dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. - diff --git a/ansible-wazuh-agent/tasks/Debian.yml b/ansible-wazuh-agent/tasks/Debian.yml index a9a7c4e8..957e5089 100644 --- a/ansible-wazuh-agent/tasks/Debian.yml +++ b/ansible-wazuh-agent/tasks/Debian.yml @@ -1,33 +1,23 @@ --- +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates + - name: Debian/Ubuntu | Installing repository key apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH -- name: Debian/Ubuntu | Install apt-transport-https - apt: pkg=apt-transport-https - state=present - update_cache=yes - cache_valid_time=3600 - - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH -- name: Add Wazuh epositories. +- name: Debian/Ubuntu | Add Wazuh repositories. apt_repository: repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: present update_cache: yes - + - name: Set Distribution CIS filename for debian set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt when: ansible_os_family == "Debian" - -- name: Debian/Ubuntu | Install wazuh-agent - apt: pkg={{ item }} - state=present - update_cache=yes - cache_valid_time=3600 - with_items: - - wazuh-agent - tags: - - init diff --git a/ansible-wazuh-agent/tasks/RMDebian.yml b/ansible-wazuh-agent/tasks/RMDebian.yml index 3c56a9db..81befd12 100644 --- a/ansible-wazuh-agent/tasks/RMDebian.yml +++ b/ansible-wazuh-agent/tasks/RMDebian.yml @@ -1,5 +1,4 @@ --- -# Remove Nodejs and Wazuh repositories from sources list. - apt_repository: repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: absent diff --git a/ansible-wazuh-agent/tasks/RMRedHat.yml b/ansible-wazuh-agent/tasks/RMRedHat.yml index fe04a176..0d131cca 100644 --- a/ansible-wazuh-agent/tasks/RMRedHat.yml +++ b/ansible-wazuh-agent/tasks/RMRedHat.yml @@ -1,5 +1,4 @@ --- -# Remove repositories - name: Remove Wazuh repository (and clean up left-over metadata) yum_repository: name: wazuh_repo diff --git a/ansible-wazuh-agent/tasks/RedHat.yml b/ansible-wazuh-agent/tasks/RedHat.yml index 74e731a4..38048aa3 100644 --- a/ansible-wazuh-agent/tasks/RedHat.yml +++ b/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,6 +1,5 @@ --- -# Tasks specific for RedHat/CentOS systems -- name: RedHat | Install Wazuh repo +- name: CentOS | Install Wazuh repo yum_repository: name: wazuh_repo description: CentOS-$releasever - Wazuh @@ -9,7 +8,15 @@ gpgcheck: yes when: ansible_distribution == 'CentOS' -# Tasks specific for RedHat systems +- name: Fedora | Install Wazuh repo + yum_repository: + name: wazuh_repo + description: Fedora-$releasever - Wazuh + baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + gpgcheck: yes + when: ansible_distribution == 'Fedora' + - name: RedHat | Install Wazuh repo yum_repository: name: wazuh_repo @@ -34,17 +41,7 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" -- name: RedHat | Install openscap - yum: pkg=openscap-scanner - state=present - when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6 - tags: - - init - -- name: RedHat | Install Wazuh Agent - yum: pkg={{ item }} - state=present - with_items: - - wazuh-agent +- name: RedHat/CentOS/RedHat | Install openscap + package: name=openscap-scanner state=present tags: - init diff --git a/ansible-wazuh-agent/tasks/main.yml b/ansible-wazuh-agent/tasks/main.yml index b5af50a1..6ae59ce1 100644 --- a/ansible-wazuh-agent/tasks/main.yml +++ b/ansible-wazuh-agent/tasks/main.yml @@ -1,14 +1,15 @@ --- -# tasks file for ossec-agent - -- name: "Install the correct repository" - include: "RedHat.yml" +- include: "RedHat.yml" when: ansible_os_family == "RedHat" -- name: Install the correct repository - include: "Debian.yml" +- include: "Debian.yml" when: ansible_os_family == "Debian" +- name: Install wazuh-agent + package: name=wazuh-agent state=present + tags: + - init + - name: "Check if client.keys exists" stat: path=/var/ossec/etc/client.keys register: check_keys @@ -17,7 +18,7 @@ - name: "Register client" shell: /var/ossec/bin/agent-auth -m {{ ossec_server_ip }} -p 1515 - when: ossec_server_ip and check_keys.stat.size == 0 + when: ossec_register_client == true and check_keys.stat.size == 0 tags: - config @@ -25,7 +26,7 @@ template: src=var-ossec-etc-ossec-agent.conf.j2 dest=/var/ossec/etc/ossec.conf owner=root - group=root + group=ossec mode=0644 notify: restart wazuh-agent tags: @@ -34,17 +35,12 @@ - name: Ensure Wazuh Manager service is started and enabled service: - name: "{{ item }}" + name: wazuh-agent enabled: yes state: started - with_items: - - wazuh-agent - -- name: Remove the correct repository - include: "RMRedHat.yml" +- include: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Remove the correct repository - include: "RMDebian.yml" +- include: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 876d539e..692a15d9 100644 --- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -6,7 +6,7 @@ {% if ossec_profile is defined %} {{ ossec_profile }} {% endif %} - tcp + udp {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %} @@ -34,22 +34,34 @@ xccdf_org.ssgproject.content_profile_common -{% elif ansible_distribution == 'RedHat' %} - - 1800 - 1d - yes + {% elif ansible_distribution == 'RedHat' %} + + 1800 + 1d + yes - {% if ansible_distribution_major_version == '7' %} - - {% elif ansible_distribution_major_version == '6' %} - + {% if ansible_distribution_major_version == '7' %} + + {% elif ansible_distribution_major_version == '6' %} + + {% endif %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + + + {% elif ansible_distribution == 'Fedora' %} + + yes + 1800 + 1d + yes + + + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + + {% endif %} - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - -{% endif %} no @@ -68,7 +80,10 @@ /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt /var/ossec/etc/shared/system_audit_rcl.txt + /var/ossec/etc/shared/system_audit_ssh.txt + {% if cis_distribution_filename is defined %} /var/ossec/etc/shared/{{ cis_distribution_filename }} + {% endif %} yes diff --git a/ansible-wazuh-server/handlers/main.yml b/ansible-wazuh-server/handlers/main.yml index c7714a8f..2d799c45 100644 --- a/ansible-wazuh-server/handlers/main.yml +++ b/ansible-wazuh-server/handlers/main.yml @@ -1,6 +1,4 @@ --- -# handlers file for wazuh-manager - - name: restart wazuh-manager service: name=wazuh-manager state=restarted diff --git a/ansible-wazuh-server/meta/main.yml b/ansible-wazuh-server/meta/main.yml index 86b379a1..51eef519 100644 --- a/ansible-wazuh-server/meta/main.yml +++ b/ansible-wazuh-server/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Installing and maintaining the wazuh-manager. company: wazuh.com license: license (GPLv3) - min_ansible_version: 1.4 + min_ansible_version: 2.0 platforms: - name: EL versions: @@ -15,6 +15,9 @@ galaxy_info: - name: Debian versions: - all + - name: Fedora + versions: + - all categories: - monitoring dependencies: [] diff --git a/ansible-wazuh-server/tasks/Debian.yml b/ansible-wazuh-server/tasks/Debian.yml index a3863689..f96f07ce 100644 --- a/ansible-wazuh-server/tasks/Debian.yml +++ b/ansible-wazuh-server/tasks/Debian.yml @@ -1,13 +1,14 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https - apt: pkg=apt-transport-https - state=present - update_cache=yes +- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates + apt: name="{{ item }}" state=present update_cache=yes + with_items: + - apt-transport-https + - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH -- name: Add Wazuh repositories. +- name: Debian/Ubuntu | Add Wazuh repositories apt_repository: repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: present @@ -16,25 +17,12 @@ - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key -- name: Add NodeSource repositories for Node.js. +- name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main state: present update_cache: yes -- name: Debian/Ubuntu | Install wazuh-manager - apt: pkg={{ item }} - state=present - update_cache=yes - cache_valid_time=3600 - with_items: - - wazuh-manager - - wazuh-api - - expect - tags: - - init - -- name: Set Distribution CIS filename for Debian/Ubuntu +- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt - when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-server/tasks/RMDebian.yml b/ansible-wazuh-server/tasks/RMDebian.yml index 3f842e23..1fb9b04d 100644 --- a/ansible-wazuh-server/tasks/RMDebian.yml +++ b/ansible-wazuh-server/tasks/RMDebian.yml @@ -1,11 +1,10 @@ --- -# Remove Nodejs and Wazuh repositories from sources list. -- name: Remove Wazuh repository. +- name: Debian/Ubuntu | Remove Wazuh repository. apt_repository: repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: absent -- name: Remove Nodejs repository. +- name: Debian/Ubuntu | Remove Nodejs repository. apt_repository: repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main state: absent diff --git a/ansible-wazuh-server/tasks/RMRedHat.yml b/ansible-wazuh-server/tasks/RMRedHat.yml index 52577c31..6349dc6a 100644 --- a/ansible-wazuh-server/tasks/RMRedHat.yml +++ b/ansible-wazuh-server/tasks/RMRedHat.yml @@ -1,12 +1,10 @@ --- -# Remove repositories -- name: Remove NodeJS repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata) yum_repository: name: NodeJS state: absent - -- name: Remove Wazuh repository (and clean up left-over metadata) +- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) yum_repository: name: wazuh_repo state: absent diff --git a/ansible-wazuh-server/tasks/RedHat.yml b/ansible-wazuh-server/tasks/RedHat.yml index 3d71647d..cdc79998 100644 --- a/ansible-wazuh-server/tasks/RedHat.yml +++ b/ansible-wazuh-server/tasks/RedHat.yml @@ -1,12 +1,21 @@ --- -# Tasks specific for RedHat systems -- name: RedHat | Install Nodejs repo +- name: RedHat/CentOS | Install Nodejs repo yum_repository: name: NodeJS description: NodeJS-$releasever baseurl: https://rpm.nodesource.com/pub_6.x/el/$releasever/x86_64 gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL gpgcheck: yes + when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' + +- name: Fedora | Install Nodejs repo + yum_repository: + name: NodeJS + description: NodeJS-$releasever + baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 + gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL + gpgcheck: yes + when: ansible_distribution == 'Fedora' - name: CentOS | Install Wazuh repo yum_repository: @@ -17,7 +26,15 @@ gpgcheck: yes when: ansible_distribution == 'CentOS' -# Tasks specific for RedHat systems +- name: Fedora | Install Wazuh repo + yum_repository: + name: wazuh_repo + description: Fedora-$releasever - Wazuh + baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + gpgcheck: yes + when: ansible_distribution == 'Fedora' + - name: RedHat | Install Wazuh repo yum_repository: name: wazuh_repo @@ -27,20 +44,8 @@ gpgcheck: yes when: ansible_distribution == 'RedHat' -- name: RedHat | Install Wazuh Manager and Wazuh Api - yum: pkg={{ item }} - state=present - with_items: - - wazuh-manager - - wazuh-api - - expect - tags: - - init - -- name: RedHat | Install openscap - yum: pkg=openscap-scanner - state=present - when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6 +- name: RedHat/CentOS/Fedora | Install openscap + package: name=openscap-scanner state=present tags: - init diff --git a/ansible-wazuh-server/tasks/main.yml b/ansible-wazuh-server/tasks/main.yml index 8c57e048..8b89a80c 100644 --- a/ansible-wazuh-server/tasks/main.yml +++ b/ansible-wazuh-server/tasks/main.yml @@ -1,13 +1,19 @@ --- -# tasks file for wazuh-manager -- name: Install the correct repository - include: "RedHat.yml" +- include: "RedHat.yml" when: ansible_os_family == "RedHat" -- name: Install the correct repository - include: "Debian.yml" +- include: "Debian.yml" when: ansible_os_family == "Debian" +- name: Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }} state=present + with_items: + - wazuh-manager + - wazuh-api + - expect + tags: + - init + - name: Generate SSL files command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/" args: @@ -43,7 +49,7 @@ - name: Configure the shared-agent.conf template: src=var-ossec-etc-shared-agent.conf.j2 dest=/var/ossec/etc/shared/agent.conf - owner=ossec + owner=root group=ossec mode=0640 notify: restart wazuh-manager @@ -56,11 +62,11 @@ register: csyslog_running changed_when: False -- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given +- name: Enable client-syslog command: /var/ossec/bin/ossec-control enable client-syslog when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined -- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given +- name: Start client-syslog command: /var/ossec/bin/ossec-control start client-syslog when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined @@ -71,11 +77,11 @@ - name: Enable ossec-agentlessd command: /var/ossec/bin/ossec-control enable agentless - when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined + when: agentless_running.stdout == '0' and agentless_creeds is defined -- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given +- name: Start client-syslog command: /var/ossec/bin/ossec-control start agentless - when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined + when: agentless_running.stdout == '0' and agentless_creeds is defined - name: Retrieving Agentless Credentials include_vars: agentless_creeds.yml @@ -87,7 +93,7 @@ template: src=var-ossec-etc-ossec-server.conf.j2 dest=/var/ossec/etc/ossec.conf owner=root - group=root + group=ossec mode=0644 notify: restart wazuh-manager tags: @@ -149,10 +155,8 @@ - wazuh-api - ossec-authd -- name: Remove the correct repository - include: "RMRedHat.yml" +- include: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- name: Remove the correct repository - include: "RMDebian.yml" +- include: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 index ffea23d2..5f5dc1db 100644 --- a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 @@ -79,7 +79,10 @@ /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt /var/ossec/etc/shared/system_audit_rcl.txt + /var/ossec/etc/shared/system_audit_ssh.txt + {% if cis_distribution_filename is defined %} /var/ossec/etc/shared/{{ cis_distribution_filename }} + {% endif %} yes @@ -130,22 +133,34 @@ xccdf_org.ssgproject.content_profile_common -{% elif ansible_distribution == 'RedHat' %} + {% elif ansible_distribution == 'RedHat' %} - 1800 - 1d - yes + 1800 + 1d + yes - {% if ansible_distribution_major_version == '7' %} - - {% elif ansible_distribution_major_version == '6' %} - + {% if ansible_distribution_major_version == '7' %} + + {% elif ansible_distribution_major_version == '6' %} + + {% endif %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + + + {% elif ansible_distribution == 'Fedora' %} + + yes + 1800 + 1d + yes + + + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + + {% endif %} - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - -{% endif %} {% if agentless_creeds is defined %} {% for agentless in agentless_creeds %}