afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating tasks and meta.yml

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-06-02 16:51:04 -04:00 committed by Miguelangel Freitas
parent f8d8ca9294
commit 97959b50b7
41 changed files with 266 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ansible-role-elasticsearch/meta/main.yml
View File

@ -1,14 +1,23 @@
---
galaxy_info:
author: Jose Luis Ruiz
description: Elasticsearch for Linux.
company: "Wazuh"
license: "license (BSD, MIT)"
min_ansible_version: 1.8
description: Installing and maintaining Elasticsearch.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
- name: Fedora
versions:
- all
galaxy_tags:
- web
- system

25
ansible-role-elasticsearch/tasks/Debian.yml
View File

@ -1,20 +1,14 @@
---
- name: Debian/Ubuntu | apt-transport-https
apt:
name: apt-transport-https
state: present
update_cache: yes
- name: Debian/Ubuntu | ca-certificates
apt:
name: ca-certificates
state: present
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Setting webupd8 repository
apt_repository:
repo: 'ppa:webupd8team/java'
codename: 'xenial'
update_cache: yes
- name: Debian/Ubuntu | Accept Oracle Java 8 license
debconf:
@ -24,9 +18,7 @@
vtype: boolean
- name: Debian/Ubuntu | Oracle Java 8 installer
apt:
name: oracle-java8-installer
state: present
apt: name=oracle-java8-installer state=present update_cache=yes
tags: install
- name: Debian/Ubuntu | Add Elasticsearch GPG key.
@ -39,10 +31,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
update_cache: yes
- name: Debian/Ubuntu | Install Elasticsarch
apt:
name: elasticsearch={{ elk_stack_version }}
state: present
apt: name=elasticsearch={{ elk_stack_version }} state=present update_cache=yes
tags: install

1
ansible-role-elasticsearch/tasks/RMDebian.yml
View File

@ -1,5 +1,4 @@
---
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

3
ansible-role-elasticsearch/tasks/RMRedHat.yml
View File

@ -1,6 +1,5 @@
---
# Remove logstash repository
- name: Remove Elasticsearch repository (and clean up left-over metadata)
- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent

20
ansible-role-elasticsearch/tasks/RedHat.yml
View File

@ -1,24 +1,23 @@
---
- name: RedHat | download Oracle Java RPM
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
dest: /tmp/jdk-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
become: yes
- name: RedHat | Install Oracle Java RPM
action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
when: not oracle_java_task_rpm_download|skipped
become: yes
- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
package: name=/tmp/jdk-8-linux-x64.rpm state=present
when: oracle_java_task_rpm_download is defined
register: oracle_java_task_rpm_installed
tags: install
- name: RedHat | Add Elasticsearch GPG key
- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: RedHat | Install Elastic repo
- name: RedHat/CentOS/Fedora | Install Elastic repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@ -26,6 +25,7 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
- name: RedHat | Install Elasticsarch
yum: pkg=elasticsearch-{{ elk_stack_version }} state=present
- name: RedHat/CentOS/Fedora | Install Elasticsarch
package: name=elasticsearch-{{ elk_stack_version }} state=present
when: oracle_java_task_rpm_installed is defined
tags: install

6
ansible-role-elasticsearch/tasks/main.yml
View File

@ -31,10 +31,8 @@
enabled: yes
state: started
- name: Remove the correct repository
include: "RMRedHat.yml"
- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- name: Remove the correct repository
include: "RMDebian.yml"
- include: "RMDebian.yml"
when: ansible_os_family == "Debian"

3
ansible-role-filebeat/meta/main.yml
View File

@ -12,6 +12,9 @@ galaxy_info:
versions:
- 6
- 7
- name: Fedora
versions:
- all
- name: Debian
versions:
- jessie

11
ansible-role-filebeat/tasks/Debian.yml
View File

@ -1,13 +1,16 @@
---
- name: Ensure depdency is installed (Ubuntu).
apt: name=apt-transport-https state=present
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Add Elasticsearch apt key.
- name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: Add Filebeat repository.
- name: Debian/Ubuntu | Add Filebeat repository.
apt_repository:
repo: 'deb https://artifacts.elastic.co/packages/5.x/apt stable main'
state: present

3
ansible-role-filebeat/tasks/RMDebian.yml
View File

@ -1,6 +1,5 @@
---
# Remove ELK REPOSITORY and Wazuh repositories from sources list.
- name: Remove Filebeat repository (and clean up left-over metadata)
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: absent

3
ansible-role-filebeat/tasks/RMRedHat.yml
View File

@ -1,6 +1,5 @@
---
# Remove repositories
- name: Remove Filebeat repository (and clean up left-over metadata)
- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent

4
ansible-role-filebeat/tasks/RedHat.yml
View File

@ -1,10 +1,10 @@
---
- name: Add Elasticsearch GPG key.
- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: RedHat | Install Filebeats repo
- name: RedHat/CentOS/Fedora | Install Filebeats repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages

6
ansible-role-filebeat/tasks/main.yml
View File

@ -19,10 +19,8 @@
state: started
enabled: yes
- name: Remove the correct repository
include: "RMRedHat.yml"
- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- name: Remove the correct repository
include: "RMDebian.yml"
- include: "RMDebian.yml"
when: ansible_os_family == "Debian"

11
ansible-role-kibana/meta/main.yml
View File

@ -1,14 +1,17 @@
---
galaxy_info:
author: Jose Luis Ruiz
description: Elasticsearch Logstash and Kibana for Linux.
company: "Wazuh"
license: "license (BSD, MIT)"
min_ansible_version: 1.8
description: Kibana for Linux.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all

11
ansible-role-kibana/tasks/Debian.yml
View File

@ -1,4 +1,10 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
@ -9,10 +15,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
update_cache: yes
- name: Debian/Ubuntu | Install Kibana
apt:
name: kibana={{ elk_stack_version }}
state: present
apt: name=kibana={{ elk_stack_version }} state=present update_cache=yes
tags: install

1
ansible-role-kibana/tasks/RMDebian.yml
View File

@ -1,5 +1,4 @@
---
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

1
ansible-role-kibana/tasks/RMRedHat.yml
View File

@ -1,5 +1,4 @@
---
# Remove logstash repository
- name: Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository:
name: elk_repo

8
ansible-role-kibana/tasks/RedHat.yml
View File

@ -1,10 +1,10 @@
---
- name: RedHat | Add Elasticsearch GPG key
- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: RedHat | Install Elastic repo
- name: RedHat/CentOS/Fedora | Install Elastic repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@ -12,6 +12,6 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
- name: RedHat | Install Kibana
yum: pkg=kibana-{{ elk_stack_version }} state=present
- name: RedHat/CentOS/Fedora | Install Kibana
package: name=kibana-{{ elk_stack_version }} state=present
tags: install

16
ansible-role-kibana/tasks/main.yml
View File

@ -20,21 +20,21 @@
tags: configure
- name: Checking Wazuh-APP version compatibility
shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json
removes=/usr/share/kibana/plugins/wazuh/package.json
register: wazuh_app_notok
ignore_errors: yes
changed_when: "wazuh_app_notok.rc != 0"
shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo"
args:
removes: /usr/share/kibana/plugins/wazuh/package.json
register: wazuh_app_verify
tags: install
- name: Removing Wazuh-APP by compatibility issues
shell: /usr/share/kibana/bin/kibana-plugin remove wazuh
when: wazuh_app_notok.rc != 0
when: wazuh_app_verify.stdout == "0"
tags: install
- name: Install Wazuh-APP (can take a while)
shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip
creates=/usr/share/kibana/plugins/wazuh/package.json
shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip"
args:
creates: /usr/share/kibana/plugins/wazuh/package.json
notify: restart kibana
tags: install

15
ansible-role-logstash/meta/main.yml
View File

@ -2,13 +2,22 @@
galaxy_info:
author: Jose Luis Ruiz
description: Logstash for Linux.
company: "Wazuh"
license: "license (BSD, MIT)"
min_ansible_version: 1.8
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- web
- system

21
ansible-role-logstash/tasks/Debian.yml
View File

@ -1,20 +1,14 @@
---
- name: Debian/Ubuntu | apt-transport-https
apt:
name: apt-transport-https
state: present
update_cache: yes
- name: Debian/Ubuntu | ca-certificates
apt:
name: ca-certificates
state: present
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Setting webupd8 repository
apt_repository:
repo: 'ppa:webupd8team/java'
codename: 'xenial'
update_cache: yes
- name: Debian/Ubuntu | Accept Oracle Java 8 license
debconf:
@ -40,10 +34,7 @@
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
state: present
filename: 'elk_repo'
update_cache: yes
- name: Debian/Ubuntu | Install Logstash
apt:
name: logstash=1:{{ elk_stack_version }}-1
state: present
apt: name=logstash=1:{{ elk_stack_version }}-1 state=present update_cache=yes
tags: install

1
ansible-role-logstash/tasks/RMDebian.yml
View File

@ -1,5 +1,4 @@
---
- name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository:
repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

3
ansible-role-logstash/tasks/RMRedHat.yml
View File

@ -1,6 +1,5 @@
---
# Remove logstash repository
- name: RedHat | Remove logstash repository (and clean up left-over metadata)
- name: RedHat/CentOS/Fedora | Remove logstash repository (and clean up left-over metadata)
yum_repository:
name: elk_repo
state: absent

21
ansible-role-logstash/tasks/RedHat.yml
View File

@ -1,23 +1,23 @@
---
- name: RedHat | Download Java RPM
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
get_url:
url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
dest: /tmp/jdk-8-linux-x64.rpm
headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
register: oracle_java_task_rpm_download
become: yes
- name: RedHat | Install Oracle Java RPM
action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
when: not oracle_java_task_rpm_download|skipped
become: yes
- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
package: name=/tmp/jdk-8-linux-x64.rpm state=present
when: oracle_java_task_rpm_download is defined
register: oracle_java_task_rpm_installed
tags: install
- name: RedHat | Add Elasticsearch GPG key.
- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
rpm_key:
key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: RedHat | Install Logstash repo
- name: RedHat/CentOS/Fedora | Install Logstash repo
yum_repository:
name: elk_repo
description: Elastic repository for 5.x packages
@ -25,6 +25,7 @@
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
gpgcheck: yes
- name: RedHat | Install Logstash
yum: pkg=logstash-{{ elk_stack_version }} state=present
- name: RedHat/CentOS/Fedora | Install Logstash
package: name=logstash-{{ elk_stack_version }} state=present
when: oracle_java_task_rpm_installed is defined
tags: install

6
ansible-role-logstash/tasks/main.yml
View File

@ -29,10 +29,8 @@
enabled: yes
state: started
- name: Remove the correct repository
include: "RMRedHat.yml"
- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- name: Remove the correct repository
include: "RMDebian.yml"
- include: "RMDebian.yml"
when: ansible_os_family == "Debian"

6
ansible-wazuh-agent/defaults/main.yml
View File

@ -1,7 +1,6 @@
---
ossec_server_ip: 127.0.0.1
ossec_server_name: ""
ossec_managed_server: true
ossec_register_client: false
ossec_agent_config:
frequency_check: 43200
syscheck_scan_on_start: 'yes'
@ -40,6 +39,3 @@ ossec_agent_config:
- format: 'full_command'
command: 'last -n 20'
frequency: '360'
globals:
- '127.0.0.1'
- '192.168.2.1'

6
ansible-wazuh-agent/handlers/main.yml
View File

@ -1,7 +1,3 @@
---
# handlers file for ossec-agent
- name: restart wazuh-agent
service: name=wazuh-agent
state=restarted
enabled=yes
service: name=wazuh-agent state=restarted enabled=yes

42
ansible-wazuh-agent/meta/main.yml
View File

@ -1,47 +1,23 @@
---
galaxy_info:
author: Werner Dijkerman
description: INstalling and maintaining the ossec-agent.
company: myCompany.Dotcom
author: Jose Luis Ruiz
description: Installing and maintaining the wazuh-agent.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 1.4
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- 5
- 6
- 7
- name: Fedora
- all
- name: Ubuntu
versions:
- all
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
- name: Debian
versions:
- all
- name: Fedora
versions:
- all
categories:
- monitoring
dependencies: []
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.

24
ansible-wazuh-agent/tasks/Debian.yml
View File

@ -1,17 +1,17 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
- name: Debian/Ubuntu | Install apt-transport-https
apt: pkg=apt-transport-https
state=present
update_cache=yes
cache_valid_time=3600
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
- name: Add Wazuh epositories.
- name: Debian/Ubuntu | Add Wazuh repositories.
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: present
@ -21,13 +21,3 @@
set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt
when: ansible_os_family == "Debian"
- name: Debian/Ubuntu | Install wazuh-agent
apt: pkg={{ item }}
state=present
update_cache=yes
cache_valid_time=3600
with_items:
- wazuh-agent
tags:
- init

1
ansible-wazuh-agent/tasks/RMDebian.yml
View File

@ -1,5 +1,4 @@
---
# Remove Nodejs and Wazuh repositories from sources list.
- apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: absent

1
ansible-wazuh-agent/tasks/RMRedHat.yml
View File

@ -1,5 +1,4 @@
---
# Remove repositories
- name: Remove Wazuh repository (and clean up left-over metadata)
yum_repository:
name: wazuh_repo

27
ansible-wazuh-agent/tasks/RedHat.yml
View File

@ -1,6 +1,5 @@
---
# Tasks specific for RedHat/CentOS systems
- name: RedHat | Install Wazuh repo
- name: CentOS | Install Wazuh repo
yum_repository:
name: wazuh_repo
description: CentOS-$releasever - Wazuh
@ -9,7 +8,15 @@
gpgcheck: yes
when: ansible_distribution == 'CentOS'
# Tasks specific for RedHat systems
- name: Fedora | Install Wazuh repo
yum_repository:
name: wazuh_repo
description: Fedora-$releasever - Wazuh
baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
gpgcheck: yes
when: ansible_distribution == 'Fedora'
- name: RedHat | Install Wazuh repo
yum_repository:
name: wazuh_repo
@ -34,17 +41,7 @@
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
- name: RedHat | Install openscap
yum: pkg=openscap-scanner
state=present
when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
tags:
- init
- name: RedHat | Install Wazuh Agent
yum: pkg={{ item }}
state=present
with_items:
- wazuh-agent
- name: RedHat/CentOS/RedHat | Install openscap
package: name=openscap-scanner state=present
tags:
- init

28
ansible-wazuh-agent/tasks/main.yml
View File

@ -1,14 +1,15 @@
---
# tasks file for ossec-agent
- name: "Install the correct repository"
include: "RedHat.yml"
- include: "RedHat.yml"
when: ansible_os_family == "RedHat"
- name: Install the correct repository
include: "Debian.yml"
- include: "Debian.yml"
when: ansible_os_family == "Debian"
- name: Install wazuh-agent
package: name=wazuh-agent state=present
tags:
- init
- name: "Check if client.keys exists"
stat: path=/var/ossec/etc/client.keys
register: check_keys
@ -17,7 +18,7 @@
- name: "Register client"
shell: /var/ossec/bin/agent-auth -m {{ ossec_server_ip }} -p 1515
when: ossec_server_ip and check_keys.stat.size == 0
when: ossec_register_client == true and check_keys.stat.size == 0
tags:
- config
@ -25,7 +26,7 @@
template: src=var-ossec-etc-ossec-agent.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
group=root
group=ossec
mode=0644
notify: restart wazuh-agent
tags:
@ -34,17 +35,12 @@
- name: Ensure Wazuh Manager service is started and enabled
service:
name: "{{ item }}"
name: wazuh-agent
enabled: yes
state: started
with_items:
- wazuh-agent
- name: Remove the correct repository
include: "RMRedHat.yml"
- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- name: Remove the correct repository
include: "RMDebian.yml"
- include: "RMDebian.yml"
when: ansible_os_family == "Debian"

45
ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -6,7 +6,7 @@
{% if ossec_profile is defined %}
<config-profile>{{ ossec_profile }}</config-profile>
{% endif %}
<protocol>tcp</protocol>
<protocol>udp</protocol>
</client>
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
@ -34,22 +34,34 @@
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'RedHat' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
{% elif ansible_distribution == 'RedHat' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-6-ds.xml">
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-6-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'Fedora' %}
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-fedora-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% endif %}
<rootcheck>
<disabled>no</disabled>
@ -68,7 +80,10 @@
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
{% if cis_distribution_filename is defined %}
<system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
{% endif %}
<skip_nfs>yes</skip_nfs>
</rootcheck>

2
ansible-wazuh-server/handlers/main.yml
View File

@ -1,6 +1,4 @@
---
# handlers file for wazuh-manager
- name: restart wazuh-manager
service: name=wazuh-manager
state=restarted

5
ansible-wazuh-server/meta/main.yml
View File

@ -4,7 +4,7 @@ galaxy_info:
description: Installing and maintaining the wazuh-manager.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 1.4
min_ansible_version: 2.0
platforms:
- name: EL
versions:
@ -15,6 +15,9 @@ galaxy_info:
- name: Debian
versions:
- all
- name: Fedora
versions:
- all
categories:
- monitoring
dependencies: []

28
ansible-wazuh-server/tasks/Debian.yml
View File

@ -1,13 +1,14 @@
---
- name: Debian/Ubuntu | Install apt-transport-https
apt: pkg=apt-transport-https
state=present
update_cache=yes
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt: name="{{ item }}" state=present update_cache=yes
with_items:
- apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
- name: Add Wazuh repositories.
- name: Debian/Ubuntu | Add Wazuh repositories
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: present
@ -16,25 +17,12 @@
- name: Debian/Ubuntu | Installing NodeJS repository key
apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- name: Add NodeSource repositories for Node.js.
- name: Debian/Ubuntu | Add NodeSource repositories for Node.js
apt_repository:
repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
state: present
update_cache: yes
- name: Debian/Ubuntu | Install wazuh-manager
apt: pkg={{ item }}
state=present
update_cache=yes
cache_valid_time=3600
with_items:
- wazuh-manager
- wazuh-api
- expect
tags:
- init
- name: Set Distribution CIS filename for Debian/Ubuntu
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt
when: ansible_os_family == "Debian"

5
ansible-wazuh-server/tasks/RMDebian.yml
View File

@ -1,11 +1,10 @@
---
# Remove Nodejs and Wazuh repositories from sources list.
- name: Remove Wazuh repository.
- name: Debian/Ubuntu | Remove Wazuh repository.
apt_repository:
repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
state: absent
- name: Remove Nodejs repository.
- name: Debian/Ubuntu | Remove Nodejs repository.
apt_repository:
repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
state: absent

6
ansible-wazuh-server/tasks/RMRedHat.yml
View File

@ -1,12 +1,10 @@
---
# Remove repositories
- name: Remove NodeJS repository (and clean up left-over metadata)
- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata)
yum_repository:
name: NodeJS
state: absent
- name: Remove Wazuh repository (and clean up left-over metadata)
- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
yum_repository:
name: wazuh_repo
state: absent

39
ansible-wazuh-server/tasks/RedHat.yml
View File

@ -1,12 +1,21 @@
---
# Tasks specific for RedHat systems
- name: RedHat | Install Nodejs repo
- name: RedHat/CentOS | Install Nodejs repo
yum_repository:
name: NodeJS
description: NodeJS-$releasever
baseurl: https://rpm.nodesource.com/pub_6.x/el/$releasever/x86_64
gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
gpgcheck: yes
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
- name: Fedora | Install Nodejs repo
yum_repository:
name: NodeJS
description: NodeJS-$releasever
baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64
gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
gpgcheck: yes
when: ansible_distribution == 'Fedora'
- name: CentOS | Install Wazuh repo
yum_repository:
@ -17,7 +26,15 @@
gpgcheck: yes
when: ansible_distribution == 'CentOS'
# Tasks specific for RedHat systems
- name: Fedora | Install Wazuh repo
yum_repository:
name: wazuh_repo
description: Fedora-$releasever - Wazuh
baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
gpgcheck: yes
when: ansible_distribution == 'Fedora'
- name: RedHat | Install Wazuh repo
yum_repository:
name: wazuh_repo
@ -27,20 +44,8 @@
gpgcheck: yes
when: ansible_distribution == 'RedHat'
- name: RedHat | Install Wazuh Manager and Wazuh Api
yum: pkg={{ item }}
state=present
with_items:
- wazuh-manager
- wazuh-api
- expect
tags:
- init
- name: RedHat | Install openscap
yum: pkg=openscap-scanner
state=present
when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
- name: RedHat/CentOS/Fedora | Install openscap
package: name=openscap-scanner state=present
tags:
- init

36
ansible-wazuh-server/tasks/main.yml
View File

@ -1,13 +1,19 @@
---
# tasks file for wazuh-manager
- name: Install the correct repository
include: "RedHat.yml"
- include: "RedHat.yml"
when: ansible_os_family == "RedHat"
- name: Install the correct repository
include: "Debian.yml"
- include: "Debian.yml"
when: ansible_os_family == "Debian"
- name: Install wazuh-manager, wazuh-api and expect
package: pkg={{ item }} state=present
with_items:
- wazuh-manager
- wazuh-api
- expect
tags:
- init
- name: Generate SSL files
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
args:
@ -43,7 +49,7 @@
- name: Configure the shared-agent.conf
template: src=var-ossec-etc-shared-agent.conf.j2
dest=/var/ossec/etc/shared/agent.conf
owner=ossec
owner=root
group=ossec
mode=0640
notify: restart wazuh-manager
@ -56,11 +62,11 @@
register: csyslog_running
changed_when: False
- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
- name: Enable client-syslog
command: /var/ossec/bin/ossec-control enable client-syslog
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
- name: Start client-syslog
command: /var/ossec/bin/ossec-control start client-syslog
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
@ -71,11 +77,11 @@
- name: Enable ossec-agentlessd
command: /var/ossec/bin/ossec-control enable agentless
when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
when: agentless_running.stdout == '0' and agentless_creeds is defined
- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
- name: Start client-syslog
command: /var/ossec/bin/ossec-control start agentless
when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
when: agentless_running.stdout == '0' and agentless_creeds is defined
- name: Retrieving Agentless Credentials
include_vars: agentless_creeds.yml
@ -87,7 +93,7 @@
template: src=var-ossec-etc-ossec-server.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
group=root
group=ossec
mode=0644
notify: restart wazuh-manager
tags:
@ -149,10 +155,8 @@
- wazuh-api
- ossec-authd
- name: Remove the correct repository
include: "RMRedHat.yml"
- include: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- name: Remove the correct repository
include: "RMDebian.yml"
- include: "RMDebian.yml"
when: ansible_os_family == "Debian"

41
ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -79,7 +79,10 @@
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
{% if cis_distribution_filename is defined %}
<system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
{% endif %}
<skip_nfs>yes</skip_nfs>
</rootcheck>
@ -130,22 +133,34 @@
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'RedHat' %}
{% elif ansible_distribution == 'RedHat' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'Fedora' %}
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-fedora-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% endif %}
{% if agentless_creeds is defined %}
{% for agentless in agentless_creeds %}