diff --git a/README.md b/README.md index fec1ec4a..f7770852 100644 --- a/README.md +++ b/README.md @@ -1,111 +1,11 @@ -## Install Ansible +# Wazuh Ansible playbooks -``` -Debian -sudo apt-get install ansible +This playbooks installs and configure Wazuh agent, manager and Elastic Stack. -CentOS -sudo yum install ansible (EPEL) -``` +## Documentation -## Generate keys - -If you do not already have an SSH key pair that you would like to use for Ansible administration, we can create one now on your Ansible, locate in Wazuh Manager host and run: - -``` -$ ssh-keygen -``` - -Choose ~/.ssh/id_rsa_ansible as output. - -Enable ssh-agent and register de key: - -``` -$ eval "$(ssh-agent -s)" -$ ssh-add ~/.ssh/id_rsa_ansible -``` - -Copy ~/.ssh/id_rsa_ansible.pub content into the .ssh/authorized_keys host where you want to deploy Wazuh Agents in. - - -## Configuring Ansible Hosts - -Open the file with root privileges: - -``` -$ sudo nano /etc/ansible/hosts -``` - -Add destination hosts: - -``` -[wazuh-manager] -10.0.0.51 - -[wazuh-agent] -10.0.0.123 -10.0.0.122 -10.0.0.121 - -[elastic-stack] -10.0.0.124 -``` - -## Install roles/playbooks - -``` -cd ~ -git clone https://github.com/wazuh/wazuh-ansible/ -cp -pr wazuh-playbook/* /etc/ansible/roles/ -``` - - -## Run the playbook - -Create in your home o preferred folder the file agent.yml with the content: - -``` -- hosts: all:!wazuh-manager - roles: - - { role: ansible-wazuh-agent, wazuh_manager_ip: 10.0.0.51 } -``` - -and other file with wazuh-manager.yml with the content: - -``` -- hosts: wazuh-manager - roles: - - role: ansible-wazuh-server - - role: ansible-role-filebeat -``` - -Run the playbook for a manager - -``` -$ ansible-playbook wazuh-manager.yml -e"@vars.yml" -``` - -Run the playbook for an agent: - - -``` -$ ansible-playbook wazuh-agent.yml -e"@vars.yml" -``` - - -## Example Playbook - -``` - - hosts: wazuh-agents - roles: - - ansible-wazuh-agent - - hots: wazuh-manager - - ansible-wazuh-manager - - ansible-role-filebeat - - hosts: elasticsearch - - ansible-role-elasticsearch - -``` +* [Full documentation](http://documentation.wazuh.com) +* [Wazuh Puppet module documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) ### Based on previous work from dj-wasabi @@ -114,3 +14,9 @@ https://github.com/dj-wasabi/ansible-ossec-server ### Modified by Wazuh The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. + + +## References + +* [Wazuh website](http://wazuh.com) +* [OSSEC project website](http://ossec.github.io) diff --git a/ansible-role-elasticsearch/tasks/main.yml b/ansible-role-elasticsearch/tasks/main.yml index 7e8df66d..b5e4d4be 100644 --- a/ansible-role-elasticsearch/tasks/main.yml +++ b/ansible-role-elasticsearch/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: RedHat.yml +- import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- include: Debian.yml +- import_tasks: Debian.yml when: ansible_os_family == "Debian" - name: Configure Elasticsearch. @@ -64,8 +64,8 @@ body: "{{ lookup('template','alert_sample.json.j2') }}" tags: init -- include: "RMRedHat.yml" +- import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- include: "RMDebian.yml" +- import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-role-filebeat/tasks/main.yml b/ansible-role-filebeat/tasks/main.yml index 71867d87..5620c3cb 100644 --- a/ansible-role-filebeat/tasks/main.yml +++ b/ansible-role-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: RedHat.yml +- import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- include: Debian.yml +- import_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: Install Filebeat. @@ -10,7 +10,7 @@ tags: - install -- include: config.yml +- import_tasks: config.yml when: filebeat_create_config - name: Ensure Filebeat is started and enabled at boot. @@ -19,8 +19,8 @@ state: started enabled: yes -- include: "RMRedHat.yml" +- import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- include: "RMDebian.yml" +- import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml index 3f651c48..e946aba5 100644 --- a/ansible-role-kibana/tasks/main.yml +++ b/ansible-role-kibana/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: RedHat.yml +- import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- include: Debian.yml +- import_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: Make sure Elasticsearch is running before proceeding. @@ -47,8 +47,8 @@ enabled: yes state: started -- include: RMRedHat.yml +- import_tasks: RMRedHat.yml when: ansible_os_family == 'RedHat' -- include: RMDebian.yml +- import_tasks: RMDebian.yml when: ansible_os_family == 'Debian' diff --git a/ansible-role-logstash/tasks/main.yml b/ansible-role-logstash/tasks/main.yml index 219580a5..ef5715bf 100644 --- a/ansible-role-logstash/tasks/main.yml +++ b/ansible-role-logstash/tasks/main.yml @@ -1,11 +1,11 @@ --- -- include: RedHat.yml +- import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- include: Debian.yml +- import_tasks: Debian.yml when: ansible_os_family == "Debian" -- include: config.yml +- import_tasks: config.yml when: logstash_create_config - name: Ensure Logstash started and enabled @@ -14,8 +14,8 @@ enabled: yes state: started -- include: "RMRedHat.yml" +- import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- include: "RMDebian.yml" +- import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-agent/tasks/Linux.yml b/ansible-wazuh-agent/tasks/Linux.yml index 2ebfe29c..877b6e60 100644 --- a/ansible-wazuh-agent/tasks/Linux.yml +++ b/ansible-wazuh-agent/tasks/Linux.yml @@ -1,8 +1,8 @@ --- -- include: "RedHat.yml" +- import_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- include: "Debian.yml" +- import_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Linux | Install wazuh-agent @@ -82,8 +82,8 @@ enabled: yes state: started -- include: "RMRedHat.yml" +- import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- include: "RMDebian.yml" +- import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-agent/tasks/main.yml b/ansible-wazuh-agent/tasks/main.yml index ade60835..4b919bc5 100644 --- a/ansible-wazuh-agent/tasks/main.yml +++ b/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- include: "Windows.yml" +- import_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- include: "Linux.yml" +- import_tasks: "Linux.yml" when: ansible_system == "Linux" diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml index 28fbee8c..85ae824a 100644 --- a/ansible-wazuh-manager/defaults/main.yml +++ b/ansible-wazuh-manager/defaults/main.yml @@ -11,7 +11,7 @@ wazuh_manager_config: port: '1514' protocol: 'tcp' authd: - enable: false + enable: enable port: 1515 use_source_ip: 'no' force_insert: 'no' diff --git a/ansible-wazuh-manager/tasks/main.yml b/ansible-wazuh-manager/tasks/main.yml index d5991aae..250de368 100644 --- a/ansible-wazuh-manager/tasks/main.yml +++ b/ansible-wazuh-manager/tasks/main.yml @@ -1,8 +1,8 @@ --- -- include: "RedHat.yml" +- import_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- include: "Debian.yml" +- import_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install wazuh-manager, wazuh-api and expect @@ -274,8 +274,8 @@ tags: - config -- include: "RMRedHat.yml" +- import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- include: "RMDebian.yml" +- import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian"