diff --git a/Pipfile b/Pipfile deleted file mode 100644 index 6f709455..00000000 --- a/Pipfile +++ /dev/null @@ -1,35 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -docker-py = "*" -ansible = "==2.7.13" -molecule = "==2.20.2" - -[dev-packages] - -[requires] -python_version = "2.7" - -[scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" - -# Verify .. -verify ="molecule verify" -verify_worker ="molecule verify -s worker" -verify_agent ="molecule verify -s agent" -verify_elasticsearch ="molecule verify -s elasticsearch" -verify_kibana ="molecule verify -s kibana" - -# Destroy .. -destroy ="molecule destroy" -destroy_worker ="molecule destroy -s worker" -destroy_agent ="molecule destroy -s agent" -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_kibana ="molecule destroy -s kibana" diff --git a/README.md b/README.md index f684d1a8..257d15cc 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,21 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. * `master` branch contains the latest code, be aware of possible bugs on this branch. ## Testing + +1. Get the `wazuh-ansible` folder from the `wazuh-qa` [repository](https://github.com/wazuh/wazuh-qa/tree/master/ansible/wazuh-ansible). + +``` +git clone https://github.com/wazuh/wazuh-qa +``` + +2. Copy the `Pipfile` and the `molecule` folder into the root wazuh-ansible directory: + +``` +cp wazuh-qa/ansible/wazuh-ansible/* . -R +``` + +3. Follow these steps for launching the tests. Check the Pipfile for running different scenarios: + ``` pip install pipenv sudo pipenv install diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/default/create.yml b/molecule/default/create.yml deleted file mode 100644 index 0b25ec81..00000000 --- a/molecule/default/create.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Log into a Docker registry - docker_login: - username: "{{ item.registry.credentials.username }}" - password: "{{ item.registry.credentials.password }}" - email: "{{ item.registry.credentials.email | default(omit) }}" - registry: "{{ item.registry.url }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ molecule_yml.platforms }}" - when: - - item.registry is defined - - item.registry.credentials is defined - - item.registry.credentials.username is defined - - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create docker network(s) - docker_network: - name: "main" - state: present - - - name: Sleep 5 seconds till the network gets created if it's not - # Pause for 5 minutes to build app cache. - pause: - seconds: 10 - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - exposed_ports: "{{ item.exposed_ports | default(omit) }}" - published_ports: "{{ item.published_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - networks: - - name: "main" - dns_servers: "{{ item.dns_servers | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" \ No newline at end of file diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml deleted file mode 100644 index ddf7062b..00000000 --- a/molecule/default/destroy.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" - - - name: Delete docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template deleted file mode 100644 index f46226c2..00000000 --- a/molecule/default/molecule.yml.template +++ /dev/null @@ -1,47 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -platforms: - - name: manager_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index d4561c1b..00000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'manager' - node_type: 'master' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_bionic' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } \ No newline at end of file diff --git a/molecule/default/playbook.yml.template b/molecule/default/playbook.yml.template deleted file mode 100644 index f73659e9..00000000 --- a/molecule/default/playbook.yml.template +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'manager' - node_type: 'master' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_platform' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml deleted file mode 100644 index f3dc9aac..00000000 --- a/molecule/default/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py deleted file mode 100644 index 03fe99d4..00000000 --- a/molecule/default/tests/test_default.py +++ /dev/null @@ -1,89 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1516").is_listening - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://0.0.0.0:1516").is_listening - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.3.2') diff --git a/molecule/elasticsearch/Dockerfile.j2 b/molecule/elasticsearch/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/elasticsearch/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/elasticsearch/INSTALL.rst b/molecule/elasticsearch/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/elasticsearch/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml deleted file mode 100644 index 11d8902f..00000000 --- a/molecule/elasticsearch/molecule.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: elasticsearch_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 512 -scenario: - name: elasticsearch - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template deleted file mode 100644 index baba140e..00000000 --- a/molecule/elasticsearch/molecule.yml.template +++ /dev/null @@ -1,57 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: elasticsearch_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 512 -scenario: - name: elasticsearch - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml deleted file mode 100644 index 6b5c44f8..00000000 --- a/molecule/elasticsearch/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_bionic' diff --git a/molecule/elasticsearch/playbook.yml.template b/molecule/elasticsearch/playbook.yml.template deleted file mode 100644 index 0b2f9d5a..00000000 --- a/molecule/elasticsearch/playbook.yml.template +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py deleted file mode 100644 index f4021876..00000000 --- a/molecule/elasticsearch/tests/test_default.py +++ /dev/null @@ -1,20 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_elasticsearch_is_installed(host): - """Test if the elasticsearch package is installed.""" - elasticsearch = host.package("elasticsearch") - assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.3.2') - - -def test_elasticsearch_is_running(host): - """Test if the services are enabled and running.""" - elasticsearch = host.service("elasticsearch") - assert elasticsearch.is_enabled - assert elasticsearch.is_running diff --git a/molecule/kibana/Dockerfile.j2 b/molecule/kibana/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/kibana/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/kibana/INSTALL.rst b/molecule/kibana/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/kibana/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template deleted file mode 100644 index eec8f6e3..00000000 --- a/molecule/kibana/molecule.yml.template +++ /dev/null @@ -1,40 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: kibana_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml deleted file mode 100644 index 6af17723..00000000 --- a/molecule/kibana/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_bionic' \ No newline at end of file diff --git a/molecule/kibana/playbook.yml.template b/molecule/kibana/playbook.yml.template deleted file mode 100644 index b166ac28..00000000 --- a/molecule/kibana/playbook.yml.template +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml deleted file mode 100644 index c5592219..00000000 --- a/molecule/kibana/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - pre_tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py deleted file mode 100644 index ccd4d4f2..00000000 --- a/molecule/kibana/tests/test_default.py +++ /dev/null @@ -1,24 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_port_kibana_is_open(host): - """Test if the port 5601 is open and listening to connections.""" - host.socket("tcp://0.0.0.0:5601").is_listening - - -def test_find_correct_elasticsearch_version(host): - """Test if we find the kibana/elasticsearch version in package.json""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.3.2") - - -def test_wazuh_plugin_installed(host): - """Make sure there is a plugin wazuh directory.""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/") - - assert kibana.is_directory diff --git a/molecule/run_cluster_mode.sh b/molecule/run_cluster_mode.sh deleted file mode 100644 index c1a0941d..00000000 --- a/molecule/run_cluster_mode.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) -images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" ) -platform=( "bionic" "xenial" "centos7" "trusty" "centos6" ) - -echo "Please select an image. " - -select IMAGE in "${images[@]}"; -do - echo "You picked $IMAGE ($REPLY)" - break -done - -index=$(($REPLY - 1)) - -if [ -z "$IMAGE" ] -then - echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" - exit -else - for i in "${paths[@]}" - do - cp "$i/playbook.yml.template" "$i/playbook.yml" - sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml" - - cp "$i/molecule.yml.template" "$i/molecule.yml" - sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml" - sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml" - - done -fi - -sudo pipenv run elasticsearch -sudo pipenv run test -sudo pipenv run worker -sudo pipenv run kibana - -sudo pipenv run destroy -sudo pipenv run destroy_worker -sudo pipenv run destroy_elasticsearch -sudo pipenv run destroy_kibana - diff --git a/molecule/wazuh-agent/Dockerfile.j2 b/molecule/wazuh-agent/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/wazuh-agent/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/wazuh-agent/INSTALL.rst b/molecule/wazuh-agent/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/wazuh-agent/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml deleted file mode 100644 index a0b050b1..00000000 --- a/molecule/wazuh-agent/molecule.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker - #lint: - # name: yamllint -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - #- name: wazuh_server_centos7 - # image: milcom/centos7-systemd - # networks: - # - name: wazuh - # privileged: true - # groups: - # - manager - - name: wazuh_agent_bionic - image: ubuntu:bionic - networks: - - name: wazuh - groups: - - agent - #- name: wazuh_agent_xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_trusty - # image: ubuntu:trusty - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos6 - # image: centos:6 - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos7 - # image: milcom/centos7-systemd - # privileged: true - # networks: - # - name: wazuh - # groups: - # - agent -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - inventory: - group_vars: - agent: - api_pass: password - wazuh_managers: - - address: "{{ wazuh_manager_ip }}" - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template deleted file mode 100644 index a0b050b1..00000000 --- a/molecule/wazuh-agent/molecule.yml.template +++ /dev/null @@ -1,89 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker - #lint: - # name: yamllint -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - #- name: wazuh_server_centos7 - # image: milcom/centos7-systemd - # networks: - # - name: wazuh - # privileged: true - # groups: - # - manager - - name: wazuh_agent_bionic - image: ubuntu:bionic - networks: - - name: wazuh - groups: - - agent - #- name: wazuh_agent_xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_trusty - # image: ubuntu:trusty - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos6 - # image: centos:6 - # networks: - # - name: wazuh - # groups: - # - agent - #- name: wazuh_agent_centos7 - # image: milcom/centos7-systemd - # privileged: true - # networks: - # - name: wazuh - # groups: - # - agent -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - inventory: - group_vars: - agent: - api_pass: password - wazuh_managers: - - address: "{{ wazuh_manager_ip }}" - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: null - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml deleted file mode 100644 index 4feac0c2..00000000 --- a/molecule/wazuh-agent/playbook.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-agent - vars: - wazuh_managers: - - address: 'manager_platform' - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template deleted file mode 100644 index 4feac0c2..00000000 --- a/molecule/wazuh-agent/playbook.yml.template +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-agent - vars: - wazuh_managers: - - address: 'manager_platform' - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: ansible - wazuh_agent_authd: - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' diff --git a/molecule/wazuh-agent/prepare.yml b/molecule/wazuh-agent/prepare.yml deleted file mode 100644 index ddb1bbe1..00000000 --- a/molecule/wazuh-agent/prepare.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Prepare - hosts: manager - gather_facts: true - tasks: - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - roles: - - role: wazuh/ansible-wazuh-manager - -- name: Prepare - hosts: agent - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_agent_dependencies_packages_installed - until: wazuh_agent_dependencies_packages_installed is succeeded diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py deleted file mode 100644 index 1846d3fe..00000000 --- a/molecule/wazuh-agent/tests/test_agents.py +++ /dev/null @@ -1,28 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_ossec_package_installed(Package): - ossec = Package('wazuh-agent') - assert ossec.is_installed - - -@pytest.mark.parametrize("wazuh_service, wazuh_owner", ( - ("ossec-agentd", "ossec"), - ("ossec-execd", "root"), - ("ossec-syscheckd", "root"), - ("wazuh-modulesd", "root"), -)) -def test_wazuh_processes_running(host, wazuh_service, wazuh_owner): - master = host.process.get(user=wazuh_owner, comm=wazuh_service) - assert master.args == "/var/ossec/bin/" + wazuh_service diff --git a/molecule/wazuh-agent/tests/test_manager.py b/molecule/wazuh-agent/tests/test_manager.py deleted file mode 100644 index 9b085b2b..00000000 --- a/molecule/wazuh-agent/tests/test_manager.py +++ /dev/null @@ -1,15 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('manager') - - -def test_agents_registered_on_manager(host): - cmd = host.run("/var/ossec/bin/manage_agents -l") - assert 'wazuh_agent_bionic' in cmd.stdout - assert 'wazuh_agent_xenial' in cmd.stdout - assert 'wazuh_agent_trusty' in cmd.stdout - assert 'wazuh_agent_centos6' in cmd.stdout - assert 'wazuh_agent_centos7' in cmd.stdout diff --git a/molecule/worker/Dockerfile.j2 b/molecule/worker/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/worker/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template deleted file mode 100644 index ecfe6469..00000000 --- a/molecule/worker/molecule.yml.template +++ /dev/null @@ -1,53 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - - name: worker_platform_ - image: imagename - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: worker - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml deleted file mode 100644 index a59f93f2..00000000 --- a/molecule/worker/playbook.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'worker-01' - node_type: 'worker' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_bionic' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } - - diff --git a/molecule/worker/playbook.yml.template b/molecule/worker/playbook.yml.template deleted file mode 100644 index 45b12d1d..00000000 --- a/molecule/worker/playbook.yml.template +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - vars: - wazuh_manager_config: - cluster: - disable: 'no' - name: 'wazuh' - node_name: 'worker-01' - node_type: 'worker' - key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - port: '1516' - bind_addr: '0.0.0.0' - nodes: - - 'manager_platform' - hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } - - diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py deleted file mode 100644 index 4de03dc3..00000000 --- a/molecule/worker/tests/test_default.py +++ /dev/null @@ -1,85 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.10.0" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1514").is_listening - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.3.2')