From 75c6ee2ea9f716f7c58d9153954a6ee19e6dd966 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 14:51:18 +0100 Subject: [PATCH 1/6] Update apt param format --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 611aa3b6..48f528cc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -85,16 +85,15 @@ - init - name: Debian/Ubuntu | Install OpenScap - package: - name: "{{ item }}" + apt: + name: + - libopenscap8 + - xsltproc state: present cache_valid_time: 3600 register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc tags: - init From 7316af3db1de1b0b8124a4ec59e65a29ac80ba1f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:02:09 +0100 Subject: [PATCH 2/6] Move OS dependent tasks to its own file --- .../ansible-wazuh-manager/tasks/Debian.yml | 12 +++++ .../ansible-wazuh-manager/tasks/RedHat.yml | 37 ++++++++++++++ .../ansible-wazuh-manager/tasks/main.yml | 51 ------------------- 3 files changed, 49 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 48f528cc..1f5d6e96 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -112,3 +112,15 @@ changed_when: false tags: - config + +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api + apt: + name: "{{ item }}={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index d64829a9..c8e8a95a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,3 +137,40 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - expect + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 + tags: + - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a14fb69..e8734373 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,34 +13,6 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: - name: "{{ item }}-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - tags: - - init - -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api - apt: - name: "{{ item }}={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - not (ansible_os_family|lower == "redhat") - tags: init - - name: Install expect package: name: expect @@ -49,29 +21,6 @@ - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install expect (EL5) - package: - name: "{{ item }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - expect - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "RedHat" - - ansible_distribution_major_version|int < 6 - tags: - - init - - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: From ee6daa79d741c2e9bc78d67ef8de930bdab2af1e Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:08:50 +0100 Subject: [PATCH 3/6] Disable APT recommends --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 1f5d6e96..a61b064d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -7,6 +7,7 @@ - gnupg state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded @@ -91,6 +92,7 @@ - xsltproc state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' @@ -118,6 +120,7 @@ name: "{{ item }}={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 + install_recommends: false with_items: - wazuh-manager - wazuh-api From c1141b1e73c3bc118c11bce9ec674d6fbc32c0d7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:32:15 +0100 Subject: [PATCH 4/6] Remove deprecation warning --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index a61b064d..b7bc7946 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -117,13 +117,12 @@ - name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: - name: "{{ item }}={{ wazuh_manager_version }}" + name: + - "wazuh-manager={{ wazuh_manager_version }}" + - "wazuh-api={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 install_recommends: false - with_items: - - wazuh-manager - - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded tags: init From 249f6b666d95303d3e0f0c78bac20dd14dbd1240 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:53:59 +0100 Subject: [PATCH 5/6] Use include_tasks to reduce unnecessary output --- roles/wazuh/ansible-filebeat/tasks/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 85bd17e1..ca5ea6ac 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- import_tasks: RedHat.yml +- include_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- import_tasks: Debian.yml +- include_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: CentOS/RedHat | Install Filebeat. @@ -116,8 +116,8 @@ state: started enabled: true -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e8734373..ed4847aa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,10 +7,10 @@ - tar state: present -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect @@ -353,8 +353,8 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From 0384bf69117b740f890941a31dc775441f01d84d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 16:07:00 +0100 Subject: [PATCH 6/6] Switch agent to include_tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 8 ++++---- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 698f704f..2ef87f11 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,8 +1,8 @@ --- -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent @@ -191,8 +191,8 @@ state: started tags: config -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 4b919bc5..25c7b955 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "Windows.yml" +- include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- import_tasks: "Linux.yml" +- include_tasks: "Linux.yml" when: ansible_system == "Linux"