From 699cbccf7eac4a311889a6f49c14cd2ef455c23b Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 01/13] Resolved conflicts --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 ++++- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index f365f66a..ceb3244b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,10 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ad639011..92605c13 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 wazuh_version: 3.10.2 # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d38565d9..c5914664 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From ade8496dce289eba5ab2901bf11149dce4c365be Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 02/13] Resolved conflicts --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 ++++- roles/elastic-stack/ansible-kibana/defaults/main.yml | 5 +++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index ca6dd06e..0015c25b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,10 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 06c2c6af..19b33876 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,9 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 -wazuh_version: 3.10.0 +elastic_stack_version: 7.4.2 +wazuh_version: 3.10.2 +wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 180308a6..d37cf5e6 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From f6e4468fd86d4e496bd6783bfc7e4553d5c33d0a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 10 Dec 2019 10:12:32 +0100 Subject: [PATCH 03/13] Change default installation mode to packages. --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..8e4a6572 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true +build_from_sources: false wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 64935264..30eddc6e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_agent_sources_installation: - enabled: "false" + enabled: false branch: "v3.10.2" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0a5eaf07..ca536bff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From 8ef63f06ebaf17d8a8c4485dbdc604b8795d6162 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 12 Dec 2019 16:01:41 +0100 Subject: [PATCH 04/13] Fix Wazuh Agent name conditional in Linux.yml --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9265ce92..b53b2450 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,12 +59,12 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_authd.ssl_agent_ca is defined %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2de09a8e..ee0aced7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,7 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent From 7df74182f4e4e086082c42712f9e4b69dbd34a35 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 11:50:28 +0100 Subject: [PATCH 05/13] Fix conditional check for null variables --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index b53b2450..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,17 +59,23 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is defined %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From 879c2782b01ae8abc5117e4e9c964b2cf51a5559 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 11:58:01 +0100 Subject: [PATCH 06/13] Bump version to 3.11.0_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/VERSION b/VERSION index f4d1cb92..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" -REVISION="31020" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 7eb645c2..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8e4a6572..72e51254 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 30eddc6e..dc045dd6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.10.2-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca536bff..bd039d68 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.10.2-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b92e4edc..fe78cdbb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.10.2" extracted folder name is 3.10.2. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From bfe86ed1d30d75ed14b43d4bb6bfd87a1e859409 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 13:13:32 +0100 Subject: [PATCH 07/13] Update CHANGELOG.md --- CHANGELOG.md | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c04df488..73f7ea43 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,55 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.xx.x_x.x.x] +## [v3.11.0_7.5.1] ### Added -- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) +- Update to Wazuh v3.11.0 + +- Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +- Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) + +- Added config tag to the Wazuh Agent's enable task ([@xr09](https://github.com/xr09)) [PR#261](https://github.com/wazuh/wazuh-ansible/pull/261) + +- Implement task to configure Elasticsearch user on every cluster node ([@xr09](https://github.com/xr09)) [PR#270](https://github.com/wazuh/wazuh-ansible/pull/270) + +- Added SCA to Wazuh Agent and Manager installation ([@jm404](https://github.com/jm404)) [PR#260](https://github.com/wazuh/wazuh-ansible/pull/260) + +- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) + +- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) + ### Changed -- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) -- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) +- Updated Filebeat and Elasticsearch templates ([@manuasir](https://github.com/manuasir)) [PR#285](https://github.com/wazuh/wazuh-ansible/pull/285) + +- Make ossec.conf file more readable by removing trailing whitespaces ([@jm404](https://github.com/jm404)) [PR#286](https://github.com/wazuh/wazuh-ansible/pull/286) + +- Wazuh repositories can now be configured to different sources URLs ([@jm404](https://github.com/jm404)) [PR#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +- Wazuh App URL is now flexible ([@jm404](https://github.com/jm404)) [PR#304](https://github.com/wazuh/wazuh-ansible/pull/304) + +- Agent installation task now does not hardcodes the "-1" sufix ([@jm404](https://github.com/jm404)) [PR#310](https://github.com/wazuh/wazuh-ansible/pull/310) + +- Enhanced task importation in Wazuh Manager role and removed deprecated warnings ([@xr09](https://github.com/xr09)) [PR#320](https://github.com/wazuh/wazuh-ansible/pull/320) + +- Wazuh API installation task have been upgraded ([@rshad](https://github.com/rshad)) [PR#330](https://github.com/wazuh/wazuh-ansible/pull/330) + +- It's now possible to install Wazuh Manager and Agent from sources ([@jm404](https://github.com/jm404)) [PR#329](https://github.com/wazuh/wazuh-ansible/pull/329) + ### Fixed -- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) -- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) +- Ansible upgrade from 6.x to 7.x ([@jm404](https://github.com/jm404)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/251) + +- Wazuh Agent registration using agent name has been fixed ([@jm404](https://github.com/jm404)) [PR#298](https://github.com/wazuh/wazuh-ansible/pull/298) +- Fix Wazuh repository and installation conditionals ([@jm404](https://github.com/jm404)) [PR#299](https://github.com/wazuh/wazuh-ansible/pull/299) + +- Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334) + ## [v3.10.2_7.3.2] From 6eebfa4f2c83320c414ab33815b8ab3ef5a284cb Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 30 Dec 2019 17:37:07 +0100 Subject: [PATCH 08/13] Fix openscap block rendering for CentOS 8 --- .../var-ossec-etc-ossec-server.conf.j2 | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 733cae18..b4d27e14 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -160,23 +160,33 @@ {% endif %} {% elif ansible_distribution == 'CentOS' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% elif ansible_distribution == 'RedHat' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% if ansible_distribution_major_version == '7' %} {% elif ansible_distribution_major_version == '6' %} From 58c5005bedcc3cbd1e0c9f39fc840a3d191614d6 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 15:01:05 +0100 Subject: [PATCH 09/13] Set new API configuration behavior --- .../ansible-kibana/defaults/main.yml | 8 ++ .../ansible-kibana/tasks/main.yml | 25 ++++ .../ansible-kibana/templates/wazuh.yml.j2 | 134 ++++++++++++++++++ 3 files changed, 167 insertions(+) create mode 100644 roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 72e51254..22dcf3ea 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,6 +9,14 @@ elastic_stack_version: 7.5.1 wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +# API credentials +api_auth: + - api_id: "default" + api_url: "http://localhost" + api_port: 55000 + api_user: "foo" + api_password: "bar" + # Xpack Security kibana_xpack_security: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dd0e423f..c37a23eb 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -134,6 +134,31 @@ when: - not build_from_sources +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200, 404 + ignore_errors: yes + +- name: Configure Wazuh Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + owner: kibana + group: root + mode: 0644 + - name: Reload systemd configuration systemd: daemon_reload: true diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 new file mode 100644 index 00000000..4895c105 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -0,0 +1,134 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2019 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-3.x-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# ------------------------------ Advanced indices ------------------------------ +# +# Configure .wazuh indices shards and replicas. +#wazuh.shards : 1 +#wazuh.replicas : 0 +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-3.x-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +# +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# user: +# password: + +hosts: +{% for api in api_auth %} + - {{ api['api_id'] }}: + url: {{ api['api_url'] }} + port: {{ api['api_port'] }} + user: {{ api['api_user'] }} + password: {{ api['api_password'] }} +{% endfor %} From c7ca41169e07da37cddf82847d47c5fd88778a1d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:06:08 +0100 Subject: [PATCH 10/13] Rename API variables --- .../elastic-stack/ansible-kibana/defaults/main.yml | 14 +++++++------- .../ansible-kibana/templates/wazuh.yml.j2 | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 22dcf3ea..0f1b0611 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -10,12 +10,12 @@ wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials -api_auth: - - api_id: "default" - api_url: "http://localhost" - api_port: 55000 - api_user: "foo" - api_password: "bar" +wazuh_api_credentials: + - id: "default" + url: "http://localhost" + port: 55000 + user: "foo" + password: "bar" # Xpack Security kibana_xpack_security: false @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +wazuh_plugin_branch: 3.10-7.4 diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 4895c105..1cbc9e2d 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -125,10 +125,10 @@ # password: hosts: -{% for api in api_auth %} - - {{ api['api_id'] }}: - url: {{ api['api_url'] }} - port: {{ api['api_port'] }} - user: {{ api['api_user'] }} - password: {{ api['api_password'] }} +{% for api in wazuh_api_credentials %} + - {{ api['id'] }}: + url: {{ api['url'] }} + port: {{ api['port'] }} + user: {{ api['user'] }} + password: {{ api['password'] }} {% endfor %} From 2d91a5c126c615a9b0541ea202853f3046b62b8c Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:10:04 +0100 Subject: [PATCH 11/13] Rename task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c37a23eb..5e300934 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -151,7 +151,7 @@ status_code: 200, 404 ignore_errors: yes -- name: Configure Wazuh Plugin +- name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 dest: /usr/share/kibana/plugins/wazuh/wazuh.yml From 71e52de80f33fcb8be0c3b620e3cfbc2f10fc2b3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:21:47 +0100 Subject: [PATCH 12/13] Do not ignore errors on index removal --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 5e300934..d21dea91 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -149,7 +149,6 @@ password: "{{ elasticsearch_xpack_security_password }}" validate_certs: no status_code: 200, 404 - ignore_errors: yes - name: Configure Wazuh Kibana Plugin template: From 5b895233d458203e5a97acbc07bdae846224fa38 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:29:20 +0100 Subject: [PATCH 13/13] Fix missing bump --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0f1b0611..4e32c838 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 +wazuh_plugin_branch: 3.11-7.5