diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 9d3a9cdb..b9aa470d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -7,6 +7,12 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.5.2 elasticsearch_lower_disk_requirements: false +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + # Cluster Settings single_node: true elasticsearch_cluster_name: wazuh diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 69c698f0..74c6bcf2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,13 +30,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index bdf667bc..46989361 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index d02664c8..62f63978 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,8 +4,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index b0b1fc83..774f819e 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,6 +9,12 @@ elastic_stack_version: 7.5.2 wazuh_version: 3.11.3 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + # API credentials wazuh_api_credentials: - id: "default" diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index ae6ff0e9..281555ca 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,12 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 1ae7df57..0da555b3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index abb8b0c0..7acdec09 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 84693899..c54d62e7 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module @@ -49,4 +50,8 @@ master_certs_path: /es_certs generate_CA: true ca_cert_name: "" - +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 15dae1b7..a87bb2bf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,12 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: - url: https://artifacts.elastic.co/GPG-KEY-elasticsearch + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present update_cache: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 6472db68..25a33909 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index 519121b3..1cf84081 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 3d3108f6..23948b37 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -1,9 +1,9 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + name: elastic_repo_7 + description: Elastic repository for 7.x packages + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index ca5ea6ac..07bc94ea 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -70,7 +70,7 @@ - name: Download Filebeat module package get_url: - url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_package_path }}" when: not filebeat_module_folder.stat.exists diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3ce49b3e..266cb33f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_agent_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 0e0ba92f..68c0b726 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,6 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" + id: "{{ wazuh_agent_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 489becb2..5f32a0f1 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -52,6 +52,7 @@ wazuh_manager_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e045059d..36fe4ff5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,6 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" + id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled