afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #348 from joschneid/master

Browse Source 
some adjustments for systems without (direct) internet connection
This commit is contained in:
Manuel J. Bernal 2020-02-10 13:34:56 +01:00 committed by GitHub
commit c19b08d449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 46 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -7,6 +7,12 @@ elasticsearch_jvm_xms: null
elastic_stack_version: 7.5.2 elastic_stack_version: 7.5.2
elasticsearch_lower_disk_requirements: false elasticsearch_lower_disk_requirements: false
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
# Cluster Settings # Cluster Settings
single_node: true single_node: true
elasticsearch_cluster_name: wazuh elasticsearch_cluster_name: wazuh

6
roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
View File

@ -30,13 +30,13 @@
- name: Debian/Ubuntu | Add Elasticsearch GPG key. - name: Debian/Ubuntu | Add Elasticsearch GPG key.
apt_key: apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" url: "{{ elasticrepo.gpg }}"
id: "{{ elasticrepo.key_id }}"
state: present state: present
- name: Debian/Ubuntu | Install Elastic repo - name: Debian/Ubuntu | Install Elastic repo
apt_repository: apt_repository:
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' repo: "deb {{ elasticrepo.apt }} stable main"
state: present state: present
filename: 'elastic_repo_7' filename: 'elastic_repo_7'
update_cache: true update_cache: true

2
roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Debian/Ubuntu | Removing Elasticsearch repository - name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository: apt_repository:
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main repo: "deb {{ elasticrepo.apt }} stable main"
state: absent state: absent
changed_when: false changed_when: false

2
roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository: yum_repository:
name: elastic_repo name: elastic_repo_7
state: absent state: absent
changed_when: false changed_when: false

4
roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
View File

@ -4,8 +4,8 @@
yum_repository: yum_repository:
name: elastic_repo_7 name: elastic_repo_7
description: Elastic repository for 7.x packages description: Elastic repository for 7.x packages
baseurl: https://artifacts.elastic.co/packages/7.x/yum baseurl: "{{ elasticrepo.yum }}"
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgkey: "{{ elasticrepo.gpg }}"
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false

6
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -9,6 +9,12 @@ elastic_stack_version: 7.5.2
wazuh_version: 3.11.3 wazuh_version: 3.11.3
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
# API credentials # API credentials
wazuh_api_credentials: wazuh_api_credentials:
- id: "default" - id: "default"

5
roles/elastic-stack/ansible-kibana/tasks/Debian.yml
View File

@ -10,12 +10,13 @@
- name: Debian/Ubuntu | Add Elasticsearch GPG key - name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key: apt_key:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" url: "{{ elasticrepo.gpg }}"
id: "{{ elasticrepo.key_id }}"
state: present state: present
- name: Debian/Ubuntu | Install Elastic repo - name: Debian/Ubuntu | Install Elastic repo
apt_repository: apt_repository:
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' repo: "deb {{ elasticrepo.apt }} stable main"
state: present state: present
filename: 'elastic_repo_7' filename: 'elastic_repo_7'
update_cache: true update_cache: true

2
roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Debian/Ubuntu | Removing Elasticsearch repository - name: Debian/Ubuntu | Removing Elasticsearch repository
apt_repository: apt_repository:
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main repo: "deb {{ elasticrepo.apt }} stable main"
state: absent state: absent
changed_when: false changed_when: false

2
roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Remove Elasticsearch repository (and clean up left-over metadata) - name: Remove Elasticsearch repository (and clean up left-over metadata)
yum_repository: yum_repository:
name: elastic_repo name: elastic_repo_7
state: absent state: absent
changed_when: false changed_when: false

4
roles/elastic-stack/ansible-kibana/tasks/RedHat.yml
View File

@ -3,8 +3,8 @@
yum_repository: yum_repository:
name: elastic_repo_7 name: elastic_repo_7
description: Elastic repository for 7.x packages description: Elastic repository for 7.x packages
baseurl: https://artifacts.elastic.co/packages/7.x/yum baseurl: "{{ elasticrepo.yum }}"
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgkey: "{{ elasticrepo.gpg }}"
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false

7
roles/wazuh/ansible-filebeat/defaults/main.yml
View File

@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: "" filebeat_ssl_key_file: ""
filebeat_ssl_insecure: "false" filebeat_ssl_insecure: "false"
filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/ filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module filebeat_module_destination: /usr/share/filebeat/module
@ -49,4 +50,8 @@ master_certs_path: /es_certs
generate_CA: true generate_CA: true
ca_cert_name: "" ca_cert_name: ""
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'

5
roles/wazuh/ansible-filebeat/tasks/Debian.yml
View File

@ -10,12 +10,13 @@
- name: Debian/Ubuntu | Add Elasticsearch apt key. - name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key: apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch url: "{{ elasticrepo.gpg }}"
id: "{{ elasticrepo.key_id }}"
state: present state: present
- name: Debian/Ubuntu | Add Filebeat repository. - name: Debian/Ubuntu | Add Filebeat repository.
apt_repository: apt_repository:
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' repo: "deb {{ elasticrepo.apt }} stable main"
state: present state: present
update_cache: true update_cache: true
changed_when: false changed_when: false

2
roles/wazuh/ansible-filebeat/tasks/RMDebian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
apt_repository: apt_repository:
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main repo: "deb {{ elasticrepo.apt }} stable main"
state: absent state: absent
changed_when: false changed_when: false

2
roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)
yum_repository: yum_repository:
name: elastic_repo name: elastic_repo_7
state: absent state: absent
changed_when: false changed_when: false

8
roles/wazuh/ansible-filebeat/tasks/RedHat.yml
View File

@ -1,9 +1,9 @@
--- ---
- name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo
yum_repository: yum_repository:
name: elastic_repo name: elastic_repo_7
description: Elastic repository for 6.x packages description: Elastic repository for 7.x packages
baseurl: https://artifacts.elastic.co/packages/7.x/yum baseurl: "{{ elasticrepo.yum }}"
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgkey: "{{ elasticrepo.gpg }}"
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false

2
roles/wazuh/ansible-filebeat/tasks/main.yml
View File

@ -70,7 +70,7 @@
- name: Download Filebeat module package - name: Download Filebeat module package
get_url: get_url:
url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}"
dest: "{{ filebeat_module_package_path }}" dest: "{{ filebeat_module_package_path }}"
when: not filebeat_module_folder.stat.exists when: not filebeat_module_folder.stat.exists

1
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -60,6 +60,7 @@ wazuh_agent_config:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
yum: 'https://packages.wazuh.com/3.x/yum/' yum: 'https://packages.wazuh.com/3.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
active_response: active_response:
ar_disabled: 'no' ar_disabled: 'no'
ca_store: '/var/ossec/etc/wpk_root.pem' ca_store: '/var/ossec/etc/wpk_root.pem'

1
roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
View File

@ -25,6 +25,7 @@
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: apt_key:
url: "{{ wazuh_agent_config.repo.gpg }}" url: "{{ wazuh_agent_config.repo.gpg }}"
id: "{{ wazuh_agent_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_agent_sources_installation.enabled - not wazuh_agent_sources_installation.enabled

1
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -52,6 +52,7 @@ wazuh_manager_config:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
yum: 'https://packages.wazuh.com/3.x/yum/' yum: 'https://packages.wazuh.com/3.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
json_output: 'yes' json_output: 'yes'
alerts_log: 'yes' alerts_log: 'yes'
logall: 'no' logall: 'no'

1
roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
View File

@ -28,6 +28,7 @@
- name: Debian/Ubuntu | Installing Wazuh repository key - name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: apt_key:
url: "{{ wazuh_manager_config.repo.gpg }}" url: "{{ wazuh_manager_config.repo.gpg }}"
id: "{{ wazuh_manager_config.repo.key_id }}"
when: when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled