diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 index ad13d3d3..73f7ea43 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,56 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.0_7.5.1] + +### Added + +- Update to Wazuh v3.11.0 + +- Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +- Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) + +- Added config tag to the Wazuh Agent's enable task ([@xr09](https://github.com/xr09)) [PR#261](https://github.com/wazuh/wazuh-ansible/pull/261) + +- Implement task to configure Elasticsearch user on every cluster node ([@xr09](https://github.com/xr09)) [PR#270](https://github.com/wazuh/wazuh-ansible/pull/270) + +- Added SCA to Wazuh Agent and Manager installation ([@jm404](https://github.com/jm404)) [PR#260](https://github.com/wazuh/wazuh-ansible/pull/260) + +- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) + +- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) + + +### Changed + +- Updated Filebeat and Elasticsearch templates ([@manuasir](https://github.com/manuasir)) [PR#285](https://github.com/wazuh/wazuh-ansible/pull/285) + +- Make ossec.conf file more readable by removing trailing whitespaces ([@jm404](https://github.com/jm404)) [PR#286](https://github.com/wazuh/wazuh-ansible/pull/286) + +- Wazuh repositories can now be configured to different sources URLs ([@jm404](https://github.com/jm404)) [PR#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +- Wazuh App URL is now flexible ([@jm404](https://github.com/jm404)) [PR#304](https://github.com/wazuh/wazuh-ansible/pull/304) + +- Agent installation task now does not hardcodes the "-1" sufix ([@jm404](https://github.com/jm404)) [PR#310](https://github.com/wazuh/wazuh-ansible/pull/310) + +- Enhanced task importation in Wazuh Manager role and removed deprecated warnings ([@xr09](https://github.com/xr09)) [PR#320](https://github.com/wazuh/wazuh-ansible/pull/320) + +- Wazuh API installation task have been upgraded ([@rshad](https://github.com/rshad)) [PR#330](https://github.com/wazuh/wazuh-ansible/pull/330) + +- It's now possible to install Wazuh Manager and Agent from sources ([@jm404](https://github.com/jm404)) [PR#329](https://github.com/wazuh/wazuh-ansible/pull/329) + + +### Fixed + +- Ansible upgrade from 6.x to 7.x ([@jm404](https://github.com/jm404)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/251) + +- Wazuh Agent registration using agent name has been fixed ([@jm404](https://github.com/jm404)) [PR#298](https://github.com/wazuh/wazuh-ansible/pull/298) +- Fix Wazuh repository and installation conditionals ([@jm404](https://github.com/jm404)) [PR#299](https://github.com/wazuh/wazuh-ansible/pull/299) + +- Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334) + + ## [v3.10.2_7.3.2] ### Added diff --git a/VERSION b/VERSION index f4d1cb92..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" -REVISION="31020" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 36bd9b1d..eda19931 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,5 +1,5 @@ --- - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: '' diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 8c6bc567..5f4213f5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: node_name: node-1 elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: + elasticsearch_cluster_nodes: - - - @@ -22,7 +22,7 @@ vars: instances: node1: - name: node-1 # Important: must be equal to elasticsearch_node_name. + name: node-1 # Important: must be equal to elasticsearch_node_name. ip: # When unzipping, the node will search for its node name folder to get the cert. node2: name: node-2 @@ -43,10 +43,10 @@ - - - - + - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 single_node: false diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index ac5efaf1..aba365c9 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,6 +1,8 @@ --- - hosts: roles: - - {role: ../roles/wazuh/ansible-wazuh-manager} - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } + - {role: ../roles/wazuh/ansible-wazuh-manager} + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: localhost:9200 + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '0.0.0.0', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index f3089e7e..c574aa9f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -12,6 +12,8 @@ This role will work on: * Fedora * Debian * Ubuntu + +For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master. Role Variables -------------- @@ -46,13 +48,89 @@ Example Playbook - hosts: 172.16.0.162 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} - hosts: 172.16.0.163 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` +- Three nodes Elasticsearch cluster with XPack security +``` +--- +- hosts: elastic-1 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.111 + elasticsearch_node_name: node-1 + single_node: false + elasticsearch_node_master: true + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_xpack_security: true + node_certs_generator: true + node_certs_generator_ip: 172.16.0.111 + + vars: + instances: + node-1: + name: node-1 + ip: 172.16.0.111 + node-2: + name: node-2 + ip: 172.16.0.112 + node-3: + name: node-3 + ip: 172.16.0.113 + +- hosts: elastic-2 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.112 + elasticsearch_node_name: node-2 + single_node: false + elasticsearch_xpack_security: true + elasticsearch_node_master: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +- hosts: elastic-3 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.113 + elasticsearch_node_name: node-3 + single_node: false + elasticsearch_xpack_security: true + elasticsearch_node_master: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' + +``` + +It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example. + + License and copyright --------------------- diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index ceb3244b..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -1,20 +1,24 @@ --- -elasticsearch_cluster_name: wazuh -elasticsearch_node_name: node-1 + elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 +elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings single_node: true +elasticsearch_cluster_name: wazuh +elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: false -elasticsearch_master_candidate: false +elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_node_data: true +elasticsearch_node_ingest: true # X-Pack Security elasticsearch_xpack_security: false @@ -25,15 +29,9 @@ node_certs_generator: false node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs - - # CA generation master_certs_path: /es_certs generate_CA: true ca_key_name: "" ca_cert_name: "" ca_password: "" - - - - diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 67a34e7e..69c698f0 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -38,7 +38,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 16366dfc..d02664c8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -2,7 +2,7 @@ - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index af17e528..d74a391b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,7 +109,7 @@ - init - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_reachable_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init @@ -119,3 +119,34 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" + +- name: Wait for Elasticsearch API + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" + user: "elastic" # Default Elasticsearch user is always "elastic" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + when: + - elasticsearch_xpack_users is defined + +- name: Create elasticsearch users + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "elastic" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index d05c3241..e9261956 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -1,12 +1,4 @@ -- name: Install unzip dependency. - package: - name: unzip - state: present - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - name: Check if certificate exists locally stat: path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" @@ -68,7 +60,9 @@ - node_certs_generator - not xpack_certs_zip.stat.exists - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) command: >- @@ -82,7 +76,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length == 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) command: >- @@ -96,7 +92,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length > 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Verify the Elastic certificates directory file: @@ -124,7 +122,9 @@ mode: 0700 when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Delete certs.zip in Generator node file: @@ -132,16 +132,18 @@ path: "{{ node_certs_source }}/certs.zip" when: - node_certs_generator + tags: molecule-idempotence-notest - name: Unzip generated certs.zip unarchive: src: "{{ master_certs_path }}/certs.zip" dest: "{{ master_certs_path }}/" - become: true delegate_to: "127.0.0.1" when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master copy: @@ -153,7 +155,9 @@ - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master (Custom CA) copy: @@ -165,7 +169,9 @@ - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Ensuring folder permissions file: @@ -179,8 +185,11 @@ tags: xpack-security - name: Set elasticsearch bootstrap password - shell: >- - set -o pipefail; + shell: | + set -o pipefail echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password + args: + executable: /bin/bash when: - node_certs_generator + tags: molecule-idempotence-notest diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 3cd386da..0d6887f5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -20,16 +20,28 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate|lower }} +node.master: {{ elasticsearch_node_master|lower }} +{% if elasticsearch_node_data|lower == 'false' %} +node.data: false +{% endif %} +{% if elasticsearch_node_ingest|lower == 'false' %} +node.ingest: false +{% endif %} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} {% endfor %} {% endif %} -# XPACK Security +{% if elasticsearch_lower_disk_requirements %} +cluster.routing.allocation.disk.threshold_enabled: true +cluster.routing.allocation.disk.watermark.flood_stage: 200mb +cluster.routing.allocation.disk.watermark.low: 500mb +cluster.routing.allocation.disk.watermark.high: 300mb +{% endif %} {% if elasticsearch_xpack_security %} +# XPACK Security xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate @@ -49,4 +61,4 @@ xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }} {% elif generate_CA == false %} xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/{{ca_cert_name}}" ] {% endif %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index c74b1700..b2f3bf6c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,10 +4,14 @@ {% if node_certs_generator %} instances: -{% for (key,value) in instances.iteritems() %} -- name: "{{ value.name }}" +{% for (key,value) in instances.items() %} +- name: "{{ value.name }}" +{% if value.ip is defined and value.ip | length > 0 %} ip: - "{{ value.ip }}" -{% endfor %} - +{% elif value.dns is defined and value.dns | length > 0 %} + dns: + - "{{ value.dns }}" +{% endif %} +{% endfor %} {% endif %} diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 526bfabf..72e51254 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security @@ -23,3 +23,14 @@ node_certs_destination: /etc/kibana/certs master_certs_path: /es_certs generate_CA: true ca_cert_name: "" + +# Nodejs +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" + +# Build from sources +build_from_sources: false +wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 95663765..ae6ff0e9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -17,7 +17,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index 1364552b..abb8b0c0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml new file mode 100644 index 00000000..6a3dc514 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -0,0 +1,77 @@ +--- + - name: Ensure the Git package is present + package: + name: git + state: present + + - name: Modify repo url if host is in Debian family + set_fact: + node_js_repo_type: deb + when: + - ansible_os_family | lower == "debian" + + - name: Download script to install Nodejs repository + get_url: + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" + + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: false + + - name: Install Nodejs + package: + name: nodejs + state: present + + - name: Install yarn dependency to build the Wazuh Kibana Plugin + # Using shell due to errors when evaluating text between @ with command + shell: "npm install -g {{ 'yarn' }}{{ '@' }}{{ '1.10.1'}}" # noqa 305 + register: install_yarn_result + changed_when: install_yarn_result == 0 + + - name: Remove old wazuh-kibana-app git directory + file: + path: /tmp/app + state: absent + changed_when: false + + - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth + command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 + register: clone_app_repo_result + changed_when: false + args: + chdir: "/tmp" + + - name: Executing yarn to build the package + command: "{{ item }}" + with_items: + - "yarn" + - "yarn build" + register: yarn_execution_result + changed_when: false + args: + chdir: "/tmp/app/" + + - name: Obtain name of generated package + shell: "find ./ -name 'wazuh-*.zip' -printf '%f\\n'" + register: wazuhapp_package_name + changed_when: false + args: + chdir: "/tmp/app/build" + + - name: Install Wazuh Plugin (can take a while) + shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" + environment: + NODE_OPTIONS: "--max-old-space-size=3072" + args: + executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json + become: yes + become_user: kibana + notify: restart kibana + tags: + - install + - skip_ansible_lint diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index f2152d00..dd0e423f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -1,4 +1,13 @@ --- + +- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible + fail: + msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" + when: + - build_from_sources + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' @@ -74,28 +83,43 @@ tags: configure - name: Checking Wazuh-APP version - shell: | - set -o pipefail - grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo + shell: >- + grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false - tags: install + failed_when: + - wazuh_app_verify.rc != 0 + - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP - command: /usr/share/kibana/bin/kibana-plugin remove wazuh - when: wazuh_app_verify.stdout == "0" + command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh + when: wazuh_app_verify.rc == 1 tags: install - name: Removing bundles - file: path=/usr/share/kibana/optimize/bundles state=absent - when: wazuh_app_verify.stdout == "0" + file: + path: /usr/share/kibana/optimize/bundles + state: absent + when: wazuh_app_verify.rc == 1 tags: install -- name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" +- name: Explicitly starting Kibana to generate "wazuh-" + service: + name: kibana + state: started + +- name: Build and Install Wazuh Kibana Plugin from sources + import_tasks: build_wazuh_plugin.yml + when: + - build_from_sources is defined + - build_from_sources + + +- name: Install Wazuh Plugin (can take a while) + shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: @@ -107,6 +131,8 @@ tags: - install - skip_ansible_lint + when: + - not build_from_sources - name: Reload systemd configuration systemd: diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 85bd17e1..ca5ea6ac 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- import_tasks: RedHat.yml +- include_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- import_tasks: Debian.yml +- include_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: CentOS/RedHat | Install Filebeat. @@ -116,8 +116,8 @@ state: started enabled: true -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 06af6322..444cef06 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -1673,4 +1673,4 @@ } }, "version": 1 -} +} \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 466d9a89..da87ec8d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -1,58 +1,24 @@ # Wazuh - Filebeat configuration file -filebeat.inputs: - - type: log - paths: - - '/var/ossec/logs/alerts/alerts.json' +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false setup.template.json.enabled: true -setup.template.json.path: "/etc/filebeat/wazuh-template.json" -setup.template.json.name: "wazuh" +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' setup.template.overwrite: true +setup.ilm.enabled: false -processors: - - decode_json_fields: - fields: ['message'] - process_array: true - max_depth: 200 - target: '' - overwrite_keys: true - - drop_fields: - fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'] - - rename: - fields: - - from: "data.aws.sourceIPAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.srcip" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.win.eventdata.ipAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b # Send events directly to Elasticsearch output.elasticsearch: hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} - #pipeline: geoip - indices: - - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' + {% if filebeat_xpack_security %} username: {{ elasticsearch_xpack_security_user }} password: {{ elasticsearch_xpack_security_password }} diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 68fd9ad9..dc045dd6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,28 @@ --- -wazuh_agent_version: 3.10.2 +wazuh_agent_version: 3.11.0-1 + +wazuh_agent_sources_installation: + enabled: false + branch: "v3.11.0" + user_language: "y" + user_no_stop: "y" + user_install_type: "agent" + user_dir: "/var/ossec" + user_delete_dir: "y" + user_enable_active_response: "y" + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_sca: "y" + user_enable_authd: "y" + user_generate_authd_cert: "n" + user_update: "y" + user_binaryinstall: null + user_agent_server_ip: "YOUR_MANAGER_IP" + user_agent_server_name: null + user_agent_config_profile: null + user_ca_store: "/var/ossec/wpk_root.pem" + wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -12,6 +35,7 @@ wazuh_auto_restart: 'yes' wazuh_agent_authd: enable: false port: 1515 + agent_name: null ssl_agent_ca: null ssl_agent_cert: null ssl_agent_key: null @@ -26,11 +50,15 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: + repo: + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' @@ -213,7 +241,7 @@ wazuh_agent_config: rootcheck: frequency: 43200 openscap: - disable: 'no' + disable: 'yes' timeout: 1800 interval: '1d' scan_on_start: 'yes' @@ -236,6 +264,14 @@ wazuh_agent_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' cis_cat: disable: 'yes' install_java: 'yes' @@ -307,4 +343,4 @@ wazuh_agent_config: list: - key: Env value: Production -wazuh_agent_nat: false +wazuh_agent_nat: false \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 48e45685..0e0ba92f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,17 +20,23 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + filename: wazuh_repo + repo: "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true + when: + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index d9415ffc..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,26 +1,34 @@ --- -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_agent_sources_installation.enabled + - name: Linux CentOS/RedHat | Install wazuh-agent - package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present + package: + name: wazuh-agent-{{ wazuh_agent_version }} + state: present async: 90 poll: 30 when: - - ansible_distribution in ['CentOS','RedHat'] + - ansible_os_family|lower == "redhat" + - not wazuh_agent_sources_installation.enabled tags: - init - name: Linux Debian | Install wazuh-agent apt: - name: "wazuh-agent={{ wazuh_agent_version }}-1" + name: "wazuh-agent={{ wazuh_agent_version }}" state: present cache_valid_time: 3600 when: - - not (ansible_distribution in ['CentOS','RedHat']) + - ansible_os_family|lower != "redhat" + - not wazuh_agent_sources_installation.enabled tags: - init @@ -51,18 +59,25 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - -A {{ agent_name }} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output + notify: restart wazuh-agent vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: @@ -99,6 +114,7 @@ user: "{{ wazuh_managers.0.api_user }}" password: "{{ api_pass }}" register: newagent_api + notify: restart wazuh-agent # changed_when: newagent_api.json.error == 0 vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" @@ -185,9 +201,14 @@ name: wazuh-agent enabled: true state: started + tags: config -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" +- include_tasks: "RMRedHat.yml" + when: + - ansible_os_family == "RedHat" + - not wazuh_agent_sources_installation.enabled -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" +- include_tasks: "RMDebian.yml" + when: + - ansible_os_family == "Debian" + - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 33382e28..e0b2b426 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,36 +1,29 @@ --- -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') + - (ansible_distribution_major_version|int <= 5) + - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + register: repo_v5_installed -- name: AmazonLinux | Install Wazuh repo +- name: RedHat/CentOS/Fedora | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" gpgcheck: true changed_when: false when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - repo_v5_installed is skipped + - not wazuh_agent_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 8dff6274..ee0aced7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,6 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml new file mode 100644 index 00000000..69934631 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -0,0 +1,99 @@ +--- + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Removing old files + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent + + - name: Removing old folders + file: + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + changed_when: false + + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: directory + changed_when: false + + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: >- + tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} + register: wazuh_untar + changed_when: false + args: + warn: false + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars_agent.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + changed_when: false + + - name: Executing "install.sh" script to build and install the Wazuh Agent + shell: ./install.sh > /tmp/build_agent_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + + - name: Cleanup downloaded files + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent + changed_when: false + + - name: Cleanup created folders + file: + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent + changed_when: false \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 4b919bc5..25c7b955 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "Windows.yml" +- include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- import_tasks: "Linux.yml" +- include_tasks: "Linux.yml" when: ansible_system == "Linux" diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 new file mode 100644 index 00000000..0887b367 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_agent_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6946cc07..61c28012 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True {{ wazuh_agent_config.client_buffer.disable }} {{ wazuh_agent_config.client_buffer.queue_size }} {{ wazuh_agent_config.client_buffer.events_per_sec }} + {{ wazuh_agent_config.log_format }} @@ -72,7 +72,6 @@ {% endif %} yes {% endif %} - {% if ansible_os_family == "Windows" %} ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt @@ -86,11 +85,11 @@ {% if wazuh_agent_config.syscheck is defined %} no - + {{ wazuh_agent_config.syscheck.frequency }} {% if ansible_system == "Linux" %} - + /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot @@ -130,7 +129,7 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} {% endif %} @@ -270,7 +269,29 @@ {{ wazuh_agent_config.syscollector.processes }} - + + {% if wazuh_agent_config.sca.enabled | length > 0 %} + {{ wazuh_agent_config.sca.enabled }} + {% endif %} + {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} + {{ wazuh_agent_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_agent_config.sca.interval | length > 0 %} + {{ wazuh_agent_config.sca.interval }} + {% endif %} + {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.time | length > 0 %} + + {% endif %} + {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} @@ -284,68 +305,72 @@ {% endif %} - {% if ansible_system == "Linux" %} - {% for localfile in wazuh_agent_config.localfiles.linux %} - - {{ localfile.format }} + {% if ansible_system == "Linux" %} + {% for localfile in wazuh_agent_config.localfiles.linux %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} {% endif %} - + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Debian" %} - {% for localfile in wazuh_agent_config.localfiles.debian %} - - {{ localfile.format }} + {% if ansible_os_family == "Debian" %} + {% for localfile in wazuh_agent_config.localfiles.debian %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "RedHat" %} - {% for localfile in wazuh_agent_config.localfiles.centos %} - - {{ localfile.format }} + {% if ansible_os_family == "RedHat" %} + {% for localfile in wazuh_agent_config.localfiles.centos %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Windows" %} - {% for localfile in wazuh_agent_config.localfiles.windows %} - - {{ localfile.format }} - {% if localfile.format == 'eventchannel' %} - {{ localfile.location }} - {{ localfile.query}} - {% else %} - {{ localfile.location }} - {% endif %} - + {% if ansible_os_family == "Windows" %} + {% for localfile in wazuh_agent_config.localfiles.windows %} + + + {{ localfile.format }} + {% if localfile.format == 'eventchannel' %} + {{ localfile.location }} + {{ localfile.query}} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 170a8da5..bd039d68 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,10 +1,57 @@ --- -wazuh_manager_api_version: 3.10.2 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" -wazuh_manager_package_state: latest +wazuh_manager_package_state: present + +wazuh_manager_sources_installation: + enabled: false + branch: "v3.11.0" + user_language: "en" + user_no_stop: "y" + user_install_type: "server" + user_dir: "/var/ossec" + user_delete_dir: null + user_enable_active_response: null + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_authd: "y" + user_generate_authd_cert: null + user_update: "y" + user_binaryinstall: null + user_enable_email: "n" + user_auto_start: "y" + user_email_address: null + user_email_smpt: null + user_enable_syslog: "n" + user_white_list: "n" + user_ca_store: null + threads: "2" + +wazuh_api_sources_installation: + enabled: false + branch: "v3.11.0" + update: "y" + remove: "y" + directory: null + port: 55000 + https: "n" + authd: null + proxy: null + country: null + state: null + locality: null + org_name: null + org_unit: null + common_name: null + password: null wazuh_manager_config: + repo: + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' alerts_log: 'yes' logall: 'no' @@ -154,6 +201,14 @@ wazuh_manager_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' vul_detector: disable: 'yes' interval: '5m' @@ -314,3 +369,9 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' + +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 0fac45a1..46f1097b 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -12,6 +12,4 @@ service: name: wazuh-api state: restarted - enabled: true - when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + enabled: true \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9e9a94d7..e045059d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -7,6 +7,7 @@ - gnupg state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded @@ -22,43 +23,24 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + filename: wazuh_repo + repo: "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false - -- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) - become: true - shell: | - set -o pipefail - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - - args: - warn: false - executable: /bin/bash - changed_when: false when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - -- name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - -- name: Debian/Ubuntu | Add NodeSource repositories for Node.js - apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" - state: present - update_cache: true - changed_when: false + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -82,16 +64,16 @@ - init - name: Debian/Ubuntu | Install OpenScap - package: - name: "{{ item }}" + apt: + name: + - libopenscap8 + - xsltproc state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc tags: - init @@ -110,3 +92,33 @@ changed_when: false tags: - config + +- name: Debian/Ubuntu | Install wazuh-manager + apt: + name: + - "wazuh-manager={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + install_recommends: false + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init + when: + - not wazuh_manager_sources_installation.enabled + +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + +- name: Debian/Ubuntu | Install wazuh-api + apt: + name: + - "wazuh-api={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + install_recommends: false + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init + when: + - not wazuh_api_sources_installation.enabled \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 7540e142..5dc57e81 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,69 +1,34 @@ --- -- name: RedHat/CentOS | Install Nodejs repo +- name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL + name: wazuh_repo + description: Wazuh repository + baseurl: "{{ wazuh_manager_config.repo.yum }}5/" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: - - ansible_distribution_major_version|int > 5 - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: ansible_distribution == 'Fedora' - -- name: AmazonLinux | Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - -- name: AmazonLinux | Install Nodejs repo - yum: - name: nodejs - state: present - register: wazuh_manager_amz_node_packages_installed - until: wazuh_manager_amz_node_packages_installed is succeeded - when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') + - (ansible_distribution_major_version|int <= 5) + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_manager_config.repo.yum }}" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}" gpgcheck: true changed_when: false when: - - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - -- name: RedHat/CentOS 5 | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - when: - - ansible_distribution_major_version|int == 5 + - repo_v5_manager_installed is skipped + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present with_items: - openscap-scanner - - openssl register: wazuh_manager_openscp_packages_installed until: wazuh_manager_openscp_packages_installed is succeeded tags: @@ -143,3 +108,55 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + +- name: CentOS/RedHat/Amazon | Install wazuh-manager + package: + name: "wazuh-manager-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + - not wazuh_manager_sources_installation.enabled + tags: + - init + +- include_tasks: "../tasks/installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + +- name: CentOS/RedHat/Amazon | Install wazuh-api + package: + name: "wazuh-api-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + register: wazuh_api_main_packages_installed + until: wazuh_api_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + - not wazuh_api_sources_installation.enabled + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - expect + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 + tags: + - init + diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml new file mode 100644 index 00000000..fe78cdbb --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -0,0 +1,181 @@ +--- +# Wazuh Manager + - name: Check if Wazuh Manager is already installed + stat: + path: /var/ossec/bin/ossec-control + register: wazuh_ossec_control + + - name: Installing Wazuh Manager from sources + block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Removing old files + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent + + - name: Removing old folders + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Remove old repository folder + file: + path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + state: absent + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: directory + + # When downloading "v3.11.0" extracted folder name is 3.11.0. + # Explicitly creating the folder with proper naming and striping first level in .tar.gz file + + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: >- + tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 + args: + warn: false + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars_manager.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_wazuh_manager_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + + - name: Cleanup downloaded files + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent + + - name: Cleanup created folders + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent + + when: + - not wazuh_ossec_control.stat.exists + - wazuh_manager_sources_installation.enabled + tags: + - manager + +# Wazuh API + + - name: Check if Wazuh API is already installed + stat: + path: /var/ossec/api/app.js + register: wazuh_api + + - name: Install Wazuh API from sources + block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Explicitly installing npm for Debian hosts + package: + name: npm + state: present + when: + - ansible_distribution == "Debian" + + - name: Ensure Git is present in the host + package: + name: git + state: present + + - name: Remove old repository folder + file: + path: /tmp/wazuh-api + state: absent + + - name: Download the Wazuh API repository + git: + repo: 'https://github.com/wazuh/wazuh-api.git' + version: "{{ wazuh_api_sources_installation.branch }}" + dest: /tmp/wazuh-api + + - name: Configure Wazuh API installation + template: + src: "templates/preloaded_vars_api.conf.j2" + dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" + owner: root + group: root + mode: '644' + + - name: Execute Wazuh API installation script + shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt + register: install_api + changed_when: install_api.rc == 0 + args: + chdir: "/tmp/wazuh-api" + notify: + - restart wazuh-api + when: + - not wazuh_api.stat.exists + - wazuh_api_sources_installation.enabled + tags: + - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..0bb00fef 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,63 +1,54 @@ --- -- import_tasks: "RedHat.yml" +- name: "Install dependencies" + package: + name: + - unzip + - openssl + - tar + state: present + +- name: Check if NodeJS service exists + stat: + path: /usr/bin/node + register: node_service_status + +- name: Install NodeJS repository + block: + - name: Download NodeJS repository script + get_url: + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false + + - name: Run NodeJS bash script + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 + when: not node_service_status.stat.exists + +- name: Installing NodeJS + package: + name: nodejs + state: present + register: nodejs_service_is_installed + until: nodejs_service_is_installed is succeeded + tags: init + +- include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] - tags: - - init - -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api - apt: - name: "{{ item }}={{ wazuh_manager_api_version }}-1" - state: present - cache_valid_time: 3600 - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) - tags: init - - name: Install expect - package: pkg=expect state={{ wazuh_manager_package_state }} + package: + name: expect + state: "{{ wazuh_manager_package_state }}" when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) + - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install wazuh-manager and expect (EL5) - package: pkg={{ item }} state={{ wazuh_manager_package_state }} - with_items: - - wazuh-manager-{{ wazuh_manager_api_version }} - - expect - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - tags: - - init - - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: @@ -65,7 +56,7 @@ chdir: /var/ossec/etc/ tags: - config - when: not wazuh_manager_config.authd.ssl_agent_ca is not none + when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: @@ -322,8 +313,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 tags: - config @@ -392,8 +381,12 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" +- include_tasks: "RMRedHat.yml" + when: + - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" + - not wazuh_manager_sources_installation.enabled -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" +- include_tasks: "RMDebian.yml" + when: + - ansible_os_family == "Debian" + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 new file mode 100644 index 00000000..198178c8 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_api_sources_installation.items() %} +{% if "enabled" not in key and "branch" not in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 new file mode 100644 index 00000000..3dacef92 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_manager_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 65ae38fb..733cae18 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True no @@ -222,6 +231,30 @@ {{ wazuh_manager_config.syscollector.processes }} + + {% if wazuh_manager_config.sca.enabled | length > 0 %} + {{ wazuh_manager_config.sca.enabled }} + {% endif %} + {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} + {{ wazuh_manager_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_manager_config.sca.interval | length > 0 %} + {{ wazuh_manager_config.sca.interval }} + {% endif %} + {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.time | length > 0 %} + + {% endif %} + + {{ wazuh_manager_config.vul_detector.disable }} {{ wazuh_manager_config.vul_detector.interval }} @@ -273,7 +306,6 @@ {% for no_diff in wazuh_manager_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} @@ -295,53 +327,77 @@ {% endfor %} - {% for command in wazuh_manager_config.commands %} - - {{ command.name }} - {{ command.executable }} - {{ command.expect }} - {{ command.timeout_allowed }} - +{% for command in wazuh_manager_config.commands %} + + + {{ command.name }} + {{ command.executable }} + {{ command.expect }} + {{ command.timeout_allowed }} + +{% endfor %} + + + + ruleset/decoders + ruleset/rules + {% if wazuh_manager_config.rule_exclude is defined %} + {% for rule in wazuh_manager_config.rule_exclude %} + {{ rule }} {% endfor %} + {% endif %} + {% if cdb_lists is defined %} + {% for list in cdb_lists %} + etc/lists/{{ list.name }} + {% endfor %} + {% endif %} - - - ruleset/decoders - ruleset/rules - {% if wazuh_manager_config.rule_exclude is defined %} - {% for rule in wazuh_manager_config.rule_exclude %} - {{ rule }} - {% endfor %} - {% endif %} - {% if cdb_lists is defined %} - {% for list in cdb_lists %} - etc/lists/{{ list.name }} - {% endfor %} - {% endif %} - - - etc/decoders - etc/rules + + etc/decoders + etc/rules {% if wazuh_manager_config.authd.enable == true %} no - {% if wazuh_manager_config.authd.port is not none %}{{wazuh_manager_config.authd.port}}{% else %}1515{% endif %} - {% if wazuh_manager_config.authd.use_source_ip is not none %}{{wazuh_manager_config.authd.use_source_ip}}{% endif %} - {% if wazuh_manager_config.authd.force_insert is not none %}{{wazuh_manager_config.authd.force_insert}}{% endif %} - {% if wazuh_manager_config.authd.force_time is not none %}{{wazuh_manager_config.authd.force_time}}{% endif %} - {% if wazuh_manager_config.authd.purge is not none %}{{wazuh_manager_config.authd.purge}}{% endif %} - {% if wazuh_manager_config.authd.use_password is not none %}{{wazuh_manager_config.authd.use_password}}{% endif %} - {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_verify_host is not none %}{{wazuh_manager_config.authd.ssl_verify_host}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_key is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}{{wazuh_manager_config.authd.ssl_auto_negotiate}}{% endif %} + {% if wazuh_manager_config.authd.port is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1515 + {% endif %} + {% if wazuh_manager_config.authd.use_source_ip is not none %} + {{wazuh_manager_config.authd.use_source_ip}} + {% endif %} + {% if wazuh_manager_config.authd.force_insert is not none %} + {{wazuh_manager_config.authd.force_insert}} + {% endif %} + {% if wazuh_manager_config.authd.force_time is not none %} + {{wazuh_manager_config.authd.force_time}} + {% endif %} + {% if wazuh_manager_config.authd.purge is not none %} + {{wazuh_manager_config.authd.purge}} + {% endif %} + {% if wazuh_manager_config.authd.use_password is not none %} + {{wazuh_manager_config.authd.use_password}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_verify_host is not none %} + {{wazuh_manager_config.authd.ssl_verify_host}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_cert is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_key is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %} + {{wazuh_manager_config.authd.ssl_auto_negotiate}} + {% endif %} {% endif %} - {{ wazuh_manager_config.cluster.disable }} {{ wazuh_manager_config.cluster.name }} @@ -361,7 +417,7 @@ {{ wazuh_manager_config.cluster.hidden }} - {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} +{% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} no Wazuh-VULS @@ -370,7 +426,7 @@ yes {{ wazuh_manager_config.vuls.run_on_start }} - {% endif %} +{% endif -%} {% if agentless_creds is defined %} {% for agentless in agentless_creds %} @@ -383,11 +439,8 @@ {{ agentless.arguments }} {% endif %} - {% endfor %} -{% endif %} - - +{% endif -%} {% if wazuh_manager_config.active_responses is defined %} {% for response in wazuh_manager_config.active_responses %} @@ -403,10 +456,11 @@ {%if response.repeated_offenders is defined %}{{ response.repeated_offenders }}{% endif %} {% endfor %} -{% endif %} +{% endif -%} {% for localfile in wazuh_manager_config.localfiles.common %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -444,6 +498,7 @@ {% if ansible_os_family == "Debian" %} {% for localfile in wazuh_manager_config.localfiles.debian %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -478,10 +533,11 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -516,7 +572,7 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if wazuh_manager_config.syslog_outputs is defined %} {% for syslog_output in wazuh_manager_config.syslog_outputs %}