From e8881ee82fdf1be46543b1d460f01550a815de7b Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 26 Sep 2019 13:03:14 +0200 Subject: [PATCH 001/194] Bypass idempotence tests on elastic xpack --- .../tasks/xpack_security.yml | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index d05c3241..35f64fae 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -68,7 +68,9 @@ - node_certs_generator - not xpack_certs_zip.stat.exists - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) command: >- @@ -82,7 +84,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length == 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) command: >- @@ -96,7 +100,9 @@ - not xpack_certs_zip.stat.exists - not generate_CA - ca_password | length > 0 - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Verify the Elastic certificates directory file: @@ -124,7 +130,9 @@ mode: 0700 when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Delete certs.zip in Generator node file: @@ -132,6 +140,7 @@ path: "{{ node_certs_source }}/certs.zip" when: - node_certs_generator + tags: molecule-idempotence-notest - name: Unzip generated certs.zip unarchive: @@ -141,7 +150,9 @@ delegate_to: "127.0.0.1" when: - node_certs_generator - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master copy: @@ -153,7 +164,9 @@ - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Copying node's certificate from master (Custom CA) copy: @@ -165,7 +178,9 @@ - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA - tags: xpack-security + tags: + - xpack-security + - molecule-idempotence-notest - name: Ensuring folder permissions file: @@ -179,8 +194,11 @@ tags: xpack-security - name: Set elasticsearch bootstrap password - shell: >- - set -o pipefail; + shell: | + set -o pipefail echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password + args: + executable: /bin/bash when: - node_certs_generator + tags: molecule-idempotence-notest From 736f9b8c4822baac0bce60afcc45ea698dc68ee4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 13:05:44 +0200 Subject: [PATCH 002/194] Rename Elastic respository to allow upgrades from 6.x --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 67a34e7e..69c698f0 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -38,7 +38,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 16366dfc..d02664c8 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -2,7 +2,7 @@ - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 95663765..ae6ff0e9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -17,7 +17,7 @@ apt_repository: repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present - filename: 'elastic_repo' + filename: 'elastic_repo_7' update_cache: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index 1364552b..abb8b0c0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: - name: elastic_repo + name: elastic_repo_7 description: Elastic repository for 7.x packages baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch From 33a95a5c4a7b50f5f920bf0088b7e225beea728b Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 13:06:42 +0200 Subject: [PATCH 003/194] Fix "Checking Wazuh-APP version" task that updates plugins --- .../elastic-stack/ansible-kibana/tasks/main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index f2152d00..8f9602ae 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -74,24 +74,26 @@ tags: configure - name: Checking Wazuh-APP version - shell: | - set -o pipefail - grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo + shell: >- + grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json args: executable: /bin/bash removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false - tags: install + failed_when: wazuh_app_verify.stderr | length > 0 - name: Removing old Wazuh-APP - command: /usr/share/kibana/bin/kibana-plugin remove wazuh - when: wazuh_app_verify.stdout == "0" + command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh + when: wazuh_app_verify.rc == 1 + debugger: always tags: install - name: Removing bundles file: path=/usr/share/kibana/optimize/bundles state=absent - when: wazuh_app_verify.stdout == "0" + become: yes + become_user: kibana + when: wazuh_app_verify.rc == 1 tags: install - name: Install Wazuh-APP (can take a while) From 4c9ae0eee5bd3842352894c28b7b0a4770ea1299 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 16:11:20 +0200 Subject: [PATCH 004/194] Fix conditional when checking Wazuh-APP version --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 8f9602ae..9e28411a 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -81,7 +81,9 @@ removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify changed_when: false - failed_when: wazuh_app_verify.stderr | length > 0 + failed_when: + - wazuh_app_verify.rc != 0 + - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh From 1ec7e696e2c5f574eef77cae1a068b92f1f78891 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Sep 2019 16:11:38 +0200 Subject: [PATCH 005/194] Remove debugger setting used in testing --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 9e28411a..584becc7 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -88,7 +88,6 @@ - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh when: wazuh_app_verify.rc == 1 - debugger: always tags: install - name: Removing bundles From 47b16b3c20b3f85e68e0d44f0644f176152b56d3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 26 Sep 2019 16:32:57 +0200 Subject: [PATCH 006/194] Support both IP and DNS when creating elastic cluster --- .../ansible-elasticsearch/templates/instances.yml.j2 | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index c74b1700..62182293 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -4,10 +4,14 @@ {% if node_certs_generator %} instances: -{% for (key,value) in instances.iteritems() %} -- name: "{{ value.name }}" +{% for (key,value) in instances.items() %} +- name: "{{ value.name }}" +{% if value.ip %} ip: - "{{ value.ip }}" -{% endfor %} - +{% elif value.dns %} + dns: + - "{{ value.dns }}" +{% endif %} +{% endfor %} {% endif %} From 7444885ecd26b381f46d2ac57baa3aa786f4f3e8 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 12:47:44 +0200 Subject: [PATCH 007/194] Check if var is defined --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 62182293..1e87f8d2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip %} +{% if value.ip is defined %} ip: - "{{ value.ip }}" -{% elif value.dns %} +{% elif value.dns is defined %} dns: - "{{ value.dns }}" {% endif %} From a542c3bb4ba27d57356f4bae6886c4c329e5f6a1 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 13:08:02 +0200 Subject: [PATCH 008/194] Remove unzip check --- .../ansible-elasticsearch/tasks/xpack_security.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 35f64fae..8cdfdb77 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -1,12 +1,4 @@ -- name: Install unzip dependency. - package: - name: unzip - state: present - delegate_to: "127.0.0.1" - when: - - node_certs_generator - - name: Check if certificate exists locally stat: path: "{{ node_certs_destination }}/{{ elasticsearch_node_name }}.crt" From 7371e7392041fe1753073290e231acf143ee8b71 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 13:38:45 +0200 Subject: [PATCH 009/194] Update default variables for sca configuration --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 170a8da5..f45e95b0 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -154,6 +154,14 @@ wazuh_manager_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' vul_detector: disable: 'yes' interval: '5m' From beacf88017b24f9b473b11dbfa56e6c76c782b2f Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:29:53 +0200 Subject: [PATCH 010/194] Update Manager template to add configuration --- .../var-ossec-etc-ossec-server.conf.j2 | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 65ae38fb..b107d6d1 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -222,6 +222,32 @@ {{ wazuh_manager_config.syscollector.processes }} + {% if ansible_system == "Linux" %} + + {% if wazuh_manager_config.sca.enabled | length > 0 %} + {{ wazuh_manager_config.sca.enabled }} + {% endif %} + {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} + {{ wazuh_manager_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_manager_config.sca.interval | length > 0 %} + {{ wazuh_manager_config.sca.interval }} + {% endif %} + {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.time | length > 0 %} + + {% endif %} + + {% endif %} + {{ wazuh_manager_config.vul_detector.disable }} {{ wazuh_manager_config.vul_detector.interval }} From 3e0cc08104726cc9338260eaf4ab58312df7fa64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:30:11 +0200 Subject: [PATCH 011/194] Add sca default variables to wazuh agent defaults --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index fe6749ce..7eaab059 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -237,6 +237,14 @@ wazuh_agent_config: packages: 'yes' ports_no: 'yes' processes: 'yes' + sca: + enabled: 'yes' + scan_on_start: 'yes' + interval: '12h' + skip_nfs: 'yes' + day: '' + wday: '' + time: '' cis_cat: disable: 'yes' install_java: 'yes' From d45ad1db03538c8935ad57c0132f2e78bf96eb89 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 27 Sep 2019 14:30:20 +0200 Subject: [PATCH 012/194] Update wazuh agent template to add sca configuration --- .../var-ossec-etc-ossec-agent.conf.j2 | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6946cc07..59ab67d2 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -270,7 +270,31 @@ {{ wazuh_agent_config.syscollector.processes }} - + {% if ansible_system == "Linux" %} + + {% if wazuh_agent_config.sca.enabled | length > 0 %} + {{ wazuh_agent_config.sca.enabled }} + {% endif %} + {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} + {{ wazuh_agent_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_agent_config.sca.interval | length > 0 %} + {{ wazuh_agent_config.sca.interval }} + {% endif %} + {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.time | length > 0 %} + + {% endif %} + + {% endif %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} From 6fc395a81f7ccb4a469a73fcd28e6c159432df87 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 15:12:54 +0200 Subject: [PATCH 013/194] Add length check --- .../ansible-elasticsearch/templates/instances.yml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 index 1e87f8d2..b2f3bf6c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -6,10 +6,10 @@ instances: {% for (key,value) in instances.items() %} - name: "{{ value.name }}" -{% if value.ip is defined %} +{% if value.ip is defined and value.ip | length > 0 %} ip: - "{{ value.ip }}" -{% elif value.dns is defined %} +{% elif value.dns is defined and value.dns | length > 0 %} dns: - "{{ value.dns }}" {% endif %} From a53674791f7ff3d8ab276a35d1c17bfdf5292fc7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 16:44:12 +0200 Subject: [PATCH 014/194] Add xpack scenario in the Readme --- .../ansible-elasticsearch/README.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index f3089e7e..68d55c29 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -12,6 +12,8 @@ This role will work on: * Fedora * Debian * Ubuntu + +For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master. Role Variables -------------- @@ -53,6 +55,70 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` +- Three nodes Elasticsearch cluster with XPack security +``` +--- +- hosts: elastic-1 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.111 + node_name: node-1 + single_node: false + elasticsearch_master_candidate: true + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + elasticsearch_xpack_security: true + node_certs_generator: true + node_certs_generator_ip: 172.16.0.111 + + vars: + instances: + node-1: + name: node-1 + ip: 172.16.0.111 + node-2: + name: node-2 + ip: 172.16.0.112 + node-3: + name: node-3 + ip: 172.16.0.113 + +- hosts: elastic-2 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.112 + elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +- hosts: elastic-3 + roles: + - role: ../roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 172.16.0.113 + elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + node_certs_generator_ip: 172.16.0.111 + elasticsearch_discovery_nodes: + - 172.16.0.111 + - 172.16.0.112 + - 172.16.0.113 + +``` + + License and copyright --------------------- From 65ba7e088f361854de3a80cfd5c031b35d863cb3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 27 Sep 2019 18:39:21 +0200 Subject: [PATCH 015/194] Add config tag to the enable service task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index d9415ffc..37a8a8eb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -185,6 +185,7 @@ name: wazuh-agent enabled: true state: started + tags: config - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" From 86de4a0fee015d2c6e96fc10d08dc008b8fc29ca Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 11:01:18 +0200 Subject: [PATCH 016/194] Add elasticsearch_reachable_host This fixes #262 --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 5 +---- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index f365f66a..c19fcce9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,6 +3,7 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 +elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true @@ -30,7 +31,3 @@ generate_CA: true ca_key_name: "" ca_cert_name: "" ca_password: "" - - - - diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index af17e528..706de27e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -109,7 +109,7 @@ - init - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_reachable_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init From 38993c3100360f09539834714078da9fd7add340 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 1 Oct 2019 18:20:29 +0200 Subject: [PATCH 017/194] Fix vars on cluster example --- roles/elastic-stack/ansible-elasticsearch/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 68d55c29..41cebd54 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -62,7 +62,7 @@ Example Playbook roles: - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.111 - node_name: node-1 + elasticsearch_node_name: node-1 single_node: false elasticsearch_master_candidate: true elasticsearch_bootstrap_node: true @@ -95,6 +95,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.112 elasticsearch_node_name: node-2 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 @@ -108,6 +109,7 @@ Example Playbook - role: ../roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: 172.16.0.113 elasticsearch_node_name: node-3 + single_node: false elasticsearch_xpack_security: true elasticsearch_master_candidate: true node_certs_generator_ip: 172.16.0.111 From 99426a3c0fbf5d98e6c930a0c21c2deaef65ea51 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 4 Oct 2019 17:01:34 +0200 Subject: [PATCH 018/194] New task to create elasticsearch users Fixes #269 Fixes #268 --- .../ansible-elasticsearch/README.md | 7 +++++++ .../tasks/xpack_security.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 41cebd54..b10a2152 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -79,6 +79,13 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' instances: node-1: name: node-1 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 8cdfdb77..1d338cf7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -194,3 +194,19 @@ when: - node_certs_generator tags: molecule-idempotence-notest + +- name: Create elasticsearch users + uri: + url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined + - node_certs_generator From d7e3cec04bed4a865971601aee9daf34ec3fe1f5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 7 Oct 2019 16:17:18 +0200 Subject: [PATCH 019/194] Enabling sca for Windows Agent in the ossec.conf template --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 59ab67d2..4d43bc94 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -270,7 +270,6 @@ {{ wazuh_agent_config.syscollector.processes }} - {% if ansible_system == "Linux" %} {% if wazuh_agent_config.sca.enabled | length > 0 %} {{ wazuh_agent_config.sca.enabled }} @@ -294,7 +293,6 @@ {% endif %} - {% endif %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} From d482629c80f13ed4367db87b1c71a9bbf95e9ea3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 7 Oct 2019 16:26:56 +0200 Subject: [PATCH 020/194] Remove sca linux conditional from Manager template --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index b107d6d1..145af4af 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -222,7 +222,6 @@ {{ wazuh_manager_config.syscollector.processes }} - {% if ansible_system == "Linux" %} {% if wazuh_manager_config.sca.enabled | length > 0 %} {{ wazuh_manager_config.sca.enabled }} @@ -246,7 +245,6 @@ {% endif %} - {% endif %} {{ wazuh_manager_config.vul_detector.disable }} From 1e8cc831cfbd0cd9be2c6c03d3ca986a5116f557 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 16:47:41 +0200 Subject: [PATCH 021/194] Remove become from local task --- .../elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 1d338cf7..855be9b9 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -138,7 +138,6 @@ unarchive: src: "{{ master_certs_path }}/certs.zip" dest: "{{ master_certs_path }}/" - become: true delegate_to: "127.0.0.1" when: - node_certs_generator From 9c125c6b1c16d2873882c68b9f976db824da7185 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 16:59:58 +0200 Subject: [PATCH 022/194] Move user creation to main file --- .../ansible-elasticsearch/tasks/main.yml | 15 +++++++++++++++ .../tasks/xpack_security.yml | 16 ---------------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 706de27e..8146eaee 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -119,3 +119,18 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" + +- name: Create elasticsearch users + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 855be9b9..e9261956 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -193,19 +193,3 @@ when: - node_certs_generator tags: molecule-idempotence-notest - -- name: Create elasticsearch users - uri: - url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" - method: POST - body_format: json - user: "{{ elasticsearch_xpack_security_user }}" - password: "{{ elasticsearch_xpack_security_password }}" - body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' - validate_certs: no - loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" - register: http_response - failed_when: http_response.status != 200 - when: - - elasticsearch_xpack_users is defined - - node_certs_generator From dcc7624d59317f784c8d98b7dde050e4177095ac Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:00:47 +0200 Subject: [PATCH 023/194] Add waiting task before creating users Wait for elasticsearch API to be ready before attempting to add users --- .../ansible-elasticsearch/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8146eaee..aef459e2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -120,6 +120,22 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" +- name: Wait for Elasticsearch API + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + when: + - elasticsearch_xpack_users is defined + - name: Create elasticsearch users uri: url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" From 9b0bcf9fe64d533b671d7d7d323e5aba36aee4c9 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:12:01 +0200 Subject: [PATCH 024/194] Add docs on user creation --- .../ansible-elasticsearch/README.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index b10a2152..288628e7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -55,7 +55,9 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` + - Three nodes Elasticsearch cluster with XPack security + ``` --- - hosts: elastic-1 @@ -79,13 +81,6 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: - elasticsearch_xpack_users: - anne: - password: 'PasswordHere' - roles: '["kibana_user", "monitoring_user"]' - jack: - password: 'PasswordHere' - roles: '["superuser"]' instances: node-1: name: node-1 @@ -124,9 +119,19 @@ Example Playbook - 172.16.0.111 - 172.16.0.112 - 172.16.0.113 + vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' ``` +It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example. + License and copyright --------------------- From 56e7d1093721dc3cdc13eb0923670d933a733ffd Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 9 Oct 2019 17:13:11 +0200 Subject: [PATCH 025/194] Fix space typo --- roles/elastic-stack/ansible-elasticsearch/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 288628e7..388affce 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -55,9 +55,7 @@ Example Playbook - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` - - Three nodes Elasticsearch cluster with XPack security - ``` --- - hosts: elastic-1 From c265bbbaac6c581fba22f3947ac9cea05a94b06c Mon Sep 17 00:00:00 2001 From: havidarou Date: Sat, 19 Oct 2019 17:39:38 +0200 Subject: [PATCH 026/194] Add filebeat role to wazuh-elastic_stack-single.yml playbook --- playbooks/wazuh-elastic_stack-single.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index ac5efaf1..051b5fd2 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -2,5 +2,7 @@ - hosts: roles: - {role: ../roles/wazuh/ansible-wazuh-manager} + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } From 6db1fd65d385e2365c64e08c18e771eb5b62475f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 21 Oct 2019 16:34:43 +0200 Subject: [PATCH 027/194] Add support for environments with low disk space This adds and option to bypass ES default disk-based shard allocation. --- .../ansible-elasticsearch/defaults/main.yml | 1 + .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index c19fcce9..87381a4e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -14,6 +14,7 @@ elasticsearch_cluster_nodes: elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_lower_disk_requirements: false # X-Pack Security elasticsearch_xpack_security: false elasticsearch_xpack_security_user: elastic diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 3cd386da..2bb6ebe4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -27,6 +27,13 @@ discovery.seed_hosts: {% endfor %} {% endif %} +{% if elasticsearch_lower_disk_requirements %} +cluster.routing.allocation.disk.threshold_enabled: true +cluster.routing.allocation.disk.watermark.flood_stage: 200mb +cluster.routing.allocation.disk.watermark.low: 500mb +cluster.routing.allocation.disk.watermark.high: 300mb +{% endif %} + # XPACK Security {% if elasticsearch_xpack_security %} @@ -49,4 +56,4 @@ xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }} {% elif generate_CA == false %} xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/{{ca_cert_name}}" ] {% endif %} -{% endif %} \ No newline at end of file +{% endif %} From 9647c79e68c14ec8f345e16632c9a4ce577c47dc Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Fri, 25 Oct 2019 13:44:56 +0200 Subject: [PATCH 028/194] Updated Filebeat configuration file template --- .../templates/filebeat.yml.j2 | 56 ++++--------------- 1 file changed, 11 insertions(+), 45 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 466d9a89..da87ec8d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -1,58 +1,24 @@ # Wazuh - Filebeat configuration file -filebeat.inputs: - - type: log - paths: - - '/var/ossec/logs/alerts/alerts.json' +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false setup.template.json.enabled: true -setup.template.json.path: "/etc/filebeat/wazuh-template.json" -setup.template.json.name: "wazuh" +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' setup.template.overwrite: true +setup.ilm.enabled: false -processors: - - decode_json_fields: - fields: ['message'] - process_array: true - max_depth: 200 - target: '' - overwrite_keys: true - - drop_fields: - fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'] - - rename: - fields: - - from: "data.aws.sourceIPAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.srcip" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.win.eventdata.ipAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b # Send events directly to Elasticsearch output.elasticsearch: hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} - #pipeline: geoip - indices: - - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' + {% if filebeat_xpack_security %} username: {{ elasticsearch_xpack_security_user }} password: {{ elasticsearch_xpack_security_password }} From 359f3e3cb40dfcf1c10cd99af7eee9c866e59d39 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Fri, 25 Oct 2019 13:45:03 +0200 Subject: [PATCH 029/194] Updated Wazuh template --- roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 06af6322..5387bf8c 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,6 +162,7 @@ "data.dstip", "data.dstport", "data.dstuser", + "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -943,6 +944,9 @@ "data": { "type": "keyword" }, + "extra_data": { + "type": "keyword" + }, "system_name": { "type": "keyword" }, @@ -1673,4 +1677,4 @@ } }, "version": 1 -} +} \ No newline at end of file From 88d3ea22dd83eb5eb0d3654c06e26d5183ae8673 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 25 Oct 2019 16:59:14 +0200 Subject: [PATCH 030/194] Update tempate for ossec.conf (Agent) --- .../var-ossec-etc-ossec-agent.conf.j2 | 159 +++++++++--------- 1 file changed, 81 insertions(+), 78 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 4d43bc94..61c28012 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True {{ wazuh_agent_config.client_buffer.disable }} {{ wazuh_agent_config.client_buffer.queue_size }} {{ wazuh_agent_config.client_buffer.events_per_sec }} + {{ wazuh_agent_config.log_format }} @@ -72,7 +72,6 @@ {% endif %} yes {% endif %} - {% if ansible_os_family == "Windows" %} ./shared/win_audit_rcl.txt ./shared/win_applications_rcl.txt @@ -86,11 +85,11 @@ {% if wazuh_agent_config.syscheck is defined %} no - + {{ wazuh_agent_config.syscheck.frequency }} {% if ansible_system == "Linux" %} - + /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot @@ -130,7 +129,7 @@ {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - + {{ wazuh_agent_config.syscheck.skip_nfs }} {% endif %} @@ -270,29 +269,29 @@ {{ wazuh_agent_config.syscollector.processes }} - - {% if wazuh_agent_config.sca.enabled | length > 0 %} - {{ wazuh_agent_config.sca.enabled }} - {% endif %} - {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} - {{ wazuh_agent_config.sca.scan_on_start }} - {% endif %} - {% if wazuh_agent_config.sca.interval | length > 0 %} - {{ wazuh_agent_config.sca.interval }} - {% endif %} - {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} - - {% endif %} - + + {% if wazuh_agent_config.sca.enabled | length > 0 %} + {{ wazuh_agent_config.sca.enabled }} + {% endif %} + {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} + {{ wazuh_agent_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_agent_config.sca.interval | length > 0 %} + {{ wazuh_agent_config.sca.interval }} + {% endif %} + {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_agent_config.sca.time | length > 0 %} + + {% endif %} + {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} @@ -306,68 +305,72 @@ {% endif %} - {% if ansible_system == "Linux" %} - {% for localfile in wazuh_agent_config.localfiles.linux %} - - {{ localfile.format }} + {% if ansible_system == "Linux" %} + {% for localfile in wazuh_agent_config.localfiles.linux %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} {% endif %} - + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Debian" %} - {% for localfile in wazuh_agent_config.localfiles.debian %} - - {{ localfile.format }} + {% if ansible_os_family == "Debian" %} + {% for localfile in wazuh_agent_config.localfiles.debian %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "RedHat" %} - {% for localfile in wazuh_agent_config.localfiles.centos %} - - {{ localfile.format }} + {% if ansible_os_family == "RedHat" %} + {% for localfile in wazuh_agent_config.localfiles.centos %} + + + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} - {{ localfile.location }} - {% endif %} - + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} - {% if ansible_os_family == "Windows" %} - {% for localfile in wazuh_agent_config.localfiles.windows %} - - {{ localfile.format }} - {% if localfile.format == 'eventchannel' %} - {{ localfile.location }} - {{ localfile.query}} - {% else %} - {{ localfile.location }} - {% endif %} - + {% if ansible_os_family == "Windows" %} + {% for localfile in wazuh_agent_config.localfiles.windows %} + + + {{ localfile.format }} + {% if localfile.format == 'eventchannel' %} + {{ localfile.location }} + {{ localfile.query}} + {% else %} + {{ localfile.location }} + {% endif %} + {% endfor %} {% endif %} From 9d607c2a4256b608c8338e7aae09203725a41cd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 25 Oct 2019 16:59:25 +0200 Subject: [PATCH 031/194] Update template for ossec.conf (Manager) --- .../var-ossec-etc-ossec-server.conf.j2 | 192 ++++++++++-------- 1 file changed, 112 insertions(+), 80 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 145af4af..733cae18 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -1,4 +1,4 @@ -#jinja2: trim_blocks: False +#jinja2: lstrip_blocks: True no @@ -222,29 +231,29 @@ {{ wazuh_manager_config.syscollector.processes }} - - {% if wazuh_manager_config.sca.enabled | length > 0 %} - {{ wazuh_manager_config.sca.enabled }} - {% endif %} - {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} - {{ wazuh_manager_config.sca.scan_on_start }} - {% endif %} - {% if wazuh_manager_config.sca.interval | length > 0 %} - {{ wazuh_manager_config.sca.interval }} - {% endif %} - {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.day | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.wday | length > 0 %} - yes - {% endif %} - {% if wazuh_manager_config.sca.time | length > 0 %} - - {% endif %} - + + {% if wazuh_manager_config.sca.enabled | length > 0 %} + {{ wazuh_manager_config.sca.enabled }} + {% endif %} + {% if wazuh_manager_config.sca.scan_on_start | length > 0 %} + {{ wazuh_manager_config.sca.scan_on_start }} + {% endif %} + {% if wazuh_manager_config.sca.interval | length > 0 %} + {{ wazuh_manager_config.sca.interval }} + {% endif %} + {% if wazuh_manager_config.sca.skip_nfs | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.day | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.wday | length > 0 %} + yes + {% endif %} + {% if wazuh_manager_config.sca.time | length > 0 %} + + {% endif %} + {{ wazuh_manager_config.vul_detector.disable }} @@ -297,7 +306,6 @@ {% for no_diff in wazuh_manager_config.syscheck.no_diff %} {{ no_diff }} {% endfor %} - {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} @@ -319,53 +327,77 @@ {% endfor %} - {% for command in wazuh_manager_config.commands %} - - {{ command.name }} - {{ command.executable }} - {{ command.expect }} - {{ command.timeout_allowed }} - +{% for command in wazuh_manager_config.commands %} + + + {{ command.name }} + {{ command.executable }} + {{ command.expect }} + {{ command.timeout_allowed }} + +{% endfor %} + + + + ruleset/decoders + ruleset/rules + {% if wazuh_manager_config.rule_exclude is defined %} + {% for rule in wazuh_manager_config.rule_exclude %} + {{ rule }} {% endfor %} + {% endif %} + {% if cdb_lists is defined %} + {% for list in cdb_lists %} + etc/lists/{{ list.name }} + {% endfor %} + {% endif %} - - - ruleset/decoders - ruleset/rules - {% if wazuh_manager_config.rule_exclude is defined %} - {% for rule in wazuh_manager_config.rule_exclude %} - {{ rule }} - {% endfor %} - {% endif %} - {% if cdb_lists is defined %} - {% for list in cdb_lists %} - etc/lists/{{ list.name }} - {% endfor %} - {% endif %} - - - etc/decoders - etc/rules + + etc/decoders + etc/rules {% if wazuh_manager_config.authd.enable == true %} no - {% if wazuh_manager_config.authd.port is not none %}{{wazuh_manager_config.authd.port}}{% else %}1515{% endif %} - {% if wazuh_manager_config.authd.use_source_ip is not none %}{{wazuh_manager_config.authd.use_source_ip}}{% endif %} - {% if wazuh_manager_config.authd.force_insert is not none %}{{wazuh_manager_config.authd.force_insert}}{% endif %} - {% if wazuh_manager_config.authd.force_time is not none %}{{wazuh_manager_config.authd.force_time}}{% endif %} - {% if wazuh_manager_config.authd.purge is not none %}{{wazuh_manager_config.authd.purge}}{% endif %} - {% if wazuh_manager_config.authd.use_password is not none %}{{wazuh_manager_config.authd.use_password}}{% endif %} - {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_verify_host is not none %}{{wazuh_manager_config.authd.ssl_verify_host}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_manager_key is not none %}/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}{% endif %} - {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}{{wazuh_manager_config.authd.ssl_auto_negotiate}}{% endif %} + {% if wazuh_manager_config.authd.port is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1515 + {% endif %} + {% if wazuh_manager_config.authd.use_source_ip is not none %} + {{wazuh_manager_config.authd.use_source_ip}} + {% endif %} + {% if wazuh_manager_config.authd.force_insert is not none %} + {{wazuh_manager_config.authd.force_insert}} + {% endif %} + {% if wazuh_manager_config.authd.force_time is not none %} + {{wazuh_manager_config.authd.force_time}} + {% endif %} + {% if wazuh_manager_config.authd.purge is not none %} + {{wazuh_manager_config.authd.purge}} + {% endif %} + {% if wazuh_manager_config.authd.use_password is not none %} + {{wazuh_manager_config.authd.use_password}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_verify_host is not none %} + {{wazuh_manager_config.authd.ssl_verify_host}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_cert is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_manager_key is not none %} + /var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}} + {% endif %} + {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %} + {{wazuh_manager_config.authd.ssl_auto_negotiate}} + {% endif %} {% endif %} - {{ wazuh_manager_config.cluster.disable }} {{ wazuh_manager_config.cluster.name }} @@ -385,7 +417,7 @@ {{ wazuh_manager_config.cluster.hidden }} - {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} +{% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} no Wazuh-VULS @@ -394,7 +426,7 @@ yes {{ wazuh_manager_config.vuls.run_on_start }} - {% endif %} +{% endif -%} {% if agentless_creds is defined %} {% for agentless in agentless_creds %} @@ -407,11 +439,8 @@ {{ agentless.arguments }} {% endif %} - {% endfor %} -{% endif %} - - +{% endif -%} {% if wazuh_manager_config.active_responses is defined %} {% for response in wazuh_manager_config.active_responses %} @@ -427,10 +456,11 @@ {%if response.repeated_offenders is defined %}{{ response.repeated_offenders }}{% endif %} {% endfor %} -{% endif %} +{% endif -%} {% for localfile in wazuh_manager_config.localfiles.common %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -468,6 +498,7 @@ {% if ansible_os_family == "Debian" %} {% for localfile in wazuh_manager_config.localfiles.debian %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -502,10 +533,11 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if ansible_os_family == "RedHat" %} {% for localfile in wazuh_manager_config.localfiles.centos %} + {{ localfile.format }} {% if localfile.format == 'command' or localfile.format == 'full_command' %} @@ -540,7 +572,7 @@ {% endif %} {% endfor %} -{% endif %} +{% endif -%} {% if wazuh_manager_config.syslog_outputs is defined %} {% for syslog_output in wazuh_manager_config.syslog_outputs %} From 812fadd76b40a9f05c5159fa53b9a150368ca272 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:01:25 +0100 Subject: [PATCH 032/194] Add default to manage repositories --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 87f8534c..d7155415 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -31,6 +31,10 @@ wazuh_winagent_config: repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' From 8a69a6e92234db6539ff439e5a7c1097c2851903 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:07 +0100 Subject: [PATCH 033/194] Update Debian repositories to use dynamic urls from default variables --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 +++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 48e45685..e2629069 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -22,13 +22,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuh_agent_config.repo.apt }}" state: present update_cache: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9e9a94d7..79328bb1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,13 +24,14 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: deb "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true changed_when: false @@ -49,7 +50,8 @@ - ansible_distribution_major_version | int == 14 - name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) From afff33941d088497085209c5d2d750e7e423fe8e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:02:41 +0100 Subject: [PATCH 034/194] Update RedHat tasks to use dynamic repo urls from variables --- .../ansible-wazuh-agent/tasks/RedHat.yml | 27 ++++++---------- .../ansible-wazuh-manager/tasks/RedHat.yml | 31 ++++++++++--------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 33382e28..86d38f12 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,36 +1,27 @@ --- -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_installed -- name: AmazonLinux | Install Wazuh repo +- name: RedHat/CentOS/Fedora | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" gpgcheck: true changed_when: false when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - repo_v5_installed is undefined - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 7540e142..ffac6189 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -38,26 +38,29 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH - gpgcheck: true - changed_when: false - when: - - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: "{{ wazuh_agent_config.repo.yum }}5/" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" gpgcheck: true + changed_when: false when: - - ansible_distribution_major_version|int == 5 + - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family = ansible_distribution_major_version|int <= 5) + register: repo_v5_manager_installed + +- name: RedHat/CentOS/Fedora | Install Wazuh repo + yum_repository: + name: wazuh_repo + description: Wazuh repository + baseurl: "{{ wazuh_agent_config.repo.yum }}" + gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + gpgcheck: true + changed_when: false + when: + - repo_v5_manager_installed is undefined - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 8c1740381bc392322395663963d9d76dff331dee Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:22 +0100 Subject: [PATCH 035/194] Add manager repo variables --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f45e95b0..1482a533 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,6 +5,10 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest wazuh_manager_config: + repo: + apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + yum: 'https://packages.wazuh.com/3.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' alerts_log: 'yes' logall: 'no' From a21392fe58991ac5e0645e69afd38e57f43fcc74 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:27:32 +0100 Subject: [PATCH 036/194] Fix manager repo variables typo --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ffac6189..3ec0719b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -42,8 +42,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}5/" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" + baseurl: "{{ wazuh_manager_config.repo.yum }}5/" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}-5" gpgcheck: true changed_when: false when: @@ -55,8 +55,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}" + baseurl: "{{ wazuh_manager_config.repo.yum }}" + gpgkey: "{{ wazuh_manager_config.repo.gpg }}" gpgcheck: true changed_when: false when: From 30b04ac5a8b7c0771d2485a4a44a0b44bc8b8665 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 10:55:21 +0100 Subject: [PATCH 037/194] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) mode change 100644 => 100755 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100644 new mode 100755 index ad13d3d3..f220561d --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.xx.x_x.x.x] + +## Changed + +- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) + ## [v3.10.2_7.3.2] ### Added From 3bedf74055c69f8eccb1f2083a93df9fdb9ad777 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 11:50:55 +0100 Subject: [PATCH 038/194] Fix wrong conditionals in repo installation tasks --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 86d38f12..0c3b8b97 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -9,7 +9,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 3ec0719b..71a5a375 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -48,7 +48,7 @@ changed_when: false when: - (ansible_facts['os_family']|lower == 'redhat') - - (ansible_os_family = ansible_distribution_major_version|int <= 5) + - (ansible_distribution_major_version|int <= 5) register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo From 83d0de790a46e9ebed1a86fc9c9fe6e22f2335fe Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 15:54:29 +0100 Subject: [PATCH 039/194] Fix wazuh manager variable typo related with repositories --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 79328bb1..bad36dfb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -25,13 +25,13 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: - url: "{{ wazuh_agent_config.repo.gpg }}" + url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_agent_config.repo.apt }}" + repo: deb "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From acb052ba73a5dc6cb15751c7d98452f32a586fdd Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:09:39 +0100 Subject: [PATCH 040/194] Fix RedHat conditional related with Wazuh repositories --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 71a5a375..09b2c0a4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -60,7 +60,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed is undefined + - repo_v5_manager_installed.skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 34ed408cfd05ce24938b819b069babdfce3c5fab Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 17:54:00 +0100 Subject: [PATCH 041/194] Fix typo in Debian repository installation task --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index bad36dfb..8bf97217 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: deb "{{ wazuh_manager_config.repo.apt }}" + repo: "deb {{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From fd0d51bc52432c5e78062a980e8f1ff50e3dbce9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:53:14 +0100 Subject: [PATCH 042/194] Change Agent repository condition to .skipped like manager task --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 0c3b8b97..7bfcc611 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -21,8 +21,8 @@ gpgcheck: true changed_when: false when: - - repo_v5_installed is undefined - + - repo_v5_installed.skipped + - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm From f367e9bd23ad7b12b11caf1ed94737f8665da11f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 28 Oct 2019 20:54:51 +0100 Subject: [PATCH 043/194] Fix typo in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f220561d..b434ff63 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ## Changed -- Make Wazuh repositories instalation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) ## [v3.10.2_7.3.2] From 0587512be17e52abeed441c837a4380eec2530c3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 29 Oct 2019 17:31:44 +0100 Subject: [PATCH 044/194] Require openssl --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..42be0533 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,6 +5,11 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Install Openssl + package: + name: openssl + state: present + - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: From d17542698218973c1e938bbd317d58f8420ce70a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 29 Oct 2019 17:36:57 +0100 Subject: [PATCH 045/194] Remove duplicated install --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 09b2c0a4..efec0395 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -66,7 +66,6 @@ package: name={{ item }} state=present with_items: - openscap-scanner - - openssl register: wazuh_manager_openscp_packages_installed until: wazuh_manager_openscp_packages_installed is succeeded tags: From d184ec76fe20af247cb5bbffb27b7f6533bd18fe Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 30 Oct 2019 15:06:00 +0100 Subject: [PATCH 046/194] Require unzip --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 42be0533..97a9f4fa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,15 +1,18 @@ --- +- name: "Install dependencies" + package: + name: + - unzip + - openssl + - tar + state: present + - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: Install Openssl - package: - name: openssl - state: present - - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: From f0f54b63a658eeb41c579f3a2859ddbb50293582 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:32 +0100 Subject: [PATCH 047/194] Rename "elasticsearch_master_candidate" to "elasticsearch_node_master" --- roles/elastic-stack/ansible-elasticsearch/README.md | 10 +++++----- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../templates/elasticsearch.yml.j2 | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 388affce..c574aa9f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -48,11 +48,11 @@ Example Playbook - hosts: 172.16.0.162 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} - hosts: 172.16.0.163 roles: - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_node_master: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` - Three nodes Elasticsearch cluster with XPack security @@ -64,7 +64,7 @@ Example Playbook elasticsearch_network_host: 172.16.0.111 elasticsearch_node_name: node-1 single_node: false - elasticsearch_master_candidate: true + elasticsearch_node_master: true elasticsearch_bootstrap_node: true elasticsearch_cluster_nodes: - 172.16.0.111 @@ -97,7 +97,7 @@ Example Playbook elasticsearch_node_name: node-2 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 @@ -111,7 +111,7 @@ Example Playbook elasticsearch_node_name: node-3 single_node: false elasticsearch_xpack_security: true - elasticsearch_master_candidate: true + elasticsearch_node_master: true node_certs_generator_ip: 172.16.0.111 elasticsearch_discovery_nodes: - 172.16.0.111 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 87381a4e..abf3161c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,7 +8,7 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 single_node: true elasticsearch_bootstrap_node: false -elasticsearch_master_candidate: false +elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 2bb6ebe4..4f8d56cc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -20,7 +20,7 @@ discovery.seed_hosts: - {{ item }} {% endfor %} {% else %} -node.master: {{ elasticsearch_master_candidate|lower }} +node.master: {{ elasticsearch_node_master|lower }} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} From 9020e06ec8d330276439faf78bcbb012281bfbc2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:01:56 +0100 Subject: [PATCH 048/194] Update ES parameters with new node.ingest and node.data variables --- .../ansible-elasticsearch/defaults/main.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index abf3161c..bcd81183 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -1,20 +1,25 @@ --- -elasticsearch_cluster_name: wazuh -elasticsearch_node_name: node-1 + elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.3.2 +elasticsearch_lower_disk_requirements: false + +# Cluster Settings single_node: true +elasticsearch_cluster_name: wazuh +elasticsearch_node_name: node-1 elasticsearch_bootstrap_node: false elasticsearch_node_master: false elasticsearch_cluster_nodes: - 127.0.0.1 elasticsearch_discovery_nodes: - 127.0.0.1 +elasticsearch_node_data: true +elasticsearch_node_ingest: true -elasticsearch_lower_disk_requirements: false # X-Pack Security elasticsearch_xpack_security: false elasticsearch_xpack_security_user: elastic @@ -24,8 +29,6 @@ node_certs_generator: false node_certs_source: /usr/share/elasticsearch node_certs_destination: /etc/elasticsearch/certs - - # CA generation master_certs_path: /es_certs generate_CA: true From a46b681dcfc32f655ed4e93a09e1b4e5d9fa190e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 30 Oct 2019 16:02:26 +0100 Subject: [PATCH 049/194] Update elasticsearch.yml to render node.data and .ingest vars --- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 4f8d56cc..0d6887f5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -21,6 +21,12 @@ discovery.seed_hosts: {% endfor %} {% else %} node.master: {{ elasticsearch_node_master|lower }} +{% if elasticsearch_node_data|lower == 'false' %} +node.data: false +{% endif %} +{% if elasticsearch_node_ingest|lower == 'false' %} +node.ingest: false +{% endif %} discovery.seed_hosts: {% for item in elasticsearch_discovery_nodes %} - {{ item }} @@ -34,9 +40,8 @@ cluster.routing.allocation.disk.watermark.low: 500mb cluster.routing.allocation.disk.watermark.high: 300mb {% endif %} -# XPACK Security - {% if elasticsearch_xpack_security %} +# XPACK Security xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate From 895715bd19f6f6ff80d3bdf62176a34e21e0539d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 30 Oct 2019 16:34:30 +0100 Subject: [PATCH 050/194] Enable node repo for Amazon Linux --- .../wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 09b2c0a4..bea182b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -26,17 +26,9 @@ args: warn: false executable: /bin/bash + creates: /etc/yum.repos.d/nodesource-el7.repo when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - -- name: AmazonLinux | Install Nodejs repo - yum: - name: nodejs - state: present - register: wazuh_manager_amz_node_packages_installed - until: wazuh_manager_amz_node_packages_installed is succeeded - when: - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + - ansible_distribution|lower == "amazon" - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -47,7 +39,7 @@ gpgcheck: true changed_when: false when: - - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) register: repo_v5_manager_installed @@ -60,7 +52,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed.skipped + - repo_v5_manager_installed|skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From f36d8be92ef7850fd3474cede6acd2dd1952bd5b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 10:35:59 +0100 Subject: [PATCH 051/194] Fixing repo_v5 | skipped ocurrences. Updating to new format --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 7bfcc611..cbc981d5 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -21,7 +21,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_installed.skipped + - repo_v5_installed is skipped - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index fd614765..d64829a9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -52,7 +52,7 @@ gpgcheck: true changed_when: false when: - - repo_v5_manager_installed|skipped + - repo_v5_manager_installed is skipped - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present From 0ce3590b6e84f5fa7703211a6038d50446c25dfe Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 12:48:38 +0100 Subject: [PATCH 052/194] Add "agent_name" var to "wazuh_agent_authd" vars --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d7155415..22b1f26c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -12,6 +12,7 @@ wazuh_auto_restart: 'yes' wazuh_agent_authd: enable: false port: 1515 + agent_name: null ssl_agent_ca: null ssl_agent_cert: null ssl_agent_key: null From 5af556b72c4263e05fc405f5eedd7700aa4c14d4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 12:49:21 +0100 Subject: [PATCH 053/194] Update Wazuh Agent registration task with new "agent_name" var --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..4300576f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -51,7 +51,7 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - -A {{ agent_name }} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} From e531427df05c3263f49d7914cb3aef99d5c9369e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 13:30:47 +0100 Subject: [PATCH 054/194] Fix syntax error on Register agent task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 4300576f..88c0784b 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -51,7 +51,7 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} From b6ccd7020e78a192162f711ca3dc515d1fa38e4b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 14:25:11 +0100 Subject: [PATCH 055/194] Add notify to Agent registration tasks to explictly restart it --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..bc00e87e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -63,6 +63,7 @@ {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} register: agent_auth_output + notify: restart wazuh-agent vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: @@ -99,6 +100,7 @@ user: "{{ wazuh_managers.0.api_user }}" password: "{{ api_pass }}" register: newagent_api + notify: restart wazuh-agent # changed_when: newagent_api.json.error == 0 vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" From e52a5dba4fa308e1694f541d46947dc63f8faf31 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 14:44:33 +0100 Subject: [PATCH 056/194] Update windows register task to use new "agent_name" variable --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 8dff6274..2de09a8e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,6 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent From 483a543c76fc6f6017237b2a15f59364c4bb51ef Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:14:30 +0100 Subject: [PATCH 057/194] Create variable to flexibility Wazuh App URL --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index ad639011..36367cea 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,6 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.3.2 wazuh_version: 3.10.2 +wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security kibana_xpack_security: false From 5684805d5539b264669868b1013dd4854b208622 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:14:53 +0100 Subject: [PATCH 058/194] Update Kibana task to make use of "wazuh_app_url" --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 584becc7..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,7 +98,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: From 0d95790a163895887ad3e2ca7a83e7e12b4f8f3b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:25:33 +0100 Subject: [PATCH 059/194] Update CHANGELOG.md --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..68c280a7 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,11 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Added + +- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) From e4f72e0ad3aa52052043ec45023bdd9a58d446dc Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:26:58 +0100 Subject: [PATCH 060/194] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..39a086da 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,10 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) ## [v3.10.2_7.3.2] From 9dcb8b424432f3a5d2ddd8c28645eb81929a8e4c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:36:36 +0100 Subject: [PATCH 061/194] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..6bd805cb 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ All notable changes to this project will be documented in this file. - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +### Fixed + +- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) + ## [v3.10.2_7.3.2] ### Added From c02885c2ad21abcd0b18e084e065986120726a71 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 11:48:31 +0100 Subject: [PATCH 062/194] Update conditional in Redhat/Debian installation --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 37a8a8eb..41cf60df 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -10,7 +10,7 @@ async: 90 poll: 30 when: - - ansible_distribution in ['CentOS','RedHat'] + - {{ ansible_os_family|lower == "redhat" }} tags: - init @@ -20,7 +20,7 @@ state: present cache_valid_time: 3600 when: - - not (ansible_distribution in ['CentOS','RedHat']) + - {{ ansible_os_family|lower != "redhat" }} tags: - init From 1593e7fdc243f8aa668459b1ee37df7d48636b25 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 11:51:22 +0100 Subject: [PATCH 063/194] Fix syntax errors on Wazuh Agent installation conditionals --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 41cf60df..3d9d04dc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -10,7 +10,7 @@ async: 90 poll: 30 when: - - {{ ansible_os_family|lower == "redhat" }} + - ansible_os_family|lower == "redhat" tags: - init @@ -20,7 +20,7 @@ state: present cache_valid_time: 3600 when: - - {{ ansible_os_family|lower != "redhat" }} + - ansible_os_family|lower != "redhat" tags: - init From 2ad7e03a7cbc8822c2a1fef8e5f6fad6a33a153c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:22:32 +0100 Subject: [PATCH 064/194] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b434ff63..ff30cea7 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ## Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) +- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) ## [v3.10.2_7.3.2] From 5fb65306b7d09c462503749ab3f84b2b0d3635a5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:24:00 +0100 Subject: [PATCH 065/194] Update CHANGELOG.md --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff30cea7..1ddce2c9 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,12 @@ All notable changes to this project will be documented in this file. ## [v3.xx.x_x.x.x] -## Changed +### Changed - Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +### Fixed + - Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) ## [v3.10.2_7.3.2] From 27c332183d289ef70f0b7b5b9c3cd26c638a07fb Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 16:51:41 +0100 Subject: [PATCH 066/194] Add Amazon conditonal to RHEL/Centos --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index cbc981d5..5c026a13 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -8,7 +8,7 @@ gpgcheck: true changed_when: false when: - - (ansible_facts['os_family']|lower == 'redhat') + - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) register: repo_v5_installed From 11fe7e81ba57a28b691a70a6c82d47906f0d05a5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 5 Nov 2019 17:08:59 +0100 Subject: [PATCH 067/194] Fix trailing whitespaces for linting --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 5c026a13..8f3b8dbd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -22,7 +22,7 @@ changed_when: false when: - repo_v5_installed is skipped - + - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm From 1c2d6d41ec5652002dae9931efb6093fac460506 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 14:16:14 +0100 Subject: [PATCH 068/194] Update default variables for manager version and package state --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1482a533..e5c56256 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,8 +1,8 @@ --- -wazuh_manager_api_version: 3.10.2 +wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" -wazuh_manager_package_state: latest +wazuh_manager_package_state: present wazuh_manager_config: repo: From d64b107fbb7c892fa2ed11629f8c4fdb06f3b1b6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 14:16:36 +0100 Subject: [PATCH 069/194] Update tasks related to manager installation. Remove -1, update state --- .../ansible-wazuh-manager/tasks/main.yml | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 97a9f4fa..b90909dc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -14,20 +14,22 @@ when: ansible_os_family == "Debian" - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" with_items: - wazuh-manager - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] + - ansible_os_family|lower == "redhat" tags: - init - name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: - name: "{{ item }}={{ wazuh_manager_api_version }}-1" + name: "{{ item }}={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 with_items: @@ -36,13 +38,15 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) + - not (ansible_os_family|lower == "redhat") tags: init - name: Install expect - package: pkg=expect state={{ wazuh_manager_package_state }} + package: + name: expect + state: "{{ wazuh_manager_package_state }}" when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) + - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 @@ -54,15 +58,17 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - wazuh_manager_config.cluster.disable != 'yes' -- name: Install wazuh-manager and expect (EL5) - package: pkg={{ item }} state={{ wazuh_manager_package_state }} +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" with_items: - - wazuh-manager-{{ wazuh_manager_api_version }} - expect register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 tags: - init From cc18318590e7e783ae16c7b7bb533b0630f268e4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:07:56 +0100 Subject: [PATCH 070/194] Fix trailing whitespaces for linting --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b90909dc..bd0c9663 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -14,7 +14,7 @@ when: ansible_os_family == "Debian" - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: + package: name: "{{ item }}-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" with_items: @@ -59,7 +59,7 @@ - wazuh_manager_config.cluster.disable != 'yes' - name: Install expect (EL5) - package: + package: name: "{{ item }}" state: "{{ wazuh_manager_package_state }}" with_items: From 00f04dd4a46e5e23a4981e4c087d32a680f14162 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:18:49 +0100 Subject: [PATCH 071/194] Update wazuh_agent_version value --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..dc2b366d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.10.2 +wazuh_agent_version: 3.10.2-1 wazuh_managers: - address: 127.0.0.1 port: 1514 From 357a21bed3e72e933ed590aef1c3467ac103c03a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:19:07 +0100 Subject: [PATCH 072/194] Update Agent installation tasks to remove "-1" sufix --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 7230c7a6..949e5719 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -6,7 +6,9 @@ when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent - package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present + package: + name: wazuh-agent-{{ wazuh_agent_version }} + state: present async: 90 poll: 30 when: @@ -16,7 +18,7 @@ - name: Linux Debian | Install wazuh-agent apt: - name: "wazuh-agent={{ wazuh_agent_version }}-1" + name: "wazuh-agent={{ wazuh_agent_version }}" state: present cache_valid_time: 3600 when: From 0b62d85802b248916f3739ed9c53de577098f2b3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 15:30:46 +0100 Subject: [PATCH 073/194] Fix linting: trailing whitespace --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 949e5719..698f704f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -6,7 +6,7 @@ when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent - package: + package: name: wazuh-agent-{{ wazuh_agent_version }} state: present async: 90 From c657ebd50e41a49c9e00a82a3a47a1de620029de Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:28:11 +0100 Subject: [PATCH 074/194] Change "openscap.disable" to no in default Wazuh Agent variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..378a6689 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -218,7 +218,7 @@ wazuh_agent_config: rootcheck: frequency: 43200 openscap: - disable: 'no' + disable: 'yes' timeout: 1800 interval: '1d' scan_on_start: 'yes' From ee7cf1a5984e7c2ad5f74d86824014efcf80da65 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:37:40 +0100 Subject: [PATCH 075/194] Change default repo.apt variable of Managers and Agents to include "deb" --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 22b1f26c..e87e3a6f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,7 +33,7 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: - apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' active_response: diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1482a533..634d3758 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -6,7 +6,7 @@ wazuh_manager_package_state: latest wazuh_manager_config: repo: - apt: 'https://packages.wazuh.com/3.x/apt/ stable main' + apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' json_output: 'yes' From 154e10912a7fdf363ab7dd4f69dafaf79f0effd2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 6 Nov 2019 17:38:24 +0100 Subject: [PATCH 076/194] Include apt repository name in debian task. Remove explicit "deb" --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index e2629069..1aa7a38e 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -29,7 +29,8 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: "deb {{ wazuh_agent_config.repo.apt }}" + filename: wazuh_repo + repo: "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 8bf97217..611aa3b6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -31,7 +31,8 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: "deb {{ wazuh_manager_config.repo.apt }}" + filename: wazuh_repo + repo: "{{ wazuh_manager_config.repo.apt }}" state: present update_cache: true changed_when: false From e1f88c84f2d76029c5a60e5a249bdf535b6b24d2 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 7 Nov 2019 17:41:16 +0100 Subject: [PATCH 077/194] Enable allow-root flag for kibana-plugin --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 622db80b..aba4060c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,14 +98,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: | + /usr/share/kibana/bin/kibana-plugin --allow-root install \ + https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json - become: yes - become_user: kibana notify: restart kibana tags: - install From 63c5fcce08cbbb205bb9c66a3ed0ac88cb596d81 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 11 Nov 2019 11:32:44 +0100 Subject: [PATCH 078/194] Fix Wazuh-API User task conditionals. Removed exclusion of OS's --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index bd0c9663..2a14fb69 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -336,8 +336,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 tags: - config From 75c6ee2ea9f716f7c58d9153954a6ee19e6dd966 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 14:51:18 +0100 Subject: [PATCH 079/194] Update apt param format --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 611aa3b6..48f528cc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -85,16 +85,15 @@ - init - name: Debian/Ubuntu | Install OpenScap - package: - name: "{{ item }}" + apt: + name: + - libopenscap8 + - xsltproc state: present cache_valid_time: 3600 register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc tags: - init From 7316af3db1de1b0b8124a4ec59e65a29ac80ba1f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:02:09 +0100 Subject: [PATCH 080/194] Move OS dependent tasks to its own file --- .../ansible-wazuh-manager/tasks/Debian.yml | 12 +++++ .../ansible-wazuh-manager/tasks/RedHat.yml | 37 ++++++++++++++ .../ansible-wazuh-manager/tasks/main.yml | 51 ------------------- 3 files changed, 49 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 48f528cc..1f5d6e96 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -112,3 +112,15 @@ changed_when: false tags: - config + +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api + apt: + name: "{{ item }}={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index d64829a9..c8e8a95a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,3 +137,40 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - expect + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 + tags: + - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a14fb69..e8734373 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,34 +13,6 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: - name: "{{ item }}-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - tags: - - init - -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api - apt: - name: "{{ item }}={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - not (ansible_os_family|lower == "redhat") - tags: init - - name: Install expect package: name: expect @@ -49,29 +21,6 @@ - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install expect (EL5) - package: - name: "{{ item }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - expect - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "RedHat" - - ansible_distribution_major_version|int < 6 - tags: - - init - - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: From ee6daa79d741c2e9bc78d67ef8de930bdab2af1e Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:08:50 +0100 Subject: [PATCH 081/194] Disable APT recommends --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 1f5d6e96..a61b064d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -7,6 +7,7 @@ - gnupg state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded @@ -91,6 +92,7 @@ - xsltproc state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' @@ -118,6 +120,7 @@ name: "{{ item }}={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 + install_recommends: false with_items: - wazuh-manager - wazuh-api From c1141b1e73c3bc118c11bce9ec674d6fbc32c0d7 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:32:15 +0100 Subject: [PATCH 082/194] Remove deprecation warning --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index a61b064d..b7bc7946 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -117,13 +117,12 @@ - name: Debian/Ubuntu | Install wazuh-manager, wazuh-api apt: - name: "{{ item }}={{ wazuh_manager_version }}" + name: + - "wazuh-manager={{ wazuh_manager_version }}" + - "wazuh-api={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 install_recommends: false - with_items: - - wazuh-manager - - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded tags: init From 249f6b666d95303d3e0f0c78bac20dd14dbd1240 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 15:53:59 +0100 Subject: [PATCH 083/194] Use include_tasks to reduce unnecessary output --- roles/wazuh/ansible-filebeat/tasks/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 85bd17e1..ca5ea6ac 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- import_tasks: RedHat.yml +- include_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- import_tasks: Debian.yml +- include_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: CentOS/RedHat | Install Filebeat. @@ -116,8 +116,8 @@ state: started enabled: true -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e8734373..ed4847aa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,10 +7,10 @@ - tar state: present -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect @@ -353,8 +353,8 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From 0384bf69117b740f890941a31dc775441f01d84d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Mon, 11 Nov 2019 16:07:00 +0100 Subject: [PATCH 084/194] Switch agent to include_tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 8 ++++---- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 698f704f..2ef87f11 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,8 +1,8 @@ --- -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent @@ -191,8 +191,8 @@ state: started tags: config -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 4b919bc5..25c7b955 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "Windows.yml" +- include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- import_tasks: "Linux.yml" +- include_tasks: "Linux.yml" when: ansible_system == "Linux" From 10ab6a30a627e57d5596c41019dc597feb58211e Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 11 Nov 2019 18:31:43 +0100 Subject: [PATCH 085/194] Bump elasticsearch version --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index bcd81183..7eb645c2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 36367cea..526bfabf 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.3.2 +elastic_stack_version: 7.4.2 wazuh_version: 3.10.2 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d38565d9..c5914664 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.3.2 +filebeat_version: 7.4.2 filebeat_create_config: true From fbd287984d49dfe4f531d6479db2c17959241637 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 10:50:49 +0100 Subject: [PATCH 086/194] Set default user to "elastic" for the first API calls to ES --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index aef459e2..d74a391b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -123,7 +123,7 @@ - name: Wait for Elasticsearch API uri: url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" - user: "{{ elasticsearch_xpack_security_user }}" + user: "elastic" # Default Elasticsearch user is always "elastic" password: "{{ elasticsearch_xpack_security_password }}" validate_certs: no status_code: 200,401 @@ -141,7 +141,7 @@ url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" method: POST body_format: json - user: "{{ elasticsearch_xpack_security_user }}" + user: "elastic" password: "{{ elasticsearch_xpack_security_password }}" body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' validate_certs: no From 2b4a1407a5f804bd502391ad24a79fa786ff93bf Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:11:28 +0100 Subject: [PATCH 087/194] Add variables for sources installation --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 4060e99c..e8e5c83c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,6 +33,8 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: + sources: false + sources_branch: "3.10" apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' From 8e56076b9fc8e4200a4dadd5dfbf67943844ec5f Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:11:59 +0100 Subject: [PATCH 088/194] Add conditionals to disable repo installation and install from sources --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 7 +++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 1aa7a38e..cd7f3d77 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,4 +1,9 @@ --- + +- include_tasks: "installation_from_sources" + when: + - wazuh_agent_config.repo.sources == "true" + - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -33,6 +38,8 @@ repo: "{{ wazuh_agent_config.repo.apt }}" state: present update_cache: true + when: + - wazuh_agent_config.repo.sources == "false" - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8f3b8dbd..1aa909fa 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,4 +1,9 @@ --- + +- include_tasks: "installation_from_sources" + when: + - wazuh_agent_config.repo.sources == "true" + - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo @@ -10,6 +15,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) + - wazuh_agent_config.repo.sources == "false" register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -22,6 +28,7 @@ changed_when: false when: - repo_v5_installed is skipped + - wazuh_agent_config.repo.sources == "false" - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: From a3f4ed74eaf8b7c87fa5a10db306c50f8a026f53 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 14 Nov 2019 19:12:22 +0100 Subject: [PATCH 089/194] Add installation_from_sources.yml tasks --- .../tasks/installation_from_sources.yml | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml new file mode 100644 index 00000000..f068353c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -0,0 +1,59 @@ +--- + - hosts: all + tasks: + - include_vars: ../defaults/main.yml + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - policycoreutils-python-utils + - automake + - autoconf + - libtool + state: present + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + dest: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Extract downloaded Wazuh branch from Github + unarchive: + src: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + dest: "/tmp/" + remote_src: yes + + - name: Configure "preloaded_vars.conf" file + copy: + dest: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/etc/preloaded-vars.conf" + content: | + USER_LANGUAGE="en" + USER_NO_STOP="y" + USER_INSTALL_TYPE="agent" + USER_DIR="/var/ossec" + USER_ENABLE_SYSCHECK="y" + USER_ENABLE_ROOTCHECK="y" + USER_ENABLE_OPENSCAP="y" + USER_ENABLE_ACTIVE_RESPONSE="y" + USER_AGENT_SERVER_IP="{{ wazuh_managers.0.address }}" + USER_CA_STORE="/var/ossec/wpk_root.pem" + USER_ENABLE_SCA="y" + force: yes + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/src/" + with_items: + - "clean" + - "clean-deps" + failed_when: false + + - name: Executing "install.sh" script to build and install the Wazuh Agent + shell: ./install.sh + args: + chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}" + + become: yes From df016d53c6173512f790cba1e95e8d7a6a1f81e2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:39:12 +0100 Subject: [PATCH 090/194] Add variables for wazuh installation from sources --- .../ansible-wazuh-agent/defaults/main.yml | 22 +++++++++++++++-- .../ansible-wazuh-manager/defaults/main.yml | 24 +++++++++++++++++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e8e5c83c..58db0f85 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,25 @@ --- wazuh_agent_version: 3.10.2-1 +wazuh_sources_installation: + enabled: "true" + branch: "3.10" + user_language: "y" + user_no_stop: "y" + user_install_type: "agent" + user_dir: "/var/ossec" + user_delete_dir: "y" + user_enable_active_response: "y" + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_authd: null + user_generate_authd_cert: null + user_update: null + user_binaryinstall: null + user_agent_server_ip: null + user_agent_server_name: null + user_agent_config_profile: null + wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -33,8 +53,6 @@ wazuh_winagent_config: md5: 71650780904cbfc2e45eae4298adb7a3 wazuh_agent_config: repo: - sources: false - sources_branch: "3.10" apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e66ccae5..924bd980 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,30 @@ wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +wazuh_sources_installation: + enabled: false + branch: "3.10" + user_language: "y" + user_no_stop: "y" + user_install_type: "manager" + user_dir: "/var/ossec" + user_delete_dir: "y" + user_enable_active_response: "y" + user_enable_syscheck: "y" + user_enable_rootcheck: "y" + user_enable_openscap: "y" + user_enable_authd: "y" + user_generate_authd_cert: "n" + user_update: null + user_binaryinstall: null + user_enable_email: null + user_auto_start: null + user_email_address: null + user_email_smpt: null + user_enable_syslog: null + user_white_list: null + user_ca_store: null + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 46b4d34695094e1066f8cebaf7e3a14e78938e4f Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:41:28 +0100 Subject: [PATCH 091/194] Update conditionals to use new variables --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 10 ++++++++-- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 6 ++++++ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++++-- 6 files changed, 28 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index cd7f3d77..5e2cfae6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -2,7 +2,7 @@ - include_tasks: "installation_from_sources" when: - - wazuh_agent_config.repo.sources == "true" + - wazuh_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -39,7 +39,7 @@ state: present update_cache: true when: - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 2ef87f11..3a745a20 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -13,6 +13,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" + - not wazuh_sources_installation.enabled tags: - init @@ -23,6 +24,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" + - not wazuh_sources_installation.enabled tags: - init @@ -192,7 +194,11 @@ tags: config - include_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + when: + - ansible_os_family == "RedHat" + - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" + when: + - ansible_os_family == "Debian" + - not wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 1aa909fa..a81ecea5 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -2,7 +2,7 @@ - include_tasks: "installation_from_sources" when: - - wazuh_agent_config.repo.sources == "true" + - wazuh_sources_installation.enabled - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -15,7 +15,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -28,7 +28,7 @@ changed_when: false when: - repo_v5_installed is skipped - - wazuh_agent_config.repo.sources == "false" + - not wazuh_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index b7bc7946..fc3a646f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -23,12 +23,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -37,6 +39,8 @@ state: present update_cache: true changed_when: false + when: + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -126,3 +130,5 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded tags: init + when: + - not wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..2a76fb45 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -41,6 +41,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) + - not wazuh_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -53,6 +54,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped + - not wazuh_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -149,6 +151,7 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" + - not wazuh_sources_installation.enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index ed4847aa..901ec050 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,7 +354,11 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" + when: + - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" + - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" + when: + - ansible_os_family == "Debian" + - not wazuh_sources_installation.enabled From 8ecbeff501b403ba9c7bc611a4f89d46763219b3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:42:27 +0100 Subject: [PATCH 092/194] Update installation_from_sources.yml. Added installation conditionals --- .../tasks/installation_from_sources.yml | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index f068353c..bdfc9676 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -7,53 +7,59 @@ name: - make - gcc - - policycoreutils-python-utils - automake - autoconf - libtool state: present + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" - dest: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Extract downloaded Wazuh branch from Github unarchive: - src: "/tmp/{{ wazuh_agent_config.repo.sources_branch }}.tar.gz" + src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" dest: "/tmp/" remote_src: yes - - name: Configure "preloaded_vars.conf" file - copy: - dest: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/etc/preloaded-vars.conf" - content: | - USER_LANGUAGE="en" - USER_NO_STOP="y" - USER_INSTALL_TYPE="agent" - USER_DIR="/var/ossec" - USER_ENABLE_SYSCHECK="y" - USER_ENABLE_ROOTCHECK="y" - USER_ENABLE_OPENSCAP="y" - USER_ENABLE_ACTIVE_RESPONSE="y" - USER_AGENT_SERVER_IP="{{ wazuh_managers.0.address }}" - USER_CA_STORE="/var/ossec/wpk_root.pem" - USER_ENABLE_SCA="y" - force: yes - - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" - failed_when: false + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: ../templates/preloaded_vars.conf.j2 + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh args: - chdir: "/tmp/wazuh-{{ wazuh_agent_config.repo.sources_branch }}" + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" become: yes From 6a0c92294e0f08644a538f4ebb68771d3d21c2db Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 15 Nov 2019 16:42:40 +0100 Subject: [PATCH 093/194] Implement template for preloaded_vars.conf --- .../ansible-wazuh-agent/templates/preloaded_vars.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 new file mode 100644 index 00000000..f02252d1 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file From b3a2fea6b94616726e2d6250915eb71b55fc1285 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 18 Nov 2019 16:04:00 +0100 Subject: [PATCH 094/194] UPdate wazuh-agent default settings related to sources_installation --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 58db0f85..886de1bb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -12,13 +12,15 @@ wazuh_sources_installation: user_enable_syscheck: "y" user_enable_rootcheck: "y" user_enable_openscap: "y" - user_enable_authd: null - user_generate_authd_cert: null + user_enable_sca: "y" + user_enable_authd: "y" + user_generate_authd_cert: "n" user_update: null user_binaryinstall: null - user_agent_server_ip: null + user_agent_server_ip: "172.16.1.2" user_agent_server_name: null user_agent_config_profile: null + user_ca_store: "/var/ossec/wpk_root.pem" wazuh_managers: - address: 127.0.0.1 From c1b331be79ef28cb4bb768d45879523009f9777a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 18 Nov 2019 16:04:13 +0100 Subject: [PATCH 095/194] Update Wazuh Manager default vars related to sources installation --- .../ansible-wazuh-manager/defaults/main.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 924bd980..9df70863 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,11 +5,11 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_sources_installation: - enabled: false + enabled: true branch: "3.10" - user_language: "y" + user_language: "en" user_no_stop: "y" - user_install_type: "manager" + user_install_type: "server" user_dir: "/var/ossec" user_delete_dir: "y" user_enable_active_response: "y" @@ -17,16 +17,17 @@ wazuh_sources_installation: user_enable_rootcheck: "y" user_enable_openscap: "y" user_enable_authd: "y" - user_generate_authd_cert: "n" + user_generate_authd_cert: null user_update: null user_binaryinstall: null - user_enable_email: null - user_auto_start: null + user_enable_email: "n" + user_auto_start: "y" user_email_address: null user_email_smpt: null - user_enable_syslog: null - user_white_list: null + user_enable_syslog: "n" + user_white_list: "n" user_ca_store: null + threads: "2" wazuh_manager_config: repo: From 9258026c49400e23f2c7247ac6dd89ef57331752 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:08:42 +0100 Subject: [PATCH 096/194] Update installation_from_sources.yml to pass linting --- .../tasks/installation_from_sources.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index bdfc9676..d45c4219 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -33,7 +33,7 @@ url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - + - name: Extract downloaded Wazuh branch from Github unarchive: src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" @@ -47,19 +47,22 @@ with_items: - "clean" - "clean-deps" - failed_when: false + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false - name: Render the "preloaded-vars.conf" file template: - src: ../templates/preloaded_vars.conf.j2 + src: /templates/preloaded_vars.conf.j2 dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' - - name: Executing "install.sh" script to build and install the Wazuh Agent - shell: ./install.sh + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 args: chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" - - become: yes + become: yes \ No newline at end of file From b467a9e5c77278c2a66601fc8d7116019baf91ee Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:09:10 +0100 Subject: [PATCH 097/194] Fix linting for "Linux.yml" tasks in Wazuh Agent --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 3a745a20..5cd95ff4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -194,11 +194,11 @@ tags: config - include_tasks: "RMRedHat.yml" - when: + when: - ansible_os_family == "RedHat" - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: + when: - ansible_os_family == "Debian" - not wazuh_sources_installation.enabled From cbc5de68acb955441358ad33b4f2144770f83489 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:09:56 +0100 Subject: [PATCH 098/194] Set "delete_dir" and "enable_active_response" to null in manager default --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9df70863..ab652cc2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -11,8 +11,8 @@ wazuh_sources_installation: user_no_stop: "y" user_install_type: "server" user_dir: "/var/ossec" - user_delete_dir: "y" - user_enable_active_response: "y" + user_delete_dir: null + user_enable_active_response: null user_enable_syscheck: "y" user_enable_rootcheck: "y" user_enable_openscap: "y" From 95ee10d7a71da6e6dfa65d9973069b500a119577 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:10:32 +0100 Subject: [PATCH 099/194] Add import of "installation_from_sources" for Debian and RHEL families --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++++ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index fc3a646f..4aa7b045 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "installation_from_sources" + when: + - wazuh_sources_installation.enabled + - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 2a76fb45..ae7be9d9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "../roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml" + when: + - wazuh_sources_installation.enabled + - name: RedHat/CentOS | Install Nodejs repo yum_repository: name: NodeJS From d3d0edc291a5c1f13a3ee2f85bf6e3d5b17d39a6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:03 +0100 Subject: [PATCH 100/194] Add tasks to install from sources to Wazuh Manager --- .../tasks/installation_from_sources.yml | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml new file mode 100644 index 00000000..85920f40 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -0,0 +1,70 @@ +--- + +# Wazuh Manager + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + state: present + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Extract downloaded Wazuh branch from Github + unarchive: + src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/" + remote_src: yes + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + +# Wazuh API + + - name: \ No newline at end of file From cc9f28719cf035bbdce83b838a79d1db6cd99da3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:11 +0100 Subject: [PATCH 101/194] Fix linting --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 901ec050..f2fc55db 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -354,11 +354,11 @@ - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" - when: + when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - not wazuh_sources_installation.enabled - include_tasks: "RMDebian.yml" - when: + when: - ansible_os_family == "Debian" - not wazuh_sources_installation.enabled From 9e4544ae424ae300165ee0496234234deca8b2e2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:12:36 +0100 Subject: [PATCH 102/194] Add template to configure "preloaded_vars" in Wazuh Manager role --- .../ansible-wazuh-manager/templates/preloaded_vars.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 new file mode 100644 index 00000000..f02252d1 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_sources_installation.items() %} +{% if "user_" in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file From a90b241fb0652638e59c205cba07b62f48db820d Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 12:19:32 +0100 Subject: [PATCH 103/194] Remove deprecated API installation tasks --- .../ansible-wazuh-manager/tasks/RedHat.yml | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..0f4cf567 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,34 +1,11 @@ --- -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: ansible_distribution == 'Fedora' - -- name: AmazonLinux | Get Nodejs +- name: Install Wazuh API repository shell: | set -o pipefail curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - args: warn: false executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution|lower == "amazon" - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 89557bdaddcc877e31c4ae874db3c081ef89426c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 19 Nov 2019 14:49:39 +0100 Subject: [PATCH 104/194] Update alerts template for Elasticsearch --- roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 5387bf8c..444cef06 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,7 +162,6 @@ "data.dstip", "data.dstport", "data.dstuser", - "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -944,9 +943,6 @@ "data": { "type": "keyword" }, - "extra_data": { - "type": "keyword" - }, "system_name": { "type": "keyword" }, From 219b35c2ef4a97bda98f3aca68857e8b72669045 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 14:58:44 +0100 Subject: [PATCH 105/194] Add API installation tasks to installation_from_sources.yml --- .../tasks/installation_from_sources.yml | 40 ++++++++++++++++--- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 85920f40..cb12739e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -1,5 +1,4 @@ --- - # Wazuh Manager - name: Install dependencies to build Wazuh packages package: @@ -9,6 +8,7 @@ - automake - autoconf - libtool + - tar state: present - name: Installing policycoreutils-python (RedHat families) @@ -33,11 +33,15 @@ dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + state: directory + - name: Extract downloaded Wazuh branch from Github - unarchive: - src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/" - remote_src: yes + shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + args: + warn: false - name: Clean remaining files from others builds command: "make -C src {{ item }}" @@ -67,4 +71,28 @@ # Wazuh API - - name: \ No newline at end of file + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" + + - name: Execute downloaded script to install Nodejs repo + shell: /tmp/setup_nodejs_repo.sh + + - name: Install Nodejs + package: + name: nodejs + state: present + + - name: Run NPM under root account + shell: npm config set user 0 + + - name: Download the installation script to install Wazuh API + get_url: + url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" + dest: "/tmp/install_api.sh" + mode: "0700" + + - name: Execute Wazuh API installation script + shell: /tmp/install_api.sh download From 35d35b5059cecb430b8f60bc01122dabc4f05829 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 14:59:38 +0100 Subject: [PATCH 106/194] Update tasks that download the Wazuh branch and extract it. --- .../tasks/installation_from_sources.yml | 123 +++++++++--------- 1 file changed, 62 insertions(+), 61 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index d45c4219..7b259b98 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,68 +1,69 @@ ---- - - hosts: all - tasks: - - include_vars: ../defaults/main.yml - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - state: present +--- + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python - when: - - ansible_os_family|lower == "redhat" + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" - - name: Extract downloaded Wazuh branch from Github - unarchive: - src: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/" - remote_src: yes + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + state: directory - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false + - name: Extract downloaded Wazuh branch from Github + shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + args: + warn: false - - name: Render the "preloaded-vars.conf" file - template: - src: /templates/preloaded_vars.conf.j2 - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: '644' + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" - become: yes \ No newline at end of file + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" \ No newline at end of file From 9b6fd47e3a0b08212ee14dcd0acfea060a01808d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:00:50 +0100 Subject: [PATCH 107/194] Add conditional to don't install Node repo when installing from sources --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 4aa7b045..6e488cc5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -58,12 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -71,6 +73,8 @@ state: present update_cache: true changed_when: false + when: + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: From d9cb1a24dd72aa7b576ceb42450a6397324b0181 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:02:18 +0100 Subject: [PATCH 108/194] Implement "node_js_repository_url" variable --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ab652cc2..2e82056c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -351,3 +351,5 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' + +node_js_repository_url: https://rpm.nodesource.com/setup_8.x \ No newline at end of file From be1b60471e8b53a4360eb097207abddd942b0dc1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 15:05:59 +0100 Subject: [PATCH 109/194] Change Wazuh APP installation to do it as kibana user --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index aba4060c..efde790c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -98,14 +98,13 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: | - /usr/share/kibana/bin/kibana-plugin --allow-root install \ - https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip + shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash - creates: /usr/share/kibana/plugins/wazuh/package.json + become: yes + become_user: kibana notify: restart kibana tags: - install From 4dd780504b0669d6aa7d77fea5711cf58c312b9d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 20 Nov 2019 16:33:14 +0100 Subject: [PATCH 110/194] Adapt NodeJS installation tasks in Debian --- .../ansible-wazuh-manager/tasks/Debian.yml | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index b7bc7946..af33e4ba 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -38,31 +38,23 @@ update_cache: true changed_when: false -- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) +- name: Debian/Ubuntu | Installing NodeJS repository become: true shell: | set -o pipefail - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - + curl -sL https://deb.nodesource.com/setup_8.x | bash - args: warn: false executable: /bin/bash changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 -- name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - -- name: Debian/Ubuntu | Add NodeSource repositories for Node.js - apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" +- name: Debian/Ubuntu | Install NodeJS + apt: + name: "nodejs" state: present - update_cache: true - changed_when: false + register: nodejs_package_is_installed + until: nodejs_package_is_installed is succeeded + tags: init - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: From 2c9b18de72be4986affbffd96803b1aae4e66ac7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:36:56 +0100 Subject: [PATCH 111/194] Update ("user_update" and "branch") variables. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 886de1bb..e7126e0a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_sources_installation: enabled: "true" - branch: "3.10" + branch: "v3.10.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -15,7 +15,7 @@ wazuh_sources_installation: user_enable_sca: "y" user_enable_authd: "y" user_generate_authd_cert: "n" - user_update: null + user_update: "y" user_binaryinstall: null user_agent_server_ip: "172.16.1.2" user_agent_server_name: null diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2e82056c..68948ae4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -6,7 +6,7 @@ wazuh_manager_package_state: present wazuh_sources_installation: enabled: true - branch: "3.10" + branch: "v3.10.2" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -18,7 +18,7 @@ wazuh_sources_installation: user_enable_openscap: "y" user_enable_authd: "y" user_generate_authd_cert: null - user_update: null + user_update: "y" user_binaryinstall: null user_enable_email: "n" user_auto_start: "y" From 0329441817c2c8604f337700d157c77d35c3f6a4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:37:27 +0100 Subject: [PATCH 112/194] Update tasks and conditioinals for Agent installations in Debian families --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 5e2cfae6..87112798 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,6 +1,6 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled @@ -25,6 +25,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: From a6d614610e53d86e6cc9a451493b3847694891fc Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:37:49 +0100 Subject: [PATCH 113/194] Format updates for "installation_from_sources.yml" --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 7b259b98..053b4ea6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,4 +1,5 @@ ---- +--- + - name: Install dependencies to build Wazuh packages package: name: @@ -61,7 +62,7 @@ group: root mode: '644' - - name: Executing "install.sh" script to build and install the Wazuh Manager + - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_log.txt register: installation_result changed_when: installation_result == 0 From c5f2893a0b6bb81a74eb4c14d320e50b826656ea Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:38:02 +0100 Subject: [PATCH 114/194] Update tasks path in "Redhat.yml" --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index a81ecea5..36984115 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,6 +1,6 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled From 841fe3d28d559ee47cf4f93f23cea0e4d6aa44ca Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:39:57 +0100 Subject: [PATCH 115/194] Remove testing address in "user_agent_server_ip" --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e7126e0a..b4bed923 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -17,7 +17,7 @@ wazuh_sources_installation: user_generate_authd_cert: "n" user_update: "y" user_binaryinstall: null - user_agent_server_ip: "172.16.1.2" + user_agent_server_ip: "YOUR_MANAGER_IP" user_agent_server_name: null user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" From da7cfa60b130725f64a6f063f11769a3f4e1a16d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:49:11 +0100 Subject: [PATCH 116/194] Restore "creates" setting in Wazuh Kibana plugin installation --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efde790c..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -103,6 +103,7 @@ NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana notify: restart kibana From e0038118e1ffb2a02ee39d733cff0c26138e5afe Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 16:49:11 +0100 Subject: [PATCH 117/194] Restore "creates" setting in Wazuh Kibana plugin installation --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index efde790c..622db80b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -103,6 +103,7 @@ NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana notify: restart kibana From 571abfbb2c7d7152df44574db890e23e4a208dea Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:00:53 +0100 Subject: [PATCH 118/194] Update untar task to pass linting, added comment --- .../tasks/installation_from_sources.yml | 7 ++++--- .../tasks/installation_from_sources.yml | 6 ++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 053b4ea6..381f9c67 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -1,5 +1,4 @@ --- - - name: Install dependencies to build Wazuh packages package: name: @@ -38,8 +37,10 @@ path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" state: directory - - name: Extract downloaded Wazuh branch from Github - shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 args: warn: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index cb12739e..65e06e24 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -38,8 +38,10 @@ path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" state: directory - - name: Extract downloaded Wazuh branch from Github - shell: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 args: warn: false From 9d62860ea1644656db5c949e2c46f152f87e83c1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:06:48 +0100 Subject: [PATCH 119/194] Update "installation_from_sources" to fix linting errors --- .../tasks/installation_from_sources.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 65e06e24..1ecfd7c8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -80,15 +80,19 @@ mode: "0700" - name: Execute downloaded script to install Nodejs repo - shell: /tmp/setup_nodejs_repo.sh - + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 + - name: Install Nodejs package: name: nodejs state: present - + - name: Run NPM under root account - shell: npm config set user 0 + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 - name: Download the installation script to install Wazuh API get_url: @@ -97,4 +101,6 @@ mode: "0700" - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download + command: /tmp/install_api.sh download + register: install_api + changed_when: install_api.rc == 0 From e3ecb74ca87f7f4e561da8fe7e19a96677220b3d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:09:40 +0100 Subject: [PATCH 120/194] Move "installation_from_sources" include to Linux.yml --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 7 +------ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 5 ----- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 87112798..81062d80 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,9 +1,4 @@ --- - -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" - when: - - wazuh_sources_installation.enabled - - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -25,7 +20,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5cd95ff4..0c1f8e5f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,4 +1,8 @@ --- +- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" + when: + - wazuh_sources_installation.enabled + - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 36984115..13b1b3e8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -1,9 +1,4 @@ --- - -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" - when: - - wazuh_sources_installation.enabled - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo From c64d331e7f99a8cac94058f778a7320479aeeac6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 20 Nov 2019 19:16:44 +0100 Subject: [PATCH 121/194] Fix include_tasks for "installation_from_sources.yml" --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 0c1f8e5f..e258fa1f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "../roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml" +- include_tasks: "../tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6e488cc5..3bd2c541 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "installation_from_sources" +- include_tasks: "installation_from_sources.yml" when: - wazuh_sources_installation.enabled @@ -58,14 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +74,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ae7be9d9..ed681344 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- include_tasks: "../roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml" +- include_tasks: "../tasks/installation_from_sources.yml" when: - wazuh_sources_installation.enabled From 3c70bc5b2a1e7505971090867378f72fa9219249 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 13:13:36 +0100 Subject: [PATCH 122/194] Update NodJS installation tasks --- .../ansible-wazuh-manager/tasks/RedHat.yml | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c8e8a95a..5503a10c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,25 +1,5 @@ --- -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: ansible_distribution == 'Fedora' - -- name: AmazonLinux | Get Nodejs +- name: Centos | Get Nodejs shell: | set -o pipefail curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - @@ -27,8 +7,28 @@ warn: false executable: /bin/bash creates: /etc/yum.repos.d/nodesource-el7.repo + when: + - ansible_distribution_major_version|int > 5 + +- name: AmazonLinux/Fedora| Get Nodejs + shell: | + set -o pipefail + curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - + args: + warn: false + executable: /bin/bash when: - ansible_distribution|lower == "amazon" + - ansible_distribution == 'Fedora' + +- name: CentOS/RedHat/Amazon/Fedora | Install NodeJS + package: + name: "nodejs" + state: present + register: nodejs_is_installed + until: nodejs_is_installed is succeeded + tags: + - init - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 320b3732404cced74dceed93f0d57e4d1e835610 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:28:46 +0100 Subject: [PATCH 123/194] Add default variables to build Wazuh Kibana Plugin --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 526bfabf..f6ac7023 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -23,3 +23,10 @@ node_certs_destination: /etc/kibana/certs master_certs_path: /es_certs generate_CA: true ca_cert_name: "" + +# Nodejs +node_js_repository_url: https://rpm.nodesource.com/setup_8.x + +# Build from sources +build_from_sources: true +wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 2f8da1b7c508f88c13dcf1ccc9760dd9c90a6fd3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:29:03 +0100 Subject: [PATCH 124/194] Add "build_wazuh_plugin.yml" tasks --- .../tasks/build_wazuh_plugin.yml | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml new file mode 100644 index 00000000..494bc8f0 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -0,0 +1,76 @@ +--- + + - name: Ensure the Git package is present + package: + name: git + state: present + + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" + + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 + + - name: Install Nodejs + package: + name: nodejs + state: present + + - name: Run NPM under root account + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 + + - name: Install yarn dependency to build the Wazuh Kibana Plugin + command: npm install -g yarn@1.10.1 + register: install_yarn_result + changed_when: install_yarn_result == 0 + + - name: Remove old wazuh-kibana-app git directory + file: + path: /tmp/app + state: absent + + - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth + command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 + register: clone_app_repo_result + changed_when: clone_app_repo_result.rc == 0 + args: + chdir: "/tmp" + + - name: Executing yarn to build the package + command: "{{ item }}" + with_items: + - "yarn" + - "yarn build" + - "yarn build" # Executing multiple times to workaround errors returned by yarn build + register: yarn_execution_result + changed_when: yarn_execution_result == 0 + args: + chdir: "/tmp/app/" + + - name: Obtain name of generated package + shell: "find ./ -name 'wazuh-*.zip' -printf '%f\\n'" + register: wazuhapp_package_name + changed_when: false + args: + chdir: "/tmp/app/build" + + - name: Install Wazuh Plugin (can take a while) + shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" + environment: + NODE_OPTIONS: "--max-old-space-size=3072" + args: + executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json + become: yes + become_user: kibana + notify: restart kibana + tags: + - install + - skip_ansible_lint From 886e96b182c90bbbd3e994d59246a39e8a058894 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:29:58 +0100 Subject: [PATCH 125/194] Update "main.yml" in Kibana installation to enable sources install --- .../ansible-kibana/tasks/main.yml | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 622db80b..89af291c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -82,8 +82,8 @@ register: wazuh_app_verify changed_when: false failed_when: - - wazuh_app_verify.rc != 0 - - wazuh_app_verify.rc != 1 + - wazuh_app_verify.rc != 0 + - wazuh_app_verify.rc != 1 - name: Removing old Wazuh-APP command: /usr/share/kibana/bin/kibana-plugin --allow-root remove wazuh @@ -91,13 +91,24 @@ tags: install - name: Removing bundles - file: path=/usr/share/kibana/optimize/bundles state=absent - become: yes - become_user: kibana + file: + path: /usr/share/kibana/optimize/bundles + state: absent when: wazuh_app_verify.rc == 1 tags: install -- name: Install Wazuh-APP (can take a while) +- name: Explicitly starting Kibana to generate "wazuh-" + service: + name: kibana + state: started + +- name: Build and Install Wazuh Kibana Plugin from sources + import_tasks: build_wazuh_plugin.yml + when: + - build_from_sources is defined + - build_from_sources + +- name: Install Wazuh Plugin (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" @@ -110,6 +121,8 @@ tags: - install - skip_ansible_lint + when: + - not build_from_sources - name: Reload systemd configuration systemd: From 3acdd20dff1b4c2eb4ffb7c953ebbafaa58611b9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 13:30:43 +0100 Subject: [PATCH 126/194] Change Wazuh API build task to log info to "/tmp/build_wazuh_api_log." --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 1ecfd7c8..472eab8f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -101,6 +101,6 @@ mode: "0700" - name: Execute Wazuh API installation script - command: /tmp/install_api.sh download + shell: /tmp/install_api.sh download > /tmp/build_api_log.txt register: install_api changed_when: install_api.rc == 0 From e2cee2e45d1cbdba88acf6724347bae4768fa6c7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 14:00:08 +0100 Subject: [PATCH 127/194] fix conditional statement when --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5503a10c..30e0cdc1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -18,8 +18,7 @@ warn: false executable: /bin/bash when: - - ansible_distribution|lower == "amazon" - - ansible_distribution == 'Fedora' + - ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' - name: CentOS/RedHat/Amazon/Fedora | Install NodeJS package: From 686c02b3d5d424356bde2df86ed335fb7276291b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 14:48:54 +0100 Subject: [PATCH 128/194] Add task to check if node service already exists --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 30e0cdc1..196d0e3b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,4 +1,8 @@ --- +- name: Check if NodeJS service Exists + stat: path=/usr/bin/node + register: node_service_status + - name: Centos | Get Nodejs shell: | set -o pipefail @@ -8,7 +12,7 @@ executable: /bin/bash creates: /etc/yum.repos.d/nodesource-el7.repo when: - - ansible_distribution_major_version|int > 5 + - ansible_distribution_major_version|int > 5 and not node_service_status.stat.exists - name: AmazonLinux/Fedora| Get Nodejs shell: | @@ -18,7 +22,7 @@ warn: false executable: /bin/bash when: - - ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' + - ( ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' ) and not node_service_status.stat.exists - name: CentOS/RedHat/Amazon/Fedora | Install NodeJS package: @@ -28,6 +32,7 @@ until: nodejs_is_installed is succeeded tags: - init + when: not node_service_status.stat.exists - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: From 13b232154026a852998b499ad8757a906bf9a538 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 15:01:15 +0100 Subject: [PATCH 129/194] Rename wazuh_sources_installation to wazuh_manager sources_installation --- playbooks/wazuh-elastic_stack-single.yml | 12 +-- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-agent/tasks/Debian.yml | 4 +- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 10 +-- .../ansible-wazuh-agent/tasks/RedHat.yml | 4 +- .../tasks/installation_from_sources.yml | 14 ++-- .../templates/preloaded_vars.conf.j2 | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/tasks/Debian.yml | 16 ++-- .../ansible-wazuh-manager/tasks/RedHat.yml | 8 +- .../tasks/installation_from_sources.yml | 74 ++++++++++--------- .../ansible-wazuh-manager/tasks/main.yml | 4 +- .../templates/preloaded_vars.conf.j2 | 2 +- 13 files changed, 81 insertions(+), 73 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 051b5fd2..bc353dfd 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- -- hosts: +- hosts: all roles: - - {role: ../roles/wazuh/ansible-wazuh-manager} - - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: localhost:9200 - - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } + # - {role: ../roles/wazuh/ansible-wazuh-manager} + # - role: ../roles/wazuh/ansible-filebeat + # filebeat_output_elasticsearch_hosts: 172.24.1.2:9200 + # - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '172.24.1.1', elasticsearch_reachable_host: '172.24.1.2' } diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b4bed923..3ff7d803 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- wazuh_agent_version: 3.10.2-1 -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: "true" branch: "v3.10.2" user_language: "y" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 81062d80..329fab6d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,7 +20,7 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -35,7 +35,7 @@ state: present update_cache: true when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index e258fa1f..9c8db0b8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -17,7 +17,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -28,7 +28,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init @@ -200,9 +200,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 13b1b3e8..e9580a94 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -23,7 +23,7 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 381f9c67..55714673 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -28,17 +28,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -47,7 +47,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -58,7 +58,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -68,4 +68,4 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" \ No newline at end of file + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 68948ae4..2767ab37 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,7 +4,7 @@ wazuh_manager_version: 3.10.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present -wazuh_sources_installation: +wazuh_manager_sources_installation: enabled: true branch: "v3.10.2" user_language: "en" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 3bd2c541..c8b52fda 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,7 +1,7 @@ --- - include_tasks: "installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -27,14 +27,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -58,14 +58,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +74,7 @@ update_cache: true changed_when: false when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -139,4 +139,4 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ed681344..9baae413 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,7 +1,7 @@ --- - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_sources_installation.enabled + - wazuh_manager_sources_installation.enabled - name: RedHat/CentOS | Install Nodejs repo yum_repository: @@ -45,7 +45,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -58,7 +58,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -155,7 +155,7 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 472eab8f..8469713e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -29,17 +29,17 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_sources_installation.branch }}" + command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: @@ -48,7 +48,7 @@ - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -59,7 +59,7 @@ - name: Render the "preloaded-vars.conf" file template: src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}/etc/preloaded-vars.conf" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' @@ -69,38 +69,46 @@ register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_sources_installation.branch }}" + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" # Wazuh API + - name: Check if Wazuh API is already installed + stat: + path: /var/ossec/api/app.js + register: wazuh_api - - name: Download script to install Nodejs repository - get_url: - url: "{{ node_js_repository_url }}" - dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + - name: Install Wazuh API from sources + block: + - name: Download script to install Nodejs repository + get_url: + url: "{{ node_js_repository_url }}" + dest: "/tmp/setup_nodejs_repo.sh" + mode: "0700" - - name: Execute downloaded script to install Nodejs repo - command: /tmp/setup_nodejs_repo.sh - register: node_repo_installation_result - changed_when: node_repo_installation_result.rc == 0 + - name: Execute downloaded script to install Nodejs repo + command: /tmp/setup_nodejs_repo.sh + register: node_repo_installation_result + changed_when: node_repo_installation_result.rc == 0 - - name: Install Nodejs - package: - name: nodejs - state: present + - name: Install Nodejs + package: + name: nodejs + state: present - - name: Run NPM under root account - command: npm config set user 0 - register: allow_root_npm - changed_when: allow_root_npm.rc == 0 + - name: Run NPM under root account + command: npm config set user 0 + register: allow_root_npm + changed_when: allow_root_npm.rc == 0 - - name: Download the installation script to install Wazuh API - get_url: - url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" - dest: "/tmp/install_api.sh" - mode: "0700" + - name: Download the installation script to install Wazuh API + get_url: + url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" + dest: "/tmp/install_api.sh" + mode: "0700" - - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download > /tmp/build_api_log.txt - register: install_api - changed_when: install_api.rc == 0 + - name: Execute Wazuh API installation script + shell: /tmp/install_api.sh download > /tmp/build_api_log.txt + register: install_api + changed_when: install_api.rc == 0 + when: + - not wazuh_api.stat.exists diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f2fc55db..d2c99535 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -356,9 +356,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 index f02252d1..be552560 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_sources_installation.items() %} +{% for key, value in wazuh_manager_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" From d85d210a3e5029253b0a30276e60d35233ab8fa1 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 21 Nov 2019 16:12:08 +0100 Subject: [PATCH 130/194] Centralize NodeJS installation tasks --- playbooks/wazuh-manager.yml | 4 +++ .../ansible-wazuh-manager/tasks/Debian.yml | 18 ---------- .../ansible-wazuh-manager/tasks/RedHat.yml | 35 ------------------- .../ansible-wazuh-manager/tasks/main.yml | 19 ++++++++++ 4 files changed, 23 insertions(+), 53 deletions(-) diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 5ec6a50b..846d4158 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,5 +1,9 @@ --- - hosts: +- vars: + - repo_dic: + debian: "deb" + redhat: "rpm" roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index af33e4ba..b4e94308 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -38,24 +38,6 @@ update_cache: true changed_when: false -- name: Debian/Ubuntu | Installing NodeJS repository - become: true - shell: | - set -o pipefail - curl -sL https://deb.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - changed_when: false - -- name: Debian/Ubuntu | Install NodeJS - apt: - name: "nodejs" - state: present - register: nodejs_package_is_installed - until: nodejs_package_is_installed is succeeded - tags: init - - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 196d0e3b..938bc83d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,39 +1,4 @@ --- -- name: Check if NodeJS service Exists - stat: path=/usr/bin/node - register: node_service_status - -- name: Centos | Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution_major_version|int > 5 and not node_service_status.stat.exists - -- name: AmazonLinux/Fedora| Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - when: - - ( ansible_distribution|lower == "amazon" or ansible_distribution|lower == 'fedora' ) and not node_service_status.stat.exists - -- name: CentOS/RedHat/Amazon/Fedora | Install NodeJS - package: - name: "nodejs" - state: present - register: nodejs_is_installed - until: nodejs_is_installed is succeeded - tags: - - init - when: not node_service_status.stat.exists - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index ed4847aa..33aa58b7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,6 +13,25 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Installing NodeJS repository script + become: true + get_url: + url: "https://{{ repo_dic[ansible_os_family] }}nodesource.com/setup_8.x" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false + +- name: Running NodeJS bash script + script: /etc/nodejs.sh + +- name: Installing NodeJS + package: + name: ntpdate + state: present + register: nodejs_service_is_installed + until: nodejs_service_is_installed is succeeded + tags: init + - name: Install expect package: name: expect From 7bf823bcadead3ce3bae0206882d3dd43d2b98c9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:44:34 +0100 Subject: [PATCH 131/194] Split preloaded_vars into preloaded_vars_manager and api --- .../templates/preloaded_vars_api.conf.j2 | 7 +++++++ ...eloaded_vars.conf.j2 => preloaded_vars_manager.conf.j2} | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 rename roles/wazuh/ansible-wazuh-manager/templates/{preloaded_vars.conf.j2 => preloaded_vars_manager.conf.j2} (93%) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 new file mode 100644 index 00000000..198178c8 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_api.conf.j2 @@ -0,0 +1,7 @@ +{% for key, value in wazuh_api_sources_installation.items() %} +{% if "enabled" not in key and "branch" not in key %} +{% if value is defined and value is not none %} +{{ key|upper }}="{{ value }}" +{% endif %} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 similarity index 93% rename from roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 rename to roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 index be552560..3dacef92 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 @@ -4,4 +4,4 @@ {{ key|upper }}="{{ value }}" {% endif %} {% endif %} -{% endfor %} \ No newline at end of file +{% endfor %} From 628dcb2ccc8ddcc1a27d5d1255c206a9ae1cc63e Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:01 +0100 Subject: [PATCH 132/194] Update conditonals and add required tasks to RedHat.yml --- .../ansible-wazuh-manager/tasks/RedHat.yml | 42 ++++++++++++++----- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 9baae413..354beca4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,7 +1,4 @@ --- -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - name: RedHat/CentOS | Install Nodejs repo yum_repository: @@ -13,6 +10,7 @@ changed_when: false when: - ansible_distribution_major_version|int > 5 + - not wazuh_api_sources_installation.enabled - name: Fedora | Install Nodejs repo yum_repository: @@ -21,7 +19,9 @@ baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL gpgcheck: true - when: ansible_distribution == 'Fedora' + when: + - ansible_distribution == 'Fedora' + - not wazuh_api_sources_installation.enabled - name: AmazonLinux | Get Nodejs shell: | @@ -33,6 +33,7 @@ creates: /etc/yum.repos.d/nodesource-el7.repo when: - ansible_distribution|lower == "amazon" + - not wazuh_api_sources_installation.enabled - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: @@ -46,6 +47,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -58,7 +60,7 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_manager_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -144,13 +146,10 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api +- name: CentOS/RedHat/Amazon | Install Wazuh Manager package: - name: "{{ item }}-{{ wazuh_manager_version }}" + name: "wazuh-manager-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: @@ -159,6 +158,28 @@ tags: - init +- include_tasks: "../tasks/installation_from_sources.yml" + tags: manager + when: + - wazuh_manager_sources_installation.enabled + +- name: CentOS/RedHat/Amazon | Install Wazuh API + package: + name: "wazuh-api-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + register: wazuh_api_main_packages_installed + until: wazuh_api_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + - not wazuh_api_sources_installation.enabled + tags: + - init + +- include_tasks: "../tasks/installation_from_sources.yml" + tags: api + when: + - wazuh_api_sources_installation.enabled + - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager @@ -181,3 +202,4 @@ - ansible_distribution_major_version|int < 6 tags: - init + From 380d4d14300b71b8f99822cc29253e834cf3a7e7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:25 +0100 Subject: [PATCH 133/194] Update installation_from_sources conditionals and blocks --- .../tasks/installation_from_sources.yml | 196 +++++++++++------- 1 file changed, 122 insertions(+), 74 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 8469713e..ef24c238 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -1,75 +1,98 @@ --- # Wazuh Manager - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present + - name: Check if Wazuh Manager is already installed + stat: + path: /var/ossec/bin/ossec-control + register: wazuh_ossec_control - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python + - name: Installing Wazuh Manager from sources + block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + + - name: Installing policycoreutils-python (RedHat families) + package: + name: + - policycoreutils-python + when: + - ansible_os_family|lower == "redhat" + + - name: Installing policycoreutils-python-utils (Debian families) + package: + name: + - libc6-dev + - curl + - policycoreutils + when: + - ansible_os_family|lower == "debian" + + - name: Remove old repository folder + file: + path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + state: absent + + - name: Download required packages from github.com/wazuh/wazuh + get_url: + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + delegate_to: "{{ inventory_hostname }}" + + - name: Create folder to extract Wazuh branch + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: directory + + # When downloading "v3.10.2" extracted folder name is 3.10.2. + # Explicitly creating the folder with proper naming and striping first level in .tar.gz file + + - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip + command: >- + tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} + register: wazuh_untar + changed_when: wazuh_untar.rc ==0 + args: + warn: false + + - name: Clean remaining files from others builds + command: "make -C src {{ item }}" + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + with_items: + - "clean" + - "clean-deps" + register: clean_result + changed_when: clean_result.rc == 0 + failed_when: false + + - name: Render the "preloaded-vars.conf" file + template: + src: "templates/preloaded_vars_manager.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + owner: root + group: root + mode: '644' + + - name: Executing "install.sh" script to build and install the Wazuh Manager + shell: ./install.sh > /tmp/build_manager_log.txt + register: installation_result + changed_when: installation_result == 0 + args: + chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" when: - - ansible_os_family|lower == "redhat" - - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" - - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" - - - name: Create folder to extract Wazuh branch - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: directory - - - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - register: wazuh_untar - changed_when: wazuh_untar.rc ==0 - args: - warn: false - - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false - - - name: Render the "preloaded-vars.conf" file - template: - src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: '644' - - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + - not wazuh_ossec_control.stat.exists + - wazuh_manager_sources_installation.enabled + tags: + - manager # Wazuh API - name: Check if Wazuh API is already installed @@ -79,6 +102,11 @@ - name: Install Wazuh API from sources block: + - name: Ensure Git is present in the host + package: + name: git + state: present + - name: Download script to install Nodejs repository get_url: url: "{{ node_js_repository_url }}" @@ -100,15 +128,35 @@ register: allow_root_npm changed_when: allow_root_npm.rc == 0 - - name: Download the installation script to install Wazuh API - get_url: - url: "https://raw.githubusercontent.com/wazuh/wazuh-api/v{{ wazuh_manager_version[:-2] }}/install_api.sh" - dest: "/tmp/install_api.sh" - mode: "0700" + - name: Remove old repository folder + file: + path: /tmp/wazuh-api + state: absent + + - name: Download the Wazuh API repository + git: + repo: 'https://github.com/wazuh/wazuh-api.git' + version: "{{ wazuh_api_sources_installation.branch }}" + dest: /tmp/wazuh-api + + - name: Configure Wazuh API installation + template: + src: "templates/preloaded_vars_api.conf.j2" + dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" + owner: root + group: root + mode: '644' - name: Execute Wazuh API installation script - shell: /tmp/install_api.sh download > /tmp/build_api_log.txt + shell: ./install_api.sh > /tmp/build_api_log.txt register: install_api changed_when: install_api.rc == 0 + args: + chdir: "/tmp/wazuh-api" + notify: + - restart wazuh-api when: - not wazuh_api.stat.exists + - wazuh_api_sources_installation.enabled + tags: + - api \ No newline at end of file From 9e6966b6994d07ae9ef18f054500b27ff8ea3bf1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:45:45 +0100 Subject: [PATCH 134/194] Fix conditionals for Debian families. Split Manager and API install --- .../ansible-wazuh-manager/tasks/Debian.yml | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index c8b52fda..6da6a6f3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,7 +1,7 @@ --- - include_tasks: "installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: @@ -28,6 +28,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -35,6 +36,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -45,6 +47,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) become: true @@ -59,13 +62,14 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing NodeJS repository key apt_key: url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: @@ -74,7 +78,7 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled + - not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -127,11 +131,10 @@ tags: - config -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api +- name: Debian/Ubuntu | Install wazuh-manager apt: name: - "wazuh-manager={{ wazuh_manager_version }}" - - "wazuh-api={{ wazuh_manager_version }}" state: present cache_valid_time: 3600 install_recommends: false @@ -140,3 +143,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + +- name: Debian/Ubuntu | Install wazuh-api + apt: + name: + - "wazuh-api={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + install_recommends: false + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init + when: + - not wazuh_api_sources_installation.enabled \ No newline at end of file From 6ba58b68386d9a38b08f630cc01eba2c1fd760b5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 21 Nov 2019 18:46:11 +0100 Subject: [PATCH 135/194] Add variables for Wazuh Api installation from sources --- .../ansible-wazuh-manager/defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2767ab37..475a50a9 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -29,6 +29,24 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" +wazuh_api_sources_installation: + enabled: true + branch: "v3.10.2" + update: "y" + remove: "y" + directory: null + port: 55000 + https: "n" + authd: null + proxy: null + country: null + state: null + locality: null + org_name: null + org_unit: null + common_name: null + password: null + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 902ee2a3d18fce94e48cfe376dacb13b56664b0b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 11:18:09 +0100 Subject: [PATCH 136/194] Add a task to check if nodejs already exists --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 33aa58b7..2a3b20e0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -13,20 +13,29 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Check if NodeJS service Exists + stat: + path: /usr/bin/node + register: node_service_status + - name: Installing NodeJS repository script become: true get_url: - url: "https://{{ repo_dic[ansible_os_family] }}nodesource.com/setup_8.x" + url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" dest: /etc/nodejs.sh mode: '0775' changed_when: false + when: not node_service_status.stat.exists - name: Running NodeJS bash script - script: /etc/nodejs.sh + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 + when: not node_service_status.stat.exists - name: Installing NodeJS package: - name: ntpdate + name: nodejs state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded From c32d992f890e20f3cb4a439509399df802c5ce49 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 11:39:08 +0100 Subject: [PATCH 137/194] Re-order tasks --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a3b20e0..a5ccf343 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,12 +7,6 @@ - tar state: present -- include_tasks: "RedHat.yml" - when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - -- include_tasks: "Debian.yml" - when: ansible_os_family == "Debian" - - name: Check if NodeJS service Exists stat: path: /usr/bin/node @@ -41,6 +35,12 @@ until: nodejs_service_is_installed is succeeded tags: init +- include_tasks: "RedHat.yml" + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") + +- include_tasks: "Debian.yml" + when: ansible_os_family == "Debian" + - name: Install expect package: name: expect From 376628a914e93cebaabf105f3208d0e57923ef03 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:14:48 +0100 Subject: [PATCH 138/194] Define variable in default.yml instead of playbook --- playbooks/wazuh-manager.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/vars/default.yml | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/vars/default.yml diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 846d4158..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,9 +1,5 @@ --- - hosts: -- vars: - - repo_dic: - debian: "deb" - redhat: "rpm" roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat diff --git a/roles/wazuh/ansible-wazuh-manager/vars/default.yml b/roles/wazuh/ansible-wazuh-manager/vars/default.yml new file mode 100644 index 00000000..af1a2fbe --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/vars/default.yml @@ -0,0 +1,3 @@ +- repo_dic: + debian: "deb" + redhat: "rpm" \ No newline at end of file From 5fd5ddc61f9befa864c7e37d92698ad48fffa50c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:16:28 +0100 Subject: [PATCH 139/194] Englobe tasks with same when statement in block --- .../ansible-wazuh-manager/tasks/main.yml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a5ccf343..d10f1f2a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,24 +7,24 @@ - tar state: present -- name: Check if NodeJS service Exists +- name: Check if NodeJS service exists stat: path: /usr/bin/node register: node_service_status -- name: Installing NodeJS repository script - become: true - get_url: - url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" - dest: /etc/nodejs.sh - mode: '0775' - changed_when: false - when: not node_service_status.stat.exists +- name: Install NodeJS repository + block: + - name: Download NodeJS repository script + get_url: + url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false -- name: Running NodeJS bash script - command: sh /etc/nodejs.sh - register: nodejs_script - changed_when: nodejs_script.rc == 0 + - name: Run NodeJS bash script + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 when: not node_service_status.stat.exists - name: Installing NodeJS From 565a84c49f801c934bcecffeda47b7356e334584 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 22 Nov 2019 13:38:11 +0100 Subject: [PATCH 140/194] Define variables in default/main.yml --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/vars/default.yml | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/default.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e66ccae5..069af007 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -326,3 +326,6 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' +repo_dic: + debian: "deb" + redhat: "rpm" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/vars/default.yml b/roles/wazuh/ansible-wazuh-manager/vars/default.yml deleted file mode 100644 index af1a2fbe..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/default.yml +++ /dev/null @@ -1,3 +0,0 @@ -- repo_dic: - debian: "deb" - redhat: "rpm" \ No newline at end of file From bc4f36582a0b1ed5c3f70c37c9f309da08dbb33d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:40:48 +0100 Subject: [PATCH 141/194] Remove unused tags from sources installation "include_tasks" --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 354beca4..382e33b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -159,7 +159,6 @@ - init - include_tasks: "../tasks/installation_from_sources.yml" - tags: manager when: - wazuh_manager_sources_installation.enabled @@ -176,7 +175,6 @@ - init - include_tasks: "../tasks/installation_from_sources.yml" - tags: api when: - wazuh_api_sources_installation.enabled From 8d667131d91f9cbf7a674ae9c6de90d65500284b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:41:06 +0100 Subject: [PATCH 142/194] Fix conditional for ssl_agent_ca --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d2c99535..f9d54536 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -28,7 +28,7 @@ chdir: /var/ossec/etc/ tags: - config - when: not wazuh_manager_config.authd.ssl_agent_ca is not none + when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: From df56764dbda227e7d55c0f509db90097c970977a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:41:47 +0100 Subject: [PATCH 143/194] Add dpeendencies to Wazuh API. Update nodejs repo installation --- .../tasks/installation_from_sources.yml | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index ef24c238..a0d22133 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -83,7 +83,7 @@ mode: '644' - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_manager_log.txt + shell: ./install.sh > /tmp/build_wazuh_manager_log.txt register: installation_result changed_when: installation_result == 0 args: @@ -102,14 +102,31 @@ - name: Install Wazuh API from sources block: + - name: Install dependencies to build Wazuh packages + package: + name: + - make + - gcc + - automake + - autoconf + - libtool + - tar + state: present + - name: Ensure Git is present in the host package: name: git state: present + - name: Modify repo url if host is in Debian family + set_fact: + node_js_repo_type: deb + when: + - ansible_os_family | lower == "debian" + - name: Download script to install Nodejs repository get_url: - url: "{{ node_js_repository_url }}" + url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" @@ -148,7 +165,7 @@ mode: '644' - name: Execute Wazuh API installation script - shell: ./install_api.sh > /tmp/build_api_log.txt + shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt register: install_api changed_when: install_api.rc == 0 args: From 5fd46ab9e4ce46972dbb129e0e44497b840e88d9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:09 +0100 Subject: [PATCH 144/194] Remove conditional from wazuh-api restart handler --- roles/wazuh/ansible-wazuh-manager/handlers/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml index 0fac45a1..46f1097b 100644 --- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml @@ -12,6 +12,4 @@ service: name: wazuh-api state: restarted - enabled: true - when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + enabled: true \ No newline at end of file From d91ac23d8c13a0e6efe409ffe35c0da0c3feeaca Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:23 +0100 Subject: [PATCH 145/194] Update Nodejs repo variables to make it flexible for deb and rpm --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 475a50a9..84448ae7 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -370,4 +370,5 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -node_js_repository_url: https://rpm.nodesource.com/setup_8.x \ No newline at end of file +node_js_repo_url: nodesource.com/setup_8.x +node_js_repo_type: rpm \ No newline at end of file From 32dd2e5df5c0348c99a69d7cdaf87ae6d320959c Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:42:56 +0100 Subject: [PATCH 146/194] Rename "preloaded_vars" to "preloaded_vars_agent" --- .../{preloaded_vars.conf.j2 => preloaded_vars_agent.conf.j2} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename roles/wazuh/ansible-wazuh-agent/templates/{preloaded_vars.conf.j2 => preloaded_vars_agent.conf.j2} (61%) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 similarity index 61% rename from roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 rename to roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 index be552560..0887b367 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 @@ -1,4 +1,4 @@ -{% for key, value in wazuh_manager_sources_installation.items() %} +{% for key, value in wazuh_agent_sources_installation.items() %} {% if "user_" in key %} {% if value is defined and value is not none %} {{ key|upper }}="{{ value }}" From cbad3e06a2bfd115229cd54a4fffee2c05965fc7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:43:10 +0100 Subject: [PATCH 147/194] Fix sources conditionals for RedHat.yml --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e9580a94..76ed0f76 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_api_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -23,7 +24,7 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: From f60f218c8824ab332360d3fecad40f3d90ca1ef5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:43:38 +0100 Subject: [PATCH 148/194] Fix agent installation from sources. Update conditionals and includes --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9c8db0b8..9265ce92 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,14 +1,14 @@ --- -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_agent_sources_installation.enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -17,7 +17,7 @@ poll: 30 when: - ansible_os_family|lower == "redhat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled tags: - init @@ -28,7 +28,7 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled tags: - init @@ -200,9 +200,9 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled From 66ac8fea816f6c4c5f0e90b6e2129bf8c77e22b5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:44:05 +0100 Subject: [PATCH 149/194] Fix naming copied from agent. Fix linting --- .../tasks/installation_from_sources.yml | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 55714673..afc3605f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -28,26 +28,31 @@ - name: Download required packages from github.com/wazuh/wazuh get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" - name: Create folder to extract Wazuh branch file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: directory - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: "tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz --strip 1 --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + command: >- + tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz + --strip 1 + --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} register: wazuh_untar changed_when: wazuh_untar.rc ==0 args: warn: false + tags: + - molecule-idempotence-notest - name: Clean remaining files from others builds command: "make -C src {{ item }}" args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/" with_items: - "clean" - "clean-deps" @@ -57,15 +62,17 @@ - name: Render the "preloaded-vars.conf" file template: - src: "templates/preloaded_vars.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" + src: "templates/preloaded_vars_agent.conf.j2" + dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root mode: '644' + tags: + - molecule-idempotence-notest - name: Executing "install.sh" script to build and install the Wazuh Agent - shell: ./install.sh > /tmp/build_log.txt + shell: ./install.sh > /tmp/build_agent_log.txt register: installation_result changed_when: installation_result == 0 args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" \ No newline at end of file + chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" \ No newline at end of file From ce3dcf7abe9ba20210dec8ccef8058a287b60444 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:44:24 +0100 Subject: [PATCH 150/194] Fix sources conditionals in Debian.yml tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 329fab6d..0e0ba92f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -20,13 +20,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -35,7 +36,7 @@ state: present update_cache: true when: - - not wazuh_manager_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: From 329910eb4191af1c3668d2ca8f12d49185596096 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:45:14 +0100 Subject: [PATCH 151/194] Solve typo in default Agent variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3ff7d803..28e807f3 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,7 @@ --- wazuh_agent_version: 3.10.2-1 -wazuh_manager_sources_installation: + +wazuh_agent_sources_installation: enabled: "true" branch: "v3.10.2" user_language: "y" @@ -342,4 +343,4 @@ wazuh_agent_config: list: - key: Env value: Production -wazuh_agent_nat: false +wazuh_agent_nat: false \ No newline at end of file From c988e6220ea8de6d811c59c9b8282b815d1f4a2d Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:45:37 +0100 Subject: [PATCH 152/194] Add custom repo for Wazuh Plugin Kibana installation app --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 494bc8f0..f4f8fd80 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -5,9 +5,15 @@ name: git state: present + - name: Modify repo url if host is in Debian family + set_fact: + node_js_repo_type: deb + when: + - ansible_os_family | lower == "debian" + - name: Download script to install Nodejs repository get_url: - url: "{{ node_js_repository_url }}" + url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" From c87da91104d5b7c87d3fdd9a5676a14be0126718 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 15:46:49 +0100 Subject: [PATCH 153/194] Add Kibana default vars to install Nodejs --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index f6ac7023..1352e352 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -25,8 +25,9 @@ generate_CA: true ca_cert_name: "" # Nodejs -node_js_repository_url: https://rpm.nodesource.com/setup_8.x +node_js_repo_url: https://rpm.nodesource.com/setup_8.x +node_js_repo_type: rpm # Build from sources -build_from_sources: true -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +build_from_sources: false +wazuh_plugin_branch: 3.10-7.3 \ No newline at end of file From 2efe6e626831263bd9a0206b07d05cdc964ceaa6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 16:04:06 +0100 Subject: [PATCH 154/194] Restore playbook wazuh-elastic_stack-single.yml to default configuration --- playbooks/wazuh-elastic_stack-single.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index bc353dfd..6558e255 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- - hosts: all roles: - # - {role: ../roles/wazuh/ansible-wazuh-manager} - # - role: ../roles/wazuh/ansible-filebeat - # filebeat_output_elasticsearch_hosts: 172.24.1.2:9200 - # - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '172.24.1.1', elasticsearch_reachable_host: '172.24.1.2' } + - {role: ../roles/wazuh/ansible-wazuh-manager} + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: localhost:9200 + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' }s \ No newline at end of file From 61d05a0cdde62c8751488235d9df65598ca56ae9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 16:16:50 +0100 Subject: [PATCH 155/194] Fix linting in Ansible playbooks related with Elastic --- playbooks/wazuh-elastic.yml | 2 +- playbooks/wazuh-elastic_stack-distributed.yml | 8 ++++---- playbooks/wazuh-elastic_stack-single.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 36bd9b1d..eda19931 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,5 +1,5 @@ --- - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: '' diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 8c6bc567..5f4213f5 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: node_name: node-1 elasticsearch_bootstrap_node: true - elasticsearch_cluster_nodes: + elasticsearch_cluster_nodes: - - - @@ -22,7 +22,7 @@ vars: instances: node1: - name: node-1 # Important: must be equal to elasticsearch_node_name. + name: node-1 # Important: must be equal to elasticsearch_node_name. ip: # When unzipping, the node will search for its node name folder to get the cert. node2: name: node-2 @@ -43,10 +43,10 @@ - - - - + - hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch elasticsearch_network_host: elasticsearch_node_name: node-3 single_node: false diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 6558e255..9bf5f0fa 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -5,4 +5,4 @@ - role: ../roles/wazuh/ansible-filebeat filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' }s \ No newline at end of file + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file From e003a2d51eb3c1fad46baa5e7644ad727796898d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 25 Nov 2019 17:39:03 +0100 Subject: [PATCH 156/194] Parameterize NodeJS repo. url --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 +++++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 069af007..66253fef 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -326,6 +326,8 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' -repo_dic: - debian: "deb" - redhat: "rpm" \ No newline at end of file +nodejs: + repo_dic: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d10f1f2a..d17e29bd 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -16,7 +16,7 @@ block: - name: Download NodeJS repository script get_url: - url: "https://{{ repo_dic[ansible_os_family|lower] }}.nodesource.com/setup_8.x" + url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: '0775' changed_when: false From f57840b2e7ec2203c7d5fd43455c5c6479f5bb90 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:11:27 +0100 Subject: [PATCH 157/194] Merge #330 from wazuh/ansible --- .../ansible-wazuh-manager/defaults/main.yml | 7 ++-- .../ansible-wazuh-manager/tasks/Debian.yml | 31 ---------------- .../ansible-wazuh-manager/tasks/RedHat.yml | 36 ------------------- 3 files changed, 5 insertions(+), 69 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 84448ae7..92fbf13c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -370,5 +370,8 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -node_js_repo_url: nodesource.com/setup_8.x -node_js_repo_type: rpm \ No newline at end of file +nodejs: + repo_dic: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6da6a6f3..2c2db72d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -49,37 +49,6 @@ - not wazuh_manager_sources_installation.enabled - not wazuh_api_sources_installation.enabled -- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14) - become: true - shell: | - set -o pipefail - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - - args: - warn: false - executable: /bin/bash - changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled - -- name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_api_sources_installation.enabled - -- name: Debian/Ubuntu | Add NodeSource repositories for Node.js - apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" - state: present - update_cache: true - changed_when: false - when: - - not wazuh_api_sources_installation.enabled - - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: cis_distribution_filename: cis_debian_linux_rcl.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 382e33b8..68bf381f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -1,40 +1,4 @@ --- - -- name: RedHat/CentOS | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - changed_when: false - when: - - ansible_distribution_major_version|int > 5 - - not wazuh_api_sources_installation.enabled - -- name: Fedora | Install Nodejs repo - yum_repository: - name: NodeJS - description: NodeJS-$releasever - baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64 - gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - gpgcheck: true - when: - - ansible_distribution == 'Fedora' - - not wazuh_api_sources_installation.enabled - -- name: AmazonLinux | Get Nodejs - shell: | - set -o pipefail - curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - - args: - warn: false - executable: /bin/bash - creates: /etc/yum.repos.d/nodesource-el7.repo - when: - - ansible_distribution|lower == "amazon" - - not wazuh_api_sources_installation.enabled - - name: RedHat/CentOS 5 | Install Wazuh repo yum_repository: name: wazuh_repo From 9c2ce76f0919ee1aebc976fe95668b3bb242eb23 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:44:00 +0100 Subject: [PATCH 158/194] Fix linting --- .../tasks/installation_from_sources.yml | 26 +++++++++---------- .../tasks/installation_from_sources.yml | 6 ++--- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 70c3b5af..2b29a682 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -9,14 +9,14 @@ - libtool - tar state: present - - - name: Removing old files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent - - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent + - name: Removing old files + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent + + - name: Removing old folders + file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -85,10 +85,10 @@ args: chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + - name: Cleanup downloaded files + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + - name: Cleanup created folders + file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 69d27cfd..411254b1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -24,7 +24,7 @@ - name: Removing old folders file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -167,6 +167,4 @@ - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled tags: - - api - - \ No newline at end of file + - api \ No newline at end of file From c9c00b82c2fb88f592373451a72ee55a588093c4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:44:09 +0100 Subject: [PATCH 159/194] Add Nodejs installation --- .../ansible-wazuh-manager/tasks/main.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index f9d54536..c6f0ae26 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,6 +7,34 @@ - tar state: present +- name: Check if NodeJS service exists + stat: + path: /usr/bin/node + register: node_service_status + +- name: Install NodeJS repository + block: + - name: Download NodeJS repository script + get_url: + url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + dest: /etc/nodejs.sh + mode: '0775' + changed_when: false + + - name: Run NodeJS bash script + command: sh /etc/nodejs.sh + register: nodejs_script + changed_when: nodejs_script.rc == 0 + when: not node_service_status.stat.exists + +- name: Installing NodeJS + package: + name: nodejs + state: present + register: nodejs_service_is_installed + until: nodejs_service_is_installed is succeeded + tags: init + - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") From fa0e3f16408af2497792eb25998eb5d3d322d8af Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 18:54:21 +0100 Subject: [PATCH 160/194] Fix cleanup tasks for Wazuh Manager and Agent --- .../tasks/installation_from_sources.yml | 20 +++++++++++-------- .../tasks/installation_from_sources.yml | 20 +++++++++++-------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 2b29a682..b13c17ef 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -11,12 +11,14 @@ state: present - name: Removing old files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -86,9 +88,11 @@ chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + state: absent - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" + state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 411254b1..1bc17d9d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -19,12 +19,14 @@ state: present - name: Removing old files - file: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent - name: Removing old folders - file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent - name: Installing policycoreutils-python (RedHat families) package: @@ -98,12 +100,14 @@ chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - name: Cleanup downloaded files - file: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent + file: + path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" + state: absent - name: Cleanup created folders - file: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent + file: + path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + state: absent when: - not wazuh_ossec_control.stat.exists From fd50b604850d7a77809e19af06146cd65923605e Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 19:01:02 +0100 Subject: [PATCH 161/194] Fix linting --- .../tasks/installation_from_sources.yml | 8 ++++---- .../tasks/installation_from_sources.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index b13c17ef..b426df58 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -11,12 +11,12 @@ state: present - name: Removing old files - file: + file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent - name: Removing old folders - file: + file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: absent @@ -88,11 +88,11 @@ chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - name: Cleanup downloaded files - file: + file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent - name: Cleanup created folders - file: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" + file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: absent \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 1bc17d9d..7e28a70e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -19,12 +19,12 @@ state: present - name: Removing old files - file: + file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" state: absent - name: Removing old folders - file: + file: path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: absent @@ -100,12 +100,12 @@ chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - name: Cleanup downloaded files - file: + file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" state: absent - name: Cleanup created folders - file: + file: path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: absent From 3406109b33ca3d05eac3d308ef96ab90abd668f7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 19:35:23 +0100 Subject: [PATCH 162/194] Remove tags from "preloaded-vars.conf" --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index b426df58..4c4a2c82 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -77,8 +77,6 @@ owner: root group: root mode: '644' - tags: - - molecule-idempotence-notest - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_agent_log.txt From a4f68f6487dfb46c4ce62ccba3725bb6bf904fa3 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 25 Nov 2019 20:04:28 +0100 Subject: [PATCH 163/194] Remove molecule-idemptence-notest tag to fix Jenkins build --- .../ansible-wazuh-agent/tasks/installation_from_sources.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 4c4a2c82..0cca7044 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -56,8 +56,6 @@ changed_when: wazuh_untar.rc ==0 args: warn: false - tags: - - molecule-idempotence-notest - name: Clean remaining files from others builds command: "make -C src {{ item }}" From b4352beda178e54f4aeebfc0dd438832c4248ab9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 00:39:19 +0100 Subject: [PATCH 164/194] Add changed_when conditionals to avoid idempotence errors --- .../tasks/installation_from_sources.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 0cca7044..69934631 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -41,11 +41,13 @@ url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" delegate_to: "{{ inventory_hostname }}" + changed_when: false - name: Create folder to extract Wazuh branch file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" state: directory + changed_when: false - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip command: >- @@ -53,7 +55,7 @@ --strip 1 --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} register: wazuh_untar - changed_when: wazuh_untar.rc ==0 + changed_when: false args: warn: false @@ -75,6 +77,7 @@ owner: root group: root mode: '644' + changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent shell: ./install.sh > /tmp/build_agent_log.txt @@ -87,8 +90,10 @@ file: path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" state: absent + changed_when: false - name: Cleanup created folders file: path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent \ No newline at end of file + state: absent + changed_when: false \ No newline at end of file From dc0811e6690b901d8e6abfa3cec18e02223decc1 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 01:13:09 +0100 Subject: [PATCH 165/194] Testing Manager: sources, API packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 92fbf13c..3d1615f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From 37a59e212e3fa472a15faa0681ebf991cbc8835e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 01:14:51 +0100 Subject: [PATCH 166/194] Testing, Manager: package, API: package --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d1615f4..90d7fed3 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" From 0e196abb51c38a432e51737ab1c5d31e3968f43a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 10:35:34 +0100 Subject: [PATCH 167/194] Add npm as dependency required for Debian 10 --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 7e28a70e..89b934e8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -133,6 +133,7 @@ - autoconf - libtool - tar + - npm state: present - name: Ensure Git is present in the host From 85db46bbd89db0b8f6439fc7a3261762eb3fcbed Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 10:50:03 +0100 Subject: [PATCH 168/194] Set installation type to sources --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 90d7fed3..92fbf13c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From c17424b4639a7916548540f612c51ac1a246176a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 11:28:22 +0100 Subject: [PATCH 169/194] Limit the npm installation to Debian hosts only --- .../tasks/installation_from_sources.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 89b934e8..420992e6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -133,8 +133,14 @@ - autoconf - libtool - tar - - npm state: present + + - name: Explicitly installing npm for Debian hosts + package: + name: npm + state: present + when: + - ansible_distribution == "Debian" - name: Ensure Git is present in the host package: From e4fdb984d6ad2b538a442ab205a0e55837d8dc7f Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 11:38:54 +0100 Subject: [PATCH 170/194] Fix Linting --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 420992e6..b92e4edc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -134,7 +134,7 @@ - libtool - tar state: present - + - name: Explicitly installing npm for Debian hosts package: name: npm From 94ed23c60788c33cb9afadcb454770457d87fc16 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 13:22:42 +0100 Subject: [PATCH 171/194] Testing Agent from packages. Testing sources/package for manager and api --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 28e807f3..64935264 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_agent_sources_installation: - enabled: "true" + enabled: "false" branch: "v3.10.2" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 92fbf13c..3d1615f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From a25b7d9681fa30d05e975388549f33f5ce2b2906 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 14:55:57 +0100 Subject: [PATCH 172/194] Fix conditionals related with Manager and API kind of installatioin --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 9 +++------ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 +-- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 76ed0f76..e0b2b426 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,8 +10,7 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 2c2db72d..9752545a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -27,16 +27,14 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -46,8 +44,7 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 68bf381f..807275f1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -10,8 +10,7 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled - - not wazuh_api_sources_installation.enabled + - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo From c772d5c983b3e9aa53fd45d7b6798aa2ff03a125 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 15:00:22 +0100 Subject: [PATCH 173/194] Fix Nodejs in Kibana and rename 'repo_dic' to 'repo_dict' --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 7 +++++-- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 1352e352..db42b801 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -25,8 +25,11 @@ generate_CA: true ca_cert_name: "" # Nodejs -node_js_repo_url: https://rpm.nodesource.com/setup_8.x -node_js_repo_type: rpm +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_8.x" # Build from sources build_from_sources: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index f4f8fd80..b864afc3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -13,7 +13,8 @@ - name: Download script to install Nodejs repository get_url: - url: "https://{{ node_js_repo_type }}.{{ node_js_repo_url }}" + nodejs['repo_dict'][ansible_os_family|lower] + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3d1615f4..f85e32eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -371,7 +371,7 @@ wazuh_agent_configs: format: 'eventlog' nodejs: - repo_dic: + repo_dict: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_8.x" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index c6f0ae26..0bb00fef 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -16,7 +16,7 @@ block: - name: Download NodeJS repository script get_url: - url: "https://{{ nodejs['repo_dic'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" + url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: '0775' changed_when: false From e18e95816004b76cab8a46aa5841d371f56a8fb7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 16:38:40 +0100 Subject: [PATCH 174/194] Fix typo in build_wazuh_plugin.yml --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index b864afc3..4a2ebc23 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -1,5 +1,4 @@ --- - - name: Ensure the Git package is present package: name: git @@ -13,7 +12,6 @@ - name: Download script to install Nodejs repository get_url: - nodejs['repo_dict'][ansible_os_family|lower] url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" mode: "0700" From ad8ae0ed655205f062ef50bead632e2a1448177c Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 17:53:24 +0100 Subject: [PATCH 175/194] Testing package/sources for Manager and API respectively --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f85e32eb..ca23f8ff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From 4ba0a85bf199511278d127a774e3e81f6b0b4ce8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 18:49:10 +0100 Subject: [PATCH 176/194] Fix includes for wazuh-manager role --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9752545a..e045059d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,8 +1,4 @@ --- -- include_tasks: "installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: name: @@ -110,6 +106,10 @@ when: - not wazuh_manager_sources_installation.enabled +- include_tasks: "installation_from_sources.yml" + when: + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 807275f1..49ff0cdf 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,10 +137,6 @@ tags: - init -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_api_sources_installation.enabled - - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 replace: path: /etc/init.d/wazuh-manager From dbf436be04828e4a0c28abae95ce1da926ada5c0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 26 Nov 2019 18:56:06 +0100 Subject: [PATCH 177/194] Testing installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca23f8ff..ad3ddf1d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From ae5a3d6f91f459f2963a257b4d6e1c0ccff7173c Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 10:04:21 +0100 Subject: [PATCH 178/194] Fix conditional for RHEL hosts --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ad3ddf1d..ca23f8ff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 49ff0cdf..fc8cd489 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -123,7 +123,7 @@ - include_tasks: "../tasks/installation_from_sources.yml" when: - - wazuh_manager_sources_installation.enabled + - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled - name: CentOS/RedHat/Amazon | Install Wazuh API package: From aaa68bd5bb87c0a8bda4d2fb3aee63ac60aca738 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 11:27:26 +0100 Subject: [PATCH 179/194] Testing installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca23f8ff..ad3ddf1d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From dec2fc5cca33e001ba8717af2741b5b9874edc64 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 12:50:06 +0100 Subject: [PATCH 180/194] Test Kibana installation from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index db42b801..0a05d853 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: false -wazuh_plugin_branch: 3.10-7.3 \ No newline at end of file +build_from_sources: true +wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 814cfa1e5e5cf2f97bfe9ca81a60b1107eac79e8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 13:49:12 +0100 Subject: [PATCH 181/194] Fix idempotence on Kibana installation from sources --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 4a2ebc23..8de3281c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -19,7 +19,7 @@ - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh register: node_repo_installation_result - changed_when: node_repo_installation_result.rc == 0 + changed_when: false - name: Install Nodejs package: @@ -29,7 +29,7 @@ - name: Run NPM under root account command: npm config set user 0 register: allow_root_npm - changed_when: allow_root_npm.rc == 0 + changed_when: false - name: Install yarn dependency to build the Wazuh Kibana Plugin command: npm install -g yarn@1.10.1 @@ -40,11 +40,12 @@ file: path: /tmp/app state: absent + changed_when: false - name: Clone wazuh-kibana-app repository # Using command as git module doesn't cover single-branch nor depth command: git clone https://github.com/wazuh/wazuh-kibana-app -b {{ wazuh_plugin_branch }} --single-branch --depth=1 app # noqa 303 register: clone_app_repo_result - changed_when: clone_app_repo_result.rc == 0 + changed_when: false args: chdir: "/tmp" From 77145e71b867326df92f7904e8e95c1f24ca7a8f Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 27 Nov 2019 18:00:34 +0100 Subject: [PATCH 182/194] Disable Kibana from sources and test sources/package after changes --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..8e4a6572 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true +build_from_sources: false wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ad3ddf1d..f85e32eb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" user_language: "en" user_no_stop: "y" From eed1a11aebb7e4ffdb68d8548983aad46e6f2af8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 10:13:08 +0100 Subject: [PATCH 183/194] Testing sources/sources installation for Manager and API respectively --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f85e32eb..27106dc1 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: false + enabled: true branch: "v3.10.2" update: "y" remove: "y" From 50cd3745bb13750572b3ae73bf191c61b7325b9e Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:28:38 +0100 Subject: [PATCH 184/194] Add check to stop if trying to build Kibana in Debian 10 --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 89af291c..dd0e423f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -1,4 +1,13 @@ --- + +- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible + fail: + msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" + when: + - build_from_sources + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' @@ -108,6 +117,7 @@ - build_from_sources is defined - build_from_sources + - name: Install Wazuh Plugin (can take a while) shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: From 7f70b4dfebce1484c95db3e8ff623d05871624b4 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:49:40 +0100 Subject: [PATCH 185/194] Update "build_wazuh_plugin" to fix conditional and update npm task --- .../ansible-kibana/tasks/build_wazuh_plugin.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 8de3281c..a18a752b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -26,13 +26,9 @@ name: nodejs state: present - - name: Run NPM under root account - command: npm config set user 0 - register: allow_root_npm - changed_when: false - - name: Install yarn dependency to build the Wazuh Kibana Plugin - command: npm install -g yarn@1.10.1 + # Using shell due to errors when evaluating text between @ with command + shell: "npm install -g {{ 'yarn' }}{{ '@' }}{{ '1.10.1'}}" # noqa 305 register: install_yarn_result changed_when: install_yarn_result == 0 @@ -56,7 +52,7 @@ - "yarn build" - "yarn build" # Executing multiple times to workaround errors returned by yarn build register: yarn_execution_result - changed_when: yarn_execution_result == 0 + changed_when: false args: chdir: "/tmp/app/" From b9a6d0e1d6c2f098480dc04e8309f439b23ee671 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 28 Nov 2019 11:49:47 +0100 Subject: [PATCH 186/194] Testing Kibana from sources --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8e4a6572..0a05d853 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: false +build_from_sources: true wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file From 7525c75beb3cbb66e0a6822d762713b6220e14a2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:00:19 +0100 Subject: [PATCH 187/194] Restore elastic_stack-single to default configuration --- playbooks/wazuh-elastic_stack-single.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 9bf5f0fa..aba365c9 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,8 +1,8 @@ --- -- hosts: all +- hosts: roles: - {role: ../roles/wazuh/ansible-wazuh-manager} - role: ../roles/wazuh/ansible-filebeat filebeat_output_elasticsearch_hosts: localhost:9200 - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} - - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: '0.0.0.0', elasticsearch_reachable_host: 'localhost' } \ No newline at end of file From e45aaf6a8e133910e17536aaa7897668fafb9eaf Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:04:09 +0100 Subject: [PATCH 188/194] Improving description for installation tasks in "RedHat.yml" --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index fc8cd489..5dc57e81 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -109,7 +109,7 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: CentOS/RedHat/Amazon | Install Wazuh Manager +- name: CentOS/RedHat/Amazon | Install wazuh-manager package: name: "wazuh-manager-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" @@ -125,7 +125,7 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled -- name: CentOS/RedHat/Amazon | Install Wazuh API +- name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" state: "{{ wazuh_manager_package_state }}" From ab4ef23e2ae9a947ed8585500a434188314bafc8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 29 Nov 2019 10:51:58 +0100 Subject: [PATCH 189/194] Remove unneeded yarn build execution --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a18a752b..6a3dc514 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -50,7 +50,6 @@ with_items: - "yarn" - "yarn build" - - "yarn build" # Executing multiple times to workaround errors returned by yarn build register: yarn_execution_result changed_when: false args: From f6e4468fd86d4e496bd6783bfc7e4553d5c33d0a Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 10 Dec 2019 10:12:32 +0100 Subject: [PATCH 190/194] Change default installation mode to packages. --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..8e4a6572 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -32,5 +32,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true +build_from_sources: false wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 64935264..30eddc6e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.10.2-1 wazuh_agent_sources_installation: - enabled: "false" + enabled: false branch: "v3.10.2" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0a5eaf07..ca536bff 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" user_language: "en" user_no_stop: "y" @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.10.2" update: "y" remove: "y" From 8ef63f06ebaf17d8a8c4485dbdc604b8795d6162 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 12 Dec 2019 16:01:41 +0100 Subject: [PATCH 191/194] Fix Wazuh Agent name conditional in Linux.yml --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9265ce92..b53b2450 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,12 +59,12 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %}-I "any" {% endif %} {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_authd.ssl_agent_ca is defined %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2de09a8e..ee0aced7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,7 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent From 7df74182f4e4e086082c42712f9e4b69dbd34a35 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 11:50:28 +0100 Subject: [PATCH 192/194] Fix conditional check for null variables --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index b53b2450..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,17 +59,23 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is defined %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From 879c2782b01ae8abc5117e4e9c964b2cf51a5559 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 11:58:01 +0100 Subject: [PATCH 193/194] Bump version to 3.11.0_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/VERSION b/VERSION index f4d1cb92..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" -REVISION="31020" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 7eb645c2..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8e4a6572..72e51254 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 30eddc6e..dc045dd6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.10.2-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ca536bff..bd039d68 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.10.2-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.10.2" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b92e4edc..fe78cdbb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.10.2" extracted folder name is 3.10.2. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From bfe86ed1d30d75ed14b43d4bb6bfd87a1e859409 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 26 Dec 2019 13:13:32 +0100 Subject: [PATCH 194/194] Update CHANGELOG.md --- CHANGELOG.md | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c04df488..73f7ea43 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,55 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.xx.x_x.x.x] +## [v3.11.0_7.5.1] ### Added -- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) +- Update to Wazuh v3.11.0 + +- Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +- Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) + +- Added config tag to the Wazuh Agent's enable task ([@xr09](https://github.com/xr09)) [PR#261](https://github.com/wazuh/wazuh-ansible/pull/261) + +- Implement task to configure Elasticsearch user on every cluster node ([@xr09](https://github.com/xr09)) [PR#270](https://github.com/wazuh/wazuh-ansible/pull/270) + +- Added SCA to Wazuh Agent and Manager installation ([@jm404](https://github.com/jm404)) [PR#260](https://github.com/wazuh/wazuh-ansible/pull/260) + +- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) + +- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) + ### Changed -- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) -- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) +- Updated Filebeat and Elasticsearch templates ([@manuasir](https://github.com/manuasir)) [PR#285](https://github.com/wazuh/wazuh-ansible/pull/285) + +- Make ossec.conf file more readable by removing trailing whitespaces ([@jm404](https://github.com/jm404)) [PR#286](https://github.com/wazuh/wazuh-ansible/pull/286) + +- Wazuh repositories can now be configured to different sources URLs ([@jm404](https://github.com/jm404)) [PR#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +- Wazuh App URL is now flexible ([@jm404](https://github.com/jm404)) [PR#304](https://github.com/wazuh/wazuh-ansible/pull/304) + +- Agent installation task now does not hardcodes the "-1" sufix ([@jm404](https://github.com/jm404)) [PR#310](https://github.com/wazuh/wazuh-ansible/pull/310) + +- Enhanced task importation in Wazuh Manager role and removed deprecated warnings ([@xr09](https://github.com/xr09)) [PR#320](https://github.com/wazuh/wazuh-ansible/pull/320) + +- Wazuh API installation task have been upgraded ([@rshad](https://github.com/rshad)) [PR#330](https://github.com/wazuh/wazuh-ansible/pull/330) + +- It's now possible to install Wazuh Manager and Agent from sources ([@jm404](https://github.com/jm404)) [PR#329](https://github.com/wazuh/wazuh-ansible/pull/329) + ### Fixed -- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) -- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) +- Ansible upgrade from 6.x to 7.x ([@jm404](https://github.com/jm404)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/251) + +- Wazuh Agent registration using agent name has been fixed ([@jm404](https://github.com/jm404)) [PR#298](https://github.com/wazuh/wazuh-ansible/pull/298) +- Fix Wazuh repository and installation conditionals ([@jm404](https://github.com/jm404)) [PR#299](https://github.com/wazuh/wazuh-ansible/pull/299) + +- Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334) + ## [v3.10.2_7.3.2]