diff --git a/roles/opensearch/wazuh-dashboard/defaults/main.yml b/roles/opensearch/wazuh-dashboard/defaults/main.yml index d405b61e..f1a87302 100644 --- a/roles/opensearch/wazuh-dashboard/defaults/main.yml +++ b/roles/opensearch/wazuh-dashboard/defaults/main.yml @@ -1,34 +1,38 @@ --- -# Kibana configuration -elasticsearch_http_port: 9200 -elastic_api_protocol: https -kibana_conf_path: /etc/kibana +# Dashboard configuration +indexer_http_port: 9700 +indexer_api_protocol: https +dashboard_conf_path: /etc/wazuh-dashboard/ ## 732 check the path -kibana_node_name: node-1 -kibana_server_host: "0.0.0.0" -kibana_server_port: "5601" -kibana_server_name: "kibana" -kibana_max_payload_bytes: 1048576 -elastic_stack_version: 4.3.0 +dashboard_node_name: node-1 +dashboard_server_host: "0.0.0.0" +dashboard_server_port: "5601" +dashboard_server_name: "dashboard" +#kibana_max_payload_bytes: 1048576 +#elastic_stack_version: 4.3.0 ## 732 check if it is the right version wazuh_version: 4.3.0 -wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana +#wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana ## 732 check if it is needed. # The OpenDistro package repository -kibana_opendistro_version: 4.3.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +dashboard_version: "4.3.0" # Version includes the - for RedHat family compatibility, replace with = for Debian hosts ## 732 check if it is the right version package_repos: yum: - opendistro: - baseurl: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + dashboard: + #baseurl: 'https://packages.wazuh.com/4.x/yum/' + baseurl: 'https://packages-dev.wazuh.com/pre-release/yum/' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' apt: - opendistro: - baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + dashboard: + #baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' # API credentials wazuh_api_credentials: @@ -39,13 +43,13 @@ wazuh_api_credentials: password: "wazuh" # opendistro Security -kibana_opendistro_security: true -kibana_newsfeed_enabled: "false" -kibana_telemetry_optin: "false" -kibana_telemetry_enabled: "false" +dashboard_security: true +#kibana_newsfeed_enabled: "false" +#kibana_telemetry_optin: "false" +#kibana_telemetry_enabled: "false" indexer_admin_password: changeme -opendistro_kibana_user: kibanaserver +dashboard_user: dashboardserver dashboard_password: changeme local_certs_path: "{{ playbook_dir }}/indexer/certificates" @@ -58,7 +62,7 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 4.1-7.10 +#wazuh_plugin_branch: 4.1-7.10 ## 732 check if it is the right version and if it is needed #Nodejs NODE_OPTIONS diff --git a/roles/opensearch/wazuh-dashboard/tasks/Debian.yml b/roles/opensearch/wazuh-dashboard/tasks/Debian.yml index 557e785c..84ff2723 100644 --- a/roles/opensearch/wazuh-dashboard/tasks/Debian.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/Debian.yml @@ -3,22 +3,19 @@ - include_vars: debian.yml - name: Add apt repository signing key -## 732 will not be needed. The wazuh repo should be added apt_key: - url: "{{ package_repos.apt.indexer.gpg }}" + url: "{{ package_repos.apt.dashboard.gpg }}" state: present - name: Debian systems | Add OpenDistro repo -## 732 will not be needed. The wazuh repo should be added apt_repository: - repo: "{{ package_repos.apt.indexer.baseurl }}" + repo: "{{ package_repos.apt.dashboard.baseurl }}" state: present update_cache: yes - name: Install Wazuh-Dashboard -## 732 package name and task name should be updated. apt: - name: "wazuh-dashboard={{ kibana_opendistro_version }}" + name: "wazuh-dashboard={{ dashboard_version }}-1" state: present register: install diff --git a/roles/opensearch/wazuh-dashboard/tasks/RMRedHat.yml b/roles/opensearch/wazuh-dashboard/tasks/RMRedHat.yml index 959c70e9..893ec065 100644 --- a/roles/opensearch/wazuh-dashboard/tasks/RMRedHat.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- -- name: Remove Elasticsearch repository (and clean up left-over metadata) +- name: Remove Wazuh-Dashboard repository (and clean up left-over metadata) yum_repository: - name: opendistro_repo + name: wazuh_repo state: absent changed_when: false diff --git a/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml b/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml index 514dbb85..a6db8256 100644 --- a/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/RedHat.yml @@ -1,18 +1,18 @@ --- - block: - - name: RedHat/CentOS/Fedora | Add OpenDistro repo + - name: RedHat/CentOS/Fedora | Add Wazuh-Dashboard repo yum_repository: - file: opendistro - name: opendistro_repo - description: Opendistro yum repository - baseurl: "{{ package_repos.yum.indexer.baseurl }}" - gpgkey: "{{ package_repos.yum.indexer.gpg }}" + file: wazuh + name: wazuh_repo + description: Wazuh yum repository + baseurl: "{{ package_repos.yum.dashboard.baseurl }}" + gpgkey: "{{ package_repos.yum.dashboard.gpg }}" gpgcheck: true - name: Install Wazuh-Dashboard package: - name: "wazuh-dashboard-{{ kibana_opendistro_version }}" + name: "wazuh-dashboard-{{ dashboard_version }}" state: present register: install diff --git a/roles/opensearch/wazuh-dashboard/tasks/main.yml b/roles/opensearch/wazuh-dashboard/tasks/main.yml index 514944ad..93c8f5ed 100755 --- a/roles/opensearch/wazuh-dashboard/tasks/main.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible +- name: Stopping early, trying to compile Wazuh Dashboard Plugin on Debian 10 is not possible fail: - msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" + msg: "It's not possible to compile the Wazuh Dashboard plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" when: - build_from_sources - ansible_distribution == "Debian" @@ -14,36 +14,35 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Remove Kibana configuration file +- name: Remove Dashboard configuration file file: # noqa 503 - path: "{{ kibana_conf_path }}/kibana.yml" + path: "{{ dashboard_conf_path }}/dashboard.yml" state: absent tags: install - import_tasks: security_actions.yml - name: Copy Configuration File - blockinfile: - block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}" - dest: "{{ kibana_conf_path }}/kibana.yml" - create: true - group: kibana - owner: kibana + template: + src: "templates/dashboard.yml.j2" + dest: "{{ dashboard_conf_path }}/dashboard.yml" + group: wazuh-dashboard + owner: wazuh-dashboard mode: 0640 - marker: "## {mark} Kibana general settings ##" + force: yes notify: restart wazuh-dashboard tags: - install - configure -- name: Ensuring Kibana directory owner +- name: Ensuring Wazuh-Dashboard directory owner file: # noqa 208 - path: "/usr/share/kibana" + path: "/usr/share/wazuh-dashboard" state: directory - owner: kibana - group: kibana + owner: wazuh-dashboard + group: wazuh-dashboard recurse: yes #- name: Build and Install Wazuh Kibana Plugin from sources @@ -70,7 +69,7 @@ # - not build_from_sources #- name: Kibana optimization (can take a while) -# shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml +# shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ dashboard_conf_path }}/kibana.yml # args: # executable: /bin/bash # become: yes @@ -79,44 +78,44 @@ # tags: # - skip_ansible_lint -- name: Wait for Elasticsearch port - wait_for: host={{ indexer_network_host }} port={{ elasticsearch_http_port }} +- name: Wait for Wazuh-Indexer port + wait_for: host={{ indexer_network_host }} port={{ indexer_http_port }} - name: Select correct API protocol set_fact: - elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}" + indexer_api_protocol: "{% if dashboard_security is defined and dashboard_security %}https{% else %}http{% endif %}" - name: Attempting to delete legacy Wazuh index if exists uri: - url: "{{ elastic_api_protocol }}://{{ indexer_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + url: "{{ indexer_api_protocol }}://{{ indexer_network_host }}:{{ indexer_http_port }}/.wazuh" method: DELETE user: "admin" password: "{{ indexer_admin_password }}" validate_certs: no status_code: 200, 404 -- name: Create wazuh plugin config directory +- name: Create Wazuh Plugin config directory file: - path: /usr/share/kibana/data/wazuh/config/ + path: /usr/share/wazuh-dashboard/data/wazuh/config/ state: directory recurse: yes - owner: kibana - group: kibana + owner: wazuh-dashboard + group: wazuh-dashboard mode: 0751 changed_when: False -- name: Configure Wazuh Kibana Plugin +- name: Configure Wazuh Dashboard Plugin template: src: wazuh.yml.j2 - dest: /usr/share/kibana/data/wazuh/config/wazuh.yml - owner: kibana - group: kibana + dest: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + owner: wazuh-dashboard + group: wazuh-dashboard mode: 0751 changed_when: False -- name: Ensure Kibana started and enabled +- name: Ensure Wazuh-Dashboard started and enabled service: - name: kibana + name: wazuh-dashboard enabled: true state: started diff --git a/roles/opensearch/wazuh-dashboard/tasks/security_actions.yml b/roles/opensearch/wazuh-dashboard/tasks/security_actions.yml index ee21f1c1..223ae09d 100644 --- a/roles/opensearch/wazuh-dashboard/tasks/security_actions.yml +++ b/roles/opensearch/wazuh-dashboard/tasks/security_actions.yml @@ -1,13 +1,13 @@ - block: - - name: Copy the certificates from local to the Kibana instance + - name: Copy the certificates from local to the Wazuh-Dashboard instance copy: src: "{{ local_certs_path }}/certs/{{ item }}" - dest: /usr/share/kibana + dest: /etc/wazuh-dashboard/certs/ mode: 0644 with_items: - "root-ca.pem" - - "{{ kibana_node_name }}_http.key" - - "{{ kibana_node_name }}_http.pem" + - "{{ dashboard_node_name }}-key.pem" + - "{{ dashboard_node_name }}.pem" tags: - security diff --git a/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 b/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 new file mode 100644 index 00000000..9795b557 --- /dev/null +++ b/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 @@ -0,0 +1,15 @@ +server.host: {{ dashboard_server_host }} +server.port: {{ dashboard_server_port }} +opensearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}" +opensearch.ssl.verificationMode: certificate +opensearch.username: {{ dashboard_user }} +opensearch.password: {{ dashboard_password }} +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: true +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem" +server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem" +opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] +logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log" +uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global diff --git a/roles/opensearch/wazuh-dashboard/templates/opendistro_kibana.yml.j2 b/roles/opensearch/wazuh-dashboard/templates/opendistro_kibana.yml.j2 index 95461cd4..fb5aaf2e 100644 --- a/roles/opensearch/wazuh-dashboard/templates/opendistro_kibana.yml.j2 +++ b/roles/opensearch/wazuh-dashboard/templates/opendistro_kibana.yml.j2 @@ -1,17 +1,17 @@ # {{ ansible_managed }} # Description: # Default Kibana configuration for Open Distro. -server.port: {{ kibana_server_port }} +server.port: {{ dashboard_server_port }} #server.basePath: "" server.maxPayloadBytes: {{ kibana_max_payload_bytes }} -server.name: {{ kibana_server_name }} +server.name: {{ dashboard_server_name }} server.host: {{ kibana_server_host }} {% if kibana_opendistro_security %} -elasticsearch.hosts: "https://{{ indexer_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}" elasticsearch.username: {{ opendistro_kibana_user }} elasticsearch.password: {{ dashboard_password }} server.ssl.enabled: true @@ -21,7 +21,7 @@ elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/root-ca.pem"] elasticsearch.ssl.verificationMode: full {% else %} -elasticsearch.hosts: "http://{{ indexer_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "http://{{ indexer_network_host }}:{{ indexer_http_port }}" {% endif %} elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] diff --git a/roles/opensearch/wazuh-dashboard/vars/debian.yml b/roles/opensearch/wazuh-dashboard/vars/debian.yml index bf53c169..d7e764f2 100644 --- a/roles/opensearch/wazuh-dashboard/vars/debian.yml +++ b/roles/opensearch/wazuh-dashboard/vars/debian.yml @@ -1,3 +1,3 @@ --- -kibana_opendistro_version: 4.3.0 \ No newline at end of file +dashboard_version: 4.3.0 \ No newline at end of file diff --git a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml index f292156c..f6be9302 100644 --- a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml +++ b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml @@ -4,9 +4,9 @@ - name: RedHat/CentOS/Fedora | Add Wazuh-Indexer repo ## 732 wazuh repo should be added instead. yum_repository: - file: opendistro - name: opendistro_repo - description: Opendistro yum repository + file: wazuh + name: wazuh_repo + description: Wazuh yum repository baseurl: "{{ package_repos.yum.indexer.baseurl }}" gpgkey: "{{ package_repos.yum.indexer.gpg }}" gpgcheck: true