Wazuh dashboard role created
This commit is contained in:
Gonzalo Acuña
parent
93d6bdb32a
commit
c722e5bc87
@ -1,34 +1,38 @@
|
||||
---
|
||||
|
||||
# Kibana configuration
|
||||
elasticsearch_http_port: 9200
|
||||
elastic_api_protocol: https
|
||||
kibana_conf_path: /etc/kibana
|
||||
# Dashboard configuration
|
||||
indexer_http_port: 9700
|
||||
indexer_api_protocol: https
|
||||
dashboard_conf_path: /etc/wazuh-dashboard/
|
||||
## 732 check the path
|
||||
kibana_node_name: node-1
|
||||
kibana_server_host: "0.0.0.0"
|
||||
kibana_server_port: "5601"
|
||||
kibana_server_name: "kibana"
|
||||
kibana_max_payload_bytes: 1048576
|
||||
elastic_stack_version: 4.3.0
|
||||
dashboard_node_name: node-1
|
||||
dashboard_server_host: "0.0.0.0"
|
||||
dashboard_server_port: "5601"
|
||||
dashboard_server_name: "dashboard"
|
||||
#kibana_max_payload_bytes: 1048576
|
||||
#elastic_stack_version: 4.3.0
|
||||
## 732 check if it is the right version
|
||||
wazuh_version: 4.3.0
|
||||
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
|
||||
#wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
|
||||
## 732 check if it is needed.
|
||||
|
||||
# The OpenDistro package repository
|
||||
kibana_opendistro_version: 4.3.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
|
||||
dashboard_version: "4.3.0" # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
|
||||
## 732 check if it is the right version
|
||||
|
||||
package_repos:
|
||||
yum:
|
||||
opendistro:
|
||||
baseurl: 'https://packages.wazuh.com/4.x/yum/'
|
||||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
dashboard:
|
||||
#baseurl: 'https://packages.wazuh.com/4.x/yum/'
|
||||
baseurl: 'https://packages-dev.wazuh.com/pre-release/yum/'
|
||||
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
apt:
|
||||
opendistro:
|
||||
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
|
||||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
dashboard:
|
||||
#baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
|
||||
baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
|
||||
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
|
||||
# API credentials
|
||||
wazuh_api_credentials:
|
||||
@ -39,13 +43,13 @@ wazuh_api_credentials:
|
||||
password: "wazuh"
|
||||
|
||||
# opendistro Security
|
||||
kibana_opendistro_security: true
|
||||
kibana_newsfeed_enabled: "false"
|
||||
kibana_telemetry_optin: "false"
|
||||
kibana_telemetry_enabled: "false"
|
||||
dashboard_security: true
|
||||
#kibana_newsfeed_enabled: "false"
|
||||
#kibana_telemetry_optin: "false"
|
||||
#kibana_telemetry_enabled: "false"
|
||||
|
||||
indexer_admin_password: changeme
|
||||
opendistro_kibana_user: kibanaserver
|
||||
dashboard_user: dashboardserver
|
||||
dashboard_password: changeme
|
||||
local_certs_path: "{{ playbook_dir }}/indexer/certificates"
|
||||
|
||||
@ -58,7 +62,7 @@ nodejs:
|
||||
|
||||
# Build from sources
|
||||
build_from_sources: false
|
||||
wazuh_plugin_branch: 4.1-7.10
|
||||
#wazuh_plugin_branch: 4.1-7.10
|
||||
## 732 check if it is the right version and if it is needed
|
||||
|
||||
#Nodejs NODE_OPTIONS
|
||||
|
||||
@ -3,22 +3,19 @@
|
||||
|
||||
- include_vars: debian.yml
|
||||
- name: Add apt repository signing key
|
||||
## 732 will not be needed. The wazuh repo should be added
|
||||
apt_key:
|
||||
url: "{{ package_repos.apt.indexer.gpg }}"
|
||||
url: "{{ package_repos.apt.dashboard.gpg }}"
|
||||
state: present
|
||||
|
||||
- name: Debian systems | Add OpenDistro repo
|
||||
## 732 will not be needed. The wazuh repo should be added
|
||||
apt_repository:
|
||||
repo: "{{ package_repos.apt.indexer.baseurl }}"
|
||||
repo: "{{ package_repos.apt.dashboard.baseurl }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Install Wazuh-Dashboard
|
||||
## 732 package name and task name should be updated.
|
||||
apt:
|
||||
name: "wazuh-dashboard={{ kibana_opendistro_version }}"
|
||||
name: "wazuh-dashboard={{ dashboard_version }}-1"
|
||||
state: present
|
||||
register: install
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Remove Elasticsearch repository (and clean up left-over metadata)
|
||||
- name: Remove Wazuh-Dashboard repository (and clean up left-over metadata)
|
||||
yum_repository:
|
||||
name: opendistro_repo
|
||||
name: wazuh_repo
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -1,18 +1,18 @@
|
||||
---
|
||||
- block:
|
||||
|
||||
- name: RedHat/CentOS/Fedora | Add OpenDistro repo
|
||||
- name: RedHat/CentOS/Fedora | Add Wazuh-Dashboard repo
|
||||
yum_repository:
|
||||
file: opendistro
|
||||
name: opendistro_repo
|
||||
description: Opendistro yum repository
|
||||
baseurl: "{{ package_repos.yum.indexer.baseurl }}"
|
||||
gpgkey: "{{ package_repos.yum.indexer.gpg }}"
|
||||
file: wazuh
|
||||
name: wazuh_repo
|
||||
description: Wazuh yum repository
|
||||
baseurl: "{{ package_repos.yum.dashboard.baseurl }}"
|
||||
gpgkey: "{{ package_repos.yum.dashboard.gpg }}"
|
||||
gpgcheck: true
|
||||
|
||||
- name: Install Wazuh-Dashboard
|
||||
package:
|
||||
name: "wazuh-dashboard-{{ kibana_opendistro_version }}"
|
||||
name: "wazuh-dashboard-{{ dashboard_version }}"
|
||||
state: present
|
||||
register: install
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
|
||||
- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
|
||||
- name: Stopping early, trying to compile Wazuh Dashboard Plugin on Debian 10 is not possible
|
||||
fail:
|
||||
msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
|
||||
msg: "It's not possible to compile the Wazuh Dashboard plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
|
||||
when:
|
||||
- build_from_sources
|
||||
- ansible_distribution == "Debian"
|
||||
@ -14,36 +14,35 @@
|
||||
- import_tasks: Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: Remove Kibana configuration file
|
||||
- name: Remove Dashboard configuration file
|
||||
file:
|
||||
# noqa 503
|
||||
path: "{{ kibana_conf_path }}/kibana.yml"
|
||||
path: "{{ dashboard_conf_path }}/dashboard.yml"
|
||||
state: absent
|
||||
tags: install
|
||||
|
||||
- import_tasks: security_actions.yml
|
||||
|
||||
- name: Copy Configuration File
|
||||
blockinfile:
|
||||
block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}"
|
||||
dest: "{{ kibana_conf_path }}/kibana.yml"
|
||||
create: true
|
||||
group: kibana
|
||||
owner: kibana
|
||||
template:
|
||||
src: "templates/dashboard.yml.j2"
|
||||
dest: "{{ dashboard_conf_path }}/dashboard.yml"
|
||||
group: wazuh-dashboard
|
||||
owner: wazuh-dashboard
|
||||
mode: 0640
|
||||
marker: "## {mark} Kibana general settings ##"
|
||||
force: yes
|
||||
notify: restart wazuh-dashboard
|
||||
tags:
|
||||
- install
|
||||
- configure
|
||||
|
||||
- name: Ensuring Kibana directory owner
|
||||
- name: Ensuring Wazuh-Dashboard directory owner
|
||||
file:
|
||||
# noqa 208
|
||||
path: "/usr/share/kibana"
|
||||
path: "/usr/share/wazuh-dashboard"
|
||||
state: directory
|
||||
owner: kibana
|
||||
group: kibana
|
||||
owner: wazuh-dashboard
|
||||
group: wazuh-dashboard
|
||||
recurse: yes
|
||||
|
||||
#- name: Build and Install Wazuh Kibana Plugin from sources
|
||||
@ -70,7 +69,7 @@
|
||||
# - not build_from_sources
|
||||
|
||||
#- name: Kibana optimization (can take a while)
|
||||
# shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
|
||||
# shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ dashboard_conf_path }}/kibana.yml
|
||||
# args:
|
||||
# executable: /bin/bash
|
||||
# become: yes
|
||||
@ -79,44 +78,44 @@
|
||||
# tags:
|
||||
# - skip_ansible_lint
|
||||
|
||||
- name: Wait for Elasticsearch port
|
||||
wait_for: host={{ indexer_network_host }} port={{ elasticsearch_http_port }}
|
||||
- name: Wait for Wazuh-Indexer port
|
||||
wait_for: host={{ indexer_network_host }} port={{ indexer_http_port }}
|
||||
|
||||
- name: Select correct API protocol
|
||||
set_fact:
|
||||
elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}"
|
||||
indexer_api_protocol: "{% if dashboard_security is defined and dashboard_security %}https{% else %}http{% endif %}"
|
||||
|
||||
- name: Attempting to delete legacy Wazuh index if exists
|
||||
uri:
|
||||
url: "{{ elastic_api_protocol }}://{{ indexer_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
|
||||
url: "{{ indexer_api_protocol }}://{{ indexer_network_host }}:{{ indexer_http_port }}/.wazuh"
|
||||
method: DELETE
|
||||
user: "admin"
|
||||
password: "{{ indexer_admin_password }}"
|
||||
validate_certs: no
|
||||
status_code: 200, 404
|
||||
|
||||
- name: Create wazuh plugin config directory
|
||||
- name: Create Wazuh Plugin config directory
|
||||
file:
|
||||
path: /usr/share/kibana/data/wazuh/config/
|
||||
path: /usr/share/wazuh-dashboard/data/wazuh/config/
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: kibana
|
||||
group: kibana
|
||||
owner: wazuh-dashboard
|
||||
group: wazuh-dashboard
|
||||
mode: 0751
|
||||
changed_when: False
|
||||
|
||||
- name: Configure Wazuh Kibana Plugin
|
||||
- name: Configure Wazuh Dashboard Plugin
|
||||
template:
|
||||
src: wazuh.yml.j2
|
||||
dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
|
||||
owner: kibana
|
||||
group: kibana
|
||||
dest: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
|
||||
owner: wazuh-dashboard
|
||||
group: wazuh-dashboard
|
||||
mode: 0751
|
||||
changed_when: False
|
||||
|
||||
- name: Ensure Kibana started and enabled
|
||||
- name: Ensure Wazuh-Dashboard started and enabled
|
||||
service:
|
||||
name: kibana
|
||||
name: wazuh-dashboard
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
- block:
|
||||
|
||||
- name: Copy the certificates from local to the Kibana instance
|
||||
- name: Copy the certificates from local to the Wazuh-Dashboard instance
|
||||
copy:
|
||||
src: "{{ local_certs_path }}/certs/{{ item }}"
|
||||
dest: /usr/share/kibana
|
||||
dest: /etc/wazuh-dashboard/certs/
|
||||
mode: 0644
|
||||
with_items:
|
||||
- "root-ca.pem"
|
||||
- "{{ kibana_node_name }}_http.key"
|
||||
- "{{ kibana_node_name }}_http.pem"
|
||||
- "{{ dashboard_node_name }}-key.pem"
|
||||
- "{{ dashboard_node_name }}.pem"
|
||||
tags:
|
||||
- security
|
||||
|
||||
15
roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2
Normal file
15
roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2
Normal file
@ -0,0 +1,15 @@
|
||||
server.host: {{ dashboard_server_host }}
|
||||
server.port: {{ dashboard_server_port }}
|
||||
opensearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}"
|
||||
opensearch.ssl.verificationMode: certificate
|
||||
opensearch.username: {{ dashboard_user }}
|
||||
opensearch.password: {{ dashboard_password }}
|
||||
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
|
||||
opensearch_security.multitenancy.enabled: true
|
||||
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
|
||||
server.ssl.enabled: true
|
||||
server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem"
|
||||
server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem"
|
||||
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
|
||||
logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"
|
||||
uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
|
||||
@ -1,17 +1,17 @@
|
||||
# {{ ansible_managed }}
|
||||
# Description:
|
||||
# Default Kibana configuration for Open Distro.
|
||||
server.port: {{ kibana_server_port }}
|
||||
server.port: {{ dashboard_server_port }}
|
||||
|
||||
#server.basePath: ""
|
||||
server.maxPayloadBytes: {{ kibana_max_payload_bytes }}
|
||||
server.name: {{ kibana_server_name }}
|
||||
server.name: {{ dashboard_server_name }}
|
||||
server.host: {{ kibana_server_host }}
|
||||
|
||||
|
||||
{% if kibana_opendistro_security %}
|
||||
|
||||
elasticsearch.hosts: "https://{{ indexer_network_host }}:{{ elasticsearch_http_port }}"
|
||||
elasticsearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}"
|
||||
elasticsearch.username: {{ opendistro_kibana_user }}
|
||||
elasticsearch.password: {{ dashboard_password }}
|
||||
server.ssl.enabled: true
|
||||
@ -21,7 +21,7 @@ elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/root-ca.pem"]
|
||||
elasticsearch.ssl.verificationMode: full
|
||||
|
||||
{% else %}
|
||||
elasticsearch.hosts: "http://{{ indexer_network_host }}:{{ elasticsearch_http_port }}"
|
||||
elasticsearch.hosts: "http://{{ indexer_network_host }}:{{ indexer_http_port }}"
|
||||
{% endif %}
|
||||
|
||||
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
---
|
||||
|
||||
kibana_opendistro_version: 4.3.0
|
||||
dashboard_version: 4.3.0
|
||||
@ -4,9 +4,9 @@
|
||||
- name: RedHat/CentOS/Fedora | Add Wazuh-Indexer repo
|
||||
## 732 wazuh repo should be added instead.
|
||||
yum_repository:
|
||||
file: opendistro
|
||||
name: opendistro_repo
|
||||
description: Opendistro yum repository
|
||||
file: wazuh
|
||||
name: wazuh_repo
|
||||
description: Wazuh yum repository
|
||||
baseurl: "{{ package_repos.yum.indexer.baseurl }}"
|
||||
gpgkey: "{{ package_repos.yum.indexer.gpg }}"
|
||||
gpgcheck: true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user