afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #27 from angystardust/linux-restapi-register

Browse Source 
Implement Linux agent registration via restapi
This commit is contained in:
Miguelangel Freitas 2018-05-15 16:11:25 -05:00 committed by GitHub
commit ccba2f039d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 152 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ansible-wazuh-agent/README.md
View File

@ -25,19 +25,23 @@ Playbook example
The following is an example how this role can be used:
- hosts: all:!wazuh-manager
roles:
- ansible-wazuh-agent
vars:
wazuh_managers:
- address: 127.0.0.1
port: 1514
protocol: udp
wazuh_agent_authd:
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'
- hosts: all:!wazuh-manager
roles:
- ansible-wazuh-agent
vars:
wazuh_managers:
- address: 127.0.0.1
port: 1514
protocol: udp
api_port: 55000
api_proto: 'http'
api_user: 'ansible'
wazuh_agent_authd:
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'
License and copyright
---------------------

3
ansible-wazuh-agent/defaults/main.yml
View File

@ -3,6 +3,9 @@ wazuh_managers:
- address: 127.0.0.1
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: null
wazuh_profile: null
wazuh_auto_restart: 'yes'
wazuh_agent_authd:

171
ansible-wazuh-agent/tasks/Linux.yml
View File

@ -10,60 +10,137 @@
tags:
- init
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
tags:
- config
- name: Copy CA, SSL key and cert for authd
copy:
src: "{{ item }}"
dest: "/var/ossec/etc/{{ item | basename }}"
mode: 0644
with_items:
- "{{ wazuh_agent_authd.ssl_agent_ca }}"
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
- "{{ wazuh_agent_authd.ssl_agent_key }}"
tags:
- config
when:
- wazuh_agent_authd.ssl_agent_ca is not none
- wazuh_agent_authd.enable == true
- name: Linux | Check if client.keys exists
stat: path=/var/ossec/etc/client.keys
register: check_keys
tags:
- config
- name: Linux | Register agent
shell: >
/var/ossec/bin/agent-auth
-m {{ wazuh_managers.0.address }}
-p {{ wazuh_agent_authd.port }}
{% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
{% if wazuh_agent_authd.ssl_agent_ca is not none %}
-v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
-x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
-k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
register: agent_auth_output
when:
- wazuh_agent_authd.enable == true
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
- name: Linux | Agent registration via authd
block:
- name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key created"
when:
- wazuh_agent_authd.enable == true
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
tags:
- config
- authd
- name: Copy CA, SSL key and cert for authd
copy:
src: "{{ item }}"
dest: "/var/ossec/etc/{{ item | basename }}"
mode: 0644
with_items:
- "{{ wazuh_agent_authd.ssl_agent_ca }}"
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
- "{{ wazuh_agent_authd.ssl_agent_key }}"
tags:
- config
- authd
when:
- wazuh_agent_authd.ssl_agent_ca is not none
- name: Linux | Register agent (via authd)
shell: >
/var/ossec/bin/agent-auth
-m {{ wazuh_managers.0.address }}
-p {{ wazuh_agent_authd.port }}
{% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
{% if wazuh_agent_authd.ssl_agent_ca is not none %}
-v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
-x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
-k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
register: agent_auth_output
when:
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
- authd
- name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key created"
when:
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
tags:
- config
- authd
when: wazuh_agent_authd.enable == true
- name: Linux | Agent registration via rest-API
block:
- name: Retrieving rest-API Credentials
include_vars: api_pass.yml
tags:
- config
- api
- name: Linux | Create the agent key via rest-API
uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/"
validate_certs: no
method: POST
body: {"name":"{{ inventory_hostname }}"}
body_format: json
status_code: 200
headers:
Content-Type: "application/json"
user: "{{ wazuh_managers.0.api_user }}"
password: "{{ api_pass }}"
register: newagent_api
changed_when: newagent_api.json.error == 0
when:
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
become: no
tags:
- config
- api
- name: Linux | Retieve new agent data via rest-API
uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}"
validate_certs: no
method: GET
return_content: yes
user: "{{ wazuh_managers.0.api_user }}"
password: "{{ api_pass }}"
when:
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.json.error == 0
register: newagentdata_api
delegate_to: localhost
become: no
tags:
- config
- api
- name: Linux | Register agent (via rest-API)
command: /var/ossec/bin/manage_agents
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}'
OSSEC_AGENT_IP: '{{ newagentdata_api.json.data.ip }}'
OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}'
OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
when:
- check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.changed
tags:
- config
- api
notify: restart wazuh-agent
when: wazuh_agent_authd.enable == false
- name: Linux | Vuls integration deploy (runs in background, can take a while)
command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}

1
ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -1,4 +1,5 @@
#jinja2: trim_blocks: False
<!-- {{ ansible_managed }} -->
<!--
Wazuh - Agent
More info at: https://documentation.wazuh.com

3
ansible-wazuh-agent/vars/api_pass.yml Normal file
View File

@ -0,0 +1,3 @@
---
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
#api_pass: 'changeme'

1
ansible-wazuh-agent/vars/authd_pass.yml
View File

@ -1,2 +1,3 @@
---
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
#authd_pass: 'foobar'

3
wazuh-agent.yml
View File

@ -6,6 +6,9 @@
- address: 127.0.0.1
port: 1514
protocol: udp
api_port: 55000
api_proto: 'http'
api_user: ansible
wazuh_agent_authd:
enable: true
port: 1515