diff --git a/CHANGELOG.md b/CHANGELOG.md index 987939a3..213cb432 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.4_7.6.1] + +### Added + +- Update to Wazuh v3.11.4 +- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377) + +### Changed + +- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369) +- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375) +- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348) + +### Fixed + +- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371) +- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372) +- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352) +- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360) + ## [v3.11.3_7.5.2] ### Added diff --git a/VERSION b/VERSION index a70bc633..d6be8992 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.3" -REVISION="31130" +WAZUH-ANSIBLE_VERSION="v4" +REVISION="31140" diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index bd85a3a6..8c7eaa69 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: tcp + protocol: udp api_port: 55000 api_proto: 'http' api_user: ansible diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 9d3a9cdb..e04f9527 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,9 +4,15 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.2 +elastic_stack_version: 7.6.1 elasticsearch_lower_disk_requirements: false +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + # Cluster Settings single_node: true elasticsearch_cluster_name: wazuh diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 69c698f0..74c6bcf2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,13 +30,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index bdf667bc..46989361 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index d02664c8..62f63978 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,8 +4,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index b0b1fc83..cd25eec2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,10 +5,16 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.2 -wazuh_version: 3.11.3 +elastic_stack_version: 7.6.1 +wazuh_version: 3.11.4 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + # API credentials wazuh_api_credentials: - id: "default" @@ -41,4 +47,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.5 +wazuh_plugin_branch: 3.11-7.6 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index ae6ff0e9..281555ca 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,12 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 1ae7df57..0da555b3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index abb8b0c0..7acdec09 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 6a3dc514..37cfd7dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -69,6 +69,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4926e19d..c0d663cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 84693899..8f06aaf4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.2 +filebeat_version: 7.6.1 filebeat_create_config: true @@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module @@ -49,4 +50,8 @@ master_certs_path: /es_certs generate_CA: true ca_cert_name: "" - +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 15dae1b7..a87bb2bf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,12 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: - url: https://artifacts.elastic.co/GPG-KEY-elasticsearch + url: "{{ elasticrepo.gpg }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' + repo: "deb {{ elasticrepo.apt }} stable main" state: present update_cache: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 6472db68..25a33909 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index 519121b3..1cf84081 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 3d3108f6..23948b37 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -1,9 +1,9 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + name: elastic_repo_7 + description: Elastic repository for 7.x packages + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index ca5ea6ac..07bc94ea 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -70,7 +70,7 @@ - name: Download Filebeat module package get_url: - url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_package_path }}" when: not filebeat_module_folder.stat.exists diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3ce49b3e..186cac9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,18 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.11.4-1 + + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: false +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_agent_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -51,15 +60,15 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.3' - revision: '1' - repo: https://packages.wazuh.com/3.x/windows/ - md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba + md5: 87ce22038688efb44d95f9daff472056 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 0e0ba92f..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,13 +21,16 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" + id: "{{ wazuh_agent_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -37,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..c1c701fc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index ee0aced7..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -14,25 +14,25 @@ - name: Windows | Set Win Path (x64) set_fact: wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" when: - not check_path.stat.exists - name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" register: wazuh_package_downloaded - name: Windows | Download Wazuh Agent package win_get_url: - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: "{{ wazuh_winagent_config_url }}" dest: "{{ wazuh_winagent_config.download_dir }}" when: - not wazuh_package_downloaded.stat.exists - name: Windows | Verify the Wazuh Agent installer win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" get_checksum: true checksum_algorithm: md5 register: wazuh_agent_status @@ -41,11 +41,12 @@ - name: Windows | Install Agent if not already installed win_package: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}client.keys" + win_stat: + path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: - config @@ -94,5 +95,5 @@ - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: absent diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..aa50004f --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,28 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh Agent from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 19b1eae9..199e7810 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -20,7 +20,7 @@ This role has some variables which you can or need to override. ``` wazuh_manager_fqdn: ~ wazuh_manager_config: [] -wazuh_agent_configs: [] +shared_agent_config: [] ``` Vault variables @@ -157,7 +157,7 @@ wazuh_manager_config: level: 6 timeout: 600 -wazuh_agent_configs: +shared_agent_config: - type: os type_value: linux frequency_check: 79200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0025bf5b..0da6165c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,21 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.11.4-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: false +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: false +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" update: "y" remove: "y" directory: null @@ -47,11 +56,15 @@ wazuh_api_sources_installation: common_name: null password: null +wazuh_api_user: + - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' @@ -343,56 +356,56 @@ wazuh_manager_config: - key: Env value: Production -wazuh_agent_configs: - - type: os - type_value: Linux - syscheck: - frequency: 43200 - scan_on_start: 'yes' - alert_new_files: 'yes' - ignore: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - rootcheck: - frequency: 43200 - cis_distribution_filename: null - localfiles: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'apache' - location: '/var/log/httpd/error_log' - - format: 'apache' - location: '/var/log/httpd/access_log' - - format: 'apache' - location: '/var/ossec/logs/active-responses.log' - - type: os - type_value: Windows - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - alert_new_files: 'yes' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - arch: 'both' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - localfiles: - - location: 'Security' - format: 'eventchannel' - - location: 'System' - format: 'eventlog' +# shared_agent_config: + # - type: os + # type_value: Linux + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # alert_new_files: 'yes' + # ignore: + # - /etc/mtab + # - /etc/mnttab + # - /etc/hosts.deny + # - /etc/mail/statistics + # - /etc/svc/volatile + # no_diff: + # - /etc/ssl/private.key + # rootcheck: + # frequency: 43200 + # cis_distribution_filename: null + # localfiles: + # - format: 'syslog' + # location: '/var/log/messages' + # - format: 'syslog' + # location: '/var/log/secure' + # - format: 'syslog' + # location: '/var/log/maillog' + # - format: 'apache' + # location: '/var/log/httpd/error_log' + # - format: 'apache' + # location: '/var/log/httpd/access_log' + # - format: 'apache' + # location: '/var/ossec/logs/active-responses.log' + # - type: os + # type_value: Windows + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # auto_ignore: 'no' + # alert_new_files: 'yes' + # windows_registry: + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + # arch: 'both' + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + # localfiles: + # - location: 'Security' + # format: 'eventchannel' + # - location: 'System' + # format: 'eventlog' nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e045059d..da27042f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,13 +24,16 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" + id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -41,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -105,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -121,4 +130,6 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled + - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..cb0dbf5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,8 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..0dc9808d --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,61 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" + + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + + - name: Install Wazuh API from .rpm packages | yum + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - wazuh_manager_config.cluster.node_type == "master" + + - name: Install Wazuh API from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - wazuh_manager_config.cluster.node_type == "master" + + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 10203cb9..c83aaff1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,6 +122,8 @@ stat: path: /var/ossec/api/app.js register: wazuh_api + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources block: @@ -178,5 +180,6 @@ when: - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 842d33a6..c1d91434 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,6 +11,8 @@ stat: path: /usr/bin/node register: node_service_status + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: @@ -25,7 +27,9 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: not node_service_status.stat.exists + when: + - not node_service_status.stat.exists + - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: @@ -33,6 +37,9 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: init - include_tasks: "RedHat.yml" @@ -158,6 +165,8 @@ tags: - init - config + when: + - shared_agent_config is defined - name: Installing the config.js (api configuration) template: src=var-ossec-api-configuration-config.js.j2 @@ -166,6 +175,9 @@ group=ossec mode=0740 notify: restart wazuh-api + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: - init - config @@ -191,12 +203,6 @@ tags: - config -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) - tags: - - config - name: Check if syslog output is enabled set_fact: syslog_output=true @@ -308,6 +314,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined + - wazuh_manager_config.cluster.node_type == "master" tags: - config @@ -329,31 +336,22 @@ tags: - config -- name: Ensure Wazuh Manager, wazuh API service is started and enabled +- name: Ensure Wazuh Manager service is started and enabled. service: - name: "{{ item }}" + name: "wazuh-manager" enabled: true state: started - with_items: - - wazuh-manager - - wazuh-api tags: - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 -- name: Ensure Wazuh Manager is started and enabled (EL5) +- name: Ensure Wazuh API service is started and enabled. service: - name: wazuh-manager + name: "wazuh-api" enabled: true state: started + when: wazuh_manager_config.cluster.node_type == "master" tags: - config - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" when: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index dd1c8d9a..00fdcd01 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -1,6 +1,6 @@ #jinja2: trim_blocks: False -{% if wazuh_agent_configs is defined %} -{% for agent_config in wazuh_agent_configs %} +{% if shared_agent_config is defined %} +{% for agent_config in shared_agent_config %} {% if agent_config.syscheck is defined %} diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml deleted file mode 100644 index 2d5f8c73..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"