From 82693e34f1e1475fdb9213d92c33fedd580b8b8f Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 08:42:57 +0100 Subject: [PATCH 01/46] debian repo keys with pgp keyserver --- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-logstash/defaults/main.yml | 2 ++ roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 ++ roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 6 ++++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++++-- 12 files changed, 29 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 677517a9..078fcca1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,3 +8,4 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index ae4e717f..cb6156d1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -32,8 +32,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e4a61c07..54165327 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,4 +5,4 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 - +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 9cb809d2..6e3f1f16 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,8 +10,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 955fcf6f..51a3e9ad 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -17,3 +17,5 @@ logstash_ssl_certificate_file: "" logstash_ssl_key_file: "" logstash_install_java: yes + +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 628fd8e4..1e9fceb4 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -31,8 +31,8 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Install Elasticsearch repo apt_repository: diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 0f9b5c5a..e7ebe216 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -27,3 +27,5 @@ filebeat_ssl_dir: /etc/pki/logstash filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" + +elasticrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 45494c26..afa76227 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,8 +10,8 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: - url: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present + keyserver: "{{ elasticrepo_gpg_keyserver }}" + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 52521a7d..7e20b6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -305,3 +305,5 @@ wazuh_agent_config: list: - key: Env value: Production + +wauzhrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..bbd6f8fe 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -8,8 +8,10 @@ - apt-transport-https - ca-certificates -- name: Debian/Ubuntu | Installing repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH +- name: Debian/Ubuntu | Installing Wazuh repository key + apt_key: + keyserver: "{{ wauzhrepo_gpg_keyserver }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b9817a3a..9d69fe0d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -329,3 +329,6 @@ wazuh_agent_configs: format: 'eventchannel' - location: 'System' format: 'eventlog' + +wauzhrepo_gpg_keyserver: pgp.mit.edu +nodejsrepo_gpg_keyserver: pgp.mit.edu diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..539ad4e1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,7 +9,9 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: + keyserver: "{{ wauzhrepo_gpg_keyserver }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -18,7 +20,9 @@ update_cache: yes - name: Debian/Ubuntu | Installing NodeJS repository key - apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key + apt_key: + keyserver: "{{ nodejsrepo_gpg_keyserver }}" + id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280 - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: From 59c3fe0e4bf2c4844a5a4a647675d5dd0a9d78dd Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:01:16 +0100 Subject: [PATCH 02/46] make debian repos customizable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-logstash/defaults/main.yml | 1 + roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 ++ roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- 12 files changed, 14 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 078fcca1..82a2b0ce 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -9,3 +9,4 @@ elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index cb6156d1..895a2897 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -37,7 +37,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' update_cache: yes diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 54165327..1d41a025 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,3 +6,4 @@ kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 6e3f1f16..bb773faf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' update_cache: yes diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 51a3e9ad..662aa80a 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -19,3 +19,4 @@ logstash_ssl_key_file: "" logstash_install_java: yes elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 1e9fceb4..0814ed77 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -36,7 +36,7 @@ - name: Debian/Ubuntu | Install Elasticsearch repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present filename: 'elastic_repo' diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index e7ebe216..d71dd489 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -29,3 +29,4 @@ filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index afa76227..c1566aeb 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -15,6 +15,6 @@ - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: "deb {{ elasticrepo_server }} stable main" state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7e20b6ce..3677d48b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -307,3 +307,4 @@ wazuh_agent_config: value: Production wauzhrepo_gpg_keyserver: pgp.mit.edu +wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index bbd6f8fe..220ea98a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuhrepo_server }} stable main" state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9d69fe0d..104aa971 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -332,3 +332,5 @@ wazuh_agent_configs: wauzhrepo_gpg_keyserver: pgp.mit.edu nodejsrepo_gpg_keyserver: pgp.mit.edu +wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ +nodejsrepo_server: https://deb.nodesource.com/node_6.x diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 539ad4e1..23e1c08f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -15,7 +15,7 @@ - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: "deb {{ wazuhrepo_server }} stable main" state: present update_cache: yes @@ -26,7 +26,7 @@ - name: Debian/Ubuntu | Add NodeSource repositories for Node.js apt_repository: - repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" + repo: "deb {{ nodejsrepo_server }} {{ ansible_distribution_release }} main" state: present update_cache: yes From 9a7814213754448ff8de1cc5d2423b262fbb8d12 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:08:44 +0100 Subject: [PATCH 03/46] changed keyserver for better performance --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-logstash/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 82a2b0ce..ef5e02cd 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,5 +8,5 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 1d41a025..3796a67f 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,5 +5,5 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 662aa80a..0be1cc56 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,5 +18,5 @@ logstash_ssl_key_file: "" logstash_install_java: yes -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index d71dd489..5f3023c1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,5 +28,5 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" -elasticrepo_gpg_keyserver: pgp.mit.edu +elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3677d48b..b043d1a4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,5 +306,5 @@ wazuh_agent_config: - key: Env value: Production -wauzhrepo_gpg_keyserver: pgp.mit.edu +wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 104aa971..66f46837 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,7 +330,7 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -wauzhrepo_gpg_keyserver: pgp.mit.edu -nodejsrepo_gpg_keyserver: pgp.mit.edu +wauzhrepo_gpg_keyserver: pool.sks-keyservers.net +nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x From fe109526b6cfc5e6faddf692d9af82c9364b090d Mon Sep 17 00:00:00 2001 From: joschneid Date: Fri, 25 Jan 2019 08:35:41 +0100 Subject: [PATCH 04/46] custom wazuh app location --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 3796a67f..bdf8d314 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,3 +7,4 @@ elastic_stack_version: 6.5.4 wazuh_version: 3.8.0 elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +wazuhapp_location: https://packages.wazuh.com/wazuhapp diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index db85a112..fa105045 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,7 +46,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install {{wazuhapp_location}}/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: From 6e880f7dabbb398e26ffd9a5dc8d15feeab593f5 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 7 Feb 2019 15:21:33 +0100 Subject: [PATCH 05/46] wrong fact for possible syscheck directories --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6327441a..c62318b9 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -99,7 +99,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %} + {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% for directory in wazuh_agent_config.syscheck.directories %} {{ directory.dirs }} {% endfor %} From 6f1632690551da7118d4856389c0c033c7d15ce0 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 08:42:57 +0100 Subject: [PATCH 06/46] debian repo keys with pgp keyserver --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 4 ++++ roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++++ roles/elastic-stack/ansible-logstash/defaults/main.yml | 4 ++++ roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ++++ roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 5 +++++ 6 files changed, 25 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index ef5e02cd..c36a9ef1 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,5 +8,9 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 2b02b8b4..88893f0c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,7 +5,11 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.2 +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 0be1cc56..fdc11b82 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,5 +18,9 @@ logstash_ssl_key_file: "" logstash_install_java: yes +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 5f3023c1..c41838a1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,5 +28,9 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt +======= +elasticrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 069d1905..77b38746 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,5 +306,9 @@ wazuh_agent_config: - key: Env value: Production +<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ +======= +wauzhrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 66f46837..9f05f727 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,7 +330,12 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' +<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x +======= +wauzhrepo_gpg_keyserver: pgp.mit.edu +nodejsrepo_gpg_keyserver: pgp.mit.edu +>>>>>>> debian repo keys with pgp keyserver From 0256b529f13179e81acfbe3e30f183f7dbead135 Mon Sep 17 00:00:00 2001 From: joschneid Date: Thu, 24 Jan 2019 09:01:16 +0100 Subject: [PATCH 07/46] make debian repos customizable --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 4 ---- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ---- roles/elastic-stack/ansible-logstash/defaults/main.yml | 4 ---- roles/wazuh/ansible-filebeat/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 5 ----- 6 files changed, 25 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index c36a9ef1..ef5e02cd 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -8,9 +8,5 @@ elastic_stack_version: 6.5.4 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: yes -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 88893f0c..2b02b8b4 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,11 +5,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 wazuh_version: 3.8.2 -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index fdc11b82..0be1cc56 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -18,9 +18,5 @@ logstash_ssl_key_file: "" logstash_install_java: yes -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c41838a1..5f3023c1 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,9 +28,5 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" -<<<<<<< HEAD elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt -======= -elasticrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 77b38746..069d1905 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -306,9 +306,5 @@ wazuh_agent_config: - key: Env value: Production -<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ -======= -wauzhrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9f05f727..66f46837 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -330,12 +330,7 @@ wazuh_agent_configs: - location: 'System' format: 'eventlog' -<<<<<<< HEAD wauzhrepo_gpg_keyserver: pool.sks-keyservers.net nodejsrepo_gpg_keyserver: pool.sks-keyservers.net wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ nodejsrepo_server: https://deb.nodesource.com/node_6.x -======= -wauzhrepo_gpg_keyserver: pgp.mit.edu -nodejsrepo_gpg_keyserver: pgp.mit.edu ->>>>>>> debian repo keys with pgp keyserver From 1a73b8e8a1a9ffca879bced081c97a6073662b22 Mon Sep 17 00:00:00 2001 From: joschneid Date: Fri, 25 Jan 2019 08:35:41 +0100 Subject: [PATCH 08/46] custom wazuh app location --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 2b02b8b4..c14b41bd 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -8,4 +8,3 @@ wazuh_version: 3.8.2 elasticrepo_gpg_keyserver: pool.sks-keyservers.net elasticrepo_server: https://artifacts.elastic.co/packages/6.x/apt wazuhapp_location: https://packages.wazuh.com/wazuhapp - From 62ac174880772dd874b884dbff89da919287453e Mon Sep 17 00:00:00 2001 From: sgargel Date: Thu, 24 Oct 2019 18:24:32 +0200 Subject: [PATCH 09/46] Fix for Wazuh-API User skipped on debian This should fix that Wazuh-API User task is being skipped on debian > 6 --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index a1afbb4c..40b51863 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,8 +322,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config @@ -379,8 +378,7 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') - - ansible_distribution_major_version|int < 6 + - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - name: Ensure Wazuh Manager is started and enabled (EL5) service: From ec0104cda58d4acca20422a63a40268e00354536 Mon Sep 17 00:00:00 2001 From: sgargel Date: Wed, 30 Oct 2019 11:05:46 +0100 Subject: [PATCH 10/46] Update main.yml --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 40b51863..7b2ca34e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,7 +322,6 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) tags: - config From c3cc763a5e719aacb81c378c0f64d6233762fa1a Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 11:58:05 +0100 Subject: [PATCH 11/46] added key ID for download only when required --- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 5 +++-- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 1 + roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 1 + 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index c82e52ce..1b9c1da5 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,9 +30,9 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 - + state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index b00ad94a..4a621092 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -8,10 +8,11 @@ register: kibana_installing_ca_package until: kibana_installing_ca_package is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key +- name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index a192c401..ed4cde1a 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -8,10 +8,11 @@ register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded -- name: Debian/Ubuntu | Add Elasticsearch apt key. +- name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - keyserver: "{{ elasticrepo_gpg_keyserver }}" + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 0e0ba92f..d3d12c22 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,6 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e045059d..f47a3ef7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,6 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" + id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From d328609f29f3092b33b2bc382257c454fd83b2f3 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:06:40 +0100 Subject: [PATCH 12/46] repo param not needed any longer --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 --- 2 files changed, 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b4d1ed06..9db5406d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -342,8 +342,4 @@ wazuh_agent_config: list: - key: Env value: Production - wazuh_agent_nat: false - -wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ -wauzhrepo_gpg_keyserver: pool.sks-keyservers.net diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 09a8b4a1..638fa90b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -396,6 +396,3 @@ nodejs: debian: "deb" redhat: "rpm" repo_url_ext: "nodesource.com/setup_8.x" - -wauzhrepo_gpg_keyserver: pool.sks-keyservers.net -wazuhrepo_server: https://packages.wazuh.com/3.x/apt/ From b9b2663b3d0d496350fa5ca907d8cdfae3a1d548 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:26:34 +0100 Subject: [PATCH 13/46] made elasticrepo configurable --- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 6 ++++-- .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 ++-- .../ansible-elasticsearch/tasks/RMDebian.yml | 2 +- .../ansible-elasticsearch/tasks/RMRedHat.yml | 2 +- .../elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 6 ++++-- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 4 ++-- roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/RedHat.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 6 ++++-- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-filebeat/tasks/RMDebian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 8 ++++---- 15 files changed, 32 insertions(+), 26 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 55b79a69..8b16fb18 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -7,8 +7,10 @@ elasticsearch_jvm_xms: null elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt -elasticrepo_gpg_keyserver: pool.sks-keyservers.net +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 1b9c1da5..e908d63c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -30,13 +30,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml index bdf667bc..46989361 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index d02664c8..62f63978 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -4,8 +4,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 642473af..e741567a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,8 +9,10 @@ elastic_stack_version: 7.5.1 wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt -elasticrepo_gpg_keyserver: pool.sks-keyservers.net +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 4a621092..04c174c9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -10,13 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present filename: 'elastic_repo_7' update_cache: true diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index c123c707..4fcfb44c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml index 1ae7df57..0da555b3 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: Remove Elasticsearch repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index abb8b0c0..7acdec09 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: elastic_repo_7 description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index eda469ba..ad93dd3a 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -49,5 +49,7 @@ master_certs_path: /es_certs generate_CA: true ca_cert_name: "" -elasticrepo_gpg_keyserver: pool.sks-keyservers.net -elasticrepo_server: https://artifacts.elastic.co/packages/7.x/apt +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index ed4cde1a..8c33fb0e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -10,13 +10,13 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: "deb {{ elasticrepo_server }} stable main" + repo: "deb {{ elasticrepo.apt }} stable main" state: present update_cache: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 6472db68..25a33909 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main + repo: "deb {{ elasticrepo.apt }} stable main" state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml index 519121b3..1cf84081 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml @@ -1,6 +1,6 @@ --- - name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata) yum_repository: - name: elastic_repo + name: elastic_repo_7 state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 3d3108f6..23948b37 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -1,9 +1,9 @@ --- - name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo yum_repository: - name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch + name: elastic_repo_7 + description: Elastic repository for 7.x packages + baseurl: "{{ elasticrepo.yum }}" + gpgkey: "{{ elasticrepo.gpg }}" gpgcheck: true changed_when: false From f9e50c5e8439025711b477232845e955a8d8eddd Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 13:36:22 +0100 Subject: [PATCH 14/46] unnecessary changes --- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 04c174c9..597a6354 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -8,7 +8,7 @@ register: kibana_installing_ca_package until: kibana_installing_ca_package is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key. +- name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 8c33fb0e..1a97d44f 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -8,7 +8,7 @@ register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded -- name: Debian/Ubuntu | Add Elasticsearch GPG key. +- name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 From 7e9f59388a94f73d1a673b6736cb52ee24a6b513 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 16 Jan 2020 14:23:53 +0100 Subject: [PATCH 15/46] filebeat module destination configurable --- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index ad93dd3a..7f49790e 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" +filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index ca5ea6ac..07bc94ea 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -70,7 +70,7 @@ - name: Download Filebeat module package get_url: - url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_package_path }}" when: not filebeat_module_folder.stat.exists From 5906bd2df4ae8d6a5d3349168dd8f5307239945b Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 21 Jan 2020 09:08:03 +0100 Subject: [PATCH 16/46] Change Wazuh Agent default protocol to udp in wazuh-agent.yml playbook --- playbooks/wazuh-agent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index bd85a3a6..8c7eaa69 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -6,7 +6,7 @@ wazuh_managers: - address: port: 1514 - protocol: tcp + protocol: udp api_port: 55000 api_proto: 'http' api_user: ansible From 6361eacbf0dd56e0171aa26654f2a29a3baf050f Mon Sep 17 00:00:00 2001 From: joschneider Date: Tue, 21 Jan 2020 10:56:59 +0100 Subject: [PATCH 17/46] repo gpg key id as a paramater --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 + roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 1 + roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 10 files changed, 10 insertions(+), 5 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 8b16fb18..1a737c04 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -11,6 +11,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index e908d63c..cfdbe342 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e741567a..07675f85 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,6 +13,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 597a6354..ff4373dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 7f49790e..5b655311 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -54,3 +54,4 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 1a97d44f..bdd7dc51 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" - id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + id: "{{ elasticrepo.kid }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9db5406d..d92b07b4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,6 +60,7 @@ wazuh_agent_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d3d12c22..452fbdf8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 + id: "{{ wazuhrepo.kid }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 638fa90b..fadc54f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -52,6 +52,7 @@ wazuh_manager_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f47a3ef7..e4b69bcb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: 0DCFCA5547B19D2A6099506096B3EE5F29111145 + id: "{{ wazuhrepo.kid }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From 50964bd0f855244778b0569075bb468061f1eb79 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Tue, 21 Jan 2020 11:57:33 +0100 Subject: [PATCH 18/46] better naming for parameter kid --- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 1a737c04..50b56d5c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -11,7 +11,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # Cluster Settings single_node: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index cfdbe342..74c6bcf2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -31,7 +31,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 07675f85..10408e77 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -13,7 +13,7 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' # API credentials wazuh_api_credentials: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index ff4373dc..281555ca 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Install Elastic repo diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 5b655311..d7bdcf02 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -54,4 +54,4 @@ elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' yum: 'https://artifacts.elastic.co/packages/7.x/yum' gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index bdd7dc51..a87bb2bf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.kid }}" + id: "{{ elasticrepo.key_id }}" state: present - name: Debian/Ubuntu | Add Filebeat repository. diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d92b07b4..d1c027ad 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,7 +60,7 @@ wazuh_agent_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' active_response: ar_disabled: 'no' ca_store: '/var/ossec/etc/wpk_root.pem' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 452fbdf8..88b9895c 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: "{{ wazuhrepo.kid }}" + id: "{{ wazuhrepo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index fadc54f9..ce84fa80 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -52,7 +52,7 @@ wazuh_manager_config: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' yum: 'https://packages.wazuh.com/3.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' json_output: 'yes' alerts_log: 'yes' logall: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index e4b69bcb..58e4c232 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: "{{ wazuhrepo.kid }}" + id: "{{ wazuhrepo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From 5479fc55501efe4c6a2406dcf74f7847df1c13d1 Mon Sep 17 00:00:00 2001 From: Jochen Schneider Date: Thu, 23 Jan 2020 14:30:55 +0100 Subject: [PATCH 19/46] corrected repo key id parameter --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 88b9895c..68c0b726 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -25,7 +25,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_agent_config.repo.gpg }}" - id: "{{ wazuhrepo.key_id }}" + id: "{{ wazuh_agent_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 58e4c232..36fe4ff5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -28,7 +28,7 @@ - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url: "{{ wazuh_manager_config.repo.gpg }}" - id: "{{ wazuhrepo.key_id }}" + id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled From 7a8d2a7f9d68e1ed76cbde2b930f1b586782128f Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 4 Feb 2020 11:59:19 +0100 Subject: [PATCH 20/46] Upgrade to NodeJS v10 --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0025bf5b..489becb2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -395,4 +395,4 @@ nodejs: repo_dict: debian: "deb" redhat: "rpm" - repo_url_ext: "nodesource.com/setup_8.x" + repo_url_ext: "nodesource.com/setup_10.x" From 01fb6b1d361236ed9d8231e288c630f55d9e93ff Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 11 Feb 2020 14:51:10 +0100 Subject: [PATCH 21/46] Sanatizing the Manager and API active status verification task --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 58c3f763..dd4fa04a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -339,20 +339,6 @@ - wazuh-api tags: - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (ansible_facts['os_family']|lower == 'redhat' and ansible_distribution_major_version|int < 6) - -- name: Ensure Wazuh Manager is started and enabled (EL5) - service: - name: wazuh-manager - enabled: true - state: started - tags: - - config - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - include_tasks: "RMRedHat.yml" when: From abdbab92474556add24b3d672e7a3b6be9d769de Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 14 Feb 2020 15:09:40 +0100 Subject: [PATCH 22/46] Fix auth path for 64bits Windows --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index ee0aced7..61e2412d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -14,7 +14,7 @@ - name: Windows | Set Win Path (x64) set_fact: wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" when: - not check_path.stat.exists From 1366a745696aa9304021683d48433c98d8614ba5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 14 Feb 2020 17:13:42 +0100 Subject: [PATCH 23/46] Remove API credentials as variable files and move to defaults --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ------ roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml | 3 --- 3 files changed, 3 insertions(+), 9 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5f32a0f1..8c71671b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -47,6 +47,9 @@ wazuh_api_sources_installation: common_name: null password: null +wazuh_api_user: + - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" + wazuh_manager_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index dd4fa04a..faf13d05 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -191,12 +191,6 @@ tags: - config -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) - tags: - - config - name: Check if syslog output is enabled set_fact: syslog_output=true diff --git a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml deleted file mode 100644 index 2d5f8c73..00000000 --- a/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" From 9bc6d550be6de3b42b3bfc07a5adbf73a7537baa Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:46:41 +0100 Subject: [PATCH 24/46] Create required variables for Wazuh Manager installation from packages --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c71671b..f1e9866b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,6 +4,15 @@ wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present +# Custom packages installation +wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" +wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation wazuh_manager_sources_installation: enabled: false branch: "v3.11.3" From 7fb76b42e65993b925355b513aea31c40aa8be11 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:13 +0100 Subject: [PATCH 25/46] Create required tasks to download and install .rpm and .deb packages --- .../installation_from_custom_packages.yml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..ae837c9a --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -0,0 +1,34 @@ +--- + - block: + - name: Install Wazuh Manager from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_api_deb_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "debian" + + - block: + - name: Install Wazuh Manager from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + + - name: Install Wazuh API from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + when: + - ansible_os_family|lower == "redhat" \ No newline at end of file From bf6f72039cccac7fb0f9ebcce28a4084f4247ad9 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 17:47:49 +0100 Subject: [PATCH 26/46] Update conditionals in Managers tasks to filter installation from packages --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 11 ++++++++++- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 36fe4ff5..ca4820fc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,6 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -32,6 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -42,6 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -106,11 +109,16 @@ tags: init when: - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled - include_tasks: "installation_from_sources.yml" when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - name: Debian/Ubuntu | Install wazuh-api apt: name: @@ -122,4 +130,5 @@ until: wazuh_manager_main_packages_installed is succeeded tags: init when: - - not wazuh_api_sources_installation.enabled \ No newline at end of file + - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 5dc57e81..c0ff9ee4 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -11,6 +11,7 @@ - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled register: repo_v5_manager_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_manager_installed is skipped - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: RedHat/CentOS/Fedora | Install openscap package: name={{ item }} state=present @@ -118,6 +120,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_manager_sources_installation.enabled + - not wazuh_custom_packages_installation_manager_enabled tags: - init @@ -125,6 +128,10 @@ when: - wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled +- include_tasks: "../tasks/installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled + - name: CentOS/RedHat/Amazon | Install wazuh-api package: name: "wazuh-api-{{ wazuh_manager_version }}" @@ -134,6 +141,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled + - not wazuh_custom_packages_installation_api_enabled tags: - init From aa33bd353140783b798b3036a71df4ab0077d681 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:26 +0100 Subject: [PATCH 27/46] Add required variables to install agents from custom packages --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 266cb33f..202f5d3a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,15 @@ --- wazuh_agent_version: 3.11.3-1 + +# Custom packages installation + +wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" +wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" + +# Sources installation + wazuh_agent_sources_installation: enabled: false branch: "v3.11.3" From 281d54557afcd46c564effee58d637be9f6e186b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:09:48 +0100 Subject: [PATCH 28/46] Create tasks to download and install Agent from .rpm and .deb packages --- .../tasks/installation_from_custom_packages.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml new file mode 100644 index 00000000..01ce540c --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -0,0 +1,16 @@ +--- + - name: Install Wazuh Agent from .deb packages + apt: + deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" + state: present + when: + - ansible_os_family|lower == "debian" + - wazuh_custom_packages_installation_agent_enabled + + - name: Install Wazuh Agent from .rpm packages + yum: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file From 8f0d54b274ffdc93c26fbe811f2a6042e0a7bcce Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:10:26 +0100 Subject: [PATCH 29/46] Update Agent conditionals to make them work with custom packages install --- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 +++ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 ++++++ roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 6 ++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 68c0b726..9c12fdbf 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -21,6 +21,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -29,6 +30,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -38,6 +40,7 @@ update_cache: true when: - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian set_fact: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 5664a428..c1c701fc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -9,6 +9,10 @@ when: - wazuh_agent_sources_installation.enabled +- include_tasks: "installation_from_custom_packages.yml" + when: + - wazuh_custom_packages_installation_agent_enabled + - name: Linux CentOS/RedHat | Install wazuh-agent package: name: wazuh-agent-{{ wazuh_agent_version }} @@ -18,6 +22,7 @@ when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -29,6 +34,7 @@ when: - ansible_os_family|lower != "redhat" - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled tags: - init diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index e0b2b426..d93052c4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,8 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled + - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed - name: RedHat/CentOS/Fedora | Install Wazuh repo @@ -24,6 +25,7 @@ when: - repo_v5_installed is skipped - not wazuh_agent_sources_installation.enabled + - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: @@ -34,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 53cee9a7be1602777bbc4a40667f3c86750dabcb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:11:39 +0100 Subject: [PATCH 30/46] Fix trailing whitespace in `RedHat.yml` tasks from Agent --- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index d93052c4..8dbd2452 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -36,7 +36,7 @@ until: oracle_java_task_rpm_download is succeeded when: - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' + - wazuh_agent_config.cis_cat.install_java == 'yes' tags: - init From 807a816cf226215a565ba7af0a6b49b1da3cb06b Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 18:12:44 +0100 Subject: [PATCH 31/46] Set Wazuh version to 3.12.0 for testing purposes --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 202f5d3a..8b4d197e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.12.0-1 # Custom packages installation diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f1e9866b..3c5712d2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.12.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present From 9dddd2b26e176410fe0439345a1a55d00f3e5b99 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 19 Feb 2020 19:19:16 +0100 Subject: [PATCH 32/46] Restore Wazuh installation to default configuration --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8b4d197e..ccd96e1c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,10 +1,10 @@ --- -wazuh_agent_version: 3.12.0-1 +wazuh_agent_version: 3.11.3-1 # Custom packages installation -wazuh_custom_packages_installation_agent_enabled: true +wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3c5712d2..ffd1d90d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,14 +1,14 @@ --- -wazuh_manager_version: 3.12.0-1 +wazuh_manager_version: 3.11.3-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present # Custom packages installation -wazuh_custom_packages_installation_manager_enabled: true +wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm" -wazuh_custom_packages_installation_api_enabled: true +wazuh_custom_packages_installation_api_enabled: false wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm" From 2a7241b31a87da9289933e0358690dba64f15b6c Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:26 +0100 Subject: [PATCH 33/46] Adapt Windows Agent package related variables --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ccd96e1c..a5e0a8c0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,10 +60,9 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.3' - revision: '1' - repo: https://packages.wazuh.com/3.x/windows/ md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From c32b1ed1bd667addd29785aaa3029e79d025f996 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:39:45 +0100 Subject: [PATCH 34/46] Change Window spackage occurences to adapt it to the new variables --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 61e2412d..11f15255 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -20,19 +20,19 @@ - name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" register: wazuh_package_downloaded - name: Windows | Download Wazuh Agent package win_get_url: - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: "{{ wazuh_winagent_config_url }}" dest: "{{ wazuh_winagent_config.download_dir }}" when: - not wazuh_package_downloaded.stat.exists - name: Windows | Verify the Wazuh Agent installer win_stat: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" get_checksum: true checksum_algorithm: md5 register: wazuh_agent_status @@ -41,11 +41,12 @@ - name: Windows | Install Agent if not already installed win_package: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}client.keys" + win_stat: + path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: - config @@ -94,5 +95,5 @@ - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" state: absent From 4f8d3c6c0c17d40488b1551f452c62319a6cb0ff Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 20 Feb 2020 12:46:41 +0100 Subject: [PATCH 35/46] Remove traling whitespace in win_package task --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 11f15255..dc9b8fe0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -45,7 +45,7 @@ state: present - name: Windows | Check if client.keys exists - win_stat: + win_stat: path: "{{ wazuh_agent_win_path }}client.keys" register: check_windows_key tags: From ca8b8684cfb251e5c972498c13049f5dc02e7adf Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 21 Feb 2020 16:31:45 +0100 Subject: [PATCH 36/46] Disable shared config by default. Update occurrences --- roles/wazuh/ansible-wazuh-manager/README.md | 4 +- .../ansible-wazuh-manager/defaults/main.yml | 94 +++++++++---------- .../ansible-wazuh-manager/tasks/main.yml | 2 + .../var-ossec-etc-shared-agent.conf.j2 | 4 +- 4 files changed, 53 insertions(+), 51 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md index 19b1eae9..199e7810 100644 --- a/roles/wazuh/ansible-wazuh-manager/README.md +++ b/roles/wazuh/ansible-wazuh-manager/README.md @@ -20,7 +20,7 @@ This role has some variables which you can or need to override. ``` wazuh_manager_fqdn: ~ wazuh_manager_config: [] -wazuh_agent_configs: [] +shared_agent_config: [] ``` Vault variables @@ -157,7 +157,7 @@ wazuh_manager_config: level: 6 timeout: 600 -wazuh_agent_configs: +shared_agent_config: - type: os type_value: linux frequency_check: 79200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index ffd1d90d..f955ddc4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -356,53 +356,53 @@ wazuh_manager_config: - key: Env value: Production -wazuh_agent_configs: - - type: os - type_value: Linux - syscheck: - frequency: 43200 - scan_on_start: 'yes' - alert_new_files: 'yes' - ignore: - - /etc/mtab - - /etc/mnttab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/svc/volatile - no_diff: - - /etc/ssl/private.key - rootcheck: - frequency: 43200 - cis_distribution_filename: null - localfiles: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'apache' - location: '/var/log/httpd/error_log' - - format: 'apache' - location: '/var/log/httpd/access_log' - - format: 'apache' - location: '/var/ossec/logs/active-responses.log' - - type: os - type_value: Windows - syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - alert_new_files: 'yes' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - arch: 'both' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - localfiles: - - location: 'Security' - format: 'eventchannel' - - location: 'System' - format: 'eventlog' +# shared_agent_config: + # - type: os + # type_value: Linux + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # alert_new_files: 'yes' + # ignore: + # - /etc/mtab + # - /etc/mnttab + # - /etc/hosts.deny + # - /etc/mail/statistics + # - /etc/svc/volatile + # no_diff: + # - /etc/ssl/private.key + # rootcheck: + # frequency: 43200 + # cis_distribution_filename: null + # localfiles: + # - format: 'syslog' + # location: '/var/log/messages' + # - format: 'syslog' + # location: '/var/log/secure' + # - format: 'syslog' + # location: '/var/log/maillog' + # - format: 'apache' + # location: '/var/log/httpd/error_log' + # - format: 'apache' + # location: '/var/log/httpd/access_log' + # - format: 'apache' + # location: '/var/ossec/logs/active-responses.log' + # - type: os + # type_value: Windows + # syscheck: + # frequency: 43200 + # scan_on_start: 'yes' + # auto_ignore: 'no' + # alert_new_files: 'yes' + # windows_registry: + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' + # arch: 'both' + # - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' + # localfiles: + # - location: 'Security' + # format: 'eventchannel' + # - location: 'System' + # format: 'eventlog' nodejs: repo_dict: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index faf13d05..88b3628f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -158,6 +158,8 @@ tags: - init - config + when: + - shared_agent_config is defined - name: Installing the config.js (api configuration) template: src=var-ossec-api-configuration-config.js.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index dd1c8d9a..00fdcd01 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -1,6 +1,6 @@ #jinja2: trim_blocks: False -{% if wazuh_agent_configs is defined %} -{% for agent_config in wazuh_agent_configs %} +{% if shared_agent_config is defined %} +{% for agent_config in shared_agent_config %} {% if agent_config.syscheck is defined %} From abd4f57106e5dddda336a150c24ee27807f7b70d Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 16:11:44 +0100 Subject: [PATCH 37/46] Avoid to install Wazuh API in worker nodes, fixes #370 --- .../ansible-wazuh-manager/tasks/Debian.yml | 3 +- .../ansible-wazuh-manager/tasks/RedHat.yml | 1 + .../installation_from_custom_packages.yml | 3 ++ .../tasks/installation_from_sources.yml | 3 ++ .../ansible-wazuh-manager/tasks/main.yml | 29 +++++++++++++++---- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..4712b573 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -131,4 +131,5 @@ tags: init when: - not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled \ No newline at end of file + - not wazuh_custom_packages_installation_manager_enabled + - wazuh_manager_config.cluster.node_type == "master" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c0ff9ee4..cb0dbf5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -142,6 +142,7 @@ - ansible_os_family|lower == "redhat" - not wazuh_api_sources_installation.enabled - not wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..c4081a08 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -13,6 +13,8 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" + when: - ansible_os_family|lower == "debian" @@ -30,5 +32,6 @@ state: present when: - wazuh_custom_packages_installation_api_enabled + - wazuh_manager_config.cluster.node_type == "master" when: - ansible_os_family|lower == "redhat" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 10203cb9..484f4b58 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,6 +122,8 @@ stat: path: /var/ossec/api/app.js register: wazuh_api + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources block: @@ -178,5 +180,6 @@ when: - not wazuh_api.stat.exists - wazuh_api_sources_installation.enabled + - wazuh_manager_config.cluster.node_type == "master" tags: - api \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 88b3628f..d2ab8237 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,6 +11,8 @@ stat: path: /usr/bin/node register: node_service_status + when: + - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository block: @@ -25,7 +27,9 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: not node_service_status.stat.exists + when: + - not node_service_status.stat.exists + - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: @@ -33,6 +37,9 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: init - include_tasks: "RedHat.yml" @@ -168,6 +175,9 @@ group=ossec mode=0740 notify: restart wazuh-api + when: + - wazuh_manager_config.cluster.node_type == "master" + tags: - init - config @@ -304,6 +314,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined + - wazuh_manager_config.cluster.node_type == "master" tags: - config @@ -325,14 +336,20 @@ tags: - config -- name: Ensure Wazuh Manager, wazuh API service is started and enabled +- name: Ensure Wazuh Manager service is started and enabled. service: - name: "{{ item }}" + name: "wazuh-manager" enabled: true state: started - with_items: - - wazuh-manager - - wazuh-api + tags: + - config + +- name: Ensure Wazuh API service is started and enabled. + service: + name: "wazuh-api" + enabled: true + state: started + when: wazuh_manager_config.cluster.node_type == "master" tags: - config From 543eff6342647d9834cc3d55d12e984202f8523c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 26 Feb 2020 17:06:48 +0100 Subject: [PATCH 38/46] Fix conditions in tasks: Replace variables --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index ca4820fc..c8980bfa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,7 +24,7 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: @@ -33,7 +33,7 @@ when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: @@ -44,7 +44,7 @@ changed_when: false when: - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled - - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu set_fact: @@ -117,7 +117,7 @@ - include_tasks: "installation_from_custom_packages.yml" when: - - wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_manager_enabled + - wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled - name: Debian/Ubuntu | Install wazuh-api apt: From 079273eb353cf180010a84a3e4d3e5f8e8d0bf0c Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 26 Feb 2020 17:26:01 +0100 Subject: [PATCH 39/46] Fix linting --- .../tasks/installation_from_sources.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 484f4b58..c83aaff1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -122,7 +122,7 @@ stat: path: /var/ossec/api/app.js register: wazuh_api - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from sources diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d2ab8237..c1d91434 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -11,7 +11,7 @@ stat: path: /usr/bin/node register: node_service_status - when: + when: - wazuh_manager_config.cluster.node_type == "master" - name: Install NodeJS repository @@ -27,7 +27,7 @@ command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 - when: + when: - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" @@ -37,7 +37,7 @@ state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: init @@ -175,7 +175,7 @@ group=ossec mode=0740 notify: restart wazuh-api - when: + when: - wazuh_manager_config.cluster.node_type == "master" tags: From fde6d65723a0097183489a2602c49e106bd5dab8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 27 Feb 2020 15:17:43 +0100 Subject: [PATCH 40/46] Add chdir argument to Wazuh Kibana Plugin installation tasks --- roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml | 1 + roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index 6a3dc514..37cfd7dc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -69,6 +69,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4926e19d..c0d663cc 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana become: yes become_user: kibana notify: restart kibana From ac8a0c83082e590953ba79339dc3249861aa94c7 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:15 +0100 Subject: [PATCH 41/46] Adapt Agent installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index 01ce540c..ddd9b50d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -7,10 +7,24 @@ - ansible_os_family|lower == "debian" - wazuh_custom_packages_installation_agent_enabled - - name: Install Wazuh Agent from .rpm packages + - name: Install Wazuh Agent from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" state: present when: - ansible_os_family|lower == "redhat" - - wazuh_custom_packages_installation_agent_enabled \ No newline at end of file + - wazuh_custom_packages_installation_agent_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Agent from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" + state: present + when: + - ansible_os_family|lower == "redhat" + - wazuh_custom_packages_installation_agent_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file From 03e35ada29493d6011d686b1aa1425feab4f6ebf Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:43:26 +0100 Subject: [PATCH 42/46] Adapt Manager installation from custom packages to support RHEL/Centos 8 --- .../installation_from_custom_packages.yml | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index ae837c9a..fcc61a22 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -17,18 +17,46 @@ - ansible_os_family|lower == "debian" - block: - - name: Install Wazuh Manager from .rpm packages + - name: Install Wazuh Manager from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" state: present when: - wazuh_custom_packages_installation_manager_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh API from .rpm packages + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_manager_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + + - name: Install Wazuh API from .rpm packages | yum yum: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present when: - wazuh_custom_packages_installation_api_enabled + - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") + - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + + - name: Install Wazuh Manager from .rpm packages | dnf + dnf: + name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" + state: present + when: + - wazuh_custom_packages_installation_api_enabled + - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or + (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From cf20e52938e9ca1ba45f9fcdd39d7c5f89d5913b Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 2 Mar 2020 22:47:53 +0100 Subject: [PATCH 43/46] Fix typo in .rpm package installation task using dnf --- .../tasks/installation_from_custom_packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index fcc61a22..6472a3d6 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -48,7 +48,7 @@ - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - - name: Install Wazuh Manager from .rpm packages | dnf + - name: Install Wazuh API from .rpm packages | dnf dnf: name: "{{ wazuh_custom_packages_installation_api_rpm_url }}" state: present From 4982b2868d4e23a7bd9f40833104fc8a7283e95e Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 3 Mar 2020 13:14:13 +0100 Subject: [PATCH 44/46] Fix conditionals error related with AL2 custom packages installation --- .../tasks/installation_from_custom_packages.yml | 4 +--- .../tasks/installation_from_custom_packages.yml | 11 +++-------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml index ddd9b50d..aa50004f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml @@ -16,7 +16,6 @@ - wazuh_custom_packages_installation_agent_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Agent from .rpm packages | dnf dnf: @@ -26,5 +25,4 @@ - ansible_os_family|lower == "redhat" - wazuh_custom_packages_installation_agent_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") \ No newline at end of file + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml index 0fb46187..0dc9808d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml @@ -27,7 +27,6 @@ - wazuh_custom_packages_installation_manager_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - name: Install Wazuh Manager from .rpm packages | dnf dnf: @@ -36,9 +35,7 @@ when: - wazuh_custom_packages_installation_manager_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - name: Install Wazuh API from .rpm packages | yum yum: @@ -48,7 +45,6 @@ - wazuh_custom_packages_installation_api_enabled - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") - wazuh_manager_config.cluster.node_type == "master" - name: Install Wazuh API from .rpm packages | dnf @@ -58,9 +54,8 @@ when: - wazuh_custom_packages_installation_api_enabled - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "amazon" and ansible_distribution_major_version >= "2") + (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - wazuh_manager_config.cluster.node_type == "master" - + when: - ansible_os_family|lower == "redhat" \ No newline at end of file From 3f0e0325806eb77f678cef30d45515a2d78d1e29 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:44:02 +0100 Subject: [PATCH 45/46] Bump version --- CHANGELOG.md | 20 +++++++++++++++++++ VERSION | 4 ++-- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-kibana/defaults/main.yml | 6 +++--- .../wazuh/ansible-filebeat/defaults/main.yml | 2 +- .../ansible-wazuh-agent/defaults/main.yml | 8 ++++---- .../ansible-wazuh-manager/defaults/main.yml | 6 +++--- 7 files changed, 34 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 987939a3..213cb432 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.4_7.6.1] + +### Added + +- Update to Wazuh v3.11.4 +- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377) + +### Changed + +- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369) +- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375) +- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348) + +### Fixed + +- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371) +- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372) +- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352) +- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360) + ## [v3.11.3_7.5.2] ### Added diff --git a/VERSION b/VERSION index a70bc633..d6be8992 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.3" -REVISION="31130" +WAZUH-ANSIBLE_VERSION="v4" +REVISION="31140" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index b9aa470d..e04f9527 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.5.2 +elastic_stack_version: 7.6.1 elasticsearch_lower_disk_requirements: false elasticrepo: diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 774f819e..cd25eec2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.5.2 -wazuh_version: 3.11.3 +elastic_stack_version: 7.6.1 +wazuh_version: 3.11.4 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp elasticrepo: @@ -47,4 +47,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.11-7.5 +wazuh_plugin_branch: 3.11-7.6 diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c54d62e7..8f06aaf4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.5.2 +filebeat_version: 7.6.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index a5e0a8c0..6270b94d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.11.3-1 +wazuh_agent_version: 3.11.4-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw wazuh_agent_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -61,8 +61,8 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi -wazuh_winagent_package_name: wazuh-agent-3.11.3-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi +wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f955ddc4..0da6165c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 3.11.3-1 +wazuh_manager_version: 3.11.4-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws. # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -40,7 +40,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.3" + branch: "v3.11.4" update: "y" remove: "y" directory: null From c3dd95c8cea59021da8a8fc60071c098210498b6 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 5 Mar 2020 16:53:15 +0100 Subject: [PATCH 46/46] Bump MD5 agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 6270b94d..186cac9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -60,8 +60,8 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba -wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi + md5: 87ce22038688efb44d95f9daff472056 +wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_agent_config: repo: