Manuel J. Bernal
GitHub
commit
cf55550589
20
CHANGELOG.md
20
CHANGELOG.md
@ -1,6 +1,26 @@
|
||||
# Change Log
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [v3.11.4_7.6.1]
|
||||
|
||||
### Added
|
||||
|
||||
- Update to Wazuh v3.11.4
|
||||
- Support for RHEL/CentOS 8 ([@jm404](https://github.com/jm404)) [PR#377](https://github.com/wazuh/wazuh-ansible/pull/377)
|
||||
|
||||
### Changed
|
||||
|
||||
- Disabled shared configuration by default ([@jm404](https://github.com/jm404)) [PR#369](https://github.com/wazuh/wazuh-ansible/pull/369)
|
||||
- Add chdir argument to Wazuh Kibana Plugin installation tasks ([@jm404](https://github.com/jm404)) [PR#375](https://github.com/wazuh/wazuh-ansible/pull/375)
|
||||
- Adjustments for systems without (direct) internet connection ([@joschneid](https://github.com/joschneid)) [PR#348](https://github.com/wazuh/wazuh-ansible/pull/348)
|
||||
|
||||
### Fixed
|
||||
|
||||
- Avoid to install Wazuh API in worker nodes ([@manuasir](https://github.com/manuasir)) [PR#371](https://github.com/wazuh/wazuh-ansible/pull/371)
|
||||
- Conditionals of custom Wazuh packages installation tasks ([@rshad](https://github.com/rshad)) [PR#372](https://github.com/wazuh/wazuh-ansible/pull/372)
|
||||
- Fix Ansible elastic_stack-distributed template ([@francobep](https://github.com/francobep)) [PR#352](https://github.com/wazuh/wazuh-ansible/pull/352)
|
||||
- Fix manager API verification ([@Zenidd](https://github.com/Zenidd)) [PR#360](https://github.com/wazuh/wazuh-ansible/pull/360)
|
||||
|
||||
## [v3.11.3_7.5.2]
|
||||
|
||||
### Added
|
||||
|
||||
4
VERSION
4
VERSION
@ -1,2 +1,2 @@
|
||||
WAZUH-ANSIBLE_VERSION="v3.11.3"
|
||||
REVISION="31130"
|
||||
WAZUH-ANSIBLE_VERSION="v4"
|
||||
REVISION="31140"
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
wazuh_managers:
|
||||
- address: <your manager IP>
|
||||
port: 1514
|
||||
protocol: tcp
|
||||
protocol: udp
|
||||
api_port: 55000
|
||||
api_proto: 'http'
|
||||
api_user: ansible
|
||||
|
||||
@ -4,9 +4,15 @@ elasticsearch_http_port: 9200
|
||||
elasticsearch_network_host: 127.0.0.1
|
||||
elasticsearch_reachable_host: 127.0.0.1
|
||||
elasticsearch_jvm_xms: null
|
||||
elastic_stack_version: 7.5.2
|
||||
elastic_stack_version: 7.6.1
|
||||
elasticsearch_lower_disk_requirements: false
|
||||
|
||||
elasticrepo:
|
||||
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
||||
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
|
||||
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
||||
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|
||||
|
||||
# Cluster Settings
|
||||
single_node: true
|
||||
elasticsearch_cluster_name: wazuh
|
||||
|
||||
@ -30,13 +30,13 @@
|
||||
|
||||
- name: Debian/Ubuntu | Add Elasticsearch GPG key.
|
||||
apt_key:
|
||||
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
||||
url: "{{ elasticrepo.gpg }}"
|
||||
id: "{{ elasticrepo.key_id }}"
|
||||
state: present
|
||||
|
||||
|
||||
- name: Debian/Ubuntu | Install Elastic repo
|
||||
apt_repository:
|
||||
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: present
|
||||
filename: 'elastic_repo_7'
|
||||
update_cache: true
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
||||
apt_repository:
|
||||
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
|
||||
yum_repository:
|
||||
name: elastic_repo
|
||||
name: elastic_repo_7
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -4,8 +4,8 @@
|
||||
yum_repository:
|
||||
name: elastic_repo_7
|
||||
description: Elastic repository for 7.x packages
|
||||
baseurl: https://artifacts.elastic.co/packages/7.x/yum
|
||||
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
baseurl: "{{ elasticrepo.yum }}"
|
||||
gpgkey: "{{ elasticrepo.gpg }}"
|
||||
gpgcheck: true
|
||||
changed_when: false
|
||||
|
||||
|
||||
@ -5,10 +5,16 @@ elasticsearch_http_port: "9200"
|
||||
elasticsearch_network_host: "127.0.0.1"
|
||||
kibana_server_host: "0.0.0.0"
|
||||
kibana_server_port: "5601"
|
||||
elastic_stack_version: 7.5.2
|
||||
wazuh_version: 3.11.3
|
||||
elastic_stack_version: 7.6.1
|
||||
wazuh_version: 3.11.4
|
||||
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
|
||||
|
||||
elasticrepo:
|
||||
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
||||
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
|
||||
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
||||
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|
||||
|
||||
# API credentials
|
||||
wazuh_api_credentials:
|
||||
- id: "default"
|
||||
@ -41,4 +47,4 @@ nodejs:
|
||||
|
||||
# Build from sources
|
||||
build_from_sources: false
|
||||
wazuh_plugin_branch: 3.11-7.5
|
||||
wazuh_plugin_branch: 3.11-7.6
|
||||
|
||||
@ -10,12 +10,13 @@
|
||||
|
||||
- name: Debian/Ubuntu | Add Elasticsearch GPG key
|
||||
apt_key:
|
||||
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
||||
url: "{{ elasticrepo.gpg }}"
|
||||
id: "{{ elasticrepo.key_id }}"
|
||||
state: present
|
||||
|
||||
- name: Debian/Ubuntu | Install Elastic repo
|
||||
apt_repository:
|
||||
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: present
|
||||
filename: 'elastic_repo_7'
|
||||
update_cache: true
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Debian/Ubuntu | Removing Elasticsearch repository
|
||||
apt_repository:
|
||||
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Remove Elasticsearch repository (and clean up left-over metadata)
|
||||
yum_repository:
|
||||
name: elastic_repo
|
||||
name: elastic_repo_7
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -3,8 +3,8 @@
|
||||
yum_repository:
|
||||
name: elastic_repo_7
|
||||
description: Elastic repository for 7.x packages
|
||||
baseurl: https://artifacts.elastic.co/packages/7.x/yum
|
||||
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
baseurl: "{{ elasticrepo.yum }}"
|
||||
gpgkey: "{{ elasticrepo.gpg }}"
|
||||
gpgcheck: true
|
||||
changed_when: false
|
||||
|
||||
|
||||
@ -69,6 +69,7 @@
|
||||
args:
|
||||
executable: /bin/bash
|
||||
creates: /usr/share/kibana/plugins/wazuh/package.json
|
||||
chdir: /usr/share/kibana
|
||||
become: yes
|
||||
become_user: kibana
|
||||
notify: restart kibana
|
||||
|
||||
@ -125,6 +125,7 @@
|
||||
args:
|
||||
executable: /bin/bash
|
||||
creates: /usr/share/kibana/plugins/wazuh/package.json
|
||||
chdir: /usr/share/kibana
|
||||
become: yes
|
||||
become_user: kibana
|
||||
notify: restart kibana
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
filebeat_version: 7.5.2
|
||||
filebeat_version: 7.6.1
|
||||
|
||||
filebeat_create_config: true
|
||||
|
||||
@ -28,6 +28,7 @@ filebeat_ssl_certificate_file: ""
|
||||
filebeat_ssl_key_file: ""
|
||||
filebeat_ssl_insecure: "false"
|
||||
|
||||
filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat
|
||||
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
|
||||
filebeat_module_package_path: /tmp/
|
||||
filebeat_module_destination: /usr/share/filebeat/module
|
||||
@ -49,4 +50,8 @@ master_certs_path: /es_certs
|
||||
generate_CA: true
|
||||
ca_cert_name: ""
|
||||
|
||||
|
||||
elasticrepo:
|
||||
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
||||
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
|
||||
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
||||
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|
||||
|
||||
@ -10,12 +10,13 @@
|
||||
|
||||
- name: Debian/Ubuntu | Add Elasticsearch apt key.
|
||||
apt_key:
|
||||
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
url: "{{ elasticrepo.gpg }}"
|
||||
id: "{{ elasticrepo.key_id }}"
|
||||
state: present
|
||||
|
||||
- name: Debian/Ubuntu | Add Filebeat repository.
|
||||
apt_repository:
|
||||
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: present
|
||||
update_cache: true
|
||||
changed_when: false
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
|
||||
apt_repository:
|
||||
repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main
|
||||
repo: "deb {{ elasticrepo.apt }} stable main"
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)
|
||||
yum_repository:
|
||||
name: elastic_repo
|
||||
name: elastic_repo_7
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
- name: RedHat/CentOS/Fedora/Amazon Linux | Install Filebeats repo
|
||||
yum_repository:
|
||||
name: elastic_repo
|
||||
description: Elastic repository for 6.x packages
|
||||
baseurl: https://artifacts.elastic.co/packages/7.x/yum
|
||||
gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
name: elastic_repo_7
|
||||
description: Elastic repository for 7.x packages
|
||||
baseurl: "{{ elasticrepo.yum }}"
|
||||
gpgkey: "{{ elasticrepo.gpg }}"
|
||||
gpgcheck: true
|
||||
changed_when: false
|
||||
|
||||
@ -70,7 +70,7 @@
|
||||
|
||||
- name: Download Filebeat module package
|
||||
get_url:
|
||||
url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }}
|
||||
url: "{{ filebeat_module_package_url }}/{{ filebeat_module_package_name }}"
|
||||
dest: "{{ filebeat_module_package_path }}"
|
||||
when: not filebeat_module_folder.stat.exists
|
||||
|
||||
|
||||
@ -1,9 +1,18 @@
|
||||
---
|
||||
wazuh_agent_version: 3.11.3-1
|
||||
wazuh_agent_version: 3.11.4-1
|
||||
|
||||
|
||||
# Custom packages installation
|
||||
|
||||
wazuh_custom_packages_installation_agent_enabled: false
|
||||
wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb"
|
||||
wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm"
|
||||
|
||||
# Sources installation
|
||||
|
||||
wazuh_agent_sources_installation:
|
||||
enabled: false
|
||||
branch: "v3.11.3"
|
||||
branch: "v3.11.4"
|
||||
user_language: "y"
|
||||
user_no_stop: "y"
|
||||
user_install_type: "agent"
|
||||
@ -51,15 +60,15 @@ wazuh_winagent_config:
|
||||
auth_path: C:\Program Files\ossec-agent\agent-auth.exe
|
||||
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise
|
||||
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
|
||||
version: '3.11.3'
|
||||
revision: '1'
|
||||
repo: https://packages.wazuh.com/3.x/windows/
|
||||
md5: e4623e7cd3f2fc6ac8a313cbdd7c3cba
|
||||
md5: 87ce22038688efb44d95f9daff472056
|
||||
wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.3-1.msi
|
||||
wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi
|
||||
wazuh_agent_config:
|
||||
repo:
|
||||
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
|
||||
yum: 'https://packages.wazuh.com/3.x/yum/'
|
||||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
|
||||
active_response:
|
||||
ar_disabled: 'no'
|
||||
ca_store: '/var/ossec/etc/wpk_root.pem'
|
||||
|
||||
@ -21,13 +21,16 @@
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version | int == 14
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Installing Wazuh repository key
|
||||
apt_key:
|
||||
url: "{{ wazuh_agent_config.repo.gpg }}"
|
||||
id: "{{ wazuh_agent_config.repo.key_id }}"
|
||||
when:
|
||||
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Add Wazuh repositories
|
||||
apt_repository:
|
||||
@ -37,6 +40,7 @@
|
||||
update_cache: true
|
||||
when:
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Set Distribution CIS filename for debian
|
||||
set_fact:
|
||||
|
||||
@ -9,6 +9,10 @@
|
||||
when:
|
||||
- wazuh_agent_sources_installation.enabled
|
||||
|
||||
- include_tasks: "installation_from_custom_packages.yml"
|
||||
when:
|
||||
- wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: Linux CentOS/RedHat | Install wazuh-agent
|
||||
package:
|
||||
name: wazuh-agent-{{ wazuh_agent_version }}
|
||||
@ -18,6 +22,7 @@
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
tags:
|
||||
- init
|
||||
|
||||
@ -29,6 +34,7 @@
|
||||
when:
|
||||
- ansible_os_family|lower != "redhat"
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
tags:
|
||||
- init
|
||||
|
||||
|
||||
@ -10,7 +10,8 @@
|
||||
when:
|
||||
- (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
|
||||
- (ansible_distribution_major_version|int <= 5)
|
||||
- not wazuh_agent_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
register: repo_v5_installed
|
||||
|
||||
- name: RedHat/CentOS/Fedora | Install Wazuh repo
|
||||
@ -24,6 +25,7 @@
|
||||
when:
|
||||
- repo_v5_installed is skipped
|
||||
- not wazuh_agent_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: RedHat/CentOS/Fedora | download Oracle Java RPM
|
||||
get_url:
|
||||
|
||||
@ -14,25 +14,25 @@
|
||||
- name: Windows | Set Win Path (x64)
|
||||
set_fact:
|
||||
wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}"
|
||||
wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}"
|
||||
wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}"
|
||||
when:
|
||||
- not check_path.stat.exists
|
||||
|
||||
- name: Windows | Check if Wazuh installer is already downloaded
|
||||
win_stat:
|
||||
path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
|
||||
path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
|
||||
register: wazuh_package_downloaded
|
||||
|
||||
- name: Windows | Download Wazuh Agent package
|
||||
win_get_url:
|
||||
url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
|
||||
url: "{{ wazuh_winagent_config_url }}"
|
||||
dest: "{{ wazuh_winagent_config.download_dir }}"
|
||||
when:
|
||||
- not wazuh_package_downloaded.stat.exists
|
||||
|
||||
- name: Windows | Verify the Wazuh Agent installer
|
||||
win_stat:
|
||||
path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
|
||||
path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
|
||||
get_checksum: true
|
||||
checksum_algorithm: md5
|
||||
register: wazuh_agent_status
|
||||
@ -41,11 +41,12 @@
|
||||
|
||||
- name: Windows | Install Agent if not already installed
|
||||
win_package:
|
||||
path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
|
||||
path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
|
||||
state: present
|
||||
|
||||
- name: Windows | Check if client.keys exists
|
||||
win_stat: path="{{ wazuh_agent_win_path }}client.keys"
|
||||
win_stat:
|
||||
path: "{{ wazuh_agent_win_path }}client.keys"
|
||||
register: check_windows_key
|
||||
tags:
|
||||
- config
|
||||
@ -94,5 +95,5 @@
|
||||
|
||||
- name: Windows | Delete downloaded Wazuh agent installer file
|
||||
win_file:
|
||||
path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
|
||||
path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
|
||||
state: absent
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Install Wazuh Agent from .deb packages
|
||||
apt:
|
||||
deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family|lower == "debian"
|
||||
- wazuh_custom_packages_installation_agent_enabled
|
||||
|
||||
- name: Install Wazuh Agent from .rpm packages | yum
|
||||
yum:
|
||||
name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
- wazuh_custom_packages_installation_agent_enabled
|
||||
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
|
||||
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
|
||||
- name: Install Wazuh Agent from .rpm packages | dnf
|
||||
dnf:
|
||||
name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
- wazuh_custom_packages_installation_agent_enabled
|
||||
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
|
||||
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
@ -20,7 +20,7 @@ This role has some variables which you can or need to override.
|
||||
```
|
||||
wazuh_manager_fqdn: ~
|
||||
wazuh_manager_config: []
|
||||
wazuh_agent_configs: []
|
||||
shared_agent_config: []
|
||||
```
|
||||
|
||||
Vault variables
|
||||
@ -157,7 +157,7 @@ wazuh_manager_config:
|
||||
level: 6
|
||||
timeout: 600
|
||||
|
||||
wazuh_agent_configs:
|
||||
shared_agent_config:
|
||||
- type: os
|
||||
type_value: linux
|
||||
frequency_check: 79200
|
||||
|
||||
@ -1,12 +1,21 @@
|
||||
---
|
||||
wazuh_manager_version: 3.11.3-1
|
||||
wazuh_manager_version: 3.11.4-1
|
||||
|
||||
wazuh_manager_fqdn: "wazuh-server"
|
||||
wazuh_manager_package_state: present
|
||||
|
||||
# Custom packages installation
|
||||
wazuh_custom_packages_installation_manager_enabled: false
|
||||
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-manager_3.12.0-0.3319fimreworksqlite_amd64.deb"
|
||||
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-manager-3.12.0-0.3319fimreworksqlite.x86_64.rpm"
|
||||
wazuh_custom_packages_installation_api_enabled: false
|
||||
wazuh_custom_packages_installation_api_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-api_3.12.0-0.3319fimreworksqlite_amd64.deb"
|
||||
wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-api-3.12.0-0.3319fimreworksqlite.x86_64.rpm"
|
||||
|
||||
# Sources installation
|
||||
wazuh_manager_sources_installation:
|
||||
enabled: false
|
||||
branch: "v3.11.3"
|
||||
branch: "v3.11.4"
|
||||
user_language: "en"
|
||||
user_no_stop: "y"
|
||||
user_install_type: "server"
|
||||
@ -31,7 +40,7 @@ wazuh_manager_sources_installation:
|
||||
|
||||
wazuh_api_sources_installation:
|
||||
enabled: false
|
||||
branch: "v3.11.3"
|
||||
branch: "v3.11.4"
|
||||
update: "y"
|
||||
remove: "y"
|
||||
directory: null
|
||||
@ -47,11 +56,15 @@ wazuh_api_sources_installation:
|
||||
common_name: null
|
||||
password: null
|
||||
|
||||
wazuh_api_user:
|
||||
- "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
|
||||
|
||||
wazuh_manager_config:
|
||||
repo:
|
||||
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
|
||||
yum: 'https://packages.wazuh.com/3.x/yum/'
|
||||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
|
||||
json_output: 'yes'
|
||||
alerts_log: 'yes'
|
||||
logall: 'no'
|
||||
@ -343,56 +356,56 @@ wazuh_manager_config:
|
||||
- key: Env
|
||||
value: Production
|
||||
|
||||
wazuh_agent_configs:
|
||||
- type: os
|
||||
type_value: Linux
|
||||
syscheck:
|
||||
frequency: 43200
|
||||
scan_on_start: 'yes'
|
||||
alert_new_files: 'yes'
|
||||
ignore:
|
||||
- /etc/mtab
|
||||
- /etc/mnttab
|
||||
- /etc/hosts.deny
|
||||
- /etc/mail/statistics
|
||||
- /etc/svc/volatile
|
||||
no_diff:
|
||||
- /etc/ssl/private.key
|
||||
rootcheck:
|
||||
frequency: 43200
|
||||
cis_distribution_filename: null
|
||||
localfiles:
|
||||
- format: 'syslog'
|
||||
location: '/var/log/messages'
|
||||
- format: 'syslog'
|
||||
location: '/var/log/secure'
|
||||
- format: 'syslog'
|
||||
location: '/var/log/maillog'
|
||||
- format: 'apache'
|
||||
location: '/var/log/httpd/error_log'
|
||||
- format: 'apache'
|
||||
location: '/var/log/httpd/access_log'
|
||||
- format: 'apache'
|
||||
location: '/var/ossec/logs/active-responses.log'
|
||||
- type: os
|
||||
type_value: Windows
|
||||
syscheck:
|
||||
frequency: 43200
|
||||
scan_on_start: 'yes'
|
||||
auto_ignore: 'no'
|
||||
alert_new_files: 'yes'
|
||||
windows_registry:
|
||||
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
|
||||
arch: 'both'
|
||||
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
|
||||
localfiles:
|
||||
- location: 'Security'
|
||||
format: 'eventchannel'
|
||||
- location: 'System'
|
||||
format: 'eventlog'
|
||||
# shared_agent_config:
|
||||
# - type: os
|
||||
# type_value: Linux
|
||||
# syscheck:
|
||||
# frequency: 43200
|
||||
# scan_on_start: 'yes'
|
||||
# alert_new_files: 'yes'
|
||||
# ignore:
|
||||
# - /etc/mtab
|
||||
# - /etc/mnttab
|
||||
# - /etc/hosts.deny
|
||||
# - /etc/mail/statistics
|
||||
# - /etc/svc/volatile
|
||||
# no_diff:
|
||||
# - /etc/ssl/private.key
|
||||
# rootcheck:
|
||||
# frequency: 43200
|
||||
# cis_distribution_filename: null
|
||||
# localfiles:
|
||||
# - format: 'syslog'
|
||||
# location: '/var/log/messages'
|
||||
# - format: 'syslog'
|
||||
# location: '/var/log/secure'
|
||||
# - format: 'syslog'
|
||||
# location: '/var/log/maillog'
|
||||
# - format: 'apache'
|
||||
# location: '/var/log/httpd/error_log'
|
||||
# - format: 'apache'
|
||||
# location: '/var/log/httpd/access_log'
|
||||
# - format: 'apache'
|
||||
# location: '/var/ossec/logs/active-responses.log'
|
||||
# - type: os
|
||||
# type_value: Windows
|
||||
# syscheck:
|
||||
# frequency: 43200
|
||||
# scan_on_start: 'yes'
|
||||
# auto_ignore: 'no'
|
||||
# alert_new_files: 'yes'
|
||||
# windows_registry:
|
||||
# - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
|
||||
# arch: 'both'
|
||||
# - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
|
||||
# localfiles:
|
||||
# - location: 'Security'
|
||||
# format: 'eventchannel'
|
||||
# - location: 'System'
|
||||
# format: 'eventlog'
|
||||
|
||||
nodejs:
|
||||
repo_dict:
|
||||
debian: "deb"
|
||||
redhat: "rpm"
|
||||
repo_url_ext: "nodesource.com/setup_8.x"
|
||||
repo_url_ext: "nodesource.com/setup_10.x"
|
||||
|
||||
@ -24,13 +24,16 @@
|
||||
- ansible_distribution == "Ubuntu"
|
||||
- ansible_distribution_major_version | int == 14
|
||||
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Installing Wazuh repository key
|
||||
apt_key:
|
||||
url: "{{ wazuh_manager_config.repo.gpg }}"
|
||||
id: "{{ wazuh_manager_config.repo.key_id }}"
|
||||
when:
|
||||
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
||||
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Add Wazuh repositories
|
||||
apt_repository:
|
||||
@ -41,6 +44,7 @@
|
||||
changed_when: false
|
||||
when:
|
||||
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
|
||||
set_fact:
|
||||
@ -105,11 +109,16 @@
|
||||
tags: init
|
||||
when:
|
||||
- not wazuh_manager_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled
|
||||
|
||||
- include_tasks: "installation_from_sources.yml"
|
||||
when:
|
||||
- wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
|
||||
|
||||
- include_tasks: "installation_from_custom_packages.yml"
|
||||
when:
|
||||
- wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: Debian/Ubuntu | Install wazuh-api
|
||||
apt:
|
||||
name:
|
||||
@ -121,4 +130,6 @@
|
||||
until: wazuh_manager_main_packages_installed is succeeded
|
||||
tags: init
|
||||
when:
|
||||
- not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
@ -11,6 +11,7 @@
|
||||
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
|
||||
- (ansible_distribution_major_version|int <= 5)
|
||||
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
|
||||
register: repo_v5_manager_installed
|
||||
|
||||
- name: RedHat/CentOS/Fedora | Install Wazuh repo
|
||||
@ -24,6 +25,7 @@
|
||||
when:
|
||||
- repo_v5_manager_installed is skipped
|
||||
- not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled or not wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: RedHat/CentOS/Fedora | Install openscap
|
||||
package: name={{ item }} state=present
|
||||
@ -118,6 +120,7 @@
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
- not wazuh_manager_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_manager_enabled
|
||||
tags:
|
||||
- init
|
||||
|
||||
@ -125,6 +128,10 @@
|
||||
when:
|
||||
- wazuh_manager_sources_installation.enabled or wazuh_api_sources_installation.enabled
|
||||
|
||||
- include_tasks: "../tasks/installation_from_custom_packages.yml"
|
||||
when:
|
||||
- wazuh_custom_packages_installation_manager_enabled or wazuh_custom_packages_installation_api_enabled
|
||||
|
||||
- name: CentOS/RedHat/Amazon | Install wazuh-api
|
||||
package:
|
||||
name: "wazuh-api-{{ wazuh_manager_version }}"
|
||||
@ -134,6 +141,8 @@
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
- not wazuh_api_sources_installation.enabled
|
||||
- not wazuh_custom_packages_installation_api_enabled
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
tags:
|
||||
- init
|
||||
|
||||
|
||||
@ -0,0 +1,61 @@
|
||||
---
|
||||
- block:
|
||||
- name: Install Wazuh Manager from .deb packages
|
||||
apt:
|
||||
deb: "{{ wazuh_custom_packages_installation_manager_deb_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_manager_enabled
|
||||
|
||||
- name: Install Wazuh API from .deb packages
|
||||
apt:
|
||||
deb: "{{ wazuh_custom_packages_installation_api_deb_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_api_enabled
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
when:
|
||||
- ansible_os_family|lower == "debian"
|
||||
|
||||
- block:
|
||||
- name: Install Wazuh Manager from .rpm packages | yum
|
||||
yum:
|
||||
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_manager_enabled
|
||||
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
|
||||
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
|
||||
- name: Install Wazuh Manager from .rpm packages | dnf
|
||||
dnf:
|
||||
name: "{{ wazuh_custom_packages_installation_manager_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_manager_enabled
|
||||
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
|
||||
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
|
||||
- name: Install Wazuh API from .rpm packages | yum
|
||||
yum:
|
||||
name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_api_enabled
|
||||
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
|
||||
- not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
- name: Install Wazuh API from .rpm packages | dnf
|
||||
dnf:
|
||||
name: "{{ wazuh_custom_packages_installation_api_rpm_url }}"
|
||||
state: present
|
||||
when:
|
||||
- wazuh_custom_packages_installation_api_enabled
|
||||
- (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
|
||||
(ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
when:
|
||||
- ansible_os_family|lower == "redhat"
|
||||
@ -122,6 +122,8 @@
|
||||
stat:
|
||||
path: /var/ossec/api/app.js
|
||||
register: wazuh_api
|
||||
when:
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
- name: Install Wazuh API from sources
|
||||
block:
|
||||
@ -178,5 +180,6 @@
|
||||
when:
|
||||
- not wazuh_api.stat.exists
|
||||
- wazuh_api_sources_installation.enabled
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
tags:
|
||||
- api
|
||||
@ -11,6 +11,8 @@
|
||||
stat:
|
||||
path: /usr/bin/node
|
||||
register: node_service_status
|
||||
when:
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
- name: Install NodeJS repository
|
||||
block:
|
||||
@ -25,7 +27,9 @@
|
||||
command: sh /etc/nodejs.sh
|
||||
register: nodejs_script
|
||||
changed_when: nodejs_script.rc == 0
|
||||
when: not node_service_status.stat.exists
|
||||
when:
|
||||
- not node_service_status.stat.exists
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
- name: Installing NodeJS
|
||||
package:
|
||||
@ -33,6 +37,9 @@
|
||||
state: present
|
||||
register: nodejs_service_is_installed
|
||||
until: nodejs_service_is_installed is succeeded
|
||||
when:
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
tags: init
|
||||
|
||||
- include_tasks: "RedHat.yml"
|
||||
@ -158,6 +165,8 @@
|
||||
tags:
|
||||
- init
|
||||
- config
|
||||
when:
|
||||
- shared_agent_config is defined
|
||||
|
||||
- name: Installing the config.js (api configuration)
|
||||
template: src=var-ossec-api-configuration-config.js.j2
|
||||
@ -166,6 +175,9 @@
|
||||
group=ossec
|
||||
mode=0740
|
||||
notify: restart wazuh-api
|
||||
when:
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
|
||||
tags:
|
||||
- init
|
||||
- config
|
||||
@ -191,12 +203,6 @@
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Retrieving Wazuh-API User Credentials
|
||||
include_vars: wazuh_api_creds.yml
|
||||
when:
|
||||
- not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6)
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Check if syslog output is enabled
|
||||
set_fact: syslog_output=true
|
||||
@ -308,6 +314,7 @@
|
||||
notify: restart wazuh-api
|
||||
when:
|
||||
- wazuh_api_user is defined
|
||||
- wazuh_manager_config.cluster.node_type == "master"
|
||||
tags:
|
||||
- config
|
||||
|
||||
@ -329,31 +336,22 @@
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Ensure Wazuh Manager, wazuh API service is started and enabled
|
||||
- name: Ensure Wazuh Manager service is started and enabled.
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
name: "wazuh-manager"
|
||||
enabled: true
|
||||
state: started
|
||||
with_items:
|
||||
- wazuh-manager
|
||||
- wazuh-api
|
||||
tags:
|
||||
- config
|
||||
environment:
|
||||
LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib"
|
||||
when:
|
||||
- not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon')
|
||||
- ansible_distribution_major_version|int < 6
|
||||
|
||||
- name: Ensure Wazuh Manager is started and enabled (EL5)
|
||||
- name: Ensure Wazuh API service is started and enabled.
|
||||
service:
|
||||
name: wazuh-manager
|
||||
name: "wazuh-api"
|
||||
enabled: true
|
||||
state: started
|
||||
when: wazuh_manager_config.cluster.node_type == "master"
|
||||
tags:
|
||||
- config
|
||||
when:
|
||||
- ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6
|
||||
|
||||
- include_tasks: "RMRedHat.yml"
|
||||
when:
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#jinja2: trim_blocks: False
|
||||
{% if wazuh_agent_configs is defined %}
|
||||
{% for agent_config in wazuh_agent_configs %}
|
||||
{% if shared_agent_config is defined %}
|
||||
{% for agent_config in shared_agent_config %}
|
||||
<agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
|
||||
{% if agent_config.syscheck is defined %}
|
||||
<syscheck>
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
---
|
||||
wazuh_api_user:
|
||||
- "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
|
||||
Loading…
Reference in New Issue
Block a user