diff --git a/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 b/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 index 9795b557..6f29aa87 100644 --- a/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 +++ b/roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2 @@ -1,6 +1,9 @@ server.host: {{ dashboard_server_host }} server.port: {{ dashboard_server_port }} -opensearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}" +opensearch.hosts: +{% for item in indexer_cluster_nodes %} + - https://{{ item }}:{{ indexer_http_port }} +{% endfor %} opensearch.ssl.verificationMode: certificate opensearch.username: {{ dashboard_user }} opensearch.password: {{ dashboard_password }} diff --git a/roles/opensearch/wazuh-indexer/defaults/main.yml b/roles/opensearch/wazuh-indexer/defaults/main.yml index 182721c6..19548e8a 100644 --- a/roles/opensearch/wazuh-indexer/defaults/main.yml +++ b/roles/opensearch/wazuh-indexer/defaults/main.yml @@ -42,8 +42,8 @@ package_repos: baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' -# openjdk: -# baseurl: 'deb http://deb.debian.org/debian stretch-backports main' + openjdk: + baseurl: 'deb http://deb.debian.org/debian stretch-backports main' indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools diff --git a/roles/opensearch/wazuh-indexer/tasks/Debian.yml b/roles/opensearch/wazuh-indexer/tasks/Debian.yml index 1036cf97..c5748e3c 100644 --- a/roles/opensearch/wazuh-indexer/tasks/Debian.yml +++ b/roles/opensearch/wazuh-indexer/tasks/Debian.yml @@ -22,20 +22,20 @@ keyserver: keyserver.ubuntu.com id: 648ACFD622F3D138 -# - name: Add openjdk repository -# apt_repository: -# repo: "{{ package_repos.apt.openjdk.baseurl }}" -# state: present -# update_cache: yes -# filename: 'wazuh-openjdk' + - name: Add openjdk repository + apt_repository: + repo: "{{ package_repos.apt.openjdk.baseurl }}" + state: present + update_cache: yes + filename: 'wazuh-openjdk' -#- name: Install openjdk-11-jdk -### 732 will not be needed as indexer comes with the jdk. -# apt: -# name: openjdk-11-jdk -# state: present -# environment: -# JAVA_HOME: /usr +- name: Install openjdk-11-jdk +## 732 will not be needed as indexer comes with the jdk. + apt: + name: openjdk-11-jdk + state: present + environment: + JAVA_HOME: /usr - name: Add Wazuh-Indexer repository block: diff --git a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml index f6be9302..8e17326f 100644 --- a/roles/opensearch/wazuh-indexer/tasks/RedHat.yml +++ b/roles/opensearch/wazuh-indexer/tasks/RedHat.yml @@ -12,27 +12,39 @@ gpgcheck: true changed_when: false -# - name: RedHat/CentOS/Fedora | Install OpenJDK 11 -# ## 732 will not be needed -# yum: -# name: java-11-openjdk-devel -# state: present -# when: -# - ansible_distribution != 'Amazon' + - name: RedHat/CentOS/Fedora | Install OpenJDK 11 + ## 732 will not be needed + yum: + name: java-11-openjdk-devel + state: present + when: + - ansible_distribution != 'Amazon' -# - name: Amazon Linux | Install OpenJDK 11 -# ## 732 will not be needed -# block: -# - name: Install Amazon extras -# yum: -# name: amazon-linux-extras -# state: present + - name: Amazon Linux | Install OpenJDK 11 + ## 732 will not be needed + block: + - name: Install Amazon extras + yum: + name: amazon-linux-extras + state: present -# - name: Install OpenJDK 11 -# shell: amazon-linux-extras install java-openjdk11 -y + - name: Install OpenJDK 11 + shell: amazon-linux-extras install java-openjdk11 -y -# when: -# - ansible_distribution == 'Amazon' + - name: Configure vm.max_map_count + lineinfile: + line: "vm.max_map_count=262144" + dest: "/etc/sysctl.conf" + insertafter: EOF + create: true + become: yes + + - name: Update vm.max_map_count + shell: sysctl -p + become: yes + + when: + - ansible_distribution == 'Amazon' - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies yum: diff --git a/roles/opensearch/wazuh-indexer/tasks/local_actions.yml b/roles/opensearch/wazuh-indexer/tasks/local_actions.yml index 74febb15..270c48db 100644 --- a/roles/opensearch/wazuh-indexer/tasks/local_actions.yml +++ b/roles/opensearch/wazuh-indexer/tasks/local_actions.yml @@ -67,6 +67,20 @@ bash {{ local_certs_path }}/wazuh-cert-tool.sh become: yes + - name: Get Certificate files + find: + paths: "{{ local_certs_path }}/certs" + patterns: "*" + register: certificate_files + + - name: Change Certificates Ownership + file: + path: "{{ item.path }}" + owner: "{{ ansible_effective_user_id }}" + group: "{{ ansible_effective_user_id }}" + become: yes + with_items: "{{ certificate_files.files }}" + run_once: true delegate_to: localhost become: no diff --git a/roles/opensearch/wazuh-indexer/tasks/security_actions.yml b/roles/opensearch/wazuh-indexer/tasks/security_actions.yml index cdf9a151..c63afd16 100644 --- a/roles/opensearch/wazuh-indexer/tasks/security_actions.yml +++ b/roles/opensearch/wazuh-indexer/tasks/security_actions.yml @@ -70,7 +70,7 @@ - name: Hashing the custom admin password command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301 register: indexer_admin_password_hashed - no_log: '{{ indexer_nolog_sensible | bool }}' + #no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true - name: Set the Admin user password diff --git a/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 b/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 index bb3d8cab..19413f70 100644 --- a/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 +++ b/roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2 @@ -7,7 +7,13 @@ cluster.initial_master_nodes: {% for item in indexer_cluster_nodes %} - {{ item }} {% endfor %} + +discovery.seed_hosts: +{% for item in elasticsearch_discovery_nodes %} + - {{ item }} +{% endfor %} {% endif %} + cluster.name: {{ indexer_cluster_name }} http.port: 9700-9799 @@ -40,7 +46,9 @@ plugins.security.authcz.admin_dn: plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: -- "CN={{ indexer_node_name }},OU=Docu,O=Wazuh,L=California,C=US" +{% for (key,value) in instances.items() %} +- "CN={{ value.name }},OU=Docu,O=Wazuh,L=California,C=US" +{% endfor %} plugins.security.restapi.roles_enabled: - "all_access" - "security_rest_api_access" diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index dd469d1e..dfd9fb04 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,27 +1,31 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: v4.2.5 filebeat_output_elasticsearch_hosts: - - "localhost:9200" + - "localhost:9700" -filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat +#filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat +filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module filebeat_module_folder: /usr/share/filebeat/module/wazuh -elasticsearch_security_user: admin -elasticsearch_security_password: changeme +indexer_security_user: admin +indexer_security_password: changeme # Security plugin filebeat_security: true filebeat_ssl_dir: /etc/pki/filebeat # Local path to store the generated certificates (OpenDistro security plugin) -local_certs_path: ./opendistro/certificates +local_certs_path: ./indexer/certificates -elasticrepo: - apt: 'https://artifacts.elastic.co/packages/oss-7.x/apt' - yum: 'https://artifacts.elastic.co/packages/oss-7.x/yum' - gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' +filebeatrepo: + #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + #yum: 'https://packages.wazuh.com/4.x/yum/' + yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml index 718d584b..638dbcff 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml @@ -11,13 +11,13 @@ - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: - url: "{{ elasticrepo.gpg }}" - id: "{{ elasticrepo.key_id }}" + url: "{{ filebeatrepo.gpg }}" + id: "{{ filebeatrepo.key_id }}" state: present - name: Debian/Ubuntu | Add Filebeat-oss repository. apt_repository: - repo: "deb {{ elasticrepo.apt }} stable main" + repo: "{{ filebeatrepo.apt }}" state: present update_cache: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml index 25a33909..a51e3f73 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: "deb {{ elasticrepo.apt }} stable main" + repo: "{{ filebeatrepo.apt }}" state: absent changed_when: false diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml index 74873aca..d4024e25 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml @@ -3,7 +3,7 @@ yum_repository: name: elastic_oss-repo_7 description: Elastic repository for 7.x packages - baseurl: "{{ elasticrepo.yum }}" - gpgkey: "{{ elasticrepo.gpg }}" + baseurl: "{{ filebeatrepo.yum }}" + gpgkey: "{{ filebeatrepo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml index fdec3c04..795c0c96 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml @@ -16,7 +16,7 @@ group: root mode: 0644 with_items: - - "{{ filebeat_node_name }}.key" + - "{{ filebeat_node_name }}-key.pem" - "{{ filebeat_node_name }}.pem" - "root-ca.pem" diff --git a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 index c918ccda..8b013a74 100644 --- a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 @@ -19,13 +19,13 @@ output.elasticsearch: hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} {% if filebeat_security %} - username: {{ elasticsearch_security_user }} - password: {{ elasticsearch_security_password }} + username: {{ indexer_security_user }} + password: {{ indexer_security_password }} protocol: https ssl.certificate_authorities: - {{ filebeat_ssl_dir }}/root-ca.pem ssl.certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem" - ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.key" + ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem" {% endif %} # Optional. Send events to Logstash instead of Elasticsearch diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8706a992..63b1fbaf 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -61,9 +61,12 @@ wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi wazuh_dir: "/var/ossec" wazuh_agent_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + #yum: 'https://packages.wazuh.com/4.x/yum/' + yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' # This is deprecated, see: wazuh_agent_address diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2e694ab5..94eac58d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -38,9 +38,12 @@ wazuh_manager_sources_installation: wazuh_dir: "/var/ossec" wazuh_manager_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + #yum: 'https://packages.wazuh.com/4.x/yum/' + yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'