afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates to Wazuh and Opensearch roles

Browse Source
This commit is contained in:
Gonzalo Acuña 2022-02-04 16:58:21 -03:00
parent c722e5bc87
commit d67ae78712
No known key found for this signature in database
GPG Key ID: 646BA79A313A2270
15 changed files with 110 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/opensearch/wazuh-dashboard/templates/dashboard.yml.j2
View File

@ -1,6 +1,9 @@
server.host: {{ dashboard_server_host }} server.host: {{ dashboard_server_host }}
server.port: {{ dashboard_server_port }} server.port: {{ dashboard_server_port }}
opensearch.hosts: "https://{{ indexer_network_host }}:{{ indexer_http_port }}" opensearch.hosts:
{% for item in indexer_cluster_nodes %}
- https://{{ item }}:{{ indexer_http_port }}
{% endfor %}
opensearch.ssl.verificationMode: certificate opensearch.ssl.verificationMode: certificate
opensearch.username: {{ dashboard_user }} opensearch.username: {{ dashboard_user }}
opensearch.password: {{ dashboard_password }} opensearch.password: {{ dashboard_password }}

4
roles/opensearch/wazuh-indexer/defaults/main.yml
View File

@ -42,8 +42,8 @@ package_repos:
baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' baseurl: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
# openjdk: openjdk:
# baseurl: 'deb http://deb.debian.org/debian stretch-backports main' baseurl: 'deb http://deb.debian.org/debian stretch-backports main'
indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools

26
roles/opensearch/wazuh-indexer/tasks/Debian.yml
View File

@ -22,20 +22,20 @@
keyserver: keyserver.ubuntu.com keyserver: keyserver.ubuntu.com
id: 648ACFD622F3D138 id: 648ACFD622F3D138
# - name: Add openjdk repository - name: Add openjdk repository
# apt_repository: apt_repository:
# repo: "{{ package_repos.apt.openjdk.baseurl }}" repo: "{{ package_repos.apt.openjdk.baseurl }}"
# state: present state: present
# update_cache: yes update_cache: yes
# filename: 'wazuh-openjdk' filename: 'wazuh-openjdk'
#- name: Install openjdk-11-jdk - name: Install openjdk-11-jdk
### 732 will not be needed as indexer comes with the jdk. ## 732 will not be needed as indexer comes with the jdk.
# apt: apt:
# name: openjdk-11-jdk name: openjdk-11-jdk
# state: present state: present
# environment: environment:
# JAVA_HOME: /usr JAVA_HOME: /usr
- name: Add Wazuh-Indexer repository - name: Add Wazuh-Indexer repository
block: block:

48
roles/opensearch/wazuh-indexer/tasks/RedHat.yml
View File

@ -12,27 +12,39 @@
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false
# - name: RedHat/CentOS/Fedora | Install OpenJDK 11 - name: RedHat/CentOS/Fedora | Install OpenJDK 11
# ## 732 will not be needed ## 732 will not be needed
# yum: yum:
# name: java-11-openjdk-devel name: java-11-openjdk-devel
# state: present state: present
# when: when:
# - ansible_distribution != 'Amazon' - ansible_distribution != 'Amazon'
# - name: Amazon Linux | Install OpenJDK 11 - name: Amazon Linux | Install OpenJDK 11
# ## 732 will not be needed ## 732 will not be needed
# block: block:
# - name: Install Amazon extras - name: Install Amazon extras
# yum: yum:
# name: amazon-linux-extras name: amazon-linux-extras
# state: present state: present
# - name: Install OpenJDK 11 - name: Install OpenJDK 11
# shell: amazon-linux-extras install java-openjdk11 -y shell: amazon-linux-extras install java-openjdk11 -y
# when: - name: Configure vm.max_map_count
# - ansible_distribution == 'Amazon' lineinfile:
line: "vm.max_map_count=262144"
dest: "/etc/sysctl.conf"
insertafter: EOF
create: true
become: yes
- name: Update vm.max_map_count
shell: sysctl -p
become: yes
when:
- ansible_distribution == 'Amazon'
- name: RedHat/CentOS/Fedora | Install OpenDistro dependencies - name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
yum: yum:

14
roles/opensearch/wazuh-indexer/tasks/local_actions.yml
View File

@ -67,6 +67,20 @@
bash {{ local_certs_path }}/wazuh-cert-tool.sh bash {{ local_certs_path }}/wazuh-cert-tool.sh
become: yes become: yes
- name: Get Certificate files
find:
paths: "{{ local_certs_path }}/certs"
patterns: "*"
register: certificate_files
- name: Change Certificates Ownership
file:
path: "{{ item.path }}"
owner: "{{ ansible_effective_user_id }}"
group: "{{ ansible_effective_user_id }}"
become: yes
with_items: "{{ certificate_files.files }}"
run_once: true run_once: true
delegate_to: localhost delegate_to: localhost
become: no become: no

2
roles/opensearch/wazuh-indexer/tasks/security_actions.yml
View File

@ -70,7 +70,7 @@
- name: Hashing the custom admin password - name: Hashing the custom admin password
command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301 command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301
register: indexer_admin_password_hashed register: indexer_admin_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}' #no_log: '{{ indexer_nolog_sensible | bool }}'
run_once: true run_once: true
- name: Set the Admin user password - name: Set the Admin user password

10
roles/opensearch/wazuh-indexer/templates/opensearch.yml.j2
View File

@ -7,7 +7,13 @@ cluster.initial_master_nodes:
{% for item in indexer_cluster_nodes %} {% for item in indexer_cluster_nodes %}
- {{ item }} - {{ item }}
{% endfor %} {% endfor %}
discovery.seed_hosts:
{% for item in elasticsearch_discovery_nodes %}
- {{ item }}
{% endfor %}
{% endif %} {% endif %}
cluster.name: {{ indexer_cluster_name }} cluster.name: {{ indexer_cluster_name }}
http.port: 9700-9799 http.port: 9700-9799
@ -40,7 +46,9 @@ plugins.security.authcz.admin_dn:
plugins.security.check_snapshot_restore_write_privileges: true plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn: plugins.security.nodes_dn:
- "CN={{ indexer_node_name }},OU=Docu,O=Wazuh,L=California,C=US" {% for (key,value) in instances.items() %}
- "CN={{ value.name }},OU=Docu,O=Wazuh,L=California,C=US"
{% endfor %}
plugins.security.restapi.roles_enabled: plugins.security.restapi.roles_enabled:
- "all_access" - "all_access"
- "security_rest_api_access" - "security_rest_api_access"

26
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,27 +1,31 @@
--- ---
filebeat_version: 7.10.2 filebeat_version: 7.10.2
wazuh_template_branch: v4.3.0 wazuh_template_branch: v4.2.5
filebeat_output_elasticsearch_hosts: filebeat_output_elasticsearch_hosts:
- "localhost:9200" - "localhost:9700"
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat #filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/ filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module filebeat_module_destination: /usr/share/filebeat/module
filebeat_module_folder: /usr/share/filebeat/module/wazuh filebeat_module_folder: /usr/share/filebeat/module/wazuh
elasticsearch_security_user: admin indexer_security_user: admin
elasticsearch_security_password: changeme indexer_security_password: changeme
# Security plugin # Security plugin
filebeat_security: true filebeat_security: true
filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_dir: /etc/pki/filebeat
# Local path to store the generated certificates (OpenDistro security plugin) # Local path to store the generated certificates (OpenDistro security plugin)
local_certs_path: ./opendistro/certificates local_certs_path: ./indexer/certificates
elasticrepo: filebeatrepo:
apt: 'https://artifacts.elastic.co/packages/oss-7.x/apt' #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://artifacts.elastic.co/packages/oss-7.x/yum' apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' #yum: 'https://packages.wazuh.com/4.x/yum/'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'

6
roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml
View File

@ -11,13 +11,13 @@
- name: Debian/Ubuntu | Add Elasticsearch apt key. - name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key: apt_key:
url: "{{ elasticrepo.gpg }}" url: "{{ filebeatrepo.gpg }}"
id: "{{ elasticrepo.key_id }}" id: "{{ filebeatrepo.key_id }}"
state: present state: present
- name: Debian/Ubuntu | Add Filebeat-oss repository. - name: Debian/Ubuntu | Add Filebeat-oss repository.
apt_repository: apt_repository:
repo: "deb {{ elasticrepo.apt }} stable main" repo: "{{ filebeatrepo.apt }}"
state: present state: present
update_cache: true update_cache: true
changed_when: false changed_when: false

2
roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
apt_repository: apt_repository:
repo: "deb {{ elasticrepo.apt }} stable main" repo: "{{ filebeatrepo.apt }}"
state: absent state: absent
changed_when: false changed_when: false

4
roles/wazuh/ansible-filebeat-oss/tasks/RedHat.yml
View File

@ -3,7 +3,7 @@
yum_repository: yum_repository:
name: elastic_oss-repo_7 name: elastic_oss-repo_7
description: Elastic repository for 7.x packages description: Elastic repository for 7.x packages
baseurl: "{{ elasticrepo.yum }}" baseurl: "{{ filebeatrepo.yum }}"
gpgkey: "{{ elasticrepo.gpg }}" gpgkey: "{{ filebeatrepo.gpg }}"
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false

2
roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml
View File

@ -16,7 +16,7 @@
group: root group: root
mode: 0644 mode: 0644
with_items: with_items:
- "{{ filebeat_node_name }}.key" - "{{ filebeat_node_name }}-key.pem"
- "{{ filebeat_node_name }}.pem" - "{{ filebeat_node_name }}.pem"
- "root-ca.pem" - "root-ca.pem"

6
roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2
View File

@ -19,13 +19,13 @@ output.elasticsearch:
hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} hosts: {{ filebeat_output_elasticsearch_hosts | to_json }}
{% if filebeat_security %} {% if filebeat_security %}
username: {{ elasticsearch_security_user }} username: {{ indexer_security_user }}
password: {{ elasticsearch_security_password }} password: {{ indexer_security_password }}
protocol: https protocol: https
ssl.certificate_authorities: ssl.certificate_authorities:
- {{ filebeat_ssl_dir }}/root-ca.pem - {{ filebeat_ssl_dir }}/root-ca.pem
ssl.certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem" ssl.certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem"
ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.key" ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem"
{% endif %} {% endif %}
# Optional. Send events to Logstash instead of Elasticsearch # Optional. Send events to Logstash instead of Elasticsearch

9
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -61,9 +61,12 @@ wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
wazuh_agent_repo: wazuh_agent_repo:
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/' apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' #yum: 'https://packages.wazuh.com/4.x/yum/'
yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
# This is deprecated, see: wazuh_agent_address # This is deprecated, see: wazuh_agent_address

9
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -38,9 +38,12 @@ wazuh_manager_sources_installation:
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
wazuh_manager_repo: wazuh_manager_repo:
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/' apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' #yum: 'https://packages.wazuh.com/4.x/yum/'
yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
#gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'