From 02e0ae9c861b386afd8932fb6a37c08f39520c6f Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 31 Jul 2019 11:59:34 +0200 Subject: [PATCH 01/79] Update Pipfile Updated Ansible vulnerable version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..89f86b7c 100644 --- a/Pipfile +++ b/Pipfile @@ -5,7 +5,7 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.11" +ansible = "==2.7.12" molecule = "*" [dev-packages] From c171f3905b5c6dd5436ae81c13992f0433afc282 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 7 Aug 2019 12:00:39 +0200 Subject: [PATCH 02/79] Bump version --- CHANGELOG.md | 4 ++++ VERSION | 4 ++-- molecule/default/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3221e38f..f92b855d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ All notable changes to this project will be documented in this file. - Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204). +### Fixed + +- Fixed network.host is not localhost [@rshad](https://github.com/rshad) [#204](https://github.com/wazuh/wazuh-ansible/pull/212). + ## [v3.9.3_7.2.0] ### Added diff --git a/VERSION b/VERSION index fe2acb96..8909e7be 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.3" -REVISION="3930" +WAZUH-ANSIBLE_VERSION="v3.9.4" +REVISION="3940" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 4be45b4e..e55bc894 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_wazuh_packages_are_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 48fdfc6e..223f4198 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.3" + return "3.9.4" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index dcaa0f59..32a194c8 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.2.0 -wazuh_version: 3.9.3 +wazuh_version: 3.9.4 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ad2a93c9..d0898cb0 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.3 +wazuh_agent_version: 3.9.4 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -24,7 +24,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.3' + version: '3.9.4' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: c3fdbd6c121ca371b8abcd477ed4e8a4 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b93bd8ef..a35e3387 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.3 +wazuh_manager_api_version: 3.9.4 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 69427edea6e45567212415ff57a388ddd1aa80a4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 16:45:23 +0200 Subject: [PATCH 03/79] initial changes --- roles/wazuh/ansible-filebeat/defaults/main.yml | 5 +++++ roles/wazuh/ansible-filebeat/tasks/main.yml | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 103d61eb..1fed5fb0 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -43,3 +43,8 @@ node_certs_destination: /etc/filebeat/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /root/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7bafcc79..b0e5371c 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,6 +88,19 @@ - filebeat_xpack_security tags: xpack-security +- name: Download Filebeat module package + get_url: + url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + dest: "{{ filebeat_module_package_path }}" + +- name: Unpakcaging Filebeat module package + unarchive: + src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + dest: "{{ filebeat_module_destination }}" + +- name: Setting 0755 permission for Filebeat module folder + file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + - import_tasks: config.yml when: filebeat_create_config notify: restart filebeat From da005fea58a33dd77e8c356de26e990f76fc27dd Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 10:27:42 +0200 Subject: [PATCH 04/79] removed Java installation tasks for SysV systems --- molecule/filebeat/molecule.yml | 34 ++++++++-------- molecule/filebeat/prepare.yml | 1 + molecule/kibana/molecule.yml | 40 +++++++++---------- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/Debian.yml | 14 ------- .../ansible-elasticsearch/tasks/RedHat.yml | 7 ---- roles/wazuh/ansible-filebeat/tasks/main.yml | 5 ++- 7 files changed, 42 insertions(+), 60 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e456c4ae..761326f3 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,23 +11,23 @@ lint: platforms: - name: trusty image: ubuntu:trusty - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - privileged: true - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init - - name: centos6 - image: geerlingguy/docker-centos6-ansible - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + # - name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # privileged: true + # - name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + #- name: centos6 + # image: geerlingguy/docker-centos6-ansible + # privileged: true + # command: /sbin/init + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:ro + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml index f3dc9aac..49325b85 100644 --- a/molecule/filebeat/prepare.yml +++ b/molecule/filebeat/prepare.yml @@ -7,6 +7,7 @@ - name: "Install Python packages for Trusty to solve trust issues" package: name: + - python-apt - python-setuptools - python-pip state: latest diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 2017a6bd..8cf21dc2 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,31 +9,31 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: bionic +# image: solita/ubuntu-systemd:bionic +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 +# privileged: true +# memory_reservation: 1024m +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 1024m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 1024m - ulimits: - - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 1024m diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 74fc1038..18543dce 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,3 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana + \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index b35f11e1..67a34e7e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -8,12 +8,6 @@ register: elasticsearch_ca_packages_installed until: elasticsearch_ca_packages_installed is succeeded -- name: "Install Java Repo for Trusty" - apt_repository: repo='ppa:openjdk-r/ppa' - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: @@ -24,14 +18,6 @@ - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 -- name: Install Oracle Java 8 - become: true - apt: name=openjdk-8-jdk - - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - name: Update and upgrade apt packages become: true apt: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 81176ee0..16366dfc 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,13 +9,6 @@ gpgcheck: true changed_when: false -- name: CentOS x.x => x.x < 7.0 | Installing Java - yum: - name: java-1.8.0-openjdk.x86_64 - state: present - when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7 - - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present tags: install diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index b0e5371c..7e1d408a 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -90,13 +90,14 @@ - name: Download Filebeat module package get_url: - url: https://packages-dev.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} + url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" - name: Unpakcaging Filebeat module package - unarchive: + unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" + remote_src: yes - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes From 2b7bf881aebc3ba4c989d59be0180d2464291016 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 11:54:51 +0200 Subject: [PATCH 05/79] improved the tasks of filebeat module installation and fixed idempotence errors --- Pipfile | 1 + molecule/filebeat/molecule.yml | 10 +++++----- roles/wazuh/ansible-filebeat/tasks/main.yml | 22 ++++++++++++++++++++- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..e7dab50e 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +clean = "molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 761326f3..e85c687d 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -9,8 +9,8 @@ lint: config-data: ignore: .virtualenv platforms: - - name: trusty - image: ubuntu:trusty + # - name: trusty + # image: ubuntu:trusty # - name: bionic # image: solita/ubuntu-systemd:bionic # command: /sbin/init @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 7e1d408a..8328e068 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -88,19 +88,39 @@ - filebeat_xpack_security tags: xpack-security +- name: Checking if Filebeat Module folder file exists + stat: + path: "{{ filebeat_module_folder }}" + register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} dest: "{{ filebeat_module_package_path }}" + when: not filebeat_module_folder.stat.exists -- name: Unpakcaging Filebeat module package +- name: Unpakcing Filebeat module package unarchive: src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" dest: "{{ filebeat_module_destination }}" remote_src: yes + when: not filebeat_module_folder.stat.exists - name: Setting 0755 permission for Filebeat module folder file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes + when: not filebeat_module_folder.stat.exists + +- name: Checking if Filebeat Module package file exists + stat: + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + register: filebeat_module_package + when: filebeat_module_package is not defined + +- name: Delete Filebeat module package file + file: + state: absent + path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}" + when: filebeat_module_package.stat.exists - import_tasks: config.yml when: filebeat_create_config From cb5149c6290c8da765f043ae130f7c56fcbb68ef Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jul 2019 17:36:31 +0200 Subject: [PATCH 06/79] Fix Kibana APP installation by becoming user kibana --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 4e12b1b2..a32b90fd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -118,14 +118,14 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana - ignore_errors: "{{ kibana_plugin_install_ignore_error }}" + become_user: kibana tags: - install - skip_ansible_lint From cae6e96be66f51596bffebfa40fa8bdee73853bf Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 14:43:29 +0200 Subject: [PATCH 07/79] changing default variables values --- molecule/filebeat/molecule.yml | 12 ++++++------ molecule/kibana/molecule.yml | 1 - playbooks/wazuh-elastic.yml | 5 +++-- playbooks/wazuh-kibana.yml | 10 +++------- playbooks/wazuh-manager.yml | 8 +++----- .../ansible-elasticsearch/defaults/main.yml | 3 +-- .../ansible-elasticsearch/tasks/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 ++ roles/wazuh/ansible-filebeat/tasks/main.yml | 1 + 9 files changed, 20 insertions(+), 24 deletions(-) diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index e85c687d..699495d1 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -12,9 +12,9 @@ platforms: # - name: trusty # image: ubuntu:trusty # - name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # privileged: true + image: solita/ubuntu-systemd:bionic + command: /sbin/init + privileged: true # - name: xenial # image: solita/ubuntu-systemd:xenial # privileged: true @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + #- name: centos7 + # image: milcom/centos7-systemd + # privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 8cf21dc2..42b55fd3 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -55,7 +55,6 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 256 - kibana_plugin_install_ignore_error: true verifier: name: testinfra lint: diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml index 0c3b0a61..36bd9b1d 100644 --- a/playbooks/wazuh-elastic.yml +++ b/playbooks/wazuh-elastic.yml @@ -1,4 +1,5 @@ --- -- hosts: +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: '' diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 2fc5cc1d..200f4891 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,10 +1,6 @@ --- -- hosts: 172.16.0.162 +- hosts: roles: - role: ../roles/elastic-stack/ansible-kibana - kibana_xpack_security: true - kibana_user: elastic - kibana_password: elastic_pass - kibana_node_name: node-2 - elasticsearch_network_host: 172.16.0.161 - node_certs_generator: false + elasticsearch_network_host: + diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index 93fb9e9d..5ec6a50b 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,10 +1,8 @@ --- -- hosts: 172.16.0.161 +- hosts: roles: - role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-filebeat - filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 - filebeat_xpack_security: true - filebeat_node_name: node-1 - node_certs_generator: true + filebeat_output_elasticsearch_hosts: :9200 + diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index a07f02e2..58b5e308 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -3,10 +3,9 @@ elasticsearch_cluster_name: wazuh elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 -elasticsearch_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.2.0 -single_node: false +single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 99782056..8fb9184d 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -259,7 +259,7 @@ state: started - name: Make sure Elasticsearch is running before proceeding - wait_for: host={{ elasticsearch_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400 tags: - configure - init diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 32a194c8..9e9367ca 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -23,3 +23,5 @@ node_certs_destination: /etc/kibana/certs rsync_path: /usr/bin/rsync rsync_user: vagrant rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + +kibana_plugin_install_ignore_error: true \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 8328e068..fbf8cfbf 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -93,6 +93,7 @@ path: "{{ filebeat_module_folder }}" register: filebeat_module_folder + - name: Download Filebeat module package get_url: url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }} From c1c5f90bc34ef1184d54b4a9cd68da820f46cace Mon Sep 17 00:00:00 2001 From: Jose M Date: Fri, 16 Aug 2019 18:11:00 +0200 Subject: [PATCH 08/79] Updating tests --- molecule/default/molecule.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..97f0fef9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,37 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true + memory_reservation: 2048m command: /sbin/init - - name: trusty - image: ubuntu:trusty + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 - name: centos6 image: centos:6 + privileged: true + memory_reservation: 2048m + ulimits: + - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd + memory_reservation: 2048m privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: From 7ab3f960c84d4c3158cbbac9477fa7502d6ff7ae Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 19:23:46 +0200 Subject: [PATCH 09/79] fixed some molecule errors --- Pipfile | 2 +- molecule/default/molecule.yml | 24 +++++++++++-------- molecule/default/playbook.yml | 8 +++---- molecule/elasticsearch/molecule.yml | 12 +++++----- molecule/filebeat/molecule.yml | 2 +- molecule/kibana/playbook.yml | 1 + .../ansible-elasticsearch/tasks/main.yml | 7 ------ 7 files changed, 26 insertions(+), 30 deletions(-) diff --git a/Pipfile b/Pipfile index e7dab50e..77eeea6b 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" -test ="molecule test" +test ="molecule test --destroy=never" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f37858bc..064b4643 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,18 +8,22 @@ lint: enabled: false platforms: - name: bionic - image: ubuntu:bionic - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true + image: solita/ubuntu-systemd:bionic command: /sbin/init - - name: trusty - image: ubuntu:trusty - - name: centos6 - image: centos:6 - - name: centos7 - image: milcom/centos7-systemd privileged: true + ulimits: + - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# command: /sbin/init +# - name: trusty +# image: ubuntu:trusty +# - name: centos6 +# image: centos:6 +# - name: centos7 +# image: milcom/centos7-systemd +# privileged: true provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 639e6320..e692aaae 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,8 +3,6 @@ hosts: all roles: - role: wazuh/ansible-wazuh-manager - -# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' -# Elasticsearch requires too much memory to test multiple containers concurrently - To Fix -# - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} -# - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 1ad6ef7b..b252e554 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -23,12 +23,12 @@ platforms: command: /sbin/init ulimits: - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 - name: centos6 image: centos:6 privileged: true diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 699495d1..7ad07f77 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,7 +11,7 @@ lint: platforms: # - name: trusty # image: ubuntu:trusty - # - name: bionic + - name: bionic image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 18543dce..6deac809 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,5 +2,6 @@ - name: Converge hosts: all roles: + - role: elastic-stack/ansible-kibana \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8fb9184d..7ee77beb 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -245,13 +245,6 @@ - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) -- name: Distribution is centos 6.* | Enable Elasticsearch - service: name=elasticsearch enabled=yes - -- name: Distribution is centos 6.* | Start Elasticsearch - service: name=elasticsearch state=started - ignore_errors: true - - name: Ensure Elasticsearch started and enabled service: name: elasticsearch From 60f58e99386d223c1ad3df1bc7724f597b78459d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 16 Aug 2019 20:09:08 +0200 Subject: [PATCH 10/79] completed --- Pipfile | 1 + molecule/default/playbook.yml | 6 +-- molecule/default/tests/test_default.py | 51 +++++++++++++++++++ .../ansible-kibana/tasks/main.yml | 1 + 4 files changed, 56 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 77eeea6b..f85e6439 100644 --- a/Pipfile +++ b/Pipfile @@ -16,6 +16,7 @@ python_version = "2.7" [scripts] clean = "molecule destroy" test ="molecule test --destroy=never" +verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index e692aaae..f34d0837 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,7 @@ - name: Converge hosts: all roles: - - role: wazuh/ansible-wazuh-manager - - {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} + #- role: wazuh/ansible-wazuh-manager + #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} + #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..da8f772b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -78,3 +78,54 @@ def test_open_ports(host): elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening assert not host.socket("tcp://:::1514").is_listening + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.0') + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_elasticsearch_is_installed(host): + """Test if the elasticsearch package is installed.""" + elasticsearch = host.package("elasticsearch") + assert elasticsearch.is_installed + assert elasticsearch.version.startswith('7.2.0') + + +def test_elasticsearch_is_running(host): + """Test if the services are enabled and running.""" + elasticsearch = host.service("elasticsearch") + assert elasticsearch.is_enabled + assert elasticsearch.is_running + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_port_kibana_is_open(host): + """Test if the port 5601 is open and listening to connections.""" + host.socket("tcp://0.0.0.0:5601").is_listening + + +def test_find_correct_elasticsearch_version(host): + """Test if we find the kibana/elasticsearch version in package.json""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") + assert kibana.contains("7.2.0") + + +def test_wazuh_plugin_installed(host): + """Make sure there is a plugin wazuh directory.""" + kibana = host.file("/usr/share/kibana/plugins/wazuh/") + + assert kibana.is_directory \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a32b90fd..fe0c9365 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -125,6 +125,7 @@ executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana + become: yes become_user: kibana tags: - install From c59c0fd008d3662410333406508b7f6fb84b39b7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:07:38 +0200 Subject: [PATCH 11/79] uncommented some platforms in Molecule tests and made the default test running only for the manager --- molecule/default/molecule.yml | 26 +++++++++++++------------- molecule/default/playbook.yml | 6 ++---- molecule/elasticsearch/molecule.yml | 12 ++++++------ molecule/filebeat/molecule.yml | 14 +++++++------- molecule/kibana/molecule.yml | 28 ++++++++++++++-------------- 5 files changed, 42 insertions(+), 44 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4b1b2677..ea838971 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -#- name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 +- name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 +- name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index f34d0837..242a3777 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,7 +2,5 @@ - name: Converge hosts: all roles: - #- role: wazuh/ansible-wazuh-manager - #- {role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'localhost:9200'} - #- {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: wazuh/ansible-wazuh-manager + diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index b252e554..7b2bbe1f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -29,12 +29,12 @@ platforms: #memory_reservation: 2048m #ulimits: #- nofile:262144:262144 - - name: centos6 - image: centos:6 - privileged: true - memory_reservation: 2048m - ulimits: - - nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 - name: centos7 image: milcom/centos7-systemd memory_reservation: 2048m diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 7ad07f77..a094407a 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -15,19 +15,19 @@ platforms: image: solita/ubuntu-systemd:bionic command: /sbin/init privileged: true - # - name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + command: /sbin/init #- name: centos6 # image: geerlingguy/docker-centos6-ansible # privileged: true # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - #- name: centos7 - # image: milcom/centos7-systemd - # privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 42b55fd3..20ea5e07 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: -# - name: bionic -# image: solita/ubuntu-systemd:bionic -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 -# privileged: true -# memory_reservation: 1024m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 1024m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m From 37cd4893b3105c78b3bb35f72e156058a2fc0302 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:27:44 +0200 Subject: [PATCH 12/79] fixed some linting errors and removed the changes added to the tests --- Pipfile | 1 - molecule/default/molecule.yml | 26 ++++++------- molecule/default/tests/test_default.py | 53 +------------------------- molecule/filebeat/molecule.yml | 6 +-- 4 files changed, 17 insertions(+), 69 deletions(-) diff --git a/Pipfile b/Pipfile index f85e6439..b0784518 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,6 @@ molecule = "*" python_version = "2.7" [scripts] -clean = "molecule destroy" test ="molecule test --destroy=never" verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ea838971..ad7d7219 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 5120m -- name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -- name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index da8f772b..8e1817e3 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,55 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.2.0') - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_elasticsearch_is_installed(host): - """Test if the elasticsearch package is installed.""" - elasticsearch = host.package("elasticsearch") - assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.0') - - -def test_elasticsearch_is_running(host): - """Test if the services are enabled and running.""" - elasticsearch = host.service("elasticsearch") - assert elasticsearch.is_enabled - assert elasticsearch.is_running - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_port_kibana_is_open(host): - """Test if the port 5601 is open and listening to connections.""" - host.socket("tcp://0.0.0.0:5601").is_listening - - -def test_find_correct_elasticsearch_version(host): - """Test if we find the kibana/elasticsearch version in package.json""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.0") - - -def test_wazuh_plugin_installed(host): - """Make sure there is a plugin wazuh directory.""" - kibana = host.file("/usr/share/kibana/plugins/wazuh/") - - assert kibana.is_directory \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index a094407a..5e055508 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -25,9 +25,9 @@ platforms: # command: /sbin/init # volumes: # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true + - name: centos7 + image: milcom/centos7-systemd + privileged: true provisioner: name: ansible playbooks: From 9d9aa9088add1fe32f0038a72fc7b33ca6618c90 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 10:54:34 +0200 Subject: [PATCH 13/79] fixed flake8 errors --- molecule/default/tests/test_default.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 8e1817e3..e55bc894 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert not host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening \ No newline at end of file + assert not host.socket("tcp://:::1514").is_listening From 07172620cd31500a59c16b4f91287c5414bcbba0 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:37:58 +0200 Subject: [PATCH 14/79] fixed tests for molecule/default --- Pipfile | 1 - molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 8 ++++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Pipfile b/Pipfile index b0784518..9919f2cd 100644 --- a/Pipfile +++ b/Pipfile @@ -15,7 +15,6 @@ python_version = "2.7" [scripts] test ="molecule test --destroy=never" -verify_test ="molecule verify" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index ad7d7219..23b9f5ce 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e55bc894..45a52de1 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert not host.socket("tcp://0.0.0.0:1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert not host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening From c15a466912551704ef4d29bfc701fede1f0bcc2c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 11:52:54 +0200 Subject: [PATCH 15/79] fixed tests for molecule/default .. --- molecule/default/tests/test_default.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 45a52de1..6e5b3294 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,8 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening + assert host.socket("tcp://:::1515").is_listening + assert host.socket("tcp://:::1514").is_listening From 0d0032e2dced163675121ad6e2d03c5292e3e13f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:17:36 +0200 Subject: [PATCH 16/79] improved molecule/default tests --- molecule/default/tests/test_default.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 6e5b3294..7757401e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -76,5 +76,5 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://:::1515").is_listening - assert host.socket("tcp://:::1514").is_listening + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file From 8fbac1af24e4bbc72a288e76e7a72a7622ab1e8f Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:21:54 +0200 Subject: [PATCH 17/79] removed some additional changes from Pipefile --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 9919f2cd..9e3b448b 100644 --- a/Pipfile +++ b/Pipfile @@ -14,7 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" +test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" From 70e2d68cb0295a1740dc4ab260d4743e28c0e4c7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 12:44:47 +0200 Subject: [PATCH 18/79] reduced the memory ram for molecule/default --- Pipfile | 1 + molecule/default/molecule.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index 9e3b448b..118d47c9 100644 --- a/Pipfile +++ b/Pipfile @@ -14,6 +14,7 @@ molecule = "*" python_version = "2.7" [scripts] +destroy ="molecule destroy" test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 23b9f5ce..bc49d808 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,7 +13,7 @@ platforms: ulimits: - nofile:262144:262144 privileged: true - memory_reservation: 5120m + memory_reservation: 2048m - name: xenial image: solita/ubuntu-systemd:xenial privileged: true @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - - idempotence + # - idempotence - side_effect - verify - cleanup From 9582a0aacd2f7d4afb0d66a9e8ebe72f9ba357e8 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 13:16:51 +0200 Subject: [PATCH 19/79] updated ansible and molecule versions --- Pipfile | 4 ++-- molecule/default/tests/test_default.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Pipfile b/Pipfile index 118d47c9..3de882c3 100644 --- a/Pipfile +++ b/Pipfile @@ -5,8 +5,8 @@ name = "pypi" [packages] docker-py = "*" -ansible = "==2.7.11" -molecule = "*" +ansible = "==2.7.13" +molecule = "2.20" [dev-packages] diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 7757401e..227f8e59 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -77,4 +77,4 @@ def test_open_ports(host): assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening \ No newline at end of file + assert host.socket("tcp://127.0.0.1:1514").is_listening From c295ac2ea45fa7697404edf744e8f4d03cb476eb Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 13:34:36 +0200 Subject: [PATCH 20/79] bump version for 3.9.5_7.2.1 --- CHANGELOG.md | 7 +++++++ VERSION | 4 ++-- molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 2 +- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/filebeat/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- .../elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 13 files changed, 22 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f92b855d..87570f08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.5_7.2.1] + +### Added + +- Update to Wazuh v3.9.5 +- Update to Elastic Stack to v7.2.1 + ## [v3.9.4_7.2.0] ### Added diff --git a/VERSION b/VERSION index 8909e7be..921c9fb1 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.4" -REVISION="3940" +WAZUH-ANSIBLE_VERSION="v3.9.5" +REVISION="3950" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index bc49d808..6a54a846 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 227f8e59..c5e76d67 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.4" + return "3.9.5" def test_wazuh_packages_are_installed(host): diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index c8be3ed2..31c5da6c 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.0') + assert elasticsearch.version.startswith('7.2.1') def test_elasticsearch_is_running(host): diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py index 106e949d..02638b52 100644 --- a/molecule/filebeat/tests/test_default.py +++ b/molecule/filebeat/tests/test_default.py @@ -10,4 +10,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.0') + assert filebeat.version.startswith('7.2.1') diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index b09e8e20..f57bb8f7 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.0") + assert kibana.contains("7.2.1") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index 223f4198..a4845d06 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.4" + return "3.9.5" def test_ossec_package_installed(Package): diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 58b5e308..31ed74de 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.2.0 +elastic_stack_version: 7.2.1 single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9e9367ca..9ec61091 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.2.0 -wazuh_version: 3.9.4 +elastic_stack_version: 7.2.1 +wazuh_version: 3.9.5 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 1fed5fb0..632ab7e3 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.2.0 +filebeat_version: 7.2.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d0898cb0..2b3f88a4 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.4 +wazuh_agent_version: 3.9.5 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -24,7 +24,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.4' + version: '3.9.5' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: c3fdbd6c121ca371b8abcd477ed4e8a4 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index a35e3387..433e00c6 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.4 +wazuh_manager_api_version: 3.9.5 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From 34c098332efee83e1b5f3ca5e13db8f758a9633b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 15:01:03 +0200 Subject: [PATCH 21/79] fixed Pipefile --- Pipfile | 2 +- molecule/elasticsearch/molecule.yml | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 7b2bbe1f..ebf47ccb 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 + #- name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + # privileged: true + # memory_reservation: 2048m + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 2048m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 #- name: trusty #image: ubuntu:trusty #privileged: true From 553d76b9849af9d6349277f67825de577bea5eff Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 19 Aug 2019 15:09:47 +0200 Subject: [PATCH 22/79] Bump molecule version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] From 67f681db0d974747106917acc5a8e995666c4c86 Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 19 Aug 2019 15:10:44 +0200 Subject: [PATCH 23/79] Bump molecule version --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] From cd090d63eb848132df63e6b1a268470a6c842251 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 15:18:51 +0200 Subject: [PATCH 24/79] removed basename, adapted paths, fixed Pipefile --- Pipfile | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Pipfile b/Pipfile index 3de882c3..ce0266f2 100644 --- a/Pipfile +++ b/Pipfile @@ -6,7 +6,7 @@ name = "pypi" [packages] docker-py = "*" ansible = "==2.7.13" -molecule = "2.20" +molecule = "==2.20.2" [dev-packages] diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 433e00c6..6041c64d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -54,8 +54,8 @@ wazuh_manager_config: use_password: 'no' ssl_agent_ca: null ssl_verify_host: 'no' - ssl_manager_cert: '/var/ossec/etc/sslmanager.cert' - ssl_manager_key: '/var/ossec/etc/sslmanager.key' + ssl_manager_cert: 'sslmanager.cert' + ssl_manager_key: 'sslmanager.key' ssl_auto_negotiate: 'no' email_notification: 'no' mail_to: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 30e5ec87..1dac6f0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -70,7 +70,7 @@ - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" - dest: "/var/ossec/etc/{{ item | basename }}" + dest: "/var/ossec/etc/{{ item }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" From d74e0beeecf8ffebaffa118a1a2b73f1aa96bae3 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 19 Aug 2019 17:15:43 +0200 Subject: [PATCH 25/79] adapted molecule.yml - wazuh-agent - --- molecule/wazuh-agent/molecule.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 47c0012f..953fbb09 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -32,18 +32,18 @@ platforms: - name: wazuh groups: - agent - - name: wazuh_agent_trusty - image: ubuntu:trusty - networks: - - name: wazuh - groups: - - agent - - name: wazuh_agent_centos6 - image: centos:6 - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_trusty + # image: ubuntu:trusty + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos6 + # image: centos:6 + # networks: + # - name: wazuh + # groups: + # - agent - name: wazuh_agent_centos7 image: milcom/centos7-systemd privileged: true From e7614e13e86e1fb87618fe317fb6c2b28113e531 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 20 Aug 2019 15:02:37 +0200 Subject: [PATCH 26/79] added more tests types in Pipefile --- Pipfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index ce0266f2..6b444c31 100644 --- a/Pipfile +++ b/Pipfile @@ -14,9 +14,20 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -destroy ="molecule destroy" +# Normal Case test ="molecule test" agent ="molecule test -s wazuh-agent" elasticsearch ="molecule test -s elasticsearch" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" + +# Do Not destroy the created containers afte the test execution ends. +test_still ="molecule test --destroy=never" +agent_still ="molecule test -s wazuh-agent --destroy=never" +elasticsearch_still ="molecule test -s elasticsearch --destroy=never" +filebeat_still ="molecule test -s filebeat --destroy=never" +kibana_still ="molecule test -s kibana --destroy=never" +destroy_still ="molecule destroy --destroy=never" + +# Destroy all the existing containers ' Created by Molecule ' +destroy ="molecule destroy" From 61625f80eeb199aed791f0e52d9a46aa413a1f11 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 20 Aug 2019 15:10:17 +0200 Subject: [PATCH 27/79] adding new test /molecule/stack --- molecule/stack/Dockerfile.j2 | 14 +++++ molecule/stack/INSTALL.rst | 16 ++++++ molecule/stack/create.yml | 81 ++++++++++++++++++++++++++++ molecule/stack/destroy.yml | 32 +++++++++++ molecule/stack/molecule.yml | 69 ++++++++++++++++++++++++ molecule/stack/playbook.yml | 6 +++ molecule/stack/prepare.yml | 36 +++++++++++++ molecule/stack/tests/test_default.py | 80 +++++++++++++++++++++++++++ 8 files changed, 334 insertions(+) create mode 100644 molecule/stack/Dockerfile.j2 create mode 100644 molecule/stack/INSTALL.rst create mode 100644 molecule/stack/create.yml create mode 100644 molecule/stack/destroy.yml create mode 100644 molecule/stack/molecule.yml create mode 100644 molecule/stack/playbook.yml create mode 100644 molecule/stack/prepare.yml create mode 100644 molecule/stack/tests/test_default.py diff --git a/molecule/stack/Dockerfile.j2 b/molecule/stack/Dockerfile.j2 new file mode 100644 index 00000000..19692c20 --- /dev/null +++ b/molecule/stack/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/stack/INSTALL.rst b/molecule/stack/INSTALL.rst new file mode 100644 index 00000000..e26493b8 --- /dev/null +++ b/molecule/stack/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Install +******* + +Requirements +============ + +* Docker Engine +* docker-py + +Install +======= + +.. code-block:: bash + + $ sudo pip install docker-py diff --git a/molecule/stack/create.yml b/molecule/stack/create.yml new file mode 100644 index 00000000..25932aee --- /dev/null +++ b/molecule/stack/create.yml @@ -0,0 +1,81 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: false + tasks: + - name: Log into a Docker registry + docker_login: + username: "{{ item.registry.credentials.username }}" + password: "{{ item.registry.credentials.password }}" + email: "{{ item.registry.credentials.email | default(omit) }}" + registry: "{{ item.registry.url }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + with_items: "{{ molecule_yml.platforms }}" + when: + - item.registry is defined + - item.registry.credentials is defined + - item.registry.credentials.username is defined + + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: present + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: json-file + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + exposed_ports: "{{ item.exposed_ports | default(omit) }}" + published_ports: "{{ item.published_ports | default(omit) }}" + ulimits: "{{ item.ulimits | default(omit) }}" + networks: "{{ item.networks | default(omit) }}" + dns_servers: "{{ item.dns_servers | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/molecule/stack/destroy.yml b/molecule/stack/destroy.yml new file mode 100644 index 00000000..ddf7062b --- /dev/null +++ b/molecule/stack/destroy.yml @@ -0,0 +1,32 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: false + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + - name: Delete docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + state: absent + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/stack/molecule.yml b/molecule/stack/molecule.yml new file mode 100644 index 00000000..6a54a846 --- /dev/null +++ b/molecule/stack/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + enabled: false +platforms: + - name: bionic + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + - name: xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 2048m +# ulimits: +# - nofile:262144:262144 + - name: centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: default + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + enabled: true diff --git a/molecule/stack/playbook.yml b/molecule/stack/playbook.yml new file mode 100644 index 00000000..242a3777 --- /dev/null +++ b/molecule/stack/playbook.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + diff --git a/molecule/stack/prepare.yml b/molecule/stack/prepare.yml new file mode 100644 index 00000000..f3dc9aac --- /dev/null +++ b/molecule/stack/prepare.yml @@ -0,0 +1,36 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + tasks: + + - name: "Install Python packages for Trusty to solve trust issues" + package: + name: + - python-setuptools + - python-pip + state: latest + register: wazuh_manager_trusty_packages_installed + until: wazuh_manager_trusty_packages_installed is succeeded + when: + - ansible_distribution == "Ubuntu" + - ansible_distribution_major_version | int == 14 + + - name: "Install dependencies" + package: + name: + - curl + - net-tools + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + + - name: "Install (RedHat) dependencies" + package: + name: + - initscripts + state: latest + register: wazuh_manager_dependencies_packages_installed + until: wazuh_manager_dependencies_packages_installed is succeeded + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/stack/tests/test_default.py b/molecule/stack/tests/test_default.py new file mode 100644 index 00000000..c5e76d67 --- /dev/null +++ b/molecule/stack/tests/test_default.py @@ -0,0 +1,80 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.5" + + +def test_wazuh_packages_are_installed(host): + """Test if the main packages are installed.""" + manager = host.package("wazuh-manager") + api = host.package("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + if host.system_info.release == "7": + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + assert api.is_installed + assert api.version.startswith(get_wazuh_version()) + elif host.system_info.release.startswith("6"): + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + elif distribution == 'ubuntu': + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test if the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + manager = host.service("wazuh-manager") + api = host.service("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + # assert manager.is_running + assert manager.is_enabled + # assert not api.is_running + assert not api.is_enabled + elif distribution == 'ubuntu': + # assert manager.is_running + assert manager.is_enabled + # assert api.is_running + assert api.is_enabled + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test if Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_open_ports(host): + """Test if the main port is open and the agent-auth is not open.""" + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening + elif distribution == 'centos': + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening From 8bfe42cf863b80b2fb9017bf781486e2e8cca165 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 09:59:37 +0200 Subject: [PATCH 28/79] deleted a wrong test and stack folder --- Pipfile | 1 - molecule/default/create.yml | 4 +- molecule/default/molecule.yml | 26 ++++----- molecule/filebeat/molecule.yml | 16 +++--- molecule/stack/Dockerfile.j2 | 14 ----- molecule/stack/INSTALL.rst | 16 ------ molecule/stack/create.yml | 81 ---------------------------- molecule/stack/destroy.yml | 32 ----------- molecule/stack/molecule.yml | 69 ------------------------ molecule/stack/playbook.yml | 6 --- molecule/stack/prepare.yml | 36 ------------- molecule/stack/tests/test_default.py | 80 --------------------------- 12 files changed, 23 insertions(+), 358 deletions(-) delete mode 100644 molecule/stack/Dockerfile.j2 delete mode 100644 molecule/stack/INSTALL.rst delete mode 100644 molecule/stack/create.yml delete mode 100644 molecule/stack/destroy.yml delete mode 100644 molecule/stack/molecule.yml delete mode 100644 molecule/stack/playbook.yml delete mode 100644 molecule/stack/prepare.yml delete mode 100644 molecule/stack/tests/test_default.py diff --git a/Pipfile b/Pipfile index 6b444c31..4a393c5a 100644 --- a/Pipfile +++ b/Pipfile @@ -27,7 +27,6 @@ agent_still ="molecule test -s wazuh-agent --destroy=never" elasticsearch_still ="molecule test -s elasticsearch --destroy=never" filebeat_still ="molecule test -s filebeat --destroy=never" kibana_still ="molecule test -s kibana --destroy=never" -destroy_still ="molecule destroy --destroy=never" # Destroy all the existing containers ' Created by Molecule ' destroy ="molecule destroy" diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 25932aee..0fba5542 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -51,9 +51,9 @@ - name: Create molecule instance(s) docker_container: - name: "{{ item.name }}" + name: "manager" docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" + hostname: "manager" image: "molecule_local/{{ item.image }}" state: started recreate: false diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6a54a846..67c54a5b 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,13 +14,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 2048m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 2048m +# privileged: true +# ulimits: +# - nofile:262144:262144 provisioner: name: ansible env: diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml index 5e055508..c111b06e 100644 --- a/molecule/filebeat/molecule.yml +++ b/molecule/filebeat/molecule.yml @@ -11,14 +11,14 @@ lint: platforms: # - name: trusty # image: ubuntu:trusty - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - privileged: true - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init + #- name: bionic + # image: solita/ubuntu-systemd:bionic + # command: /sbin/init + # privileged: true + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init #- name: centos6 # image: geerlingguy/docker-centos6-ansible # privileged: true diff --git a/molecule/stack/Dockerfile.j2 b/molecule/stack/Dockerfile.j2 deleted file mode 100644 index 19692c20..00000000 --- a/molecule/stack/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/stack/INSTALL.rst b/molecule/stack/INSTALL.rst deleted file mode 100644 index e26493b8..00000000 --- a/molecule/stack/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Install -******* - -Requirements -============ - -* Docker Engine -* docker-py - -Install -======= - -.. code-block:: bash - - $ sudo pip install docker-py diff --git a/molecule/stack/create.yml b/molecule/stack/create.yml deleted file mode 100644 index 25932aee..00000000 --- a/molecule/stack/create.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Log into a Docker registry - docker_login: - username: "{{ item.registry.credentials.username }}" - password: "{{ item.registry.credentials.password }}" - email: "{{ item.registry.credentials.email | default(omit) }}" - registry: "{{ item.registry.url }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ molecule_yml.platforms }}" - when: - - item.registry is defined - - item.registry.credentials is defined - - item.registry.credentials.username is defined - - - name: Create Dockerfiles from image names - template: - src: "{{ molecule_scenario_directory }}/Dockerfile.j2" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - with_items: "{{ molecule_yml.platforms }}" - register: platforms - - - name: Discover local Docker images - docker_image_facts: - name: "molecule_local/{{ item.item.name }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - with_items: "{{ platforms.results }}" - register: docker_images - - - name: Build an Ansible compatible image - docker_image: - path: "{{ molecule_ephemeral_directory }}" - name: "molecule_local/{{ item.item.image }}" - docker_host: "{{ item.item.docker_host | default('unix://var/run/docker.sock') }}" - dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" - force: "{{ item.item.force | default(true) }}" - with_items: "{{ platforms.results }}" - when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - - name: Create docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: present - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" - - - name: Create molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "{{ item.name }}" - image: "molecule_local/{{ item.image }}" - state: started - recreate: false - log_driver: json-file - command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" - privileged: "{{ item.privileged | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - exposed_ports: "{{ item.exposed_ports | default(omit) }}" - published_ports: "{{ item.published_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - networks: "{{ item.networks | default(omit) }}" - dns_servers: "{{ item.dns_servers | default(omit) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" diff --git a/molecule/stack/destroy.yml b/molecule/stack/destroy.yml deleted file mode 100644 index ddf7062b..00000000 --- a/molecule/stack/destroy.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: false - tasks: - - name: Destroy molecule instance(s) - docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - force_kill: "{{ item.force_kill | default(true) }}" - register: server - with_items: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" - - - name: Delete docker network(s) - docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - state: absent - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/molecule/stack/molecule.yml b/molecule/stack/molecule.yml deleted file mode 100644 index 6a54a846..00000000 --- a/molecule/stack/molecule.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -platforms: - - name: bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/stack/playbook.yml b/molecule/stack/playbook.yml deleted file mode 100644 index 242a3777..00000000 --- a/molecule/stack/playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-wazuh-manager - diff --git a/molecule/stack/prepare.yml b/molecule/stack/prepare.yml deleted file mode 100644 index f3dc9aac..00000000 --- a/molecule/stack/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/stack/tests/test_default.py b/molecule/stack/tests/test_default.py deleted file mode 100644 index c5e76d67..00000000 --- a/molecule/stack/tests/test_default.py +++ /dev/null @@ -1,80 +0,0 @@ -import os -import pytest - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_wazuh_version(): - """This return the version of Wazuh.""" - return "3.9.5" - - -def test_wazuh_packages_are_installed(host): - """Test if the main packages are installed.""" - manager = host.package("wazuh-manager") - api = host.package("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - if host.system_info.release == "7": - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - assert api.is_installed - assert api.version.startswith(get_wazuh_version()) - elif host.system_info.release.startswith("6"): - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - elif distribution == 'ubuntu': - assert manager.is_installed - assert manager.version.startswith(get_wazuh_version()) - - -def test_wazuh_services_are_running(host): - """Test if the services are enabled and running. - - When assert commands are commented, this means that the service command has - a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 - """ - manager = host.service("wazuh-manager") - api = host.service("wazuh-api") - - distribution = host.system_info.distribution.lower() - if distribution == 'centos': - # assert manager.is_running - assert manager.is_enabled - # assert not api.is_running - assert not api.is_enabled - elif distribution == 'ubuntu': - # assert manager.is_running - assert manager.is_enabled - # assert api.is_running - assert api.is_enabled - - -@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ - ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), - ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), -]) -def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): - """Test if Wazuh related files exist and have proper owners and mode.""" - wazuh_file_host = host.file(wazuh_file) - - assert wazuh_file_host.user == wazuh_owner - assert wazuh_file_host.group == wazuh_group - assert wazuh_file_host.mode == wazuh_mode - - -def test_open_ports(host): - """Test if the main port is open and the agent-auth is not open.""" - distribution = host.system_info.distribution.lower() - if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening - assert host.socket("tcp://0.0.0.0:1514").is_listening - elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening - assert host.socket("tcp://127.0.0.1:1514").is_listening From 0e24c57fc617d918fb7ecb0b3390b19175c2639b Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 15:12:57 +0200 Subject: [PATCH 29/79] fixed communications between containers --- Pipfile | 13 +++------ molecule/default/create.yml | 14 +++++----- molecule/default/molecule.yml | 2 +- molecule/default/playbook.yml | 1 + molecule/elasticsearch/molecule.yml | 27 ++++++++++--------- molecule/elasticsearch/playbook.yml | 2 +- update-dnsmasq.sh | 41 +++++++++++++++++++++++++++++ 7 files changed, 68 insertions(+), 32 deletions(-) create mode 100644 update-dnsmasq.sh diff --git a/Pipfile b/Pipfile index 4a393c5a..e7b1b5c0 100644 --- a/Pipfile +++ b/Pipfile @@ -14,19 +14,12 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -# Normal Case -test ="molecule test" +test ="molecule test --destroy=never" agent ="molecule test -s wazuh-agent" -elasticsearch ="molecule test -s elasticsearch" +elasticsearch ="molecule test -s elasticsearch --destroy=never" filebeat ="molecule test -s filebeat" kibana ="molecule test -s kibana" -# Do Not destroy the created containers afte the test execution ends. -test_still ="molecule test --destroy=never" -agent_still ="molecule test -s wazuh-agent --destroy=never" -elasticsearch_still ="molecule test -s elasticsearch --destroy=never" -filebeat_still ="molecule test -s filebeat --destroy=never" -kibana_still ="molecule test -s kibana --destroy=never" - # Destroy all the existing containers ' Created by Molecule ' +destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy ="molecule destroy" diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 0fba5542..f69ab910 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -44,16 +44,15 @@ - name: Create docker network(s) docker_network: - name: "{{ item }}" - docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" + name: "new_network" state: present - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" + - name: Create molecule instance(s) docker_container: - name: "manager" + name: "{{ item.name }}" docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" - hostname: "manager" + hostname: "{{ item.name }}" image: "molecule_local/{{ item.image }}" state: started recreate: false @@ -65,7 +64,8 @@ exposed_ports: "{{ item.exposed_ports | default(omit) }}" published_ports: "{{ item.published_ports | default(omit) }}" ulimits: "{{ item.ulimits | default(omit) }}" - networks: "{{ item.networks | default(omit) }}" + networks: + - name: "new_network" dns_servers: "{{ item.dns_servers | default(omit) }}" register: server with_items: "{{ molecule_yml.platforms }}" @@ -78,4 +78,4 @@ register: docker_jobs until: docker_jobs.finished retries: 300 - with_items: "{{ server.results }}" + with_items: "{{ server.results }}" \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 67c54a5b..2e5dfa0d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ lint: name: yamllint enabled: false platforms: - - name: bionic + - name: manager image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 242a3777..f181f59a 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,4 +3,5 @@ hosts: all roles: - role: wazuh/ansible-wazuh-manager + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index ebf47ccb..109e2f4f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -9,13 +9,14 @@ lint: config-data: ignore: .virtualenv platforms: - #- name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - # privileged: true - # memory_reservation: 2048m + - name: elasticsearch + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + #- name: xenial # image: solita/ubuntu-systemd:xenial # privileged: true @@ -35,12 +36,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + #- name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 2048m + # privileged: true + # ulimits: + # - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index f6bf45f9..75be4f34 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' + elasticsearch_network_host: 'elasticsearch' diff --git a/update-dnsmasq.sh b/update-dnsmasq.sh new file mode 100644 index 00000000..d4bee8a1 --- /dev/null +++ b/update-dnsmasq.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# 10 seconds interval time by default +INTERVAL=${INTERVAL:-10} + +# dnsmasq config directory +DNSMASQ_CONFIG=${DNSMASQ_CONFIG:-.} + +# commands used in this script +DOCKER=${DOCKER:-docker} +SLEEP=${SLEEP:-sleep} +TAIL=${TAIL:-tail} + +declare -A service_map + +while true +do + changed=false + while read line + do + name=${line##* } + ip=$(${DOCKER} inspect --format '{{.NetworkSettings.IPAddress}}' $name) + # if IP addr changed + if [ -z ${service_map[$name]} ] || [ ${service_map[$name]} != $ip ] + then + service_map[$name]=$ip + # write to file + echo $name has a new IP Address $ip >&2 + echo "host-record=$name,$ip" > "${DNSMASQ_CONFIG}/docker-$name" + changed=true + fi + done < <(${DOCKER} ps | ${TAIL} -n +2) + + # a change of IP address occured, restart dnsmasq + if [ $changed = true ] + then + systemctl restart dnsmasq + fi + + ${SLEEP} $INTERVAL +done From 40ab9eb9f2dfb7e77b91de3e705720fba23ad63d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 16:27:15 +0200 Subject: [PATCH 30/79] adapted wazuh-agent test playbook and created run.sh --- molecule/default/create.yml | 4 +-- molecule/kibana/molecule.yml | 26 +++++++++--------- molecule/kibana/playbook.yml | 1 + molecule/wazuh-agent/molecule.yml | 44 +++++++++++++++---------------- molecule/wazuh-agent/playbook.yml | 30 ++++++++++----------- update-dnsmasq.sh | 41 ---------------------------- 6 files changed, 52 insertions(+), 94 deletions(-) delete mode 100644 update-dnsmasq.sh diff --git a/molecule/default/create.yml b/molecule/default/create.yml index f69ab910..09e1a232 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -44,7 +44,7 @@ - name: Create docker network(s) docker_network: - name: "new_network" + name: "main" state: present @@ -65,7 +65,7 @@ published_ports: "{{ item.published_ports | default(omit) }}" ulimits: "{{ item.ulimits | default(omit) }}" networks: - - name: "new_network" + - name: "main" dns_servers: "{{ item.dns_servers | default(omit) }}" register: server with_items: "{{ molecule_yml.platforms }}" diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 20ea5e07..5067e088 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -16,13 +16,13 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 1024m - - name: xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 +# - name: xenial +# image: solita/ubuntu-systemd:xenial +# privileged: true +# memory_reservation: 1024m +# command: /sbin/init +# ulimits: +# - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m @@ -34,12 +34,12 @@ platforms: # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 - - name: centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 +# - name: centos7 +# image: milcom/centos7-systemd +# memory_reservation: 1024m +# privileged: true +# ulimits: +# - nofile:262144:262144 provisioner: name: ansible playbooks: diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index 6deac809..c7d3acf8 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -4,4 +4,5 @@ roles: - role: elastic-stack/ansible-kibana + elasticsearch_network_host: 'elasticsearch' \ No newline at end of file diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 953fbb09..5c1082cf 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -11,27 +11,27 @@ lint: config-data: ignore: .virtualenv platforms: - - name: wazuh_server_centos7 - image: milcom/centos7-systemd - networks: - - name: wazuh - privileged: true - groups: - - manager + #- name: wazuh_server_centos7 + # image: milcom/centos7-systemd + # networks: + # - name: wazuh + # privileged: true + # groups: + # - manager - name: wazuh_agent_bionic image: ubuntu:bionic networks: - name: wazuh groups: - agent - - name: wazuh_agent_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - command: /sbin/init - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + # networks: + # - name: wazuh + # groups: + # - agent #- name: wazuh_agent_trusty # image: ubuntu:trusty # networks: @@ -44,13 +44,13 @@ platforms: # - name: wazuh # groups: # - agent - - name: wazuh_agent_centos7 - image: milcom/centos7-systemd - privileged: true - networks: - - name: wazuh - groups: - - agent + #- name: wazuh_agent_centos7 + # image: milcom/centos7-systemd + # privileged: true + # networks: + # - name: wazuh + # groups: + # - agent provisioner: name: ansible playbooks: diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml index 5b869569..09413204 100644 --- a/molecule/wazuh-agent/playbook.yml +++ b/molecule/wazuh-agent/playbook.yml @@ -1,20 +1,18 @@ --- - name: Converge - hosts: agent - pre_tasks: - - name: "Get ip Wazuh Manager" - shell: | - set -o pipefail - grep $(hostname) /etc/hosts | awk '{print $1}' | sort | head -n 2 | tail -n 1 - register: wazuh_manager_ip_stdout - changed_when: false - delegate_to: wazuh_server_centos7 - args: - executable: /bin/bash - - - name: "Set fact for ip address" - set_fact: - wazuh_manager_ip: "{{ wazuh_manager_ip_stdout.stdout }}" - + hosts: all roles: - role: wazuh/ansible-wazuh-agent + vars: + wazuh_managers: + - address: 'manager' + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' diff --git a/update-dnsmasq.sh b/update-dnsmasq.sh deleted file mode 100644 index d4bee8a1..00000000 --- a/update-dnsmasq.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# 10 seconds interval time by default -INTERVAL=${INTERVAL:-10} - -# dnsmasq config directory -DNSMASQ_CONFIG=${DNSMASQ_CONFIG:-.} - -# commands used in this script -DOCKER=${DOCKER:-docker} -SLEEP=${SLEEP:-sleep} -TAIL=${TAIL:-tail} - -declare -A service_map - -while true -do - changed=false - while read line - do - name=${line##* } - ip=$(${DOCKER} inspect --format '{{.NetworkSettings.IPAddress}}' $name) - # if IP addr changed - if [ -z ${service_map[$name]} ] || [ ${service_map[$name]} != $ip ] - then - service_map[$name]=$ip - # write to file - echo $name has a new IP Address $ip >&2 - echo "host-record=$name,$ip" > "${DNSMASQ_CONFIG}/docker-$name" - changed=true - fi - done < <(${DOCKER} ps | ${TAIL} -n +2) - - # a change of IP address occured, restart dnsmasq - if [ $changed = true ] - then - systemctl restart dnsmasq - fi - - ${SLEEP} $INTERVAL -done From 65c9785bb54c93964b73f183722ffda7c5352f34 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 21 Aug 2019 17:07:44 +0200 Subject: [PATCH 31/79] deleted filebeat test --- molecule/default/create.yml | 4 +++ molecule/default/tests/test_default.py | 6 ++++ molecule/filebeat/Dockerfile.j2 | 14 -------- molecule/filebeat/INSTALL.rst | 22 ------------ molecule/filebeat/molecule.yml | 45 ------------------------- molecule/filebeat/playbook.yml | 5 --- molecule/filebeat/prepare.yml | 37 -------------------- molecule/filebeat/tests/test_default.py | 13 ------- molecule/kibana/playbook.yml | 4 +-- run_none_cluster.sh | 6 ++++ 10 files changed, 17 insertions(+), 139 deletions(-) delete mode 100644 molecule/filebeat/Dockerfile.j2 delete mode 100644 molecule/filebeat/INSTALL.rst delete mode 100644 molecule/filebeat/molecule.yml delete mode 100644 molecule/filebeat/playbook.yml delete mode 100644 molecule/filebeat/prepare.yml delete mode 100644 molecule/filebeat/tests/test_default.py create mode 100644 run_none_cluster.sh diff --git a/molecule/default/create.yml b/molecule/default/create.yml index 09e1a232..0b25ec81 100644 --- a/molecule/default/create.yml +++ b/molecule/default/create.yml @@ -47,6 +47,10 @@ name: "main" state: present + - name: Sleep 5 seconds till the network gets created if it's not + # Pause for 5 minutes to build app cache. + pause: + seconds: 10 - name: Create molecule instance(s) docker_container: diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index c5e76d67..becf02f7 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -78,3 +78,9 @@ def test_open_ports(host): elif distribution == 'centos': assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.1') \ No newline at end of file diff --git a/molecule/filebeat/Dockerfile.j2 b/molecule/filebeat/Dockerfile.j2 deleted file mode 100644 index e6aa95d3..00000000 --- a/molecule/filebeat/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/filebeat/INSTALL.rst b/molecule/filebeat/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/molecule/filebeat/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml deleted file mode 100644 index c111b06e..00000000 --- a/molecule/filebeat/molecule.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -platforms: - # - name: trusty - # image: ubuntu:trusty - #- name: bionic - # image: solita/ubuntu-systemd:bionic - # command: /sbin/init - # privileged: true - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # command: /sbin/init - #- name: centos6 - # image: geerlingguy/docker-centos6-ansible - # privileged: true - # command: /sbin/init - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos7 - image: milcom/centos7-systemd - privileged: true -provisioner: - name: ansible - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/filebeat/playbook.yml b/molecule/filebeat/playbook.yml deleted file mode 100644 index 3ff917f6..00000000 --- a/molecule/filebeat/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: wazuh/ansible-filebeat diff --git a/molecule/filebeat/prepare.yml b/molecule/filebeat/prepare.yml deleted file mode 100644 index 49325b85..00000000 --- a/molecule/filebeat/prepare.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - tasks: - - - name: "Install Python packages for Trusty to solve trust issues" - package: - name: - - python-apt - - python-setuptools - - python-pip - state: latest - register: wazuh_manager_trusty_packages_installed - until: wazuh_manager_trusty_packages_installed is succeeded - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - - name: "Install dependencies" - package: - name: - - curl - - net-tools - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - - - name: "Install (RedHat) dependencies" - package: - name: - - initscripts - state: latest - register: wazuh_manager_dependencies_packages_installed - until: wazuh_manager_dependencies_packages_installed is succeeded - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py deleted file mode 100644 index 02638b52..00000000 --- a/molecule/filebeat/tests/test_default.py +++ /dev/null @@ -1,13 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_filebeat_is_installed(host): - """Test if the elasticsearch package is installed.""" - filebeat = host.package("filebeat") - assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index c7d3acf8..f560f96d 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -2,7 +2,5 @@ - name: Converge hosts: all roles: - - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch' - \ No newline at end of file + elasticsearch_network_host: 'elasticsearch' \ No newline at end of file diff --git a/run_none_cluster.sh b/run_none_cluster.sh new file mode 100644 index 00000000..77cd0690 --- /dev/null +++ b/run_none_cluster.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +sudo pipenv run elasticsearch +sudo pipenv run test +sudo pipenv run agent +sudo pipenv run kibana \ No newline at end of file From defd2ab2f85e92ae0fca83d787690d742fc60d2a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 11:15:33 +0200 Subject: [PATCH 32/79] added a worker test --- Pipfile | 6 +- molecule/default/molecule.yml | 2 +- molecule/default/tests/test_default.py | 3 +- molecule/worker/Dockerfile.j2 | 14 +++ molecule/worker/molecule.yml | 60 +++++++++++++ molecule/worker/playbook.yml | 11 +++ molecule/worker/tests/test_default.py | 87 +++++++++++++++++++ .../ansible-wazuh-manager/defaults/main.yml | 4 +- run_cluster_mode.sh | 5 ++ 9 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 molecule/worker/Dockerfile.j2 create mode 100644 molecule/worker/molecule.yml create mode 100644 molecule/worker/playbook.yml create mode 100644 molecule/worker/tests/test_default.py create mode 100644 run_cluster_mode.sh diff --git a/Pipfile b/Pipfile index e7b1b5c0..8aa7757a 100644 --- a/Pipfile +++ b/Pipfile @@ -15,10 +15,10 @@ python_version = "2.7" [scripts] test ="molecule test --destroy=never" -agent ="molecule test -s wazuh-agent" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" -filebeat ="molecule test -s filebeat" -kibana ="molecule test -s kibana" +kibana ="molecule test -s kibana --destroy=never" # Destroy all the existing containers ' Created by Molecule ' destroy_elasticsearch ="molecule destroy -s elasticsearch" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 2e5dfa0d..054acc00 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -57,7 +57,7 @@ scenario: - create - prepare - converge - - idempotence + #- idempotence - side_effect - verify - cleanup diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index becf02f7..278ce719 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -79,8 +79,9 @@ def test_open_ports(host): assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening + def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') \ No newline at end of file + assert filebeat.version.startswith('7.2.1') diff --git a/molecule/worker/Dockerfile.j2 b/molecule/worker/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/molecule/worker/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml new file mode 100644 index 00000000..c82aacfc --- /dev/null +++ b/molecule/worker/molecule.yml @@ -0,0 +1,60 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: elasticsearch + image: solita/ubuntu-systemd:bionic + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + + #- name: xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # memory_reservation: 2048m + # command: /sbin/init + # ulimits: + # - nofile:262144:262144 + #- name: trusty + #image: ubuntu:trusty + #privileged: true + #memory_reservation: 2048m + #ulimits: + #- nofile:262144:262144 + #- name: centos6 + # image: centos:6 + # privileged: true + # memory_reservation: 2048m + # ulimits: + # - nofile:262144:262144 + #- name: centos7 + # image: milcom/centos7-systemd + # memory_reservation: 2048m + # privileged: true + # ulimits: + # - nofile:262144:262144 +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml new file mode 100644 index 00000000..6c9a6317 --- /dev/null +++ b/molecule/worker/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + roles: + - { role: wazuh/ansible-wazuh-manager, + wazuh_manager_config.cluster.disable: 'no', + wazuh_manager_config.cluster.name: 'worker-01', + wazuh_manager_config.cluster.node_type: 'worker' + } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py new file mode 100644 index 00000000..278ce719 --- /dev/null +++ b/molecule/worker/tests/test_default.py @@ -0,0 +1,87 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "3.9.5" + + +def test_wazuh_packages_are_installed(host): + """Test if the main packages are installed.""" + manager = host.package("wazuh-manager") + api = host.package("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + if host.system_info.release == "7": + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + assert api.is_installed + assert api.version.startswith(get_wazuh_version()) + elif host.system_info.release.startswith("6"): + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + elif distribution == 'ubuntu': + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test if the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + manager = host.service("wazuh-manager") + api = host.service("wazuh-api") + + distribution = host.system_info.distribution.lower() + if distribution == 'centos': + # assert manager.is_running + assert manager.is_enabled + # assert not api.is_running + assert not api.is_enabled + elif distribution == 'ubuntu': + # assert manager.is_running + assert manager.is_enabled + # assert api.is_running + assert api.is_enabled + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640), + ("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test if Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_open_ports(host): + """Test if the main port is open and the agent-auth is not open.""" + distribution = host.system_info.distribution.lower() + if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1514").is_listening + elif distribution == 'centos': + assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1514").is_listening + + +def test_filebeat_is_installed(host): + """Test if the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.2.1') diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 6041c64d..8c7c1f16 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -35,9 +35,7 @@ wazuh_manager_config: port: '1516' bind_addr: '0.0.0.0' nodes: - - '172.17.0.2' - - '172.17.0.3' - - '172.17.0.4' + - 'manager' hidden: 'no' connection: - type: 'secure' diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh new file mode 100644 index 00000000..e58f0702 --- /dev/null +++ b/run_cluster_mode.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +#sudo pipenv run elasticsearch +sudo pipenv run test +sudo pipenv run worker \ No newline at end of file From 36d3cbee4a16d86c46165064ec572540679babe4 Mon Sep 17 00:00:00 2001 From: Apely Date: Thu, 22 Aug 2019 12:33:45 +0200 Subject: [PATCH 33/79] Update var-ossec-etc-ossec-agent.conf.j2 Hi, it seems that ansible_os_family is too specific for syscheck. Ex: Debian strech ( ansible_os_family == Debian ) --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 7d7e139d..fa8fa349 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -99,14 +99,14 @@ {% endif %} - {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %} + {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% for directory in wazuh_agent_config.syscheck.directories %} {{ directory.dirs }} {% endfor %} {% endif %} - {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %} + {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %} {% for directory in wazuh_agent_config.syscheck.win_directories %} {{ directory.dirs }} {% endfor %} From 675e2c5c88b101bdb84c4d25f513a8434acbc7cd Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 13:07:39 +0200 Subject: [PATCH 34/79] possible solution for ansible variables access and improving Pipefile --- Pipfile | 13 +++++++------ Pipfile.template | 26 ++++++++++++++++++++++++++ molecule/default/playbook.yml | 4 +++- molecule/worker/molecule.yml | 18 +++++++++++++++++- run_cluster_mode.sh | 2 +- 5 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 Pipfile.template diff --git a/Pipfile b/Pipfile index 8aa7757a..34e238d1 100644 --- a/Pipfile +++ b/Pipfile @@ -14,12 +14,13 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" +test ="molecule test --destroy=never --platform _PLATFORM_" +worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" +agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" +elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" +kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Created by Molecule ' +# Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_worker ="molecule destroy -s worker" destroy ="molecule destroy" diff --git a/Pipfile.template b/Pipfile.template new file mode 100644 index 00000000..47567850 --- /dev/null +++ b/Pipfile.template @@ -0,0 +1,26 @@ +[[source]] +url = "https://pypi.org/simple" +verify_ssl = true +name = "pypi" + +[packages] +docker-py = "*" +ansible = "==2.7.13" +molecule = "==2.20.2" + +[dev-packages] + +[requires] +python_version = "2.7" + +[scripts] +test ="molecule test --destroy=never" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" +elasticsearch ="molecule test -s elasticsearch --destroy=never" +kibana ="molecule test -s kibana --destroy=never" + +# Destroy all the existing containers ' Created by Molecule ' +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_worker ="molecule destroy -s worker" +destroy ="molecule destroy" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index f181f59a..c92eaf8f 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,6 +2,8 @@ - name: Converge hosts: all roles: - - role: wazuh/ansible-wazuh-manager + - { role: wazuh/ansible-wazuh-manager, + wazuh_manager_config[cluster][disable]: 'no', + } - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index c82aacfc..11c1fefa 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -9,7 +9,7 @@ lint: config-data: ignore: .virtualenv platforms: - - name: elasticsearch + - name: worker image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: @@ -54,6 +54,22 @@ provisioner: lint: name: ansible-lint enabled: true +scenario: + name: worker + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy verifier: name: testinfra lint: diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index e58f0702..8821f3e2 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,5 +1,5 @@ #!/bin/bash -#sudo pipenv run elasticsearch +sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run worker \ No newline at end of file From e1b084c1a7175b930909eb9f9cada1188ecf80a7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:26:07 +0200 Subject: [PATCH 35/79] Adding hash_behaviour: merge in order not to override the default variables --- Pipfile | 10 +++++----- Pipfile.template | 12 +++++------ molecule/default/playbook.yml | 5 +---- molecule/kibana/molecule.yml | 2 +- molecule/worker/molecule.yml | 3 +++ molecule/worker/playbook.yml | 20 +++++++++++++------ .../ansible-wazuh-manager/tasks/main.yml | 7 +++++++ run_none_cluster.sh | 13 +++++++++++- 8 files changed, 49 insertions(+), 23 deletions(-) diff --git a/Pipfile b/Pipfile index 34e238d1..d878e0b6 100644 --- a/Pipfile +++ b/Pipfile @@ -14,11 +14,11 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never --platform _PLATFORM_" -worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" -agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" -elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" -kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" +test ="molecule test --destroy=never" +worker ="molecule test -s worker --destroy=never" +agent ="molecule test -s wazuh-agent --destroy=never" +elasticsearch ="molecule test -s elasticsearch --destroy=never" +kibana ="molecule test -s kibana --destroy=never" # Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" diff --git a/Pipfile.template b/Pipfile.template index 47567850..34e238d1 100644 --- a/Pipfile.template +++ b/Pipfile.template @@ -14,13 +14,13 @@ molecule = "==2.20.2" python_version = "2.7" [scripts] -test ="molecule test --destroy=never" -worker ="molecule test -s worker --destroy=never" -agent ="molecule test -s wazuh-agent --destroy=never" -elasticsearch ="molecule test -s elasticsearch --destroy=never" -kibana ="molecule test -s kibana --destroy=never" +test ="molecule test --destroy=never --platform _PLATFORM_" +worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" +agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" +elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" +kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Created by Molecule ' +# Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_worker ="molecule destroy -s worker" destroy ="molecule destroy" diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index c92eaf8f..4bb7f5ef 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,8 +2,5 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, - wazuh_manager_config[cluster][disable]: 'no', - } + - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } - diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 5067e088..57017523 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,7 +9,7 @@ lint: config-data: ignore: .virtualenv platforms: - - name: bionic + - name: kibana image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index 11c1fefa..c22b3497 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -44,6 +44,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 6c9a6317..084419b1 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -2,10 +2,18 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, - wazuh_manager_config.cluster.disable: 'no', - wazuh_manager_config.cluster.name: 'worker-01', - wazuh_manager_config.cluster.node_type: 'worker' - } - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'worker-01' + node_type: 'worker' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager' + hidden: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1dac6f0f..1dfa58c2 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,4 +1,11 @@ --- +- debug: + msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} + +- debug: + #msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} + msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} + - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") diff --git a/run_none_cluster.sh b/run_none_cluster.sh index 77cd0690..0bad5d84 100644 --- a/run_none_cluster.sh +++ b/run_none_cluster.sh @@ -1,6 +1,17 @@ #!/bin/bash +if [ -z "$1" ] +then + echo "Platform not selected. Please select a platform. => Aborting" + exit +else + cp Pipfile.template Pipfile + sed -i "s/_PLATFORM_/$1/g" Pipfile +fi + sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run agent -sudo pipenv run kibana \ No newline at end of file +sudo pipenv run kibana + +cp Pipfile.template Pipfile \ No newline at end of file From 902658bd86bb4836e461369cc924bc44fa2d7085 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:30:05 +0200 Subject: [PATCH 36/79] generalizing .. Adding hash_behaviour: merge in order not to override the default variables --- molecule/default/molecule.yml | 3 +++ molecule/elasticsearch/molecule.yml | 3 +++ molecule/kibana/molecule.yml | 3 +++ molecule/wazuh-agent/molecule.yml | 3 +++ molecule/worker/playbook.yml | 2 ++ 5 files changed, 14 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 054acc00..3a707d0d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -41,6 +41,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge env: ANSIBLE_ROLES_PATH: ../../roles lint: diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 109e2f4f..1f2e4180 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -44,6 +44,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 57017523..ba9ceb26 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -42,6 +42,9 @@ platforms: # - nofile:262144:262144 provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml index 5c1082cf..a0b050b1 100644 --- a/molecule/wazuh-agent/molecule.yml +++ b/molecule/wazuh-agent/molecule.yml @@ -53,6 +53,9 @@ platforms: # - agent provisioner: name: ansible + config_options: + defaults: + hash_behaviour: merge playbooks: docker: create: ../default/create.yml diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 084419b1..7e256bbe 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -16,4 +16,6 @@ nodes: - 'manager' hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + From 38d954aeaa268dd3357078dfc518b3a854da4eed Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:38:24 +0200 Subject: [PATCH 37/79] adding execution scenario for elasticsearch test --- molecule/default/playbook.yml | 2 +- molecule/elasticsearch/molecule.yml | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 4bb7f5ef..4b33eb26 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 1f2e4180..564bf371 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -61,6 +61,22 @@ provisioner: group_vars: all: elasticsearch_jvm_xms: 512 +scenario: + name: elasticsearch + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy verifier: name: testinfra lint: From 3249fd86edac74e161a496f5c624810d018a8921 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 22 Aug 2019 16:48:02 +0200 Subject: [PATCH 38/79] adapted testinfra tests for the worker --- Pipfile | 2 ++ molecule/worker/tests/test_default.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index d878e0b6..d4d826df 100644 --- a/Pipfile +++ b/Pipfile @@ -20,6 +20,8 @@ agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" kibana ="molecule test -s kibana --destroy=never" +verify_worker ="molecule verify -s worker" + # Destroy all the existing containers ' Molecule instances ' destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_worker ="molecule destroy -s worker" diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index 278ce719..eef9fbcb 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -73,10 +73,10 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1515").is_listening + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1515").is_listening + assert host.socket("tcp://127.0.0.1:1516").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening From 76029f99fd6993746e9d1c4b55bb0a2612e527f4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 09:58:19 +0200 Subject: [PATCH 39/79] added vars to default/playbook.yml --- molecule/default/playbook.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 4b33eb26..531d8b5f 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -2,5 +2,18 @@ - name: Converge hosts: all roles: - - { role: wazuh/ansible-wazuh-manager, wazuh_manager_config.cluster.disable: 'no' } + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'manager' + node_type: 'master' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager' + hidden: 'no' - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file From adbf200142d72a8b14d9e251796118f6bcd29716 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 10:43:44 +0200 Subject: [PATCH 40/79] fixes for the managers tests and added more tasks in Pipfile --- Pipfile | 14 +++++++++++--- molecule/default/tests/test_default.py | 2 ++ molecule/worker/tests/test_default.py | 2 -- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Pipfile b/Pipfile index d4d826df..2659fa8f 100644 --- a/Pipfile +++ b/Pipfile @@ -20,9 +20,17 @@ agent ="molecule test -s wazuh-agent --destroy=never" elasticsearch ="molecule test -s elasticsearch --destroy=never" kibana ="molecule test -s kibana --destroy=never" +# Verify .. +verify ="molecule verify" verify_worker ="molecule verify -s worker" +verify_agent ="molecule verify -s agent" +verify_elasticsearch ="molecule verify -s elasticsearch" +verify_kibana ="molecule verify -s kibana" -# Destroy all the existing containers ' Molecule instances ' -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_worker ="molecule destroy -s worker" +# Destroy .. destroy ="molecule destroy" +destroy_worker ="molecule destroy -s worker" +destroy_agent ="molecule destroy -s agent" +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_kibana ="molecule destroy -s kibana" + diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 278ce719..174a499f 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -73,9 +73,11 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': + assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://127.0.0.1:1515").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index eef9fbcb..8dc96bbf 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -73,10 +73,8 @@ def test_open_ports(host): """Test if the main port is open and the agent-auth is not open.""" distribution = host.system_info.distribution.lower() if distribution == 'ubuntu': - assert host.socket("tcp://0.0.0.0:1516").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening elif distribution == 'centos': - assert host.socket("tcp://127.0.0.1:1516").is_listening assert host.socket("tcp://127.0.0.1:1514").is_listening From 726a8962c5ab42c5af54d3588c04d47c90f92160 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:00:47 +0200 Subject: [PATCH 41/79] adapted kibana test --- molecule/default/playbook.yml | 4 ++-- molecule/kibana/prepare.yml | 5 ----- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 1 - run_cluster_mode.sh | 3 ++- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 531d8b5f..a492a035 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -14,6 +14,6 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager' + - 'manager_platofrm' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } \ No newline at end of file + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/kibana/prepare.yml b/molecule/kibana/prepare.yml index 7e5ca29d..c5592219 100644 --- a/molecule/kibana/prepare.yml +++ b/molecule/kibana/prepare.yml @@ -34,8 +34,3 @@ until: wazuh_manager_dependencies_packages_installed is succeeded when: - ansible_os_family == 'RedHat' - - roles: - - role: wazuh/ansible-wazuh-manager - - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'localhost' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1dfa58c2..b0b90d87 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -3,7 +3,6 @@ msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} - debug: - #msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} - import_tasks: "RedHat.yml" diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 8821f3e2..0933b9ee 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -2,4 +2,5 @@ sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run worker \ No newline at end of file +sudo pipenv run worker +sudo pipenv run kibana \ No newline at end of file From ce862efdcaac5efc7d39ae90c372b5b99ac67e2c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:28:14 +0200 Subject: [PATCH 42/79] made the platform selection dynamic --- Pipfile.template | 15 ++++++++++--- molecule/default/molecule.yml | 28 +++++++++++------------ molecule/default/playbook.yml | 4 ++-- molecule/default/playbook.yml.template | 19 ++++++++++++++++ molecule/elasticsearch/playbook.yml | 2 +- molecule/kibana/molecule.yml | 28 +++++++++++------------ molecule/kibana/playbook.yml | 2 +- molecule/wazuh-agent/playbook.yml | 2 +- molecule/worker/molecule.yml | 31 +++++++++++++------------- molecule/worker/playbook.yml | 4 ++-- molecule/worker/playbook.yml.template | 21 +++++++++++++++++ run_cluster_mode.sh | 19 +++++++++++++++- run_none_cluster.sh | 17 -------------- 13 files changed, 120 insertions(+), 72 deletions(-) create mode 100644 molecule/default/playbook.yml.template create mode 100644 molecule/worker/playbook.yml.template delete mode 100644 run_none_cluster.sh diff --git a/Pipfile.template b/Pipfile.template index 34e238d1..8cb94bdf 100644 --- a/Pipfile.template +++ b/Pipfile.template @@ -20,7 +20,16 @@ agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" -# Destroy all the existing containers ' Molecule instances ' -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_worker ="molecule destroy -s worker" +# Verify .. +verify ="molecule verify" +verify_worker ="molecule verify -s worker" +verify_agent ="molecule verify -s agent" +verify_elasticsearch ="molecule verify -s elasticsearch" +verify_kibana ="molecule verify -s kibana" + +# Destroy .. destroy ="molecule destroy" +destroy_worker ="molecule destroy -s worker" +destroy_agent ="molecule destroy -s agent" +destroy_elasticsearch ="molecule destroy -s elasticsearch" +destroy_kibana ="molecule destroy -s kibana" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 3a707d0d..7fcb33da 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,20 +7,20 @@ lint: name: yamllint enabled: false platforms: - - name: manager + - name: manager_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 2048m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: manager_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # privileged: true @@ -33,12 +33,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 2048m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: manager_centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index a492a035..d4561c1b 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -14,6 +14,6 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager_platofrm' + - 'manager_bionic' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } \ No newline at end of file diff --git a/molecule/default/playbook.yml.template b/molecule/default/playbook.yml.template new file mode 100644 index 00000000..f73659e9 --- /dev/null +++ b/molecule/default/playbook.yml.template @@ -0,0 +1,19 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'manager' + node_type: 'master' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager_platform' + hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } \ No newline at end of file diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index 75be4f34..0b2f9d5a 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch' + elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index ba9ceb26..96c4ae6f 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -9,20 +9,20 @@ lint: config-data: ignore: .virtualenv platforms: - - name: kibana + - name: kibana_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 1024m -# - name: xenial -# image: solita/ubuntu-systemd:xenial -# privileged: true -# memory_reservation: 1024m -# command: /sbin/init -# ulimits: -# - nofile:262144:262144 + - name: kibana_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 # - name: trusty # image: ubuntu:trusty # memory_reservation: 1024m @@ -34,12 +34,12 @@ platforms: # memory_reservation: 1024m # ulimits: # - nofile:262144:262144 -# - name: centos7 -# image: milcom/centos7-systemd -# memory_reservation: 1024m -# privileged: true -# ulimits: -# - nofile:262144:262144 + - name: kibana_centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index f560f96d..b166ac28 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch' \ No newline at end of file + elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file diff --git a/molecule/wazuh-agent/playbook.yml b/molecule/wazuh-agent/playbook.yml index 09413204..4feac0c2 100644 --- a/molecule/wazuh-agent/playbook.yml +++ b/molecule/wazuh-agent/playbook.yml @@ -5,7 +5,7 @@ - role: wazuh/ansible-wazuh-agent vars: wazuh_managers: - - address: 'manager' + - address: 'manager_platform' port: 1514 protocol: tcp api_port: 55000 diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index c22b3497..894b9453 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -9,22 +9,21 @@ lint: config-data: ignore: .virtualenv platforms: - - name: worker + - name: worker_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 2048m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - #- name: trusty + - name: worker_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 2048m + command: /sbin/init + ulimits: + - nofile:262144:262144 + - name: trusty #image: ubuntu:trusty #privileged: true #memory_reservation: 2048m @@ -36,12 +35,12 @@ platforms: # memory_reservation: 2048m # ulimits: # - nofile:262144:262144 - #- name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 2048m - # privileged: true - # ulimits: - # - nofile:262144:262144 + - name: worker_centos7 + image: milcom/centos7-systemd + memory_reservation: 2048m + privileged: true + ulimits: + - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/worker/playbook.yml b/molecule/worker/playbook.yml index 7e256bbe..a59f93f2 100644 --- a/molecule/worker/playbook.yml +++ b/molecule/worker/playbook.yml @@ -14,8 +14,8 @@ port: '1516' bind_addr: '0.0.0.0' nodes: - - 'manager' + - 'manager_bionic' hidden: 'no' - - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch:9200' } + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' } diff --git a/molecule/worker/playbook.yml.template b/molecule/worker/playbook.yml.template new file mode 100644 index 00000000..45b12d1d --- /dev/null +++ b/molecule/worker/playbook.yml.template @@ -0,0 +1,21 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-manager + vars: + wazuh_manager_config: + cluster: + disable: 'no' + name: 'wazuh' + node_name: 'worker-01' + node_type: 'worker' + key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' + port: '1516' + bind_addr: '0.0.0.0' + nodes: + - 'manager_platform' + hidden: 'no' + - { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' } + + diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 0933b9ee..51e699be 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,6 +1,23 @@ #!/bin/bash +paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) + +if [ -z "$1" ] +then + echo "Platform not selected. Please select a platform. => Aborting" + exit +else + for i in "${paths[@]}" + do + cp "$i/playbook.yml.template" "$i/playbook.yml" + sed -i "s/platform/$1/g" "$i/playbook.yml" + done + + cp Pipfile.template Pipfile + sed -i "s/_PLATFORM_/$1/g" Pipfile +fi + sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run worker +sudo pipenv run agent sudo pipenv run kibana \ No newline at end of file diff --git a/run_none_cluster.sh b/run_none_cluster.sh deleted file mode 100644 index 0bad5d84..00000000 --- a/run_none_cluster.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -if [ -z "$1" ] -then - echo "Platform not selected. Please select a platform. => Aborting" - exit -else - cp Pipfile.template Pipfile - sed -i "s/_PLATFORM_/$1/g" Pipfile -fi - -sudo pipenv run elasticsearch -sudo pipenv run test -sudo pipenv run agent -sudo pipenv run kibana - -cp Pipfile.template Pipfile \ No newline at end of file From a837d8a18d94aae04c93a88349cadf58ce3194c8 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:29:31 +0200 Subject: [PATCH 43/79] made the platform selection dynamic --- run_cluster_mode.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 51e699be..ba9e6af7 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -4,7 +4,8 @@ paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecu if [ -z "$1" ] then - echo "Platform not selected. Please select a platform. => Aborting" + echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" + echo "Run Instruction: ./run_cluster_mode.sh " exit else for i in "${paths[@]}" From 3de387b3584b146ad9d7b0c4bf5d5be18e0f0530 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 11:31:30 +0200 Subject: [PATCH 44/79] made the platform selection dynamic .. --- molecule/elasticsearch/playbook.yml.template | 6 ++++++ molecule/kibana/playbook.yml.template | 6 ++++++ 2 files changed, 12 insertions(+) create mode 100644 molecule/elasticsearch/playbook.yml.template create mode 100644 molecule/kibana/playbook.yml.template diff --git a/molecule/elasticsearch/playbook.yml.template b/molecule/elasticsearch/playbook.yml.template new file mode 100644 index 00000000..0b2f9d5a --- /dev/null +++ b/molecule/elasticsearch/playbook.yml.template @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-elasticsearch + elasticsearch_network_host: 'elasticsearch_platform' diff --git a/molecule/kibana/playbook.yml.template b/molecule/kibana/playbook.yml.template new file mode 100644 index 00000000..b166ac28 --- /dev/null +++ b/molecule/kibana/playbook.yml.template @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + roles: + - role: elastic-stack/ansible-kibana + elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file From f4e4ed472268a1804d3c30e09dcd115c63cb58a5 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 13:12:00 +0200 Subject: [PATCH 45/79] automated the selection of a platform - platform restriction --- Pipfile | 1 - Pipfile.template | 35 -------- molecule/default/molecule.yml | 27 +----- molecule/default/molecule.yml.template | 47 +++++++++++ molecule/elasticsearch/molecule.yml | 30 +------ molecule/elasticsearch/molecule.yml.template | 57 +++++++++++++ molecule/elasticsearch/playbook.yml | 2 +- molecule/kibana/molecule.yml | 2 +- molecule/kibana/molecule.yml.template | 64 ++++++++++++++ molecule/kibana/playbook.yml | 2 +- molecule/wazuh-agent/molecule.yml.template | 89 ++++++++++++++++++++ molecule/wazuh-agent/playbook.yml.template | 18 ++++ molecule/worker/molecule.yml | 28 +----- molecule/worker/molecule.yml.template | 54 ++++++++++++ run_cluster_mode.sh | 30 +++++-- 15 files changed, 359 insertions(+), 127 deletions(-) delete mode 100644 Pipfile.template create mode 100644 molecule/default/molecule.yml.template create mode 100644 molecule/elasticsearch/molecule.yml.template create mode 100644 molecule/kibana/molecule.yml.template create mode 100644 molecule/wazuh-agent/molecule.yml.template create mode 100644 molecule/wazuh-agent/playbook.yml.template create mode 100644 molecule/worker/molecule.yml.template diff --git a/Pipfile b/Pipfile index 2659fa8f..6f709455 100644 --- a/Pipfile +++ b/Pipfile @@ -33,4 +33,3 @@ destroy_worker ="molecule destroy -s worker" destroy_agent ="molecule destroy -s agent" destroy_elasticsearch ="molecule destroy -s elasticsearch" destroy_kibana ="molecule destroy -s kibana" - diff --git a/Pipfile.template b/Pipfile.template deleted file mode 100644 index 8cb94bdf..00000000 --- a/Pipfile.template +++ /dev/null @@ -1,35 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] -docker-py = "*" -ansible = "==2.7.13" -molecule = "==2.20.2" - -[dev-packages] - -[requires] -python_version = "2.7" - -[scripts] -test ="molecule test --destroy=never --platform _PLATFORM_" -worker ="molecule test -s worker --destroy=never --platform _PLATFORM_" -agent ="molecule test -s wazuh-agent --destroy=never --platform _PLATFORM_" -elasticsearch ="molecule test -s elasticsearch --destroy=never --platform _PLATFORM_" -kibana ="molecule test -s kibana --destroy=never --platform _PLATFORM_" - -# Verify .. -verify ="molecule verify" -verify_worker ="molecule verify -s worker" -verify_agent ="molecule verify -s agent" -verify_elasticsearch ="molecule verify -s elasticsearch" -verify_kibana ="molecule verify -s kibana" - -# Destroy .. -destroy ="molecule destroy" -destroy_worker ="molecule destroy -s worker" -destroy_agent ="molecule destroy -s agent" -destroy_elasticsearch ="molecule destroy -s elasticsearch" -destroy_kibana ="molecule destroy -s kibana" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7fcb33da..2561f1ac 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: lint: name: yamllint enabled: false -platforms: +bionics: - name: manager_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -14,31 +14,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: manager_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 2048m -# ulimits: -# - nofile:262144:262144 - - name: manager_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template new file mode 100644 index 00000000..9e67505d --- /dev/null +++ b/molecule/default/molecule.yml.template @@ -0,0 +1,47 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + enabled: false +platforms: + - name: manager_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: default + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 + enabled: true diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 564bf371..11d8902f 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -8,40 +8,14 @@ lint: options: config-data: ignore: .virtualenv -platforms: - - name: elasticsearch +bionics: + - name: elasticsearch_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init ulimits: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - #- name: xenial - # image: solita/ubuntu-systemd:xenial - # privileged: true - # memory_reservation: 2048m - # command: /sbin/init - # ulimits: - # - nofile:262144:262144 - #- name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - #- name: centos7 - # image: milcom/centos7-systemd - # memory_reservation: 2048m - # privileged: true - # ulimits: - # - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template new file mode 100644 index 00000000..abb9bcec --- /dev/null +++ b/molecule/elasticsearch/molecule.yml.template @@ -0,0 +1,57 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: elasticsearch_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 512 +scenario: + name: elasticsearch + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/elasticsearch/playbook.yml b/molecule/elasticsearch/playbook.yml index 0b2f9d5a..6b5c44f8 100644 --- a/molecule/elasticsearch/playbook.yml +++ b/molecule/elasticsearch/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-elasticsearch - elasticsearch_network_host: 'elasticsearch_platform' + elasticsearch_network_host: 'elasticsearch_bionic' diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml index 96c4ae6f..ecd11c49 100644 --- a/molecule/kibana/molecule.yml +++ b/molecule/kibana/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: kibana_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template new file mode 100644 index 00000000..74dddec2 --- /dev/null +++ b/molecule/kibana/molecule.yml.template @@ -0,0 +1,64 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: kibana_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 1024m + - name: kibana_xenial + image: solita/ubuntu-systemd:xenial + privileged: true + memory_reservation: 1024m + command: /sbin/init + ulimits: + - nofile:262144:262144 +# - name: trusty +# image: ubuntu:trusty +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 +# - name: centos6 +# image: centos:6 +# privileged: true +# memory_reservation: 1024m +# ulimits: +# - nofile:262144:262144 + - name: kibana_centos7 + image: milcom/centos7-systemd + memory_reservation: 1024m + privileged: true + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true + inventory: + group_vars: + all: + elasticsearch_jvm_xms: 256 +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/kibana/playbook.yml b/molecule/kibana/playbook.yml index b166ac28..6af17723 100644 --- a/molecule/kibana/playbook.yml +++ b/molecule/kibana/playbook.yml @@ -3,4 +3,4 @@ hosts: all roles: - role: elastic-stack/ansible-kibana - elasticsearch_network_host: 'elasticsearch_platform' \ No newline at end of file + elasticsearch_network_host: 'elasticsearch_bionic' \ No newline at end of file diff --git a/molecule/wazuh-agent/molecule.yml.template b/molecule/wazuh-agent/molecule.yml.template new file mode 100644 index 00000000..a0b050b1 --- /dev/null +++ b/molecule/wazuh-agent/molecule.yml.template @@ -0,0 +1,89 @@ +--- +dependency: + name: galaxy +driver: + name: docker + #lint: + # name: yamllint +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + #- name: wazuh_server_centos7 + # image: milcom/centos7-systemd + # networks: + # - name: wazuh + # privileged: true + # groups: + # - manager + - name: wazuh_agent_bionic + image: ubuntu:bionic + networks: + - name: wazuh + groups: + - agent + #- name: wazuh_agent_xenial + # image: solita/ubuntu-systemd:xenial + # privileged: true + # command: /sbin/init + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_trusty + # image: ubuntu:trusty + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos6 + # image: centos:6 + # networks: + # - name: wazuh + # groups: + # - agent + #- name: wazuh_agent_centos7 + # image: milcom/centos7-systemd + # privileged: true + # networks: + # - name: wazuh + # groups: + # - agent +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + inventory: + group_vars: + agent: + api_pass: password + wazuh_managers: + - address: "{{ wazuh_manager_ip }}" + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: null + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_agent_cert: null + ssl_agent_key: null + ssl_auto_negotiate: 'no' + lint: + name: ansible-lint + enabled: true +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/wazuh-agent/playbook.yml.template b/molecule/wazuh-agent/playbook.yml.template new file mode 100644 index 00000000..4feac0c2 --- /dev/null +++ b/molecule/wazuh-agent/playbook.yml.template @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + roles: + - role: wazuh/ansible-wazuh-agent + vars: + wazuh_managers: + - address: 'manager_platform' + port: 1514 + protocol: tcp + api_port: 55000 + api_proto: 'http' + api_user: ansible + wazuh_agent_authd: + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml index 894b9453..61c07c69 100644 --- a/molecule/worker/molecule.yml +++ b/molecule/worker/molecule.yml @@ -8,7 +8,7 @@ lint: options: config-data: ignore: .virtualenv -platforms: +bionics: - name: worker_bionic image: solita/ubuntu-systemd:bionic command: /sbin/init @@ -16,31 +16,7 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - - name: worker_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 2048m - command: /sbin/init - ulimits: - - nofile:262144:262144 - - name: trusty - #image: ubuntu:trusty - #privileged: true - #memory_reservation: 2048m - #ulimits: - #- nofile:262144:262144 - #- name: centos6 - # image: centos:6 - # privileged: true - # memory_reservation: 2048m - # ulimits: - # - nofile:262144:262144 - - name: worker_centos7 - image: milcom/centos7-systemd - memory_reservation: 2048m - privileged: true - ulimits: - - nofile:262144:262144 + provisioner: name: ansible config_options: diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template new file mode 100644 index 00000000..1b2bd85e --- /dev/null +++ b/molecule/worker/molecule.yml.template @@ -0,0 +1,54 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-data: + ignore: .virtualenv +platforms: + - name: worker_platform_ + image: imagename + command: /sbin/init + ulimits: + - nofile:262144:262144 + privileged: true + memory_reservation: 2048m + +provisioner: + name: ansible + config_options: + defaults: + hash_behaviour: merge + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + prepare: ../default/prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../roles + lint: + name: ansible-lint + enabled: true +scenario: + name: worker + test_sequence: + - lint + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + #- idempotence + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index ba9e6af7..4803542d 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -1,24 +1,38 @@ #!/bin/bash paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" ) +images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" ) +platform=( "bionic" "xenial" "centos7" "trusty" "centos6" ) -if [ -z "$1" ] +echo "Please select an image. " + +select IMAGE in "${images[@]}"; +do + echo "You picked $IMAGE ($REPLY)" + break +done + +index=$(($REPLY - 1)) + +if [ -z "$IMAGE" ] then echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" echo "Run Instruction: ./run_cluster_mode.sh " exit else - for i in "${paths[@]}" - do + for i in "${paths[@]}" + do cp "$i/playbook.yml.template" "$i/playbook.yml" - sed -i "s/platform/$1/g" "$i/playbook.yml" - done + sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml" - cp Pipfile.template Pipfile - sed -i "s/_PLATFORM_/$1/g" Pipfile + cp "$i/molecule.yml.template" "$i/molecule.yml" + sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml" + sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml" + + done fi sudo pipenv run elasticsearch sudo pipenv run test -sudo pipenv run agent +sudo pipenv run worker sudo pipenv run kibana \ No newline at end of file From c54b0409550c7f55377c15190a8845cd8aa86439 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:13:32 +0200 Subject: [PATCH 46/79] done! --- molecule/default/molecule.yml | 47 -------------------- molecule/kibana/molecule.yml | 64 --------------------------- molecule/kibana/molecule.yml.template | 24 ---------- molecule/worker/molecule.yml | 54 ---------------------- molecule/worker/molecule.yml.template | 1 - run_cluster_mode.sh | 1 - 6 files changed, 191 deletions(-) delete mode 100644 molecule/default/molecule.yml delete mode 100644 molecule/kibana/molecule.yml delete mode 100644 molecule/worker/molecule.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index 2561f1ac..00000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - enabled: false -bionics: - - name: manager_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: default - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 - enabled: true diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml deleted file mode 100644 index ecd11c49..00000000 --- a/molecule/kibana/molecule.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: kibana_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 1024m - - name: kibana_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 - - name: kibana_centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true - inventory: - group_vars: - all: - elasticsearch_jvm_xms: 256 -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/kibana/molecule.yml.template b/molecule/kibana/molecule.yml.template index 74dddec2..eec8f6e3 100644 --- a/molecule/kibana/molecule.yml.template +++ b/molecule/kibana/molecule.yml.template @@ -16,30 +16,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 1024m - - name: kibana_xenial - image: solita/ubuntu-systemd:xenial - privileged: true - memory_reservation: 1024m - command: /sbin/init - ulimits: - - nofile:262144:262144 -# - name: trusty -# image: ubuntu:trusty -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 -# - name: centos6 -# image: centos:6 -# privileged: true -# memory_reservation: 1024m -# ulimits: -# - nofile:262144:262144 - - name: kibana_centos7 - image: milcom/centos7-systemd - memory_reservation: 1024m - privileged: true - ulimits: - - nofile:262144:262144 provisioner: name: ansible config_options: diff --git a/molecule/worker/molecule.yml b/molecule/worker/molecule.yml deleted file mode 100644 index 61c07c69..00000000 --- a/molecule/worker/molecule.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-data: - ignore: .virtualenv -bionics: - - name: worker_bionic - image: solita/ubuntu-systemd:bionic - command: /sbin/init - ulimits: - - nofile:262144:262144 - privileged: true - memory_reservation: 2048m - -provisioner: - name: ansible - config_options: - defaults: - hash_behaviour: merge - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - prepare: ../default/prepare.yml - env: - ANSIBLE_ROLES_PATH: ../../roles - lint: - name: ansible-lint - enabled: true -scenario: - name: worker - test_sequence: - - lint - - dependency - - cleanup - - destroy - - syntax - - create - - prepare - - converge - #- idempotence - - side_effect - - verify - - cleanup - - destroy -verifier: - name: testinfra - lint: - name: flake8 diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template index 1b2bd85e..2389d223 100644 --- a/molecule/worker/molecule.yml.template +++ b/molecule/worker/molecule.yml.template @@ -16,7 +16,6 @@ platforms: - nofile:262144:262144 privileged: true memory_reservation: 2048m - provisioner: name: ansible config_options: diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 4803542d..6bb78777 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -17,7 +17,6 @@ index=$(($REPLY - 1)) if [ -z "$IMAGE" ] then echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting" - echo "Run Instruction: ./run_cluster_mode.sh " exit else for i in "${paths[@]}" From 53d96c18d39cd2a2a6017a977bf754c7ae209f3c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:19:21 +0200 Subject: [PATCH 47/79] deleted testing tasks --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b0b90d87..1dac6f0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,10 +1,4 @@ --- -- debug: - msg: Cluster is disabled? => {{ wazuh_manager_config.cluster.disable }} - -- debug: - msg: .... => {{ wazuh_manager_config.openscap.disable | default('default_value') }} - - import_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") From 234271b4f634d45b03cb9d3fdaf51e06607a2dc4 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 23 Aug 2019 15:35:06 +0200 Subject: [PATCH 48/79] added destroy statements to Pipfile and uncommented idempotence --- molecule/default/molecule.yml.template | 2 +- molecule/elasticsearch/molecule.yml.template | 2 +- molecule/worker/molecule.yml.template | 2 +- run_cluster_mode.sh | 8 +++++++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/molecule/default/molecule.yml.template b/molecule/default/molecule.yml.template index 9e67505d..f46226c2 100644 --- a/molecule/default/molecule.yml.template +++ b/molecule/default/molecule.yml.template @@ -35,7 +35,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/elasticsearch/molecule.yml.template b/molecule/elasticsearch/molecule.yml.template index abb9bcec..baba140e 100644 --- a/molecule/elasticsearch/molecule.yml.template +++ b/molecule/elasticsearch/molecule.yml.template @@ -46,7 +46,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/worker/molecule.yml.template b/molecule/worker/molecule.yml.template index 2389d223..ecfe6469 100644 --- a/molecule/worker/molecule.yml.template +++ b/molecule/worker/molecule.yml.template @@ -42,7 +42,7 @@ scenario: - create - prepare - converge - #- idempotence + - idempotence - side_effect - verify - cleanup diff --git a/run_cluster_mode.sh b/run_cluster_mode.sh index 6bb78777..c1a0941d 100644 --- a/run_cluster_mode.sh +++ b/run_cluster_mode.sh @@ -34,4 +34,10 @@ fi sudo pipenv run elasticsearch sudo pipenv run test sudo pipenv run worker -sudo pipenv run kibana \ No newline at end of file +sudo pipenv run kibana + +sudo pipenv run destroy +sudo pipenv run destroy_worker +sudo pipenv run destroy_elasticsearch +sudo pipenv run destroy_kibana + From fdc2cdb3092f49d54ac680aadb4a2f5c0a7cb8cd Mon Sep 17 00:00:00 2001 From: Joey Wong Date: Tue, 3 Sep 2019 14:06:30 -0600 Subject: [PATCH 49/79] Fix typo in var-ossec-etc-ossec-agent.conf.j2 --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 7d7e139d..51078d17 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -42,7 +42,7 @@ - {{ wazuh_agent_config.active_response.ar|default('no') }} + {{ wazuh_agent_config.active_response.disabled|default('no') }} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} {{ wazuh_agent_config.active_response.ca_verification }} From 06a3f2712cdc61232715144af805616286bc60df Mon Sep 17 00:00:00 2001 From: Joey Wong Date: Tue, 3 Sep 2019 14:19:31 -0600 Subject: [PATCH 50/79] Fix typo in var-ossec-etc-ossec-agent.conf.j2 --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 51078d17..83e692dd 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -42,7 +42,7 @@ - {{ wazuh_agent_config.active_response.disabled|default('no') }} + {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} {{ wazuh_agent_config.active_response.ca_verification }} From 4ce3a0e5d77f69ebe2b3afc73057794b2a8e71cd Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 12:05:42 +0200 Subject: [PATCH 51/79] Fix conditionals for Amazon Linux in Manager and Filebeat --- roles/wazuh/ansible-filebeat/tasks/main.yml | 4 ++-- .../ansible-wazuh-manager/tasks/main.yml | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index fbf8cfbf..d9dc11c2 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -10,7 +10,7 @@ register: filebeat_installing_package until: filebeat_installing_package is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] tags: - install @@ -22,7 +22,7 @@ register: filebeat_installing_package_debian until: filebeat_installing_package_debian is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat']) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 30e5ec87..d63b8ec7 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -5,7 +5,7 @@ - import_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat | Install wazuh-manager, wazuh-api +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} with_items: - wazuh-manager @@ -13,7 +13,7 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] tags: - init @@ -28,13 +28,13 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - not (ansible_distribution in ['CentOS','RedHat']) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon']) tags: init - name: Install expect package: pkg=expect state={{ wazuh_manager_package_state }} when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) tags: init - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 @@ -43,7 +43,7 @@ regexp: 'echo -n "Starting Wazuh-manager: "' replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int == 6 + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - wazuh_manager_config.cluster.disable != 'yes' - name: Install wazuh-manager and expect (EL5) @@ -54,7 +54,7 @@ register: wazuh_manager_main_packages_installed until: wazuh_manager_main_packages_installed is succeeded when: - - ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6 + - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 tags: - init @@ -203,7 +203,7 @@ - name: Retrieving Wazuh-API User Credentials include_vars: wazuh_api_creds.yml when: - - not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) + - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6) tags: - config @@ -281,7 +281,7 @@ poll: 0 when: - wazuh_manager_config.vuls.disable != 'yes' - - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle'] + - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle', 'Amazon'] tags: - init @@ -322,7 +322,7 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) tags: - config @@ -378,7 +378,7 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) - name: Ensure Wazuh Manager is started and enabled (EL5) service: @@ -388,10 +388,10 @@ tags: - config when: - - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 6 + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 - import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" + when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" From a15477300f803d1d1cc6b7bc44e24b6e29bbbcff Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 15:57:02 +0200 Subject: [PATCH 52/79] Reload deamons to fix Kibana error on Amazon Linux 2 --- .../elastic-stack/ansible-kibana/tasks/main.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index fe0c9365..e695ddec 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -93,7 +93,6 @@ owner: root group: root mode: 0664 - notify: restart kibana tags: configure - name: Checking Wazuh-APP version @@ -124,21 +123,30 @@ args: executable: /bin/bash creates: /usr/share/kibana/plugins/wazuh/package.json - notify: restart kibana become: yes become_user: kibana tags: - install - skip_ansible_lint -- name: Ensure Kibana started and enabled +- name: Reload systemd configuration + systemd: + daemon_reload: true + +- name: Restart Kibana + service: + name: kibana + enabled: true + state: restarted + +- name: Ensure Kibana is started service: name: kibana enabled: true state: started - import_tasks: RMRedHat.yml - when: ansible_os_family == 'RedHat' + when: ansible_os_family == 'RedHat', 'Amazon' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian' From ad0fde391e7b35c42c25a75456db76a3fa2108c2 Mon Sep 17 00:00:00 2001 From: Jose M Date: Thu, 5 Sep 2019 15:59:03 +0200 Subject: [PATCH 53/79] Fix Kibana enabling task description --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index e695ddec..320c9b74 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -139,7 +139,7 @@ enabled: true state: restarted -- name: Ensure Kibana is started +- name: Ensure Kibana is started and enabled service: name: kibana enabled: true From 9f84bfe15a2a99cd124c2b57d7256756522b58fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:03:03 +0200 Subject: [PATCH 54/79] Update Windows x86 and x64 path detection. Added fact for authd. --- .../ansible-wazuh-agent/tasks/Windows.yml | 28 ++++++++----------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 6a8a93ac..47568abb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -4,25 +4,19 @@ path: C:\Program Files (x86) register: check_path -- name: "Set Win Path" +- name: Windows | Set Win Path (x86) set_fact: - wazuh_agent_win_path: "{% wazuh_winagent_config.install_dir_x86 if check_path.stat.exists else wazuh_winagent_config.install_dir %}" - -- name: Windows | Get current installed version - win_shell: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %} - {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe -h" - args: - removes: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %} - {{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe" - register: agent_version - failed_when: false - changed_when: false - -- name: Windows | Check Wazuh agent version installed - set_fact: correct_version=true + wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" when: - - agent_version.stdout is defined - - wazuh_winagent_config.version in agent_version.stdout + - check_path.stat.exists + +- name: Windows | Set Win Path (x64) + set_fact: + wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" + wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" + when: + - not check_path.stat.exists - name: Windows | Downloading windows Wazuh agent installer win_get_url: From ea69b7fc9b655ec109ae292d3255d348b775f1bf Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:04:45 +0200 Subject: [PATCH 55/79] Update Wazuh installation tasks. Added Product key to avoid reinstalling Agent --- .../ansible-wazuh-agent/tasks/Windows.yml | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 47568abb..d620f5da 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -18,34 +18,36 @@ when: - not check_path.stat.exists -- name: Windows | Downloading windows Wazuh agent installer - win_get_url: - dest: C:\wazuh-agent-installer.msi - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - when: - - correct_version is not defined - -- name: Windows | Verify the downloaded Wazuh agent installer +- name: Windows | Check if Wazuh installer is already downloaded win_stat: - path: C:\wazuh-agent-installer.msi + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + register: wazuh_package_downloaded + +- name: Windows | Download Wazuh Agent package + win_get_url: + url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + dest: "{{ wazuh_winagent_config.download_dir }}" + when: + - not wazuh_package_downloaded.stat.exists + +- name: Windows | Verify the Wazuh Agent installer + win_stat: + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" get_checksum: true checksum_algorithm: md5 - register: installer_md5 - when: - - correct_version is not defined + register: wazuh_agent_status failed_when: - - installer_md5.stat.checksum != wazuh_winagent_config.md5 + - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 -- name: Windows | Install Wazuh agent +- name: Windows | Install Agent if not already installed win_package: - path: C:\wazuh-agent-installer.msi - when: - - correct_version is not defined + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + product_id: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + state: present - name: Windows | Check if client.keys exists - win_stat: path="{{ wazuh_agent_win_path }}" + win_stat: path="{{ wazuh_agent_win_path }}client.keys" register: check_windows_key - notify: restart wazuh-agent windows tags: - config From a52d5e540c2f97bc6d91f152b108c17480d404b6 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:05:40 +0200 Subject: [PATCH 56/79] Modify registration task to use new fact "wazuh_agent_win_auth_path" --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index d620f5da..f42467d4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -58,15 +58,12 @@ - name: Windows | Register agent win_shell: > - {% if check_path.stat.exists %}{{ wazuh_winagent_config.auth_path_x86 }}{% else %} - {{ wazuh_winagent_config.auth_path }}{% endif %} + {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} - args: - chdir: "{{ wazuh_agent_win_path }}" register: agent_auth_output - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent when: - wazuh_agent_authd.enable - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 From 1ad5763e00246f455bc80682f9749079eb4e921a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:06:42 +0200 Subject: [PATCH 57/79] Add verification for the wazuh directory path. --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index f42467d4..0640b8e8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -71,6 +71,11 @@ tags: - config +- name: Windows | Check if ossec folder is accessible + win_file: + path: "{{ wazuh_agent_win_path }}" + state: directory + - name: Windows | Installing agent configuration (ossec.conf) win_template: src: var-ossec-etc-ossec-agent.conf.j2 From be977fa9ac78c8965c2e4a305629d828254b291f Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:07:03 +0200 Subject: [PATCH 58/79] Update task handler naming to a more explicit message --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 0640b8e8..b6d3af4a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -77,10 +77,10 @@ state: directory - name: Windows | Installing agent configuration (ossec.conf) - win_template: + template: src: var-ossec-etc-ossec-agent.conf.j2 dest: "{{ wazuh_agent_win_path }}ossec.conf" - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent tags: - config @@ -88,11 +88,11 @@ win_template: src: var-ossec-etc-local-internal-options.conf.j2 dest: "{{ wazuh_agent_win_path }}local_internal_options.conf" - notify: restart wazuh-agent windows + notify: Windows | Restart Wazuh Agent tags: - config - name: Windows | Delete downloaded Wazuh agent installer file win_file: - path: C:\wazuh-agent-installer.msi + path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" state: absent From 8f856eea7dfaf1b610247ed18088653ec9ad4e56 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:07:52 +0200 Subject: [PATCH 59/79] Updated default attributes for windows agent. Added register_key. Removed quotes from path --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2b3f88a4..21f12684 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -20,14 +20,17 @@ wazuh_notify_time: '10' wazuh_time_reconnect: '60' wazuh_crypto_method: 'aes' wazuh_winagent_config: - install_dir: 'C:\Program Files\ossec-agent\' - install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' - auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe + download_dir: C:\ + install_dir: C:\Program Files\ossec-agent\ + install_dir_x86: C:\Program Files (x86)\ossec-agent\ + auth_path: C:\Program Files\ossec-agent\agent-auth.exe + # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe version: '3.9.5' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: c3fdbd6c121ca371b8abcd477ed4e8a4 + md5: ee5b24216db472d291da4e14f0b3bc63 + register_key: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' wazuh_agent_config: active_response: ar_disabled: 'no' From d1246627ff128f093794ae26370b8eedccb362b8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:08:38 +0200 Subject: [PATCH 60/79] Update wazuh-agent windows handler for restarting --- roles/wazuh/ansible-wazuh-agent/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml index bb84954e..1858906b 100644 --- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml @@ -2,5 +2,5 @@ - name: restart wazuh-agent service: name=wazuh-agent state=restarted enabled=yes -- name: restart wazuh-agent windows +- name: Windows | Restart Wazuh Agent win_service: name=OssecSvc start_mode=auto state=restarted From 78ca9ff6168e63899db684af6c1548907ff2737a Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:09:51 +0200 Subject: [PATCH 61/79] Remove hardcoding of wazuh-agent 'product_id' --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index b6d3af4a..49e7a38d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -42,7 +42,7 @@ - name: Windows | Install Agent if not already installed win_package: path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - product_id: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}' state: present - name: Windows | Check if client.keys exists From ded355809eace5a69d610b236eb19a543dc0cefb Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 13:27:22 +0200 Subject: [PATCH 62/79] Remove brackets from "register_key" variable to fix the brackets problem in the installation task. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 21f12684..c3da8e89 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_winagent_config: revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: ee5b24216db472d291da4e14f0b3bc63 - register_key: '{9903C258-FC1E-4886-B7DB-1535976EC1D5}' + register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5 wazuh_agent_config: active_response: ar_disabled: 'no' From bb591ee466f7f18f1de2a3c49b9d138cda15eb85 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 17:13:33 +0200 Subject: [PATCH 63/79] Remove traling whitespace on line 12 to fix ansible-linting error. --- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 49e7a38d..2d388748 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -9,7 +9,7 @@ wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}" wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" when: - - check_path.stat.exists + - check_path.stat.exists - name: Windows | Set Win Path (x64) set_fact: From d3784b4727027c712c9b7332d8409d2d0ee375ad Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 9 Sep 2019 17:14:10 +0200 Subject: [PATCH 64/79] Fix conditionals longer than 160 characters to pass linting tests. --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8858d0be..a1afbb4c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -322,7 +322,8 @@ notify: restart wazuh-api when: - wazuh_api_user is defined - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') + - ansible_distribution_major_version|int < 6 tags: - config @@ -378,7 +379,8 @@ environment: LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" when: - - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon' and ansible_distribution_major_version|int < 6) + - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon') + - ansible_distribution_major_version|int < 6 - name: Ensure Wazuh Manager is started and enabled (EL5) service: From 3911b8e0382300782ea8fe246f50d00ee8d3cdff Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:08:53 +0200 Subject: [PATCH 65/79] Remove old Elastic alerts template. --- .../wazuh-elastic6-template-alerts.json.j2 | 621 ------------------ 1 file changed, 621 deletions(-) delete mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 deleted file mode 100644 index 18dda52f..00000000 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 +++ /dev/null @@ -1,621 +0,0 @@ -{ - "order": 0, - "template": "wazuh-alerts-3.x-*", - "settings": { - "index.refresh_interval": "5s" - }, - "mappings": { - "wazuh": { - "dynamic_templates": [ - { - "string_as_keyword": { - "match_mapping_type": "string", - "mapping": { - "type": "keyword", - "doc_values": "true" - } - } - } - ], - "properties": { - "@timestamp": { - "type": "date", - "format": "dateOptionalTime" - }, - "@version": { - "type": "text" - }, - "agent": { - "properties": { - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "manager": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "cluster": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, - "full_log": { - "type": "text" - }, - "previous_log": { - "type": "text" - }, - "GeoLocation": { - "properties": { - "area_code": { - "type": "long" - }, - "city_name": { - "type": "keyword", - "doc_values": "true" - }, - "continent_code": { - "type": "text" - }, - "coordinates": { - "type": "double" - }, - "country_code2": { - "type": "text" - }, - "country_code3": { - "type": "text" - }, - "country_name": { - "type": "keyword", - "doc_values": "true" - }, - "dma_code": { - "type": "long" - }, - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "latitude": { - "type": "double" - }, - "location": { - "type": "geo_point" - }, - "longitude": { - "type": "double" - }, - "postal_code": { - "type": "keyword" - }, - "real_region_name": { - "type": "keyword", - "doc_values": "true" - }, - "region_name": { - "type": "keyword", - "doc_values": "true" - }, - "timezone": { - "type": "text" - } - } - }, - "host": { - "type": "keyword", - "doc_values": "true" - }, - "syscheck": { - "properties": { - "path": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_before": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_after": { - "type": "keyword", - "doc_values": "true" - }, - "uid_before": { - "type": "keyword", - "doc_values": "true" - }, - "uid_after": { - "type": "keyword", - "doc_values": "true" - }, - "gid_before": { - "type": "keyword", - "doc_values": "true" - }, - "gid_after": { - "type": "keyword", - "doc_values": "true" - }, - "perm_before": { - "type": "keyword", - "doc_values": "true" - }, - "perm_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_before": { - "type": "keyword", - "doc_values": "true" - }, - "gname_after": { - "type": "keyword", - "doc_values": "true" - }, - "gname_before": { - "type": "keyword", - "doc_values": "true" - }, - "inode_after": { - "type": "keyword", - "doc_values": "true" - }, - "inode_before": { - "type": "keyword", - "doc_values": "true" - }, - "mtime_after": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "mtime_before": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "uname_after": { - "type": "keyword", - "doc_values": "true" - }, - "uname_before": { - "type": "keyword", - "doc_values": "true" - }, - "size_before": { - "type": "long", - "doc_values": "true" - }, - "size_after": { - "type": "long", - "doc_values": "true" - }, - "diff": { - "type": "keyword", - "doc_values": "true" - }, - "event": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "location": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "text" - }, - "offset": { - "type": "keyword" - }, - "rule": { - "properties": { - "description": { - "type": "keyword", - "doc_values": "true" - }, - "groups": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "long", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "cve": { - "type": "keyword", - "doc_values": "true" - }, - "info": { - "type": "keyword", - "doc_values": "true" - }, - "frequency": { - "type": "long", - "doc_values": "true" - }, - "firedtimes": { - "type": "long", - "doc_values": "true" - }, - "cis": { - "type": "keyword", - "doc_values": "true" - }, - "pci_dss": { - "type": "keyword", - "doc_values": "true" - }, - "gdpr": { - "type": "keyword", - "doc_values": "true" - }, - "gpg13": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "decoder": { - "properties": { - "parent": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - }, - "ftscomment": { - "type": "keyword", - "doc_values": "true" - }, - "fts": { - "type": "long", - "doc_values": "true" - }, - "accumulate": { - "type": "long", - "doc_values": "true" - } - } - }, - "data": { - "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, - "audit": { - "properties": { - "type": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" - }, - "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" - }, - "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" - }, - "dev": { - "type": "keyword", - "doc_values": "true" - }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - } - } - }, - "program_name": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "type": { - "type": "text" - }, - "title": { - "type": "keyword", - "doc_values": "true" - } - } - } - } -} From fe23f2a97dc654dd6ce280fdf9fca872889e4500 Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:09:12 +0200 Subject: [PATCH 66/79] Update Elastic templates for Elasticsearch and Filebeat --- .../wazuh-elastic7-template-alerts.json.j2 | 1986 ++++++++-------- .../templates/elasticsearch.yml.j2 | 1987 +++++++++-------- 2 files changed, 2207 insertions(+), 1766 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 index 836b2cb2..06af6322 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 @@ -1,25 +1,426 @@ { "order": 0, - "index_patterns": ["wazuh-alerts-3.x-*"], + "index_patterns": [ + "wazuh-alerts-3.x-*", + "wazuh-archives-3.x-*" + ], "settings": { "index.refresh_interval": "5s", "index.number_of_shards": "3", "index.number_of_replicas": "0", "index.auto_expand_replicas": "0-1", - "index.mapping.total_fields.limit": 2000 + "index.mapping.total_fields.limit": 10000, + "index.query.default_field": [ + "GeoLocation.city_name", + "GeoLocation.continent_code", + "GeoLocation.country_code2", + "GeoLocation.country_code3", + "GeoLocation.country_name", + "GeoLocation.ip", + "GeoLocation.postal_code", + "GeoLocation.real_region_name", + "GeoLocation.region_name", + "GeoLocation.timezone", + "agent.id", + "agent.ip", + "agent.name", + "cluster.name", + "cluster.node", + "command", + "data", + "data.action", + "data.audit", + "data.audit.acct", + "data.audit.arch", + "data.audit.auid", + "data.audit.command", + "data.audit.cwd", + "data.audit.dev", + "data.audit.directory.inode", + "data.audit.directory.mode", + "data.audit.directory.name", + "data.audit.egid", + "data.audit.enforcing", + "data.audit.euid", + "data.audit.exe", + "data.audit.execve.a0", + "data.audit.execve.a1", + "data.audit.execve.a2", + "data.audit.execve.a3", + "data.audit.exit", + "data.audit.file.inode", + "data.audit.file.mode", + "data.audit.file.name", + "data.audit.fsgid", + "data.audit.fsuid", + "data.audit.gid", + "data.audit.id", + "data.audit.key", + "data.audit.list", + "data.audit.old-auid", + "data.audit.old-ses", + "data.audit.old_enforcing", + "data.audit.old_prom", + "data.audit.op", + "data.audit.pid", + "data.audit.ppid", + "data.audit.prom", + "data.audit.res", + "data.audit.session", + "data.audit.sgid", + "data.audit.srcip", + "data.audit.subj", + "data.audit.success", + "data.audit.suid", + "data.audit.syscall", + "data.audit.tty", + "data.audit.uid", + "data.aws.accountId", + "data.aws.account_id", + "data.aws.action", + "data.aws.actor", + "data.aws.aws_account_id", + "data.aws.description", + "data.aws.dstport", + "data.aws.errorCode", + "data.aws.errorMessage", + "data.aws.eventID", + "data.aws.eventName", + "data.aws.eventSource", + "data.aws.eventType", + "data.aws.id", + "data.aws.name", + "data.aws.requestParameters.accessKeyId", + "data.aws.requestParameters.bucketName", + "data.aws.requestParameters.gatewayId", + "data.aws.requestParameters.groupDescription", + "data.aws.requestParameters.groupId", + "data.aws.requestParameters.groupName", + "data.aws.requestParameters.host", + "data.aws.requestParameters.hostedZoneId", + "data.aws.requestParameters.instanceId", + "data.aws.requestParameters.instanceProfileName", + "data.aws.requestParameters.loadBalancerName", + "data.aws.requestParameters.loadBalancerPorts", + "data.aws.requestParameters.masterUserPassword", + "data.aws.requestParameters.masterUsername", + "data.aws.requestParameters.name", + "data.aws.requestParameters.natGatewayId", + "data.aws.requestParameters.networkAclId", + "data.aws.requestParameters.path", + "data.aws.requestParameters.policyName", + "data.aws.requestParameters.port", + "data.aws.requestParameters.stackId", + "data.aws.requestParameters.stackName", + "data.aws.requestParameters.subnetId", + "data.aws.requestParameters.subnetIds", + "data.aws.requestParameters.volumeId", + "data.aws.requestParameters.vpcId", + "data.aws.resource.accessKeyDetails.accessKeyId", + "data.aws.resource.accessKeyDetails.principalId", + "data.aws.resource.accessKeyDetails.userName", + "data.aws.resource.instanceDetails.instanceId", + "data.aws.resource.instanceDetails.instanceState", + "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.subnetId", + "data.aws.resource.instanceDetails.networkInterfaces.vpcId", + "data.aws.resource.instanceDetails.tags.value", + "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId", + "data.aws.responseElements.description", + "data.aws.responseElements.instanceId", + "data.aws.responseElements.instances.instanceId", + "data.aws.responseElements.instancesSet.items.instanceId", + "data.aws.responseElements.listeners.port", + "data.aws.responseElements.loadBalancerName", + "data.aws.responseElements.loadBalancers.vpcId", + "data.aws.responseElements.loginProfile.userName", + "data.aws.responseElements.networkAcl.vpcId", + "data.aws.responseElements.ownerId", + "data.aws.responseElements.publicIp", + "data.aws.responseElements.user.userId", + "data.aws.responseElements.user.userName", + "data.aws.responseElements.volumeId", + "data.aws.service.serviceName", + "data.aws.severity", + "data.aws.source", + "data.aws.sourceIPAddress", + "data.aws.srcport", + "data.aws.userIdentity.accessKeyId", + "data.aws.userIdentity.accountId", + "data.aws.userIdentity.userName", + "data.aws.vpcEndpointId", + "data.command", + "data.data", + "data.docker.Actor.Attributes.container", + "data.docker.Actor.Attributes.image", + "data.docker.Actor.Attributes.name", + "data.docker.Actor.ID", + "data.docker.id", + "data.docker.message", + "data.docker.status", + "data.dstip", + "data.dstport", + "data.dstuser", + "data.hardware.serial", + "data.id", + "data.integration", + "data.netinfo.iface.adapter", + "data.netinfo.iface.ipv4.address", + "data.netinfo.iface.ipv6.address", + "data.netinfo.iface.mac", + "data.netinfo.iface.name", + "data.os.architecture", + "data.os.build", + "data.os.codename", + "data.os.hostname", + "data.os.major", + "data.os.minor", + "data.os.name", + "data.os.platform", + "data.os.release", + "data.os.release_version", + "data.os.sysname", + "data.os.version", + "data.oscap.check.description", + "data.oscap.check.id", + "data.oscap.check.identifiers", + "data.oscap.check.oval.id", + "data.oscap.check.rationale", + "data.oscap.check.references", + "data.oscap.check.result", + "data.oscap.check.severity", + "data.oscap.check.title", + "data.oscap.scan.benchmark.id", + "data.oscap.scan.content", + "data.oscap.scan.id", + "data.oscap.scan.profile.id", + "data.oscap.scan.profile.title", + "data.osquery.columns.address", + "data.osquery.columns.command", + "data.osquery.columns.description", + "data.osquery.columns.dst_ip", + "data.osquery.columns.gid", + "data.osquery.columns.hostname", + "data.osquery.columns.md5", + "data.osquery.columns.path", + "data.osquery.columns.sha1", + "data.osquery.columns.sha256", + "data.osquery.columns.src_ip", + "data.osquery.columns.user", + "data.osquery.columns.username", + "data.osquery.name", + "data.osquery.pack", + "data.port.process", + "data.port.protocol", + "data.port.state", + "data.process.args", + "data.process.cmd", + "data.process.egroup", + "data.process.euser", + "data.process.fgroup", + "data.process.name", + "data.process.rgroup", + "data.process.ruser", + "data.process.sgroup", + "data.process.state", + "data.process.suser", + "data.program.architecture", + "data.program.description", + "data.program.format", + "data.program.location", + "data.program.multiarch", + "data.program.name", + "data.program.priority", + "data.program.section", + "data.program.source", + "data.program.vendor", + "data.program.version", + "data.protocol", + "data.pwd", + "data.sca", + "data.sca.check.compliance.cis", + "data.sca.check.compliance.cis_csc", + "data.sca.check.compliance.pci_dss", + "data.sca.check.compliance.hipaa", + "data.sca.check.compliance.nist_800_53", + "data.sca.check.description", + "data.sca.check.directory", + "data.sca.check.file", + "data.sca.check.id", + "data.sca.check.previous_result", + "data.sca.check.process", + "data.sca.check.rationale", + "data.sca.check.reason", + "data.sca.check.references", + "data.sca.check.registry", + "data.sca.check.remediation", + "data.sca.check.result", + "data.sca.check.status", + "data.sca.check.title", + "data.sca.description", + "data.sca.file", + "data.sca.invalid", + "data.sca.name", + "data.sca.policy", + "data.sca.policy_id", + "data.sca.scan_id", + "data.sca.total_checks", + "data.script", + "data.src_ip", + "data.src_port", + "data.srcip", + "data.srcport", + "data.srcuser", + "data.status", + "data.system_name", + "data.title", + "data.tty", + "data.uid", + "data.url", + "data.virustotal.description", + "data.virustotal.error", + "data.virustotal.found", + "data.virustotal.permalink", + "data.virustotal.scan_date", + "data.virustotal.sha1", + "data.virustotal.source.alert_id", + "data.virustotal.source.file", + "data.virustotal.source.md5", + "data.virustotal.source.sha1", + "data.vulnerability.advisories", + "data.vulnerability.bugzilla_reference", + "data.vulnerability.cve", + "data.vulnerability.cwe_reference", + "data.vulnerability.package.condition", + "data.vulnerability.package.name", + "data.vulnerability.package.version", + "data.vulnerability.reference", + "data.vulnerability.severity", + "data.vulnerability.state", + "data.vulnerability.title", + "data.win.eventdata.auditPolicyChanges", + "data.win.eventdata.auditPolicyChangesId", + "data.win.eventdata.binary", + "data.win.eventdata.category", + "data.win.eventdata.categoryId", + "data.win.eventdata.data", + "data.win.eventdata.image", + "data.win.eventdata.ipAddress", + "data.win.eventdata.ipPort", + "data.win.eventdata.keyName", + "data.win.eventdata.logonGuid", + "data.win.eventdata.logonProcessName", + "data.win.eventdata.operation", + "data.win.eventdata.parentImage", + "data.win.eventdata.processId", + "data.win.eventdata.processName", + "data.win.eventdata.providerName", + "data.win.eventdata.returnCode", + "data.win.eventdata.service", + "data.win.eventdata.status", + "data.win.eventdata.subcategory", + "data.win.eventdata.subcategoryGuid", + "data.win.eventdata.subcategoryId", + "data.win.eventdata.subjectDomainName", + "data.win.eventdata.subjectLogonId", + "data.win.eventdata.subjectUserName", + "data.win.eventdata.subjectUserSid", + "data.win.eventdata.targetDomainName", + "data.win.eventdata.targetLinkedLogonId", + "data.win.eventdata.targetLogonId", + "data.win.eventdata.targetUserName", + "data.win.eventdata.targetUserSid", + "data.win.eventdata.workstationName", + "data.win.system.channel", + "data.win.system.computer", + "data.win.system.eventID", + "data.win.system.eventRecordID", + "data.win.system.eventSourceName", + "data.win.system.keywords", + "data.win.system.level", + "data.win.system.message", + "data.win.system.opcode", + "data.win.system.processID", + "data.win.system.providerGuid", + "data.win.system.providerName", + "data.win.system.securityUserID", + "data.win.system.severityValue", + "data.win.system.userID", + "decoder.ftscomment", + "decoder.name", + "decoder.parent", + "full_log", + "host", + "id", + "input", + "location", + "manager.name", + "message", + "offset", + "predecoder.hostname", + "predecoder.program_name", + "previous_log", + "previous_output", + "program_name", + "rule.cis", + "rule.cve", + "rule.description", + "rule.gdpr", + "rule.gpg13", + "rule.groups", + "rule.id", + "rule.info", + "rule.pci_dss", + "syscheck.audit.effective_user.id", + "syscheck.audit.effective_user.name", + "syscheck.audit.group.id", + "syscheck.audit.group.name", + "syscheck.audit.login_user.id", + "syscheck.audit.login_user.name", + "syscheck.audit.process.id", + "syscheck.audit.process.name", + "syscheck.audit.process.ppid", + "syscheck.audit.user.id", + "syscheck.audit.user.name", + "syscheck.diff", + "syscheck.event", + "syscheck.gid_after", + "syscheck.gid_before", + "syscheck.gname_after", + "syscheck.gname_before", + "syscheck.inode_after", + "syscheck.inode_before", + "syscheck.md5_after", + "syscheck.md5_before", + "syscheck.path", + "syscheck.perm_after", + "syscheck.perm_before", + "syscheck.sha1_after", + "syscheck.sha1_before", + "syscheck.sha256_after", + "syscheck.sha256_before", + "syscheck.tags", + "syscheck.uid_after", + "syscheck.uid_before", + "syscheck.uname_after", + "syscheck.uname_before", + "title", + "type" + ] }, "mappings": { "dynamic_templates": [ { "string_as_keyword": { - "match_mapping_type": "string", "mapping": { - "type": "keyword", - "doc_values": "true" - } + "type": "keyword" + }, + "match_mapping_type": "string" } } ], + "date_detection": false, "properties": { "@timestamp": { "type": "date" @@ -34,42 +435,35 @@ "agent": { "properties": { "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "manager": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "cluster": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "node": { + "type": "keyword" } } }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, "full_log": { - "enabled": false, - "type": "object" + "type": "text" }, "previous_log": { "type": "text" @@ -80,8 +474,7 @@ "type": "long" }, "city_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "continent_code": { "type": "text" @@ -96,15 +489,13 @@ "type": "text" }, "country_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dma_code": { "type": "long" }, "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "latitude": { "type": "double" @@ -119,12 +510,10 @@ "type": "keyword" }, "real_region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timezone": { "type": "text" @@ -132,110 +521,151 @@ } }, "host": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "syscheck": { "properties": { "path": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtime_after": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "mtime_before": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "uname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size_before": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size_after": { - "type": "long", - "doc_values": "true" + "type": "long" }, "diff": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "event": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "audit": { + "properties": { + "effective_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "login_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + } + } + }, + "user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + } + } + }, + "sha256_after": { + "type": "keyword" + }, + "sha256_before": { + "type": "keyword" + }, + "tags": { + "type": "keyword" } } }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "message": { "type": "text" @@ -246,554 +676,441 @@ "rule": { "properties": { "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "groups": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "level": { - "type": "long", - "doc_values": "true" + "type": "long" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cve": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "info": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "frequency": { - "type": "long", - "doc_values": "true" + "type": "long" }, "firedtimes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gdpr": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gpg13": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + }, + "mail": { + "type": "boolean" } } }, "predecoder": { "properties": { "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timestamp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hostname": { + "type": "keyword" } } }, "decoder": { "properties": { "parent": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ftscomment": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fts": { - "type": "long", - "doc_values": "true" + "type": "long" }, "accumulate": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "data": { "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, "audit": { "properties": { - "type": { - "type": "keyword", - "doc_values": "true" + "acct": { + "type": "keyword" }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" + "arch": { + "type": "keyword" }, "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dev": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "aws": { - "properties": { - "bytes": { - "type": "long", - "doc_values": "true" - }, - "dstaddr": { - "type": "ip", - "doc_values": "true" - }, - "srcaddr": { - "type": "ip", - "doc_values": "true" - }, - "end": { - "type": "date", - "doc_values": "true" - }, - "start": { - "type": "date", - "doc_values": "true" - }, - "source_ip_address": { - "type": "ip", - "doc_values": "true" - }, - "resource.instanceDetails.networkInterfaces": { + "directory": { "properties": { - "privateIpAddress": { - "type": "ip", - "doc_values": "true" + "inode": { + "type": "keyword" }, - "publicIp": { - "type": "ip", - "doc_values": "true" + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" } } }, - "service": { + "egid": { + "type": "keyword" + }, + "enforcing": { + "type": "keyword" + }, + "euid": { + "type": "keyword" + }, + "exe": { + "type": "keyword" + }, + "execve": { "properties": { - "count": { - "type": "long", - "doc_values": "true" + "a0": { + "type": "keyword" }, - "action.networkConnectionAction.remoteIpDetails": { + "a1": { + "type": "keyword" + }, + "a2": { + "type": "keyword" + }, + "a3": { + "type": "keyword" + } + } + }, + "exit": { + "type": "keyword" + }, + "file": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "fsgid": { + "type": "keyword" + }, + "fsuid": { + "type": "keyword" + }, + "gid": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "key": { + "type": "keyword" + }, + "list": { + "type": "keyword" + }, + "old-auid": { + "type": "keyword" + }, + "old-ses": { + "type": "keyword" + }, + "old_enforcing": { + "type": "keyword" + }, + "old_prom": { + "type": "keyword" + }, + "op": { + "type": "keyword" + }, + "pid": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + }, + "prom": { + "type": "keyword" + }, + "res": { + "type": "keyword" + }, + "session": { + "type": "keyword" + }, + "sgid": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "subj": { + "type": "keyword" + }, + "success": { + "type": "keyword" + }, + "suid": { + "type": "keyword" + }, + "syscall": { + "type": "keyword" + }, + "tty": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + } + } + }, + "protocol": { + "type": "keyword" + }, + "action": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "dstip": { + "type": "keyword" + }, + "srcport": { + "type": "keyword" + }, + "dstport": { + "type": "keyword" + }, + "srcuser": { + "type": "keyword" + }, + "dstuser": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "data": { + "type": "keyword" + }, + "system_name": { + "type": "keyword" + }, + "url": { + "type": "keyword" + }, + "oscap": { + "properties": { + "check": { + "properties": { + "description": { + "type": "text" + }, + "id": { + "type": "keyword" + }, + "identifiers": { + "type": "text" + }, + "oval": { "properties": { - "ipAddressV4": { - "type": "ip", - "doc_values": "true" - }, - "geoLocation": { - "type": "geo_point", - "doc_values": "true" + "id": { + "type": "keyword" } } + }, + "rationale": { + "type": "text" + }, + "references": { + "type": "text" + }, + "result": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "scan": { + "properties": { + "benchmark": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "content": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "profile": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "return_code": { + "type": "long" + }, + "score": { + "type": "double" } } } } }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netinfo": { "properties": { "iface": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mac": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "adapter": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtu": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ipv4": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "ipv6": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } } @@ -804,630 +1121,523 @@ "os": { "properties": { "hostname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "codename": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "major": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "minor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "build": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "platform": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sysname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release_version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "port": { "properties": { "protocol": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "local_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "local_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "remote_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "remote_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "inode": { - "type": "long", - "doc_values": "true" + "type": "long" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "hardware": { "properties": { "serial": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_cores": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cpu_mhz": { - "type": "double", - "doc_values": "true" + "type": "double" }, "ram_total": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_free": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_usage": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "program": { "properties": { "format": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "section": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vendor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "install_time": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "multiarch": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "source": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "process": { "properties": { "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ppid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "utime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "stime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cmd": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "args": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "euser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ruser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "suser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "egroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nice": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vm_size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "resident": { - "type": "long", - "doc_values": "true" + "type": "long" }, "share": { - "type": "long", - "doc_values": "true" + "type": "long" }, "start_time": { - "type": "long", - "doc_values": "true" + "type": "long" }, "pgrp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "session": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nlwp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tgid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tty": { - "type": "long", - "doc_values": "true" + "type": "long" }, "processor": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "sca": { "properties": { "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "scan_id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "policy": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "passed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "failed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "score": { - "type": "long", - "doc_values": "true" + "type": "long" }, "check": { "properties": { "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rationale": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "remediation": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "compliance": { "properties": { "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cis_csc": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" } } }, "references": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "directory": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "registry": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "previous_result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "reason": { + "type": "keyword" + }, + "status": { + "type": "keyword" } } + }, + "invalid": { + "type": "keyword" + }, + "policy_id": { + "type": "keyword" + }, + "total_checks": { + "type": "keyword" } } }, - "win": { + "command": { + "type": "keyword" + }, + "integration": { + "type": "keyword" + }, + "timestamp": { + "type": "date" + }, + "title": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + }, + "virustotal": { "properties": { - "system": { + "description": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "found": { + "type": "keyword" + }, + "malicious": { + "type": "keyword" + }, + "permalink": { + "type": "keyword" + }, + "positives": { + "type": "keyword" + }, + "scan_date": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + }, + "source": { "properties": { - "providerName": { - "type": "keyword", - "doc_values": "true" + "alert_id": { + "type": "keyword" }, - "providerGuid": { - "type": "keyword", - "doc_values": "true" + "file": { + "type": "keyword" }, - "eventSourceName": { - "type": "keyword", - "doc_values": "true" + "md5": { + "type": "keyword" }, - "securityUserID": { - "type": "keyword", - "doc_values": "true" + "sha1": { + "type": "keyword" + } + } + }, + "total": { + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "advisories": { + "type": "keyword" + }, + "bugzilla_reference": { + "type": "keyword" + }, + "cve": { + "type": "keyword" + }, + "cvss": { + "properties": { + "cvss3_score": { + "type": "keyword" }, - "userID": { - "type": "keyword", - "doc_values": "true" + "cvss_score": { + "type": "keyword" }, - "eventID": { - "type": "keyword", - "doc_values": "true" + "cvss_scoring_vector": { + "type": "keyword" + } + } + }, + "cwe_reference": { + "type": "keyword" + }, + "package": { + "properties": { + "condition": { + "type": "keyword" + }, + "name": { + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "keyword", - "doc_values": "true" - }, - "task": { - "type": "keyword", - "doc_values": "true" - }, - "opcode": { - "type": "keyword", - "doc_values": "true" - }, - "keywords": { - "type": "keyword", - "doc_values": "true" - }, - "systemTime": { - "type": "keyword", - "doc_values": "true" - }, - "eventRecordID": { - "type": "keyword", - "doc_values": "true" - }, - "processID": { - "type": "keyword", - "doc_values": "true" - }, - "threadID": { - "type": "keyword", - "doc_values": "true" - }, - "channel": { - "type": "keyword", - "doc_values": "true" - }, - "computer": { - "type": "keyword", - "doc_values": "true" - }, - "severityValue": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, - "eventdata": { + "published": { + "type": "date" + }, + "reference": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long" + }, + "dstaddr": { + "type": "ip" + }, + "srcaddr": { + "type": "ip" + }, + "end": { + "type": "date" + }, + "start": { + "type": "date" + }, + "source_ip_address": { + "type": "ip" + }, + "service": { "properties": { - "subjectUserSid": { - "type": "keyword", - "doc_values": "true" + "count": { + "type": "long" }, - "subjectUserName": { - "type": "keyword", - "doc_values": "true" + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip" + }, + "geoLocation": { + "type": "geo_point" + } + } }, - "subjectDomainName": { - "type": "keyword", - "doc_values": "true" + "eventFirstSeen": { + "type": "date" }, - "subjectLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserSid": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserName": { - "type": "keyword", - "doc_values": "true" - }, - "targetDomainName": { - "type": "keyword", - "doc_values": "true" - }, - "targetLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "logonType": { - "type": "keyword", - "doc_values": "true" - }, - "logonProcessName": { - "type": "keyword", - "doc_values": "true" - }, - "authenticationPackageName": { - "type": "keyword", - "doc_values": "true" - }, - "logonGuid": { - "type": "keyword", - "doc_values": "true" - }, - "keyLength": { - "type": "keyword", - "doc_values": "true" - }, - "impersonationLevel": { - "type": "keyword", - "doc_values": "true" - }, - "transactionId": { - "type": "keyword", - "doc_values": "true" - }, - "newState": { - "type": "keyword", - "doc_values": "true" - }, - "resourceManager": { - "type": "keyword", - "doc_values": "true" - }, - "processId": { - "type": "keyword", - "doc_values": "true" - }, - "processName": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "image": { - "type": "keyword", - "doc_values": "true" - }, - "binary": { - "type": "keyword", - "doc_values": "true" - }, - "parentImage": { - "type": "keyword", - "doc_values": "true" - }, - "categoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryGuid": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChangesId": { - "type": "keyword", - "doc_values": "true" - }, - "category": { - "type": "keyword", - "doc_values": "true" - }, - "subcategory": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChanges": { - "type": "keyword", - "doc_values": "true" + "eventLastSeen": { + "type": "date" } } }, - "rmSessionEvent": { + "createdAt": { + "type": "date" + }, + "updatedAt": { + "type": "date" + }, + "resource.instanceDetails": { "properties": { - "rmSessionId": { - "type": "keyword", - "doc_values": "true" + "launchTime": { + "type": "date" }, - "uTCStartTime": { - "type": "keyword", - "doc_values": "true" + "networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip" + }, + "publicIp": { + "type": "ip" + } + } } } } @@ -1436,21 +1646,31 @@ } }, "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { "type": "text" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "input": { + "properties": { + "type": { + "type": "keyword" + } + } + }, + "previous_output": { + "type": "keyword" } } - } + }, + "version": 1 } - diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 11ef6176..06af6322 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -1,25 +1,426 @@ { "order": 0, - "index_patterns": ["wazuh-alerts-3.x-*"], + "index_patterns": [ + "wazuh-alerts-3.x-*", + "wazuh-archives-3.x-*" + ], "settings": { "index.refresh_interval": "5s", "index.number_of_shards": "3", "index.number_of_replicas": "0", "index.auto_expand_replicas": "0-1", - "index.mapping.total_fields.limit": 2000 + "index.mapping.total_fields.limit": 10000, + "index.query.default_field": [ + "GeoLocation.city_name", + "GeoLocation.continent_code", + "GeoLocation.country_code2", + "GeoLocation.country_code3", + "GeoLocation.country_name", + "GeoLocation.ip", + "GeoLocation.postal_code", + "GeoLocation.real_region_name", + "GeoLocation.region_name", + "GeoLocation.timezone", + "agent.id", + "agent.ip", + "agent.name", + "cluster.name", + "cluster.node", + "command", + "data", + "data.action", + "data.audit", + "data.audit.acct", + "data.audit.arch", + "data.audit.auid", + "data.audit.command", + "data.audit.cwd", + "data.audit.dev", + "data.audit.directory.inode", + "data.audit.directory.mode", + "data.audit.directory.name", + "data.audit.egid", + "data.audit.enforcing", + "data.audit.euid", + "data.audit.exe", + "data.audit.execve.a0", + "data.audit.execve.a1", + "data.audit.execve.a2", + "data.audit.execve.a3", + "data.audit.exit", + "data.audit.file.inode", + "data.audit.file.mode", + "data.audit.file.name", + "data.audit.fsgid", + "data.audit.fsuid", + "data.audit.gid", + "data.audit.id", + "data.audit.key", + "data.audit.list", + "data.audit.old-auid", + "data.audit.old-ses", + "data.audit.old_enforcing", + "data.audit.old_prom", + "data.audit.op", + "data.audit.pid", + "data.audit.ppid", + "data.audit.prom", + "data.audit.res", + "data.audit.session", + "data.audit.sgid", + "data.audit.srcip", + "data.audit.subj", + "data.audit.success", + "data.audit.suid", + "data.audit.syscall", + "data.audit.tty", + "data.audit.uid", + "data.aws.accountId", + "data.aws.account_id", + "data.aws.action", + "data.aws.actor", + "data.aws.aws_account_id", + "data.aws.description", + "data.aws.dstport", + "data.aws.errorCode", + "data.aws.errorMessage", + "data.aws.eventID", + "data.aws.eventName", + "data.aws.eventSource", + "data.aws.eventType", + "data.aws.id", + "data.aws.name", + "data.aws.requestParameters.accessKeyId", + "data.aws.requestParameters.bucketName", + "data.aws.requestParameters.gatewayId", + "data.aws.requestParameters.groupDescription", + "data.aws.requestParameters.groupId", + "data.aws.requestParameters.groupName", + "data.aws.requestParameters.host", + "data.aws.requestParameters.hostedZoneId", + "data.aws.requestParameters.instanceId", + "data.aws.requestParameters.instanceProfileName", + "data.aws.requestParameters.loadBalancerName", + "data.aws.requestParameters.loadBalancerPorts", + "data.aws.requestParameters.masterUserPassword", + "data.aws.requestParameters.masterUsername", + "data.aws.requestParameters.name", + "data.aws.requestParameters.natGatewayId", + "data.aws.requestParameters.networkAclId", + "data.aws.requestParameters.path", + "data.aws.requestParameters.policyName", + "data.aws.requestParameters.port", + "data.aws.requestParameters.stackId", + "data.aws.requestParameters.stackName", + "data.aws.requestParameters.subnetId", + "data.aws.requestParameters.subnetIds", + "data.aws.requestParameters.volumeId", + "data.aws.requestParameters.vpcId", + "data.aws.resource.accessKeyDetails.accessKeyId", + "data.aws.resource.accessKeyDetails.principalId", + "data.aws.resource.accessKeyDetails.userName", + "data.aws.resource.instanceDetails.instanceId", + "data.aws.resource.instanceDetails.instanceState", + "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName", + "data.aws.resource.instanceDetails.networkInterfaces.subnetId", + "data.aws.resource.instanceDetails.networkInterfaces.vpcId", + "data.aws.resource.instanceDetails.tags.value", + "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId", + "data.aws.responseElements.description", + "data.aws.responseElements.instanceId", + "data.aws.responseElements.instances.instanceId", + "data.aws.responseElements.instancesSet.items.instanceId", + "data.aws.responseElements.listeners.port", + "data.aws.responseElements.loadBalancerName", + "data.aws.responseElements.loadBalancers.vpcId", + "data.aws.responseElements.loginProfile.userName", + "data.aws.responseElements.networkAcl.vpcId", + "data.aws.responseElements.ownerId", + "data.aws.responseElements.publicIp", + "data.aws.responseElements.user.userId", + "data.aws.responseElements.user.userName", + "data.aws.responseElements.volumeId", + "data.aws.service.serviceName", + "data.aws.severity", + "data.aws.source", + "data.aws.sourceIPAddress", + "data.aws.srcport", + "data.aws.userIdentity.accessKeyId", + "data.aws.userIdentity.accountId", + "data.aws.userIdentity.userName", + "data.aws.vpcEndpointId", + "data.command", + "data.data", + "data.docker.Actor.Attributes.container", + "data.docker.Actor.Attributes.image", + "data.docker.Actor.Attributes.name", + "data.docker.Actor.ID", + "data.docker.id", + "data.docker.message", + "data.docker.status", + "data.dstip", + "data.dstport", + "data.dstuser", + "data.hardware.serial", + "data.id", + "data.integration", + "data.netinfo.iface.adapter", + "data.netinfo.iface.ipv4.address", + "data.netinfo.iface.ipv6.address", + "data.netinfo.iface.mac", + "data.netinfo.iface.name", + "data.os.architecture", + "data.os.build", + "data.os.codename", + "data.os.hostname", + "data.os.major", + "data.os.minor", + "data.os.name", + "data.os.platform", + "data.os.release", + "data.os.release_version", + "data.os.sysname", + "data.os.version", + "data.oscap.check.description", + "data.oscap.check.id", + "data.oscap.check.identifiers", + "data.oscap.check.oval.id", + "data.oscap.check.rationale", + "data.oscap.check.references", + "data.oscap.check.result", + "data.oscap.check.severity", + "data.oscap.check.title", + "data.oscap.scan.benchmark.id", + "data.oscap.scan.content", + "data.oscap.scan.id", + "data.oscap.scan.profile.id", + "data.oscap.scan.profile.title", + "data.osquery.columns.address", + "data.osquery.columns.command", + "data.osquery.columns.description", + "data.osquery.columns.dst_ip", + "data.osquery.columns.gid", + "data.osquery.columns.hostname", + "data.osquery.columns.md5", + "data.osquery.columns.path", + "data.osquery.columns.sha1", + "data.osquery.columns.sha256", + "data.osquery.columns.src_ip", + "data.osquery.columns.user", + "data.osquery.columns.username", + "data.osquery.name", + "data.osquery.pack", + "data.port.process", + "data.port.protocol", + "data.port.state", + "data.process.args", + "data.process.cmd", + "data.process.egroup", + "data.process.euser", + "data.process.fgroup", + "data.process.name", + "data.process.rgroup", + "data.process.ruser", + "data.process.sgroup", + "data.process.state", + "data.process.suser", + "data.program.architecture", + "data.program.description", + "data.program.format", + "data.program.location", + "data.program.multiarch", + "data.program.name", + "data.program.priority", + "data.program.section", + "data.program.source", + "data.program.vendor", + "data.program.version", + "data.protocol", + "data.pwd", + "data.sca", + "data.sca.check.compliance.cis", + "data.sca.check.compliance.cis_csc", + "data.sca.check.compliance.pci_dss", + "data.sca.check.compliance.hipaa", + "data.sca.check.compliance.nist_800_53", + "data.sca.check.description", + "data.sca.check.directory", + "data.sca.check.file", + "data.sca.check.id", + "data.sca.check.previous_result", + "data.sca.check.process", + "data.sca.check.rationale", + "data.sca.check.reason", + "data.sca.check.references", + "data.sca.check.registry", + "data.sca.check.remediation", + "data.sca.check.result", + "data.sca.check.status", + "data.sca.check.title", + "data.sca.description", + "data.sca.file", + "data.sca.invalid", + "data.sca.name", + "data.sca.policy", + "data.sca.policy_id", + "data.sca.scan_id", + "data.sca.total_checks", + "data.script", + "data.src_ip", + "data.src_port", + "data.srcip", + "data.srcport", + "data.srcuser", + "data.status", + "data.system_name", + "data.title", + "data.tty", + "data.uid", + "data.url", + "data.virustotal.description", + "data.virustotal.error", + "data.virustotal.found", + "data.virustotal.permalink", + "data.virustotal.scan_date", + "data.virustotal.sha1", + "data.virustotal.source.alert_id", + "data.virustotal.source.file", + "data.virustotal.source.md5", + "data.virustotal.source.sha1", + "data.vulnerability.advisories", + "data.vulnerability.bugzilla_reference", + "data.vulnerability.cve", + "data.vulnerability.cwe_reference", + "data.vulnerability.package.condition", + "data.vulnerability.package.name", + "data.vulnerability.package.version", + "data.vulnerability.reference", + "data.vulnerability.severity", + "data.vulnerability.state", + "data.vulnerability.title", + "data.win.eventdata.auditPolicyChanges", + "data.win.eventdata.auditPolicyChangesId", + "data.win.eventdata.binary", + "data.win.eventdata.category", + "data.win.eventdata.categoryId", + "data.win.eventdata.data", + "data.win.eventdata.image", + "data.win.eventdata.ipAddress", + "data.win.eventdata.ipPort", + "data.win.eventdata.keyName", + "data.win.eventdata.logonGuid", + "data.win.eventdata.logonProcessName", + "data.win.eventdata.operation", + "data.win.eventdata.parentImage", + "data.win.eventdata.processId", + "data.win.eventdata.processName", + "data.win.eventdata.providerName", + "data.win.eventdata.returnCode", + "data.win.eventdata.service", + "data.win.eventdata.status", + "data.win.eventdata.subcategory", + "data.win.eventdata.subcategoryGuid", + "data.win.eventdata.subcategoryId", + "data.win.eventdata.subjectDomainName", + "data.win.eventdata.subjectLogonId", + "data.win.eventdata.subjectUserName", + "data.win.eventdata.subjectUserSid", + "data.win.eventdata.targetDomainName", + "data.win.eventdata.targetLinkedLogonId", + "data.win.eventdata.targetLogonId", + "data.win.eventdata.targetUserName", + "data.win.eventdata.targetUserSid", + "data.win.eventdata.workstationName", + "data.win.system.channel", + "data.win.system.computer", + "data.win.system.eventID", + "data.win.system.eventRecordID", + "data.win.system.eventSourceName", + "data.win.system.keywords", + "data.win.system.level", + "data.win.system.message", + "data.win.system.opcode", + "data.win.system.processID", + "data.win.system.providerGuid", + "data.win.system.providerName", + "data.win.system.securityUserID", + "data.win.system.severityValue", + "data.win.system.userID", + "decoder.ftscomment", + "decoder.name", + "decoder.parent", + "full_log", + "host", + "id", + "input", + "location", + "manager.name", + "message", + "offset", + "predecoder.hostname", + "predecoder.program_name", + "previous_log", + "previous_output", + "program_name", + "rule.cis", + "rule.cve", + "rule.description", + "rule.gdpr", + "rule.gpg13", + "rule.groups", + "rule.id", + "rule.info", + "rule.pci_dss", + "syscheck.audit.effective_user.id", + "syscheck.audit.effective_user.name", + "syscheck.audit.group.id", + "syscheck.audit.group.name", + "syscheck.audit.login_user.id", + "syscheck.audit.login_user.name", + "syscheck.audit.process.id", + "syscheck.audit.process.name", + "syscheck.audit.process.ppid", + "syscheck.audit.user.id", + "syscheck.audit.user.name", + "syscheck.diff", + "syscheck.event", + "syscheck.gid_after", + "syscheck.gid_before", + "syscheck.gname_after", + "syscheck.gname_before", + "syscheck.inode_after", + "syscheck.inode_before", + "syscheck.md5_after", + "syscheck.md5_before", + "syscheck.path", + "syscheck.perm_after", + "syscheck.perm_before", + "syscheck.sha1_after", + "syscheck.sha1_before", + "syscheck.sha256_after", + "syscheck.sha256_before", + "syscheck.tags", + "syscheck.uid_after", + "syscheck.uid_before", + "syscheck.uname_after", + "syscheck.uname_before", + "title", + "type" + ] }, "mappings": { "dynamic_templates": [ { "string_as_keyword": { - "match_mapping_type": "string", "mapping": { - "type": "keyword", - "doc_values": "true" - } + "type": "keyword" + }, + "match_mapping_type": "string" } } ], + "date_detection": false, "properties": { "@timestamp": { "type": "date" @@ -34,42 +435,35 @@ "agent": { "properties": { "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "manager": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "cluster": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "node": { + "type": "keyword" } } }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, "full_log": { - "enabled": false, - "type": "object" + "type": "text" }, "previous_log": { "type": "text" @@ -80,8 +474,7 @@ "type": "long" }, "city_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "continent_code": { "type": "text" @@ -96,15 +489,13 @@ "type": "text" }, "country_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dma_code": { "type": "long" }, "ip": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "latitude": { "type": "double" @@ -119,12 +510,10 @@ "type": "keyword" }, "real_region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "region_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timezone": { "type": "text" @@ -132,110 +521,151 @@ } }, "host": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "syscheck": { "properties": { "path": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sha1_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gid_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "perm_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "md5_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "inode_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtime_after": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "mtime_before": { "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" + "format": "date_optional_time" }, "uname_after": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "uname_before": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size_before": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size_after": { - "type": "long", - "doc_values": "true" + "type": "long" }, "diff": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "event": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "audit": { + "properties": { + "effective_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "login_user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "process": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + } + } + }, + "user": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + } + } + }, + "sha256_after": { + "type": "keyword" + }, + "sha256_before": { + "type": "keyword" + }, + "tags": { + "type": "keyword" } } }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "message": { "type": "text" @@ -246,554 +676,441 @@ "rule": { "properties": { "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "groups": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "level": { - "type": "long", - "doc_values": "true" + "type": "long" }, "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cve": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "info": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "frequency": { - "type": "long", - "doc_values": "true" + "type": "long" }, "firedtimes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gdpr": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "gpg13": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" + }, + "mail": { + "type": "boolean" } } }, "predecoder": { "properties": { "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "timestamp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hostname": { + "type": "keyword" } } }, "decoder": { "properties": { "parent": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ftscomment": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fts": { - "type": "long", - "doc_values": "true" + "type": "long" }, "accumulate": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "data": { "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, "audit": { "properties": { - "type": { - "type": "keyword", - "doc_values": "true" + "acct": { + "type": "keyword" }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" + "arch": { + "type": "keyword" }, "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dev": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "aws": { - "properties": { - "bytes": { - "type": "long", - "doc_values": "true" - }, - "dstaddr": { - "type": "ip", - "doc_values": "true" - }, - "srcaddr": { - "type": "ip", - "doc_values": "true" - }, - "end": { - "type": "date", - "doc_values": "true" - }, - "start": { - "type": "date", - "doc_values": "true" - }, - "source_ip_address": { - "type": "ip", - "doc_values": "true" - }, - "resource.instanceDetails.networkInterfaces": { + "directory": { "properties": { - "privateIpAddress": { - "type": "ip", - "doc_values": "true" + "inode": { + "type": "keyword" }, - "publicIp": { - "type": "ip", - "doc_values": "true" + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" } } }, - "service": { + "egid": { + "type": "keyword" + }, + "enforcing": { + "type": "keyword" + }, + "euid": { + "type": "keyword" + }, + "exe": { + "type": "keyword" + }, + "execve": { "properties": { - "count": { - "type": "long", - "doc_values": "true" + "a0": { + "type": "keyword" }, - "action.networkConnectionAction.remoteIpDetails": { + "a1": { + "type": "keyword" + }, + "a2": { + "type": "keyword" + }, + "a3": { + "type": "keyword" + } + } + }, + "exit": { + "type": "keyword" + }, + "file": { + "properties": { + "inode": { + "type": "keyword" + }, + "mode": { + "type": "keyword" + }, + "name": { + "type": "keyword" + } + } + }, + "fsgid": { + "type": "keyword" + }, + "fsuid": { + "type": "keyword" + }, + "gid": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "key": { + "type": "keyword" + }, + "list": { + "type": "keyword" + }, + "old-auid": { + "type": "keyword" + }, + "old-ses": { + "type": "keyword" + }, + "old_enforcing": { + "type": "keyword" + }, + "old_prom": { + "type": "keyword" + }, + "op": { + "type": "keyword" + }, + "pid": { + "type": "keyword" + }, + "ppid": { + "type": "keyword" + }, + "prom": { + "type": "keyword" + }, + "res": { + "type": "keyword" + }, + "session": { + "type": "keyword" + }, + "sgid": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "subj": { + "type": "keyword" + }, + "success": { + "type": "keyword" + }, + "suid": { + "type": "keyword" + }, + "syscall": { + "type": "keyword" + }, + "tty": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + } + } + }, + "protocol": { + "type": "keyword" + }, + "action": { + "type": "keyword" + }, + "srcip": { + "type": "keyword" + }, + "dstip": { + "type": "keyword" + }, + "srcport": { + "type": "keyword" + }, + "dstport": { + "type": "keyword" + }, + "srcuser": { + "type": "keyword" + }, + "dstuser": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "status": { + "type": "keyword" + }, + "data": { + "type": "keyword" + }, + "system_name": { + "type": "keyword" + }, + "url": { + "type": "keyword" + }, + "oscap": { + "properties": { + "check": { + "properties": { + "description": { + "type": "text" + }, + "id": { + "type": "keyword" + }, + "identifiers": { + "type": "text" + }, + "oval": { "properties": { - "ipAddressV4": { - "type": "ip", - "doc_values": "true" - }, - "geoLocation": { - "type": "geo_point", - "doc_values": "true" + "id": { + "type": "keyword" } } + }, + "rationale": { + "type": "text" + }, + "references": { + "type": "text" + }, + "result": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "scan": { + "properties": { + "benchmark": { + "properties": { + "id": { + "type": "keyword" + } + } + }, + "content": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "profile": { + "properties": { + "id": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "return_code": { + "type": "long" + }, + "score": { + "type": "double" } } } } }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netinfo": { "properties": { "iface": { "properties": { "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mac": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "adapter": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "mtu": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_bytes": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_errors": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_dropped": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_packets": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ipv4": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "ipv6": { "properties": { "gateway": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "dhcp": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "address": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "netmask": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "broadcast": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "metric": { - "type": "long", - "doc_values": "true" + "type": "long" } } } @@ -804,630 +1121,523 @@ "os": { "properties": { "hostname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "codename": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "major": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "minor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "build": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "platform": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sysname": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "release_version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "port": { "properties": { "protocol": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "local_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "local_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "remote_ip": { - "type": "ip", - "doc_values": "true" + "type": "ip" }, "remote_port": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "rx_queue": { - "type": "long", - "doc_values": "true" + "type": "long" }, "inode": { - "type": "long", - "doc_values": "true" + "type": "long" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "hardware": { "properties": { "serial": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cpu_cores": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cpu_mhz": { - "type": "double", - "doc_values": "true" + "type": "double" }, "ram_total": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_free": { - "type": "long", - "doc_values": "true" + "type": "long" }, "ram_usage": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "program": { "properties": { "format": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "section": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vendor": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "install_time": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "architecture": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "multiarch": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "source": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "location": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, "process": { "properties": { "pid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "state": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ppid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "utime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "stime": { - "type": "long", - "doc_values": "true" + "type": "long" }, "cmd": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "args": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "euser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "ruser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "suser": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "egroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "sgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "fgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rgroup": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "priority": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nice": { - "type": "long", - "doc_values": "true" + "type": "long" }, "size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "vm_size": { - "type": "long", - "doc_values": "true" + "type": "long" }, "resident": { - "type": "long", - "doc_values": "true" + "type": "long" }, "share": { - "type": "long", - "doc_values": "true" + "type": "long" }, "start_time": { - "type": "long", - "doc_values": "true" + "type": "long" }, "pgrp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "session": { - "type": "long", - "doc_values": "true" + "type": "long" }, "nlwp": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tgid": { - "type": "long", - "doc_values": "true" + "type": "long" }, "tty": { - "type": "long", - "doc_values": "true" + "type": "long" }, "processor": { - "type": "long", - "doc_values": "true" + "type": "long" } } }, "sca": { "properties": { "type": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "scan_id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "policy": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "passed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "failed": { - "type": "integer", - "doc_values": "true" + "type": "integer" }, "score": { - "type": "long", - "doc_values": "true" + "type": "long" }, "check": { "properties": { "id": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "description": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "rationale": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "remediation": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "compliance": { "properties": { "cis": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "cis_csc": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "pci_dss": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "hipaa": { + "type": "keyword" + }, + "nist_800_53": { + "type": "keyword" } } }, "references": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "file": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "directory": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "registry": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "process": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "previous_result": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "reason": { + "type": "keyword" + }, + "status": { + "type": "keyword" } } + }, + "invalid": { + "type": "keyword" + }, + "policy_id": { + "type": "keyword" + }, + "total_checks": { + "type": "keyword" } } }, - "win": { + "command": { + "type": "keyword" + }, + "integration": { + "type": "keyword" + }, + "timestamp": { + "type": "date" + }, + "title": { + "type": "keyword" + }, + "uid": { + "type": "keyword" + }, + "virustotal": { "properties": { - "system": { + "description": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "found": { + "type": "keyword" + }, + "malicious": { + "type": "keyword" + }, + "permalink": { + "type": "keyword" + }, + "positives": { + "type": "keyword" + }, + "scan_date": { + "type": "keyword" + }, + "sha1": { + "type": "keyword" + }, + "source": { "properties": { - "providerName": { - "type": "keyword", - "doc_values": "true" + "alert_id": { + "type": "keyword" }, - "providerGuid": { - "type": "keyword", - "doc_values": "true" + "file": { + "type": "keyword" }, - "eventSourceName": { - "type": "keyword", - "doc_values": "true" + "md5": { + "type": "keyword" }, - "securityUserID": { - "type": "keyword", - "doc_values": "true" + "sha1": { + "type": "keyword" + } + } + }, + "total": { + "type": "keyword" + } + } + }, + "vulnerability": { + "properties": { + "advisories": { + "type": "keyword" + }, + "bugzilla_reference": { + "type": "keyword" + }, + "cve": { + "type": "keyword" + }, + "cvss": { + "properties": { + "cvss3_score": { + "type": "keyword" }, - "userID": { - "type": "keyword", - "doc_values": "true" + "cvss_score": { + "type": "keyword" }, - "eventID": { - "type": "keyword", - "doc_values": "true" + "cvss_scoring_vector": { + "type": "keyword" + } + } + }, + "cwe_reference": { + "type": "keyword" + }, + "package": { + "properties": { + "condition": { + "type": "keyword" + }, + "name": { + "type": "keyword" }, "version": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "keyword", - "doc_values": "true" - }, - "task": { - "type": "keyword", - "doc_values": "true" - }, - "opcode": { - "type": "keyword", - "doc_values": "true" - }, - "keywords": { - "type": "keyword", - "doc_values": "true" - }, - "systemTime": { - "type": "keyword", - "doc_values": "true" - }, - "eventRecordID": { - "type": "keyword", - "doc_values": "true" - }, - "processID": { - "type": "keyword", - "doc_values": "true" - }, - "threadID": { - "type": "keyword", - "doc_values": "true" - }, - "channel": { - "type": "keyword", - "doc_values": "true" - }, - "computer": { - "type": "keyword", - "doc_values": "true" - }, - "severityValue": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" } } }, - "eventdata": { + "published": { + "type": "date" + }, + "reference": { + "type": "keyword" + }, + "severity": { + "type": "keyword" + }, + "state": { + "type": "keyword" + }, + "title": { + "type": "keyword" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long" + }, + "dstaddr": { + "type": "ip" + }, + "srcaddr": { + "type": "ip" + }, + "end": { + "type": "date" + }, + "start": { + "type": "date" + }, + "source_ip_address": { + "type": "ip" + }, + "service": { "properties": { - "subjectUserSid": { - "type": "keyword", - "doc_values": "true" + "count": { + "type": "long" }, - "subjectUserName": { - "type": "keyword", - "doc_values": "true" + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip" + }, + "geoLocation": { + "type": "geo_point" + } + } }, - "subjectDomainName": { - "type": "keyword", - "doc_values": "true" + "eventFirstSeen": { + "type": "date" }, - "subjectLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserSid": { - "type": "keyword", - "doc_values": "true" - }, - "targetUserName": { - "type": "keyword", - "doc_values": "true" - }, - "targetDomainName": { - "type": "keyword", - "doc_values": "true" - }, - "targetLogonId": { - "type": "keyword", - "doc_values": "true" - }, - "logonType": { - "type": "keyword", - "doc_values": "true" - }, - "logonProcessName": { - "type": "keyword", - "doc_values": "true" - }, - "authenticationPackageName": { - "type": "keyword", - "doc_values": "true" - }, - "logonGuid": { - "type": "keyword", - "doc_values": "true" - }, - "keyLength": { - "type": "keyword", - "doc_values": "true" - }, - "impersonationLevel": { - "type": "keyword", - "doc_values": "true" - }, - "transactionId": { - "type": "keyword", - "doc_values": "true" - }, - "newState": { - "type": "keyword", - "doc_values": "true" - }, - "resourceManager": { - "type": "keyword", - "doc_values": "true" - }, - "processId": { - "type": "keyword", - "doc_values": "true" - }, - "processName": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "image": { - "type": "keyword", - "doc_values": "true" - }, - "binary": { - "type": "keyword", - "doc_values": "true" - }, - "parentImage": { - "type": "keyword", - "doc_values": "true" - }, - "categoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryId": { - "type": "keyword", - "doc_values": "true" - }, - "subcategoryGuid": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChangesId": { - "type": "keyword", - "doc_values": "true" - }, - "category": { - "type": "keyword", - "doc_values": "true" - }, - "subcategory": { - "type": "keyword", - "doc_values": "true" - }, - "auditPolicyChanges": { - "type": "keyword", - "doc_values": "true" + "eventLastSeen": { + "type": "date" } } }, - "rmSessionEvent": { + "createdAt": { + "type": "date" + }, + "updatedAt": { + "type": "date" + }, + "resource.instanceDetails": { "properties": { - "rmSessionId": { - "type": "keyword", - "doc_values": "true" + "launchTime": { + "type": "date" }, - "uTCStartTime": { - "type": "keyword", - "doc_values": "true" + "networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip" + }, + "publicIp": { + "type": "ip" + } + } } } } @@ -1436,20 +1646,31 @@ } }, "program_name": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "command": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" }, "type": { "type": "text" }, "title": { - "type": "keyword", - "doc_values": "true" + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "input": { + "properties": { + "type": { + "type": "keyword" + } + } + }, + "previous_output": { + "type": "keyword" } } - } -} \ No newline at end of file + }, + "version": 1 +} From 58b3b734bea81da15d43131a69c115cb33e727fa Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:10:28 +0200 Subject: [PATCH 67/79] Bump version to 3.10.0_7.3.2 --- VERSION | 4 ++-- molecule/default/tests/test_default.py | 4 ++-- molecule/elasticsearch/tests/test_default.py | 2 +- molecule/kibana/tests/test_default.py | 2 +- molecule/wazuh-agent/tests/test_agents.py | 2 +- molecule/worker/tests/test_default.py | 4 ++-- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/VERSION b/VERSION index 921c9fb1..2a8b969e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.5" -REVISION="3950" +WAZUH-ANSIBLE_VERSION="v3.10.0" +REVISION="31000" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 174a499f..03fe99d4 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_wazuh_packages_are_installed(host): @@ -86,4 +86,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') + assert filebeat.version.startswith('7.3.2') diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py index 31c5da6c..f4021876 100644 --- a/molecule/elasticsearch/tests/test_default.py +++ b/molecule/elasticsearch/tests/test_default.py @@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host): """Test if the elasticsearch package is installed.""" elasticsearch = host.package("elasticsearch") assert elasticsearch.is_installed - assert elasticsearch.version.startswith('7.2.1') + assert elasticsearch.version.startswith('7.3.2') def test_elasticsearch_is_running(host): diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py index f57bb8f7..ccd4d4f2 100644 --- a/molecule/kibana/tests/test_default.py +++ b/molecule/kibana/tests/test_default.py @@ -14,7 +14,7 @@ def test_port_kibana_is_open(host): def test_find_correct_elasticsearch_version(host): """Test if we find the kibana/elasticsearch version in package.json""" kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") - assert kibana.contains("7.2.1") + assert kibana.contains("7.3.2") def test_wazuh_plugin_installed(host): diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py index a4845d06..1846d3fe 100644 --- a/molecule/wazuh-agent/tests/test_agents.py +++ b/molecule/wazuh-agent/tests/test_agents.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_ossec_package_installed(Package): diff --git a/molecule/worker/tests/test_default.py b/molecule/worker/tests/test_default.py index 8dc96bbf..4de03dc3 100644 --- a/molecule/worker/tests/test_default.py +++ b/molecule/worker/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9.5" + return "3.10.0" def test_wazuh_packages_are_installed(host): @@ -82,4 +82,4 @@ def test_filebeat_is_installed(host): """Test if the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.2.1') + assert filebeat.version.startswith('7.3.2') diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 31ed74de..ca6dd06e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.2.1 +elastic_stack_version: 7.3.2 single_node: true elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 9ec61091..06c2c6af 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.2.1 -wazuh_version: 3.9.5 +elastic_stack_version: 7.3.2 +wazuh_version: 3.10.0 # Xpack Security kibana_xpack_security: false diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 632ab7e3..180308a6 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.2.1 +filebeat_version: 7.3.2 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c3da8e89..f6904240 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 3.9.5 +wazuh_agent_version: 3.10.0 wazuh_managers: - address: 127.0.0.1 port: 1514 @@ -26,7 +26,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.5' + version: '3.10.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: ee5b24216db472d291da4e14f0b3bc63 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8c7c1f16..87ab144b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_api_version: 3.9.5 +wazuh_manager_api_version: 3.10.0 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: latest From e98f52deb7226c83eaa2910e9443a582152be7da Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:26:47 +0200 Subject: [PATCH 68/79] Update CHANGELOG.md --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87570f08..0c31372c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,23 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.10.0_7.3.2] + +### Added + + +### Changed + +- Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) +- Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) + +### Fixed + +- Fixed typo in the `agent.conf` template [@joey1a2b3c](https://github.com/joey1a2b3c) [#227](https://github.com/wazuh/wazuh-ansible/pull/227) +- Updated conditionals in tasks to fix Amazon Linux installation [@jm404](https://github.com/jm404) [#229](https://github.com/wazuh/wazuh-ansible/pull/229) +- Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232) +- Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234) + ## [v3.9.5_7.2.1] ### Added From 3680e6a3a3f827b7314b67045a096a86c4a0cff0 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 11:53:53 +0200 Subject: [PATCH 69/79] Remove "Amazon" from conditional in remove repo task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 320c9b74..13fcd37d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -146,7 +146,7 @@ state: started - import_tasks: RMRedHat.yml - when: ansible_os_family == 'RedHat', 'Amazon' + when: ansible_os_family == 'RedHat' - import_tasks: RMDebian.yml when: ansible_os_family == 'Debian' From 9db41aac8cbece45559c96b47c444e8380054517 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 11:54:40 +0200 Subject: [PATCH 70/79] Add changed_when: false conditional to fix idempotence --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 13fcd37d..af9b5eaf 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -138,6 +138,7 @@ name: kibana enabled: true state: restarted + changed_when: false - name: Ensure Kibana is started and enabled service: From 8c48c6ce624c574fda8e771dffe9ca67b8a16b90 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:43:47 +0200 Subject: [PATCH 71/79] Remove explicit Kibana restart. Add restart notifications --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index af9b5eaf..d09f13fb 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -84,6 +84,7 @@ when: - check_certs_permissions is defined - kibana_xpack_security + notify: restart kibana tags: xpack-security - name: Kibana configuration @@ -93,6 +94,7 @@ owner: root group: root mode: 0664 + notify: restart kibana tags: configure - name: Checking Wazuh-APP version @@ -125,6 +127,7 @@ creates: /usr/share/kibana/plugins/wazuh/package.json become: yes become_user: kibana + notify: restart kibana tags: - install - skip_ansible_lint @@ -133,13 +136,6 @@ systemd: daemon_reload: true -- name: Restart Kibana - service: - name: kibana - enabled: true - state: restarted - changed_when: false - - name: Ensure Kibana is started and enabled service: name: kibana From f94e095972bc2f6d25b6752c38bd51df19f68695 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:47:19 +0200 Subject: [PATCH 72/79] Remove Amazon from daemon reload exceptions --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d09f13fb..6b66920b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -6,10 +6,10 @@ when: ansible_os_family == 'Debian' - name: Reload systemd - systemd: daemon_reload=true + systemd: + daemon_reload: true ignore_errors: true when: - - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) From d6ebdbba76b3c754f4864f8083b70a926601df96 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 12:48:20 +0200 Subject: [PATCH 73/79] Update CHANGELOG.md --- CHANGELOG.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c31372c..153218ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,6 @@ All notable changes to this project will be documented in this file. ## [v3.10.0_7.3.2] -### Added - - ### Changed - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) From 8f953f4272045423ee82db0c4a36530c44679fab Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 13:04:35 +0200 Subject: [PATCH 74/79] Add versioning to filter AL2 in the daemon reload task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 6b66920b..c4069f90 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -10,6 +10,7 @@ daemon_reload: true ignore_errors: true when: + - not (ansible_distribution == "Amazon and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) From d6ef30b6a30abe703d654a02f7ff2681ac9d57cf Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 13:05:06 +0200 Subject: [PATCH 75/79] Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 153218ac..ab4e5eea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,13 @@ All notable changes to this project will be documented in this file. ## [v3.10.0_7.3.2] +### Added + +- Update to Wazuh v3.10.0 + ### Changed +- Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237) - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) - Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) From c1e085a1ed2d954ddf9687f99f9283a3f203e88f Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 17 Sep 2019 14:34:04 +0200 Subject: [PATCH 76/79] Fix trailing whitespace for linting checks --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c4069f90..a0f6e5c0 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -6,7 +6,7 @@ when: ansible_os_family == 'Debian' - name: Reload systemd - systemd: + systemd: daemon_reload: true ignore_errors: true when: From a9d2c5201047c273c2c4fead5a54e576111da455 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 08:55:17 +0200 Subject: [PATCH 77/79] Moved run_cluster_mode.sh script to molecule folder --- run_cluster_mode.sh => molecule/run_cluster_mode.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename run_cluster_mode.sh => molecule/run_cluster_mode.sh (100%) diff --git a/run_cluster_mode.sh b/molecule/run_cluster_mode.sh similarity index 100% rename from run_cluster_mode.sh rename to molecule/run_cluster_mode.sh From 48cff3046de5052b99d3c9b68ccd532b55e10feb Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 08:58:19 +0200 Subject: [PATCH 78/79] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab4e5eea..95a9d18b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file. - Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237) - Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222) - Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files) +- Moved "run_cluster_mode.sh" script to molecule folder [@jm404](https://github.com/jm404) [#a9d2c52](https://github.com/wazuh/wazuh-ansible/commit/a9d2c5201047c273c2c4fead5a54e576111da455) ### Fixed From 61740ebebc60d63fccdd33c41e82fdb262a9a01e Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 18 Sep 2019 09:01:10 +0200 Subject: [PATCH 79/79] Fix typo in Amazon distribution conditional --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index a0f6e5c0..c7c7f551 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -10,7 +10,7 @@ daemon_reload: true ignore_errors: true when: - - not (ansible_distribution == "Amazon and ansible_distribution_version == "(Karoo)") + - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)") - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))