afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 3.10.2_7.3.2 into ellk-security-dev

Browse Source
This commit is contained in:
Jose M 2019-09-24 09:37:31 +02:00
commit d6979b772e
53 changed files with 2948 additions and 2781 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CHANGELOG.md
View File

@ -1,6 +1,33 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v3.10.0_7.3.2]
### Added
- Update to Wazuh v3.10.0
### Changed
- Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237)
- Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222)
- Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files)
- Moved "run_cluster_mode.sh" script to molecule folder [@jm404](https://github.com/jm404) [#a9d2c52](https://github.com/wazuh/wazuh-ansible/commit/a9d2c5201047c273c2c4fead5a54e576111da455)
### Fixed
- Fixed typo in the `agent.conf` template [@joey1a2b3c](https://github.com/joey1a2b3c) [#227](https://github.com/wazuh/wazuh-ansible/pull/227)
- Updated conditionals in tasks to fix Amazon Linux installation [@jm404](https://github.com/jm404) [#229](https://github.com/wazuh/wazuh-ansible/pull/229)
- Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232)
- Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234)
## [v3.9.5_7.2.1]
### Added
- Update to Wazuh v3.9.5
- Update to Elastic Stack to v7.2.1
## [v3.9.4_7.2.0] ## [v3.9.4_7.2.0]
### Added ### Added
@ -11,6 +38,10 @@ All notable changes to this project will be documented in this file.
- Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204). - Default protocol to TCP [@ionphractal](https://github.com/ionphractal) [#204](https://github.com/wazuh/wazuh-ansible/pull/204).
### Fixed
- Fixed network.host is not localhost [@rshad](https://github.com/rshad) [#204](https://github.com/wazuh/wazuh-ansible/pull/212).
## [v3.9.3_7.2.0] ## [v3.9.3_7.2.0]
### Added ### Added

28
Pipfile
View File

@ -5,8 +5,8 @@ name = "pypi"
[packages] [packages]
docker-py = "*" docker-py = "*"
ansible = "==2.7.11" ansible = "==2.7.13"
molecule = "*" molecule = "==2.20.2"
[dev-packages] [dev-packages]
@ -14,8 +14,22 @@ molecule = "*"
python_version = "2.7" python_version = "2.7"
[scripts] [scripts]
test ="molecule test" test ="molecule test --destroy=never"
agent ="molecule test -s wazuh-agent" worker ="molecule test -s worker --destroy=never"
elasticsearch ="molecule test -s elasticsearch" agent ="molecule test -s wazuh-agent --destroy=never"
filebeat ="molecule test -s filebeat" elasticsearch ="molecule test -s elasticsearch --destroy=never"
kibana ="molecule test -s kibana" kibana ="molecule test -s kibana --destroy=never"
# Verify ..
verify ="molecule verify"
verify_worker ="molecule verify -s worker"
verify_agent ="molecule verify -s agent"
verify_elasticsearch ="molecule verify -s elasticsearch"
verify_kibana ="molecule verify -s kibana"
# Destroy ..
destroy ="molecule destroy"
destroy_worker ="molecule destroy -s worker"
destroy_agent ="molecule destroy -s agent"
destroy_elasticsearch ="molecule destroy -s elasticsearch"
destroy_kibana ="molecule destroy -s kibana"

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v3.9.3" WAZUH-ANSIBLE_VERSION="v3.10.0"
REVISION="3930" REVISION="31000"

14
molecule/default/create.yml
View File

@ -44,10 +44,13 @@
- name: Create docker network(s) - name: Create docker network(s)
docker_network: docker_network:
name: "{{ item }}" name: "main"
docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}"
state: present state: present
with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}"
- name: Sleep 5 seconds till the network gets created if it's not
# Pause for 5 minutes to build app cache.
pause:
seconds: 10
- name: Create molecule instance(s) - name: Create molecule instance(s)
docker_container: docker_container:
@ -65,7 +68,8 @@
exposed_ports: "{{ item.exposed_ports | default(omit) }}" exposed_ports: "{{ item.exposed_ports | default(omit) }}"
published_ports: "{{ item.published_ports | default(omit) }}" published_ports: "{{ item.published_ports | default(omit) }}"
ulimits: "{{ item.ulimits | default(omit) }}" ulimits: "{{ item.ulimits | default(omit) }}"
networks: "{{ item.networks | default(omit) }}" networks:
- name: "main"
dns_servers: "{{ item.dns_servers | default(omit) }}" dns_servers: "{{ item.dns_servers | default(omit) }}"
register: server register: server
with_items: "{{ molecule_yml.platforms }}" with_items: "{{ molecule_yml.platforms }}"
@ -78,4 +82,4 @@
register: docker_jobs register: docker_jobs
until: docker_jobs.finished until: docker_jobs.finished
retries: 300 retries: 300
with_items: "{{ server.results }}" with_items: "{{ server.results }}"

21
molecule/default/molecule.yml → molecule/default/molecule.yml.template
View File

@ -7,21 +7,18 @@ lint:
name: yamllint name: yamllint
enabled: false enabled: false
platforms: platforms:
- name: bionic - name: manager_platform_
image: ubuntu:bionic image: imagename
- name: xenial
image: solita/ubuntu-systemd:xenial
privileged: true
command: /sbin/init command: /sbin/init
- name: trusty ulimits:
image: ubuntu:trusty - nofile:262144:262144
- name: centos6
image: centos:6
- name: centos7
image: milcom/centos7-systemd
privileged: true privileged: true
memory_reservation: 2048m
provisioner: provisioner:
name: ansible name: ansible
config_options:
defaults:
hash_behaviour: merge
env: env:
ANSIBLE_ROLES_PATH: ../../roles ANSIBLE_ROLES_PATH: ../../roles
lint: lint:
@ -38,7 +35,7 @@ scenario:
- create - create
- prepare - prepare
- converge - converge
# - idempotence - idempotence
- side_effect - side_effect
- verify - verify
- cleanup - cleanup

19
molecule/default/playbook.yml
View File

@ -3,8 +3,17 @@
hosts: all hosts: all
roles: roles:
- role: wazuh/ansible-wazuh-manager - role: wazuh/ansible-wazuh-manager
vars:
# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' wazuh_manager_config:
# Elasticsearch requires too much memory to test multiple containers concurrently - To Fix cluster:
# - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} disable: 'no'
# - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} name: 'wazuh'
node_name: 'manager'
node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- 'manager_bionic'
hidden: 'no'
- { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' }

19
molecule/default/playbook.yml.template Normal file
View File

@ -0,0 +1,19 @@
---
- name: Converge
hosts: all
roles:
- role: wazuh/ansible-wazuh-manager
vars:
wazuh_manager_config:
cluster:
disable: 'no'
name: 'wazuh'
node_name: 'manager'
node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- 'manager_platform'
hidden: 'no'
- { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' }

17
molecule/default/tests/test_default.py
View File

@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.9.3" return "3.10.0"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -73,8 +73,17 @@ def test_open_ports(host):
"""Test if the main port is open and the agent-auth is not open.""" """Test if the main port is open and the agent-auth is not open."""
distribution = host.system_info.distribution.lower() distribution = host.system_info.distribution.lower()
if distribution == 'ubuntu': if distribution == 'ubuntu':
assert host.socket("tcp://0.0.0.0:1516").is_listening
assert host.socket("tcp://0.0.0.0:1515").is_listening assert host.socket("tcp://0.0.0.0:1515").is_listening
assert not host.socket("tcp://0.0.0.0:1514").is_listening assert host.socket("tcp://0.0.0.0:1514").is_listening
elif distribution == 'centos': elif distribution == 'centos':
assert host.socket("tcp://:::1515").is_listening assert host.socket("tcp://0.0.0.0:1516").is_listening
assert not host.socket("tcp://:::1514").is_listening assert host.socket("tcp://127.0.0.1:1515").is_listening
assert host.socket("tcp://127.0.0.1:1514").is_listening
def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.3.2')

48
molecule/elasticsearch/molecule.yml
View File

@ -8,41 +8,19 @@ lint:
options: options:
config-data: config-data:
ignore: .virtualenv ignore: .virtualenv
platforms: bionics:
- name: bionic - name: elasticsearch_bionic
image: solita/ubuntu-systemd:bionic image: solita/ubuntu-systemd:bionic
command: /sbin/init command: /sbin/init
ulimits: ulimits:
- nofile:262144:262144 - nofile:262144:262144
privileged: true privileged: true
memory_reservation: 2048m memory_reservation: 2048m
- name: xenial
image: solita/ubuntu-systemd:xenial
privileged: true
memory_reservation: 2048m
command: /sbin/init
ulimits:
- nofile:262144:262144
#- name: trusty
#image: ubuntu:trusty
#privileged: true
#memory_reservation: 2048m
#ulimits:
#- nofile:262144:262144
- name: centos6
image: centos:6
privileged: true
memory_reservation: 2048m
ulimits:
- nofile:262144:262144
- name: centos7
image: milcom/centos7-systemd
memory_reservation: 2048m
privileged: true
ulimits:
- nofile:262144:262144
provisioner: provisioner:
name: ansible name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks: playbooks:
docker: docker:
create: ../default/create.yml create: ../default/create.yml
@ -57,6 +35,22 @@ provisioner:
group_vars: group_vars:
all: all:
elasticsearch_jvm_xms: 512 elasticsearch_jvm_xms: 512
scenario:
name: elasticsearch
test_sequence:
- lint
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
#- idempotence
- side_effect
- verify
- cleanup
- destroy
verifier: verifier:
name: testinfra name: testinfra
lint: lint:

57
molecule/elasticsearch/molecule.yml.template Normal file
View File

@ -0,0 +1,57 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-data:
ignore: .virtualenv
platforms:
- name: elasticsearch_platform_
image: imagename
command: /sbin/init
ulimits:
- nofile:262144:262144
privileged: true
memory_reservation: 2048m
provisioner:
name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
destroy: ../default/destroy.yml
prepare: ../default/prepare.yml
env:
ANSIBLE_ROLES_PATH: ../../roles
lint:
name: ansible-lint
enabled: true
inventory:
group_vars:
all:
elasticsearch_jvm_xms: 512
scenario:
name: elasticsearch
test_sequence:
- lint
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- side_effect
- verify
- cleanup
- destroy
verifier:
name: testinfra
lint:
name: flake8

2
molecule/elasticsearch/playbook.yml
View File

@ -3,4 +3,4 @@
hosts: all hosts: all
roles: roles:
- role: elastic-stack/ansible-elasticsearch - role: elastic-stack/ansible-elasticsearch
elasticsearch_network_host: 'localhost' elasticsearch_network_host: 'elasticsearch_bionic'

6
molecule/elasticsearch/playbook.yml.template Normal file
View File

@ -0,0 +1,6 @@
---
- name: Converge
hosts: all
roles:
- role: elastic-stack/ansible-elasticsearch
elasticsearch_network_host: 'elasticsearch_platform'

2
molecule/elasticsearch/tests/test_default.py
View File

@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host):
"""Test if the elasticsearch package is installed.""" """Test if the elasticsearch package is installed."""
elasticsearch = host.package("elasticsearch") elasticsearch = host.package("elasticsearch")
assert elasticsearch.is_installed assert elasticsearch.is_installed
assert elasticsearch.version.startswith('7.2.0') assert elasticsearch.version.startswith('7.3.2')
def test_elasticsearch_is_running(host): def test_elasticsearch_is_running(host):

22
molecule/filebeat/INSTALL.rst
View File

@ -1,22 +0,0 @@
*******
Docker driver installation guide
*******
Requirements
============
* Docker Engine
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule[docker]'

5
molecule/filebeat/playbook.yml
View File

@ -1,5 +0,0 @@
---
- name: Converge
hosts: all
roles:
- role: wazuh/ansible-filebeat

36
molecule/filebeat/prepare.yml
View File

@ -1,36 +0,0 @@
---
- name: Prepare
hosts: all
gather_facts: true
tasks:
- name: "Install Python packages for Trusty to solve trust issues"
package:
name:
- python-setuptools
- python-pip
state: latest
register: wazuh_manager_trusty_packages_installed
until: wazuh_manager_trusty_packages_installed is succeeded
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- name: "Install dependencies"
package:
name:
- curl
- net-tools
state: latest
register: wazuh_manager_dependencies_packages_installed
until: wazuh_manager_dependencies_packages_installed is succeeded
- name: "Install (RedHat) dependencies"
package:
name:
- initscripts
state: latest
register: wazuh_manager_dependencies_packages_installed
until: wazuh_manager_dependencies_packages_installed is succeeded
when:
- ansible_os_family == 'RedHat'

13
molecule/filebeat/tests/test_default.py
View File

@ -1,13 +0,0 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.2.0')

62
molecule/kibana/molecule.yml
View File

@ -1,62 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-data:
ignore: .virtualenv
platforms:
- name: bionic
image: solita/ubuntu-systemd:bionic
command: /sbin/init
ulimits:
- nofile:262144:262144
privileged: true
memory_reservation: 1024m
- name: xenial
image: solita/ubuntu-systemd:xenial
privileged: true
memory_reservation: 1024m
command: /sbin/init
ulimits:
- nofile:262144:262144
# - name: trusty
# image: ubuntu:trusty
# memory_reservation: 1024m
# ulimits:
# - nofile:262144:262144
- name: centos6
image: centos:6
privileged: true
memory_reservation: 1024m
ulimits:
- nofile:262144:262144
- name: centos7
image: milcom/centos7-systemd
memory_reservation: 1024m
privileged: true
ulimits:
- nofile:262144:262144
provisioner:
name: ansible
playbooks:
docker:
create: ../default/create.yml
destroy: ../default/destroy.yml
env:
ANSIBLE_ROLES_PATH: ../../roles
lint:
name: ansible-lint
enabled: true
inventory:
group_vars:
all:
elasticsearch_jvm_xms: 256
kibana_plugin_install_ignore_error: true
verifier:
name: testinfra
lint:
name: flake8

29
molecule/filebeat/molecule.yml → molecule/kibana/molecule.yml.template
View File

@ -9,27 +9,18 @@ lint:
config-data: config-data:
ignore: .virtualenv ignore: .virtualenv
platforms: platforms:
- name: trusty - name: kibana_platform_
image: ubuntu:trusty image: imagename
- name: bionic
image: solita/ubuntu-systemd:bionic
command: /sbin/init command: /sbin/init
ulimits:
- nofile:262144:262144
privileged: true privileged: true
- name: xenial memory_reservation: 1024m
image: solita/ubuntu-systemd:xenial
privileged: true
command: /sbin/init
- name: centos6
image: geerlingguy/docker-centos6-ansible
privileged: true
command: /sbin/init
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: centos7
image: milcom/centos7-systemd
privileged: true
provisioner: provisioner:
name: ansible name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks: playbooks:
docker: docker:
create: ../default/create.yml create: ../default/create.yml
@ -39,6 +30,10 @@ provisioner:
lint: lint:
name: ansible-lint name: ansible-lint
enabled: true enabled: true
inventory:
group_vars:
all:
elasticsearch_jvm_xms: 256
verifier: verifier:
name: testinfra name: testinfra
lint: lint:

1
molecule/kibana/playbook.yml
View File

@ -3,3 +3,4 @@
hosts: all hosts: all
roles: roles:
- role: elastic-stack/ansible-kibana - role: elastic-stack/ansible-kibana
elasticsearch_network_host: 'elasticsearch_bionic'

6
molecule/kibana/playbook.yml.template Normal file
View File

@ -0,0 +1,6 @@
---
- name: Converge
hosts: all
roles:
- role: elastic-stack/ansible-kibana
elasticsearch_network_host: 'elasticsearch_platform'

5
molecule/kibana/prepare.yml
View File

@ -34,8 +34,3 @@
until: wazuh_manager_dependencies_packages_installed is succeeded until: wazuh_manager_dependencies_packages_installed is succeeded
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
roles:
- role: wazuh/ansible-wazuh-manager
- role: elastic-stack/ansible-elasticsearch
elasticsearch_network_host: 'localhost'

2
molecule/kibana/tests/test_default.py
View File

@ -14,7 +14,7 @@ def test_port_kibana_is_open(host):
def test_find_correct_elasticsearch_version(host): def test_find_correct_elasticsearch_version(host):
"""Test if we find the kibana/elasticsearch version in package.json""" """Test if we find the kibana/elasticsearch version in package.json"""
kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json")
assert kibana.contains("7.2.0") assert kibana.contains("7.3.2")
def test_wazuh_plugin_installed(host): def test_wazuh_plugin_installed(host):

43
molecule/run_cluster_mode.sh Normal file
View File

@ -0,0 +1,43 @@
#!/bin/bash
paths=( "molecule/default/" "molecule/worker/" "molecule/elasticsearch/" "molecule/kibana/" )
images=( "solita/ubuntu-systemd:bionic" "solita/ubuntu-systemd:xenial" "milcom/centos7-systemd" "ubuntu:trusty" "centos:6" )
platform=( "bionic" "xenial" "centos7" "trusty" "centos6" )
echo "Please select an image. "
select IMAGE in "${images[@]}";
do
echo "You picked $IMAGE ($REPLY)"
break
done
index=$(($REPLY - 1))
if [ -z "$IMAGE" ]
then
echo "Platform not selected. Please select a platform of [bionuc, xenial or centos7]. => Aborting"
exit
else
for i in "${paths[@]}"
do
cp "$i/playbook.yml.template" "$i/playbook.yml"
sed -i "s/platform/${platform[$index]}/g" "$i/playbook.yml"
cp "$i/molecule.yml.template" "$i/molecule.yml"
sed -i "s|imagename|${images[$index]}|g" "$i/molecule.yml"
sed -i "s/platform_/${platform[$index]}/g" "$i/molecule.yml"
done
fi
sudo pipenv run elasticsearch
sudo pipenv run test
sudo pipenv run worker
sudo pipenv run kibana
sudo pipenv run destroy
sudo pipenv run destroy_worker
sudo pipenv run destroy_elasticsearch
sudo pipenv run destroy_kibana

71
molecule/wazuh-agent/molecule.yml
View File

@ -11,48 +11,51 @@ lint:
config-data: config-data:
ignore: .virtualenv ignore: .virtualenv
platforms: platforms:
- name: wazuh_server_centos7 #- name: wazuh_server_centos7
image: milcom/centos7-systemd # image: milcom/centos7-systemd
networks: # networks:
- name: wazuh # - name: wazuh
privileged: true # privileged: true
groups: # groups:
- manager # - manager
- name: wazuh_agent_bionic - name: wazuh_agent_bionic
image: ubuntu:bionic image: ubuntu:bionic
networks: networks:
- name: wazuh - name: wazuh
groups: groups:
- agent - agent
- name: wazuh_agent_xenial #- name: wazuh_agent_xenial
image: solita/ubuntu-systemd:xenial # image: solita/ubuntu-systemd:xenial
privileged: true # privileged: true
command: /sbin/init # command: /sbin/init
networks: # networks:
- name: wazuh # - name: wazuh
groups: # groups:
- agent # - agent
- name: wazuh_agent_trusty #- name: wazuh_agent_trusty
image: ubuntu:trusty # image: ubuntu:trusty
networks: # networks:
- name: wazuh # - name: wazuh
groups: # groups:
- agent # - agent
- name: wazuh_agent_centos6 #- name: wazuh_agent_centos6
image: centos:6 # image: centos:6
networks: # networks:
- name: wazuh # - name: wazuh
groups: # groups:
- agent # - agent
- name: wazuh_agent_centos7 #- name: wazuh_agent_centos7
image: milcom/centos7-systemd # image: milcom/centos7-systemd
privileged: true # privileged: true
networks: # networks:
- name: wazuh # - name: wazuh
groups: # groups:
- agent # - agent
provisioner: provisioner:
name: ansible name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks: playbooks:
docker: docker:
create: ../default/create.yml create: ../default/create.yml

89
molecule/wazuh-agent/molecule.yml.template Normal file
View File

@ -0,0 +1,89 @@
---
dependency:
name: galaxy
driver:
name: docker
#lint:
# name: yamllint
lint:
name: yamllint
options:
config-data:
ignore: .virtualenv
platforms:
#- name: wazuh_server_centos7
# image: milcom/centos7-systemd
# networks:
# - name: wazuh
# privileged: true
# groups:
# - manager
- name: wazuh_agent_bionic
image: ubuntu:bionic
networks:
- name: wazuh
groups:
- agent
#- name: wazuh_agent_xenial
# image: solita/ubuntu-systemd:xenial
# privileged: true
# command: /sbin/init
# networks:
# - name: wazuh
# groups:
# - agent
#- name: wazuh_agent_trusty
# image: ubuntu:trusty
# networks:
# - name: wazuh
# groups:
# - agent
#- name: wazuh_agent_centos6
# image: centos:6
# networks:
# - name: wazuh
# groups:
# - agent
#- name: wazuh_agent_centos7
# image: milcom/centos7-systemd
# privileged: true
# networks:
# - name: wazuh
# groups:
# - agent
provisioner:
name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
destroy: ../default/destroy.yml
env:
ANSIBLE_ROLES_PATH: ../../roles
inventory:
group_vars:
agent:
api_pass: password
wazuh_managers:
- address: "{{ wazuh_manager_ip }}"
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: null
wazuh_agent_authd:
enable: true
port: 1515
ssl_agent_ca: null
ssl_agent_cert: null
ssl_agent_key: null
ssl_auto_negotiate: 'no'
lint:
name: ansible-lint
enabled: true
verifier:
name: testinfra
lint:
name: flake8

30
molecule/wazuh-agent/playbook.yml
View File

@ -1,20 +1,18 @@
--- ---
- name: Converge - name: Converge
hosts: agent hosts: all
pre_tasks:
- name: "Get ip Wazuh Manager"
shell: |
set -o pipefail
grep $(hostname) /etc/hosts | awk '{print $1}' | sort | head -n 2 | tail -n 1
register: wazuh_manager_ip_stdout
changed_when: false
delegate_to: wazuh_server_centos7
args:
executable: /bin/bash
- name: "Set fact for ip address"
set_fact:
wazuh_manager_ip: "{{ wazuh_manager_ip_stdout.stdout }}"
roles: roles:
- role: wazuh/ansible-wazuh-agent - role: wazuh/ansible-wazuh-agent
vars:
wazuh_managers:
- address: 'manager_platform'
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
wazuh_agent_authd:
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

18
molecule/wazuh-agent/playbook.yml.template Normal file
View File

@ -0,0 +1,18 @@
---
- name: Converge
hosts: all
roles:
- role: wazuh/ansible-wazuh-agent
vars:
wazuh_managers:
- address: 'manager_platform'
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
wazuh_agent_authd:
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

2
molecule/wazuh-agent/tests/test_agents.py
View File

@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.9.3" return "3.10.0"
def test_ossec_package_installed(Package): def test_ossec_package_installed(Package):

0
molecule/filebeat/Dockerfile.j2 → molecule/worker/Dockerfile.j2
View File

53
molecule/worker/molecule.yml.template Normal file
View File

@ -0,0 +1,53 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-data:
ignore: .virtualenv
platforms:
- name: worker_platform_
image: imagename
command: /sbin/init
ulimits:
- nofile:262144:262144
privileged: true
memory_reservation: 2048m
provisioner:
name: ansible
config_options:
defaults:
hash_behaviour: merge
playbooks:
docker:
create: ../default/create.yml
destroy: ../default/destroy.yml
prepare: ../default/prepare.yml
env:
ANSIBLE_ROLES_PATH: ../../roles
lint:
name: ansible-lint
enabled: true
scenario:
name: worker
test_sequence:
- lint
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- side_effect
- verify
- cleanup
- destroy
verifier:
name: testinfra
lint:
name: flake8

21
molecule/worker/playbook.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Converge
hosts: all
roles:
- role: wazuh/ansible-wazuh-manager
vars:
wazuh_manager_config:
cluster:
disable: 'no'
name: 'wazuh'
node_name: 'worker-01'
node_type: 'worker'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- 'manager_bionic'
hidden: 'no'
- { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_bionic:9200' }

21
molecule/worker/playbook.yml.template Normal file
View File

@ -0,0 +1,21 @@
---
- name: Converge
hosts: all
roles:
- role: wazuh/ansible-wazuh-manager
vars:
wazuh_manager_config:
cluster:
disable: 'no'
name: 'wazuh'
node_name: 'worker-01'
node_type: 'worker'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
- 'manager_platform'
hidden: 'no'
- { role: wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'elasticsearch_platform:9200' }

85
molecule/worker/tests/test_default.py Normal file
View File

@ -0,0 +1,85 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def get_wazuh_version():
"""This return the version of Wazuh."""
return "3.10.0"
def test_wazuh_packages_are_installed(host):
"""Test if the main packages are installed."""
manager = host.package("wazuh-manager")
api = host.package("wazuh-api")
distribution = host.system_info.distribution.lower()
if distribution == 'centos':
if host.system_info.release == "7":
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
assert api.is_installed
assert api.version.startswith(get_wazuh_version())
elif host.system_info.release.startswith("6"):
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
elif distribution == 'ubuntu':
assert manager.is_installed
assert manager.version.startswith(get_wazuh_version())
def test_wazuh_services_are_running(host):
"""Test if the services are enabled and running.
When assert commands are commented, this means that the service command has
a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
"""
manager = host.service("wazuh-manager")
api = host.service("wazuh-api")
distribution = host.system_info.distribution.lower()
if distribution == 'centos':
# assert manager.is_running
assert manager.is_enabled
# assert not api.is_running
assert not api.is_enabled
elif distribution == 'ubuntu':
# assert manager.is_running
assert manager.is_enabled
# assert api.is_running
assert api.is_enabled
@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
("/var/ossec/etc/rules/local_rules.xml", "root", "ossec", 0o640),
("/var/ossec/etc/lists/audit-keys", "root", "ossec", 0o640),
])
def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
"""Test if Wazuh related files exist and have proper owners and mode."""
wazuh_file_host = host.file(wazuh_file)
assert wazuh_file_host.user == wazuh_owner
assert wazuh_file_host.group == wazuh_group
assert wazuh_file_host.mode == wazuh_mode
def test_open_ports(host):
"""Test if the main port is open and the agent-auth is not open."""
distribution = host.system_info.distribution.lower()
if distribution == 'ubuntu':
assert host.socket("tcp://0.0.0.0:1514").is_listening
elif distribution == 'centos':
assert host.socket("tcp://127.0.0.1:1514").is_listening
def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat")
assert filebeat.is_installed
assert filebeat.version.startswith('7.3.2')

5
playbooks/wazuh-elastic.yml
View File

@ -1,4 +1,5 @@
--- ---
- hosts: <your elasticsearch host> - hosts: <YOUR_ELASTICSEARCH_IP>
roles: roles:
- {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP'} - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch
elasticsearch_network_host: '<YOUR_ELASTICSEARCH_IP>'

10
playbooks/wazuh-kibana.yml
View File

@ -1,10 +1,6 @@
--- ---
- hosts: 172.16.0.162 - hosts: <KIBANA_HOST>
roles: roles:
- role: ../roles/elastic-stack/ansible-kibana - role: ../roles/elastic-stack/ansible-kibana
kibana_xpack_security: true elasticsearch_network_host: <YOUR_ELASTICSEARCH_IP>
kibana_user: elastic
kibana_password: elastic_pass
kibana_node_name: node-2
elasticsearch_network_host: 172.16.0.161
node_certs_generator: false

8
playbooks/wazuh-manager.yml
View File

@ -1,10 +1,8 @@
--- ---
- hosts: 172.16.0.161 - hosts: <WAZUH_MANAGER_HOST>
roles: roles:
- role: ../roles/wazuh/ansible-wazuh-manager - role: ../roles/wazuh/ansible-wazuh-manager
- role: ../roles/wazuh/ansible-filebeat - role: ../roles/wazuh/ansible-filebeat
filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 filebeat_output_elasticsearch_hosts: <YOUR_ELASTICSEARCH_IP>:9200
filebeat_xpack_security: true
filebeat_node_name: node-1
node_certs_generator: true

4
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -4,8 +4,8 @@ elasticsearch_node_name: node-1
elasticsearch_http_port: 9200 elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1 elasticsearch_network_host: 127.0.0.1
elasticsearch_jvm_xms: null elasticsearch_jvm_xms: null
elastic_stack_version: 7.2.0 elastic_stack_version: 7.3.2
single_node: false single_node: true
elasticsearch_bootstrap_node: false elasticsearch_bootstrap_node: false
elasticsearch_master_candidate: false elasticsearch_master_candidate: false
elasticsearch_cluster_nodes: elasticsearch_cluster_nodes:

14
roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
View File

@ -8,12 +8,6 @@
register: elasticsearch_ca_packages_installed register: elasticsearch_ca_packages_installed
until: elasticsearch_ca_packages_installed is succeeded until: elasticsearch_ca_packages_installed is succeeded
- name: "Install Java Repo for Trusty"
apt_repository: repo='ppa:openjdk-r/ppa'
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- name: Update and upgrade apt packages - name: Update and upgrade apt packages
become: true become: true
apt: apt:
@ -24,14 +18,6 @@
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14 - ansible_distribution_major_version | int == 14
- name: Install Oracle Java 8
become: true
apt: name=openjdk-8-jdk
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- name: Update and upgrade apt packages - name: Update and upgrade apt packages
become: true become: true
apt: apt:

7
roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
View File

@ -9,13 +9,6 @@
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false
- name: CentOS x.x => x.x < 7.0 | Installing Java
yum:
name: java-1.8.0-openjdk.x86_64
state: present
when:
- ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7
- name: RedHat/CentOS/Fedora | Install Elasticsarch - name: RedHat/CentOS/Fedora | Install Elasticsarch
package: name=elasticsearch-{{ elastic_stack_version }} state=present package: name=elasticsearch-{{ elastic_stack_version }} state=present
tags: install tags: install

621
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2
View File

@ -1,621 +0,0 @@
{
"order": 0,
"template": "wazuh-alerts-3.x-*",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"wazuh": {
"dynamic_templates": [
{
"string_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword",
"doc_values": "true"
}
}
}
],
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "text"
},
"agent": {
"properties": {
"ip": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"manager": {
"properties": {
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"cluster": {
"properties": {
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"AlertsFile": {
"type": "keyword",
"doc_values": "true"
},
"full_log": {
"type": "text"
},
"previous_log": {
"type": "text"
},
"GeoLocation": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "keyword",
"doc_values": "true"
},
"continent_code": {
"type": "text"
},
"coordinates": {
"type": "double"
},
"country_code2": {
"type": "text"
},
"country_code3": {
"type": "text"
},
"country_name": {
"type": "keyword",
"doc_values": "true"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "keyword",
"doc_values": "true"
},
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "keyword"
},
"real_region_name": {
"type": "keyword",
"doc_values": "true"
},
"region_name": {
"type": "keyword",
"doc_values": "true"
},
"timezone": {
"type": "text"
}
}
},
"host": {
"type": "keyword",
"doc_values": "true"
},
"syscheck": {
"properties": {
"path": {
"type": "keyword",
"doc_values": "true"
},
"sha1_before": {
"type": "keyword",
"doc_values": "true"
},
"sha1_after": {
"type": "keyword",
"doc_values": "true"
},
"uid_before": {
"type": "keyword",
"doc_values": "true"
},
"uid_after": {
"type": "keyword",
"doc_values": "true"
},
"gid_before": {
"type": "keyword",
"doc_values": "true"
},
"gid_after": {
"type": "keyword",
"doc_values": "true"
},
"perm_before": {
"type": "keyword",
"doc_values": "true"
},
"perm_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_before": {
"type": "keyword",
"doc_values": "true"
},
"gname_after": {
"type": "keyword",
"doc_values": "true"
},
"gname_before": {
"type": "keyword",
"doc_values": "true"
},
"inode_after": {
"type": "keyword",
"doc_values": "true"
},
"inode_before": {
"type": "keyword",
"doc_values": "true"
},
"mtime_after": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"mtime_before": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"uname_after": {
"type": "keyword",
"doc_values": "true"
},
"uname_before": {
"type": "keyword",
"doc_values": "true"
},
"size_before": {
"type": "long",
"doc_values": "true"
},
"size_after": {
"type": "long",
"doc_values": "true"
},
"diff": {
"type": "keyword",
"doc_values": "true"
},
"event": {
"type": "keyword",
"doc_values": "true"
}
}
},
"location": {
"type": "keyword",
"doc_values": "true"
},
"message": {
"type": "text"
},
"offset": {
"type": "keyword"
},
"rule": {
"properties": {
"description": {
"type": "keyword",
"doc_values": "true"
},
"groups": {
"type": "keyword",
"doc_values": "true"
},
"level": {
"type": "long",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"cve": {
"type": "keyword",
"doc_values": "true"
},
"info": {
"type": "keyword",
"doc_values": "true"
},
"frequency": {
"type": "long",
"doc_values": "true"
},
"firedtimes": {
"type": "long",
"doc_values": "true"
},
"cis": {
"type": "keyword",
"doc_values": "true"
},
"pci_dss": {
"type": "keyword",
"doc_values": "true"
},
"gdpr": {
"type": "keyword",
"doc_values": "true"
},
"gpg13": {
"type": "keyword",
"doc_values": "true"
}
}
},
"decoder": {
"properties": {
"parent": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
},
"ftscomment": {
"type": "keyword",
"doc_values": "true"
},
"fts": {
"type": "long",
"doc_values": "true"
},
"accumulate": {
"type": "long",
"doc_values": "true"
}
}
},
"data": {
"properties": {
"protocol": {
"type": "keyword",
"doc_values": "true"
},
"action": {
"type": "keyword",
"doc_values": "true"
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"dstip": {
"type": "keyword",
"doc_values": "true"
},
"srcport": {
"type": "keyword",
"doc_values": "true"
},
"dstport": {
"type": "keyword",
"doc_values": "true"
},
"srcuser": {
"type": "keyword",
"doc_values": "true"
},
"dstuser": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"status": {
"type": "keyword",
"doc_values": "true"
},
"data": {
"type": "keyword",
"doc_values": "true"
},
"system_name": {
"type": "keyword",
"doc_values": "true"
},
"url": {
"type": "keyword",
"doc_values": "true"
},
"oscap": {
"properties": {
"check.title": {
"type": "keyword",
"doc_values": "true"
},
"check.id": {
"type": "keyword",
"doc_values": "true"
},
"check.result": {
"type": "keyword",
"doc_values": "true"
},
"check.severity": {
"type": "keyword",
"doc_values": "true"
},
"check.description": {
"type": "text"
},
"check.rationale": {
"type": "text"
},
"check.references": {
"type": "text"
},
"check.identifiers": {
"type": "text"
},
"check.oval.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.content": {
"type": "keyword",
"doc_values": "true"
},
"scan.benchmark.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.title": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.score": {
"type": "double",
"doc_values": "true"
},
"scan.return_code": {
"type": "long",
"doc_values": "true"
}
}
},
"audit": {
"properties": {
"type": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"syscall": {
"type": "keyword",
"doc_values": "true"
},
"exit": {
"type": "keyword",
"doc_values": "true"
},
"ppid": {
"type": "keyword",
"doc_values": "true"
},
"pid": {
"type": "keyword",
"doc_values": "true"
},
"auid": {
"type": "keyword",
"doc_values": "true"
},
"uid": {
"type": "keyword",
"doc_values": "true"
},
"gid": {
"type": "keyword",
"doc_values": "true"
},
"euid": {
"type": "keyword",
"doc_values": "true"
},
"suid": {
"type": "keyword",
"doc_values": "true"
},
"fsuid": {
"type": "keyword",
"doc_values": "true"
},
"egid": {
"type": "keyword",
"doc_values": "true"
},
"sgid": {
"type": "keyword",
"doc_values": "true"
},
"fsgid": {
"type": "keyword",
"doc_values": "true"
},
"tty": {
"type": "keyword",
"doc_values": "true"
},
"session": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"exe": {
"type": "keyword",
"doc_values": "true"
},
"key": {
"type": "keyword",
"doc_values": "true"
},
"cwd": {
"type": "keyword",
"doc_values": "true"
},
"directory.name": {
"type": "keyword",
"doc_values": "true"
},
"directory.inode": {
"type": "keyword",
"doc_values": "true"
},
"directory.mode": {
"type": "keyword",
"doc_values": "true"
},
"file.name": {
"type": "keyword",
"doc_values": "true"
},
"file.inode": {
"type": "keyword",
"doc_values": "true"
},
"file.mode": {
"type": "keyword",
"doc_values": "true"
},
"acct": {
"type": "keyword",
"doc_values": "true"
},
"dev": {
"type": "keyword",
"doc_values": "true"
},
"enforcing": {
"type": "keyword",
"doc_values": "true"
},
"list": {
"type": "keyword",
"doc_values": "true"
},
"old-auid": {
"type": "keyword",
"doc_values": "true"
},
"old-ses": {
"type": "keyword",
"doc_values": "true"
},
"old_enforcing": {
"type": "keyword",
"doc_values": "true"
},
"old_prom": {
"type": "keyword",
"doc_values": "true"
},
"op": {
"type": "keyword",
"doc_values": "true"
},
"prom": {
"type": "keyword",
"doc_values": "true"
},
"res": {
"type": "keyword",
"doc_values": "true"
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"subj": {
"type": "keyword",
"doc_values": "true"
},
"success": {
"type": "keyword",
"doc_values": "true"
}
}
}
}
},
"program_name": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"type": {
"type": "text"
},
"title": {
"type": "keyword",
"doc_values": "true"
}
}
}
}
}

1986
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2
View File

File diff suppressed because it is too large Load Diff

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -5,8 +5,8 @@ elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1" elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 7.2.0 elastic_stack_version: 7.3.2
wazuh_version: 3.9.3 wazuh_version: 3.10.0
# Xpack Security # Xpack Security
kibana_xpack_security: false kibana_xpack_security: false

15
roles/elastic-stack/ansible-kibana/tasks/main.yml
View File

@ -6,10 +6,11 @@
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- name: Reload systemd - name: Reload systemd
systemd: daemon_reload=true systemd:
daemon_reload: true
ignore_errors: true ignore_errors: true
when: when:
- not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)")
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
- not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
- not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
@ -59,6 +60,7 @@
recurse: yes recurse: yes
when: when:
- kibana_xpack_security - kibana_xpack_security
notify: restart kibana
tags: xpack-security tags: xpack-security
- name: Kibana configuration - name: Kibana configuration
@ -99,13 +101,18 @@
args: args:
executable: /bin/bash executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json creates: /usr/share/kibana/plugins/wazuh/package.json
notify: restart kibana become: yes
become_user: kibana become_user: kibana
notify: restart kibana
tags: tags:
- install - install
- skip_ansible_lint - skip_ansible_lint
- name: Ensure Kibana started and enabled - name: Reload systemd configuration
systemd:
daemon_reload: true
- name: Ensure Kibana is started and enabled
service: service:
name: kibana name: kibana
enabled: true enabled: true

2
roles/wazuh/ansible-filebeat/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
filebeat_version: 7.2.0 filebeat_version: 7.3.2
filebeat_create_config: true filebeat_create_config: true

39
roles/wazuh/ansible-filebeat/tasks/main.yml
View File

@ -10,7 +10,7 @@
register: filebeat_installing_package register: filebeat_installing_package
until: filebeat_installing_package is succeeded until: filebeat_installing_package is succeeded
when: when:
- ansible_distribution in ['CentOS','RedHat'] - ansible_distribution in ['CentOS','RedHat', 'Amazon']
tags: tags:
- install - install
@ -22,7 +22,7 @@
register: filebeat_installing_package_debian register: filebeat_installing_package_debian
until: filebeat_installing_package_debian is succeeded until: filebeat_installing_package_debian is succeeded
when: when:
- not (ansible_distribution in ['CentOS','RedHat']) - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'])
tags: tags:
- init - init
@ -62,6 +62,41 @@
- filebeat_xpack_security - filebeat_xpack_security
tags: xpack-security tags: xpack-security
- name: Checking if Filebeat Module folder file exists
stat:
path: "{{ filebeat_module_folder }}"
register: filebeat_module_folder
- name: Download Filebeat module package
get_url:
url: https://packages.wazuh.com/3.x/filebeat/{{ filebeat_module_package_name }}
dest: "{{ filebeat_module_package_path }}"
when: not filebeat_module_folder.stat.exists
- name: Unpakcing Filebeat module package
unarchive:
src: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
dest: "{{ filebeat_module_destination }}"
remote_src: yes
when: not filebeat_module_folder.stat.exists
- name: Setting 0755 permission for Filebeat module folder
file: dest={{ filebeat_module_folder }} mode=u=rwX,g=rwX,o=rwX recurse=yes
when: not filebeat_module_folder.stat.exists
- name: Checking if Filebeat Module package file exists
stat:
path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
register: filebeat_module_package
when: filebeat_module_package is not defined
- name: Delete Filebeat module package file
file:
state: absent
path: "{{ filebeat_module_package_path }}/{{ filebeat_module_package_name }}"
when: filebeat_module_package.stat.exists
- import_tasks: config.yml - import_tasks: config.yml
when: filebeat_create_config when: filebeat_create_config
notify: restart filebeat notify: restart filebeat

1987
roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
View File

File diff suppressed because it is too large Load Diff

15
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_agent_version: 3.9.3 wazuh_agent_version: 3.10.0
wazuh_managers: wazuh_managers:
- address: 127.0.0.1 - address: 127.0.0.1
port: 1514 port: 1514
@ -20,14 +20,17 @@ wazuh_notify_time: '10'
wazuh_time_reconnect: '60' wazuh_time_reconnect: '60'
wazuh_crypto_method: 'aes' wazuh_crypto_method: 'aes'
wazuh_winagent_config: wazuh_winagent_config:
install_dir: 'C:\Program Files\ossec-agent\' download_dir: C:\
install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' install_dir: C:\Program Files\ossec-agent\
auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe install_dir_x86: C:\Program Files (x86)\ossec-agent\
auth_path: C:\Program Files\ossec-agent\agent-auth.exe
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
version: '3.9.3' version: '3.10.0'
revision: '1' revision: '1'
repo: https://packages.wazuh.com/3.x/windows/ repo: https://packages.wazuh.com/3.x/windows/
md5: c3fdbd6c121ca371b8abcd477ed4e8a4 md5: ee5b24216db472d291da4e14f0b3bc63
register_key: 9903C258-FC1E-4886-B7DB-1535976EC1D5
wazuh_agent_config: wazuh_agent_config:
active_response: active_response:
ar_disabled: 'no' ar_disabled: 'no'

2
roles/wazuh/ansible-wazuh-agent/handlers/main.yml
View File

@ -2,5 +2,5 @@
- name: restart wazuh-agent - name: restart wazuh-agent
service: name=wazuh-agent state=restarted enabled=yes service: name=wazuh-agent state=restarted enabled=yes
- name: restart wazuh-agent windows - name: Windows | Restart Wazuh Agent
win_service: name=OssecSvc start_mode=auto state=restarted win_service: name=OssecSvc start_mode=auto state=restarted

84
roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
View File

@ -4,54 +4,50 @@
path: C:\Program Files (x86) path: C:\Program Files (x86)
register: check_path register: check_path
- name: "Set Win Path" - name: Windows | Set Win Path (x86)
set_fact: set_fact:
wazuh_agent_win_path: "{% wazuh_winagent_config.install_dir_x86 if check_path.stat.exists else wazuh_winagent_config.install_dir %}" wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}"
wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}"
- name: Windows | Get current installed version
win_shell: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %}
{{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe -h"
args:
removes: "{% if check_path.stat.exists %}{{ wazuh_winagent_config.install_dir_x86 }}{% else %}
{{ wazuh_winagent_config.install_dir }}{% endif %}ossec-agent.exe"
register: agent_version
failed_when: false
changed_when: false
- name: Windows | Check Wazuh agent version installed
set_fact: correct_version=true
when: when:
- agent_version.stdout is defined - check_path.stat.exists
- wazuh_winagent_config.version in agent_version.stdout
- name: Windows | Downloading windows Wazuh agent installer - name: Windows | Set Win Path (x64)
win_get_url: set_fact:
dest: C:\wazuh-agent-installer.msi wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}"
url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}"
when: when:
- correct_version is not defined - not check_path.stat.exists
- name: Windows | Verify the downloaded Wazuh agent installer - name: Windows | Check if Wazuh installer is already downloaded
win_stat: win_stat:
path: C:\wazuh-agent-installer.msi path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
register: wazuh_package_downloaded
- name: Windows | Download Wazuh Agent package
win_get_url:
url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
dest: "{{ wazuh_winagent_config.download_dir }}"
when:
- not wazuh_package_downloaded.stat.exists
- name: Windows | Verify the Wazuh Agent installer
win_stat:
path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
get_checksum: true get_checksum: true
checksum_algorithm: md5 checksum_algorithm: md5
register: installer_md5 register: wazuh_agent_status
when:
- correct_version is not defined
failed_when: failed_when:
- installer_md5.stat.checksum != wazuh_winagent_config.md5 - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
- name: Windows | Install Wazuh agent - name: Windows | Install Agent if not already installed
win_package: win_package:
path: C:\wazuh-agent-installer.msi path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
when: product_id: '{{ "{" }}{{ wazuh_winagent_config.register_key }}{{ "}" }}'
- correct_version is not defined state: present
- name: Windows | Check if client.keys exists - name: Windows | Check if client.keys exists
win_stat: path="{{ wazuh_agent_win_path }}" win_stat: path="{{ wazuh_agent_win_path }}client.keys"
register: check_windows_key register: check_windows_key
notify: restart wazuh-agent windows
tags: tags:
- config - config
@ -62,15 +58,12 @@
- name: Windows | Register agent - name: Windows | Register agent
win_shell: > win_shell: >
{% if check_path.stat.exists %}{{ wazuh_winagent_config.auth_path_x86 }}{% else %} {{ wazuh_agent_win_auth_path }}
{{ wazuh_winagent_config.auth_path }}{% endif %}
-m {{ wazuh_managers.0.address }} -m {{ wazuh_managers.0.address }}
-p {{ wazuh_agent_authd.port }} -p {{ wazuh_agent_authd.port }}
{% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %}
args:
chdir: "{{ wazuh_agent_win_path }}"
register: agent_auth_output register: agent_auth_output
notify: restart wazuh-agent windows notify: Windows | Restart Wazuh Agent
when: when:
- wazuh_agent_authd.enable - wazuh_agent_authd.enable
- not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - not check_windows_key.stat.exists or check_windows_key.stat.size == 0
@ -78,11 +71,16 @@
tags: tags:
- config - config
- name: Windows | Check if ossec folder is accessible
win_file:
path: "{{ wazuh_agent_win_path }}"
state: directory
- name: Windows | Installing agent configuration (ossec.conf) - name: Windows | Installing agent configuration (ossec.conf)
win_template: template:
src: var-ossec-etc-ossec-agent.conf.j2 src: var-ossec-etc-ossec-agent.conf.j2
dest: "{{ wazuh_agent_win_path }}ossec.conf" dest: "{{ wazuh_agent_win_path }}ossec.conf"
notify: restart wazuh-agent windows notify: Windows | Restart Wazuh Agent
tags: tags:
- config - config
@ -90,11 +88,11 @@
win_template: win_template:
src: var-ossec-etc-local-internal-options.conf.j2 src: var-ossec-etc-local-internal-options.conf.j2
dest: "{{ wazuh_agent_win_path }}local_internal_options.conf" dest: "{{ wazuh_agent_win_path }}local_internal_options.conf"
notify: restart wazuh-agent windows notify: Windows | Restart Wazuh Agent
tags: tags:
- config - config
- name: Windows | Delete downloaded Wazuh agent installer file - name: Windows | Delete downloaded Wazuh agent installer file
win_file: win_file:
path: C:\wazuh-agent-installer.msi path: "{{ wazuh_winagent_config.download_dir }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi"
state: absent state: absent

6
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -42,7 +42,7 @@
</logging> </logging>
<active-response> <active-response>
<disabled>{{ wazuh_agent_config.active_response.ar|default('no') }}</disabled> <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store> <ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification> <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response> </active-response>
@ -99,14 +99,14 @@
{% endif %} {% endif %}
<!-- Directories to check (perform all possible verifications) --> <!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %} {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %} {% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories> <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<!-- Directories to check (perform all possible verifications) --> <!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %} {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %} {% for directory in wazuh_agent_config.syscheck.win_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories> <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %} {% endfor %}

10
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_api_version: 3.9.3 wazuh_manager_api_version: 3.10.0
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: latest wazuh_manager_package_state: latest
@ -35,9 +35,7 @@ wazuh_manager_config:
port: '1516' port: '1516'
bind_addr: '0.0.0.0' bind_addr: '0.0.0.0'
nodes: nodes:
- '172.17.0.2' - 'manager'
- '172.17.0.3'
- '172.17.0.4'
hidden: 'no' hidden: 'no'
connection: connection:
- type: 'secure' - type: 'secure'
@ -54,8 +52,8 @@ wazuh_manager_config:
use_password: 'no' use_password: 'no'
ssl_agent_ca: null ssl_agent_ca: null
ssl_verify_host: 'no' ssl_verify_host: 'no'
ssl_manager_cert: '/var/ossec/etc/sslmanager.cert' ssl_manager_cert: 'sslmanager.cert'
ssl_manager_key: '/var/ossec/etc/sslmanager.key' ssl_manager_key: 'sslmanager.key'
ssl_auto_negotiate: 'no' ssl_auto_negotiate: 'no'
email_notification: 'no' email_notification: 'no'
mail_to: mail_to:

28
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -5,7 +5,7 @@
- import_tasks: "Debian.yml" - import_tasks: "Debian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: CentOS/RedHat | Install wazuh-manager, wazuh-api - name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api
package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }} package: pkg={{ item }}-{{ wazuh_manager_api_version }}-1 state={{ wazuh_manager_package_state }}
with_items: with_items:
- wazuh-manager - wazuh-manager
@ -13,7 +13,7 @@
register: wazuh_manager_main_packages_installed register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded until: wazuh_manager_main_packages_installed is succeeded
when: when:
- ansible_distribution in ['CentOS','RedHat'] - ansible_distribution in ['CentOS','RedHat', 'Amazon']
tags: tags:
- init - init
@ -28,13 +28,13 @@
register: wazuh_manager_main_packages_installed register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded until: wazuh_manager_main_packages_installed is succeeded
when: when:
- not (ansible_distribution in ['CentOS','RedHat']) - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'])
tags: init tags: init
- name: Install expect - name: Install expect
package: pkg=expect state={{ wazuh_manager_package_state }} package: pkg=expect state={{ wazuh_manager_package_state }}
when: when:
- not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6)
tags: init tags: init
- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3
@ -43,7 +43,7 @@
regexp: 'echo -n "Starting Wazuh-manager: "' regexp: 'echo -n "Starting Wazuh-manager: "'
replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib'
when: when:
- ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int == 6 - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6
- wazuh_manager_config.cluster.disable != 'yes' - wazuh_manager_config.cluster.disable != 'yes'
- name: Install wazuh-manager and expect (EL5) - name: Install wazuh-manager and expect (EL5)
@ -54,7 +54,7 @@
register: wazuh_manager_main_packages_installed register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded until: wazuh_manager_main_packages_installed is succeeded
when: when:
- ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6 - ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6
tags: tags:
- init - init
@ -70,7 +70,7 @@
- name: Copy CA, SSL key and cert for authd - name: Copy CA, SSL key and cert for authd
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/var/ossec/etc/{{ item | basename }}" dest: "/var/ossec/etc/{{ item }}"
mode: 0644 mode: 0644
with_items: with_items:
- "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
@ -203,7 +203,7 @@
- name: Retrieving Wazuh-API User Credentials - name: Retrieving Wazuh-API User Credentials
include_vars: wazuh_api_creds.yml include_vars: wazuh_api_creds.yml
when: when:
- not (ansible_distribution in ['CentOS','RedHat'] and ansible_distribution_major_version|int < 6) - not (ansible_distribution in ['CentOS','RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6)
tags: tags:
- config - config
@ -281,7 +281,7 @@
poll: 0 poll: 0
when: when:
- wazuh_manager_config.vuls.disable != 'yes' - wazuh_manager_config.vuls.disable != 'yes'
- ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle'] - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle', 'Amazon']
tags: tags:
- init - init
@ -322,7 +322,8 @@
notify: restart wazuh-api notify: restart wazuh-api
when: when:
- wazuh_api_user is defined - wazuh_api_user is defined
- not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon')
- ansible_distribution_major_version|int < 6
tags: tags:
- config - config
@ -378,7 +379,8 @@
environment: environment:
LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib"
when: when:
- not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 6) - not (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' or ansible_distribution == 'Amazon')
- ansible_distribution_major_version|int < 6
- name: Ensure Wazuh Manager is started and enabled (EL5) - name: Ensure Wazuh Manager is started and enabled (EL5)
service: service:
@ -388,10 +390,10 @@
tags: tags:
- config - config
when: when:
- ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 6 - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6
- import_tasks: "RMRedHat.yml" - import_tasks: "RMRedHat.yml"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
- import_tasks: "RMDebian.yml" - import_tasks: "RMDebian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"