From 32a1dfc3d4eee02c6cf7cedcddd025c947382f81 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Wed, 12 Jul 2017 18:58:00 -0400 Subject: [PATCH 01/12] Elasticseach role: Updating meta info --- ansible-role-elasticsearch/meta/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-role-elasticsearch/meta/main.yml b/ansible-role-elasticsearch/meta/main.yml index be846c52..d71fbd62 100644 --- a/ansible-role-elasticsearch/meta/main.yml +++ b/ansible-role-elasticsearch/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: - author: Jose Luis Ruiz - description: Installing and maintaining Elasticsearch. + author: Wazuh + description: Installing and maintaining Elasticsearch server. company: wazuh.com license: license (GPLv3) min_ansible_version: 2.0 From 6589384a9b34a11892c3b04c99dde7ce572b50dd Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Wed, 12 Jul 2017 19:08:50 -0400 Subject: [PATCH 02/12] Elasticseach role: Updating README.md --- ansible-role-elasticsearch/README.md | 67 +++++++++++++++------------- 1 file changed, 36 insertions(+), 31 deletions(-) diff --git a/ansible-role-elasticsearch/README.md b/ansible-role-elasticsearch/README.md index f1f156e5..9f3ec016 100644 --- a/ansible-role-elasticsearch/README.md +++ b/ansible-role-elasticsearch/README.md @@ -1,45 +1,50 @@ -# Ansible Role: Elasticsearch +Ansible Role: Elasticsearch +=========================== +An Ansible Role that installs [Elasticsearch](https://www.elastic.co/products/elasticsearch). -An Ansible Role that installs Elasticsearch RedHat/CentOS. +Requirements +------------ -## Requirements +This role will work on: + * Red Hat + * CentOS + * Fedora + * Debian + * Ubuntu -Requires at least Java 8 (Java 8+ preferred). +Role Variables +-------------- -## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml`): +Defaults variables are listed below, along with its values (see `defaults/main.yml`): - elasticsearch_cluster_name: wazuh - elasticsearch_node_name: node-1 - elasticsearch_http_port: 9200 - elasticsearch_network_host: 192.168.33.182 - elasticsearch_jvm_xms: 1g +``` + elasticsearch_cluster_name: wazuh + elasticsearch_node_name: node-1 + elasticsearch_http_port: 9200 + elasticsearch_network_host: 127.0.0.1 + elasticsearch_jvm_xms: 1g + elk_stack_version: 5.4.0 +``` +Example Playbook +---------------- -Network host to listen for incoming connections on. By default we only listen on the localhost interface. Change this to the IP address to listen on a specific interface, or `0.0.0.0` to listen on all interfaces. +``` + - hosts: elasticsearch + roles: + - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182' } +``` - elasticsearch_http_port: 9200 +License and copyright +--------------------- -Whether to allow inline scripting against ElasticSearch. You should read the following link as there are possible security implications for enabling these options: [Enable Dynamic Scripting](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#enable-dynamic-scripting). Available options include: `true`, `false`, and `sandbox`. +WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +### Based on previous work from geerlingguy + - https://github.com/geerlingguy/ansible-role-elasticsearch -## Example Playbook +### Modified by Wazuh - - hosts: search - roles: - - geerlingguy.java - - geerlingguy.elasticsearch - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). - -## Modified - -The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem. +The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. From 407451f1d2e3a927b2e2f3dc9615540369451414 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Wed, 12 Jul 2017 19:09:53 -0400 Subject: [PATCH 03/12] Filebeat role: Updating meta info --- ansible-role-filebeat/meta/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible-role-filebeat/meta/main.yml b/ansible-role-filebeat/meta/main.yml index 9fa1e4de..e465470b 100644 --- a/ansible-role-filebeat/meta/main.yml +++ b/ansible-role-filebeat/meta/main.yml @@ -2,10 +2,10 @@ dependencies: [] galaxy_info: - author: geerlingguy - description: Filebeat for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" + author: Wazuh + description: Installing and maintaining Elasticsearch server. + company: wazuh.com + license: license (GPLv3) min_ansible_version: 2.0 platforms: - name: EL From e6c26964c6a5220c49e26fe0a9578681855f0190 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Wed, 12 Jul 2017 19:16:21 -0400 Subject: [PATCH 04/12] Filebeat role: Updating README.md --- ansible-role-filebeat/README.md | 104 ++++++++++++++------------------ 1 file changed, 45 insertions(+), 59 deletions(-) diff --git a/ansible-role-filebeat/README.md b/ansible-role-filebeat/README.md index b05b0493..61913ed2 100644 --- a/ansible-role-filebeat/README.md +++ b/ansible-role-filebeat/README.md @@ -1,77 +1,63 @@ -# Ansible Role: Filebeat for ELK Stack +Ansible Role: Filebeat for ELK Stack +------------------------------------ -An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu. +An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat), this can be used in conjunction with [ansible-wazuh-manager](https://github.com/wazuh/wazuh-ansible/ansible-wazuh-server). -## Requirements +Requirements +------------ -None. +This role will work on: + * Red Hat + * CentOS + * Fedora + * Debian + * Ubuntu -## Role Variables +Role Variables +-------------- Available variables are listed below, along with default values (see `defaults/main.yml`): - filebeat_create_config: true +``` + filebeat_create_config: true -Whether to create the Filebeat configuration file and handle the copying of SSL key and cert for filebeat. If you prefer to create a configuration file yourself you can set this to `false`. + filebeat_prospectors: + - input_type: log + paths: + - "/var/ossec/logs/alerts/alerts.json" + document_type: json + json.message_key: log + json.keys_under_root: true + json.overwrite_keys: true - filebeat_prospectors: - - input_type: log - paths: - - "/var/log/*.log" + filebeat_output_elasticsearch_enabled: false + filebeat_output_elasticsearch_hosts: + - "localhost:9200" -Prospectors that will be listed in the `prospectors` section of the Filebeat configuration. Read through the [Filebeat Prospectors configuration guide](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html) for more options. + filebeat_output_logstash_enabled: true + filebeat_output_logstash_hosts: + - "192.168.212.158:5000" - filebeat_output_elasticsearch_enabled: false - filebeat_output_elasticsearch_hosts: - - "localhost:9200" + filebeat_enable_logging: true + filebeat_log_level: debug + filebeat_log_dir: /var/log/mybeat + filebeat_log_filename: mybeat.log -Whether to enable Elasticsearch output, and which hosts to send output to. + filebeat_ssl_dir: /etc/pki/logstash + filebeat_ssl_certificate_file: "" + filebeat_ssl_key_file: "" + filebeat_ssl_insecure: "false" +``` - filebeat_output_logstash_enabled: true - filebeat_output_logstash_hosts: - - "localhost:5000" +License and copyright +--------------------- -Whether to enable Logstash output, and which hosts to send output to. +WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) - filebeat_enable_logging: false - filebeat_log_level: warning - filebeat_log_dir: /var/log/filebeat - filebeat_log_filename: filebeat.log +### Based on previous work from geerlingguy -Filebeat logging. + - https://github.com/geerlingguy/ansible-role-filebeat - filebeat_ssl_dir: /etc/pki/logstash +### Modified by Wazuh -The path where certificates and keyfiles will be stored. - - filebeat_ssl_certificate_file: "" - filebeat_ssl_key_file: "" - -Local paths to the SSL certificate and key files, which will be copied into the `filebeat_ssl_dir`. - -For utmost security, you should use your own valid certificate and keyfile, and update the `filebeat_ssl_*` variables in your playbook to use your certificate. - -To generate a self-signed certificate/key pair, you can use use the command: - - $ sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout filebeat.key -out filebeat.crt - -Note that filebeat and logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: https://github.com/elastic/logstash/issues/4926#issuecomment-203936891 - - filebeat_ssl_insecure: "false" - -Set this to `"true"` to allow the use of self-signed certificates (when a CA isn't available). - -## Dependencies - -None. - -## License - -MIT / BSD - -## Author Information - -This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). - -## Modified -The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem. +The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. From 32412588366f87e1cac452bd8d32f4697e9e93f0 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 08:36:06 -0400 Subject: [PATCH 05/12] Kibana role: Updating meta info --- ansible-role-kibana/meta/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-role-kibana/meta/main.yml b/ansible-role-kibana/meta/main.yml index 7ca3a5fc..bf9b17ce 100644 --- a/ansible-role-kibana/meta/main.yml +++ b/ansible-role-kibana/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: - author: Jose Luis Ruiz - description: Kibana for Linux. + author: Wazuh + description: Installing and maintaining Elasticsearch server. company: wazuh.com license: license (GPLv3) min_ansible_version: 2.0 From bda913238b38edbcc62a6442824161d6c2f23a0d Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 08:49:03 -0400 Subject: [PATCH 06/12] Kibana role: Updating README.md --- ansible-role-kibana/README.md | 62 ++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/ansible-role-kibana/README.md b/ansible-role-kibana/README.md index 69609ed3..d9f87ab1 100644 --- a/ansible-role-kibana/README.md +++ b/ansible-role-kibana/README.md @@ -1,40 +1,48 @@ -# Ansible Role: Elasticsearch +Ansible Role: Kibana for ELK Stack +------------------------------------ +An Ansible Role that installs [Kibana](https://www.elastic.co/products/kibana) and [Wazuh APP](https://github.com/wazuh/wazuh-kibana-app). -An Ansible Role that installs Kibana and WazuhAPP on RedHat/CentOS. +Requirements +------------ -## Requirements +This role will work on: + * Red Hat + * CentOS + * Fedora + * Debian + * Ubuntu -Requires at least Java 8 (Java 8+ preferred). +Role Variables +-------------- -## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml`): +``` +--- + elasticsearch_http_port: "9200" + elasticsearch_network_host: "127.0.0.1" + kibana_server_host: "0.0.0.0" + kibana_server_port: "5601" + elk_stack_version: 5.4.0 +``` - elasticsearch_network_host: localhost +Example Playbook +---------------- -Network host to listen for incoming connections on. By default we only listen on the localhost interface. Change this to the IP address to listen on a specific interface, or `0.0.0.0` to listen on all interfaces. +``` + - hosts: kibana + roles: + - { role: ansible-role-kibana, elasticsearch_network_host: '192.168.33.182' } +``` - elasticsearch_http_port: 9200 +License and copyright +--------------------- -Whether to allow inline scripting against ElasticSearch. You should read the following link as there are possible security implications for enabling these options: [Enable Dynamic Scripting](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#enable-dynamic-scripting). Available options include: `true`, `false`, and `sandbox`. +WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) +### Based on previous work from geerlingguy + - https://github.com/geerlingguy/ansible-role-elasticsearch -## Example Playbook +### Modified by Wazuh - - hosts: search - roles: - - geerlingguy.java - - geerlingguy.elasticsearch - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). - -## Modified - -The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem. +The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. From cffbfcfb8e6c896700cdaa93ff3c4ccb8e2910a2 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 09:31:34 -0400 Subject: [PATCH 07/12] Kibana role: Updating tasks, config template and set kibana listen port --- ansible-role-kibana/defaults/main.yml | 1 + ansible-role-kibana/tasks/main.yml | 4 ++-- ansible-role-kibana/templates/kibana.yml.j2 | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ansible-role-kibana/defaults/main.yml b/ansible-role-kibana/defaults/main.yml index 7e758287..3073ab80 100644 --- a/ansible-role-kibana/defaults/main.yml +++ b/ansible-role-kibana/defaults/main.yml @@ -2,4 +2,5 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" +kibana_server_port: "5601" elk_stack_version: 5.4.0 diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml index daebfc0e..ba3183db 100644 --- a/ansible-role-kibana/tasks/main.yml +++ b/ansible-role-kibana/tasks/main.yml @@ -19,14 +19,14 @@ notify: restart kibana tags: configure -- name: Checking Wazuh-APP version compatibility +- name: Checking Wazuh-APP version shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" args: removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify tags: install -- name: Removing Wazuh-APP by compatibility issues +- name: Upgrading Wazuh-APP shell: "{{ item }}" when: wazuh_app_verify.stdout == "0" with_items: diff --git a/ansible-role-kibana/templates/kibana.yml.j2 b/ansible-role-kibana/templates/kibana.yml.j2 index 4631d2f1..9b29f17a 100644 --- a/ansible-role-kibana/templates/kibana.yml.j2 +++ b/ansible-role-kibana/templates/kibana.yml.j2 @@ -1,6 +1,6 @@ # {{ ansible_managed }} # Kibana is served by a back end server. This setting specifies the port to use. -#server.port: 5601 +server.port: {{ kibana_server_port }} # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. From e2e3170203aa7ba0619b0749fa2683c68a3a41fb Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 09:44:19 -0400 Subject: [PATCH 08/12] Logstash role: Updating README.md --- ansible-role-logstash/README.md | 61 ++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/ansible-role-logstash/README.md b/ansible-role-logstash/README.md index 766ed4a2..a066b2e4 100644 --- a/ansible-role-logstash/README.md +++ b/ansible-role-logstash/README.md @@ -1,40 +1,45 @@ -# Ansible Role: Logstash +Ansible Role: Logstash +---------------------- +An Ansible Role that installs [Logstash](https://www.elastic.co/products/logstash) -An Ansible Role that installs Logstash on RedHat/CentOS. +Requirements +------------ -## Requirements +This role will work on: + * Red Hat + * CentOS + * Fedora + * Debian + * Ubuntu -Requires at least Java 8 (Java 8+ preferred). +Role Variables +-------------- +``` + --- + elasticsearch_network_host: "127.0.0.1" + elasticsearch_http_port: "9200" + elk_stack_version: 5.4.0 +``` -## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml`): +Example Playbook +---------------- - elasticsearch_network_host: localhost +``` + - hosts: logstash + roles: + - { role: ansible-role-logstash, elasticsearch_network_host: '192.168.33.182' } +``` -Network host to listen for incoming connections on. By default we only listen on the localhost interface. Change this to the IP address to listen on a specific interface, or `0.0.0.0` to listen on all interfaces. +License and copyright +--------------------- - elasticsearch_http_port: 9200 +WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) -Whether to allow inline scripting against ElasticSearch. You should read the following link as there are possible security implications for enabling these options: [Enable Dynamic Scripting](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#enable-dynamic-scripting). Available options include: `true`, `false`, and `sandbox`. +### Based on previous work from geerlingguy + - https://github.com/geerlingguy/ansible-role-elasticsearch +### Modified by Wazuh -## Example Playbook - - - hosts: search - roles: - - geerlingguy.java - - geerlingguy.elasticsearch - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). - -## Modified - -The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem. +The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. From 1598ceedcda854b841c5ec692a43b48522e55836 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 09:45:32 -0400 Subject: [PATCH 09/12] Logstash role: Updating meta info --- ansible-role-logstash/meta/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-role-logstash/meta/main.yml b/ansible-role-logstash/meta/main.yml index d51fabdd..bf9b17ce 100644 --- a/ansible-role-logstash/meta/main.yml +++ b/ansible-role-logstash/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: - author: Jose Luis Ruiz - description: Logstash for Linux. + author: Wazuh + description: Installing and maintaining Elasticsearch server. company: wazuh.com license: license (GPLv3) min_ansible_version: 2.0 From d59e8cd0be22ebf1152e5b1ac25c8c5cd63a2d93 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 13:24:07 -0400 Subject: [PATCH 10/12] Logstash role: split config tasks from main tasks --- ansible-role-logstash/tasks/config.yml | 35 ++++++++++++++++++++++++++ ansible-role-logstash/tasks/main.yml | 19 ++------------ 2 files changed, 37 insertions(+), 17 deletions(-) create mode 100644 ansible-role-logstash/tasks/config.yml diff --git a/ansible-role-logstash/tasks/config.yml b/ansible-role-logstash/tasks/config.yml new file mode 100644 index 00000000..1e14661c --- /dev/null +++ b/ansible-role-logstash/tasks/config.yml @@ -0,0 +1,35 @@ +--- +- name: Logstash template + template: + src: wazuh-elastic5-template.json.j2 + dest: /etc/logstash/wazuh-elastic5-template.json + owner: root + group: root + tags: configure + +- name: Ensure Logstash SSL key pair directory exists. + file: + path: "{{ logstash_ssl_dir }}" + state: directory + when: logstash_ssl + tags: configure + +- name: Copy SSL key and cert for logstash. + copy: + src: "{{ item }}" + dest: "{{ logstash_ssl_dir }}/{{ item | basename }}" + mode: 0644 + with_items: + - "{{ logstash_ssl_key_file }}" + - "{{ logstash_ssl_certificate_file }}" + when: logstash_ssl + tags: configure + +- name: Logstash configuration + template: + src: 01-wazuh.conf.j2 + dest: /etc/logstash/conf.d/01-wazuh.conf + owner: root + group: root + notify: restart logstash + tags: configure diff --git a/ansible-role-logstash/tasks/main.yml b/ansible-role-logstash/tasks/main.yml index d01ed205..219580a5 100644 --- a/ansible-role-logstash/tasks/main.yml +++ b/ansible-role-logstash/tasks/main.yml @@ -5,23 +5,8 @@ - include: Debian.yml when: ansible_os_family == "Debian" -- name: Logstash configuration - template: - src: 01-wazuh.conf.j2 - dest: /etc/logstash/conf.d/01-wazuh.conf - owner: root - group: root - notify: restart logstash - tags: configure - -- name: Logstash template - template: - src: wazuh-elastic5-template.json.j2 - dest: /etc/logstash/wazuh-elastic5-template.json - owner: root - group: root - notify: restart logstash - tags: configure +- include: config.yml + when: logstash_create_config - name: Ensure Logstash started and enabled service: From a4c4c9336909d00d9331be4c74b69ddcfdf44568 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 13:25:39 -0400 Subject: [PATCH 11/12] Logstash role: adding the ability to switch between file and beats input --- ansible-role-logstash/defaults/main.yml | 8 ++++++ .../templates/01-wazuh.conf.j2 | 27 ++++++++++++------- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml index e8f4adc9..c021a488 100644 --- a/ansible-role-logstash/defaults/main.yml +++ b/ansible-role-logstash/defaults/main.yml @@ -1,4 +1,12 @@ --- +logstash_create_config: true +logstash_input_beats: false + elasticsearch_network_host: "127.0.0.1" elasticsearch_http_port: "9200" elk_stack_version: 5.4.0 + +logstash_ssl: false +logstash_ssl_dir: /etc/pki/logstash +logstash_ssl_certificate_file: "" +logstash_ssl_key_file: "" diff --git a/ansible-role-logstash/templates/01-wazuh.conf.j2 b/ansible-role-logstash/templates/01-wazuh.conf.j2 index 1de99ec5..bbfdb32a 100644 --- a/ansible-role-logstash/templates/01-wazuh.conf.j2 +++ b/ansible-role-logstash/templates/01-wazuh.conf.j2 @@ -1,23 +1,30 @@ # {{ ansible_managed }} # Wazuh - Logstash configuration file + +{% if logstash_input_beats == true %} ## Remote Wazuh Manager - Filebeat input input { beats { port => 5000 codec => "json_lines" -# ssl => true -# ssl_certificate => "/etc/logstash/logstash.crt" -# ssl_key => "/etc/logstash/logstash.key" +{% if logstash_ssl == true %} + ssl => true + ssl_certificate => "{{ logstash_ssl_dir }}/{{ logstash_ssl_certificate_file | basename }}" + ssl_key => "{{ logstash_ssl_dir }}/{{ logstash_ssl_key_file | basename }}" +{% endif %} } } +{% else %} ## Local Wazuh Manager - JSON file input -#input { -# file { -# type => "wazuh-alerts" -# path => "/var/ossec/logs/alerts/alerts.json" -# codec => "json" -# } -#} +input { + file { + type => "wazuh-alerts" + path => "/var/ossec/logs/alerts/alerts.json" + codec => "json" + } +} +{% endif %} + filter { geoip { source => "srcip" From 4e4ed74b1528f836d3f45711c32f6886ac3ac731 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Thu, 13 Jul 2017 16:08:59 -0400 Subject: [PATCH 12/12] Using elastic_stack_version instead of elk_stack_version --- ansible-role-elasticsearch/README.md | 2 +- ansible-role-elasticsearch/defaults/main.yml | 2 +- ansible-role-elasticsearch/tasks/Debian.yml | 2 +- ansible-role-elasticsearch/tasks/RedHat.yml | 2 +- ansible-role-kibana/README.md | 2 +- ansible-role-kibana/defaults/main.yml | 2 +- ansible-role-kibana/tasks/Debian.yml | 2 +- ansible-role-kibana/tasks/RedHat.yml | 2 +- ansible-role-kibana/tasks/main.yml | 4 ++-- ansible-role-logstash/README.md | 2 +- ansible-role-logstash/defaults/main.yml | 2 +- ansible-role-logstash/tasks/Debian.yml | 2 +- ansible-role-logstash/tasks/RedHat.yml | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/ansible-role-elasticsearch/README.md b/ansible-role-elasticsearch/README.md index 9f3ec016..f939dbf1 100644 --- a/ansible-role-elasticsearch/README.md +++ b/ansible-role-elasticsearch/README.md @@ -24,7 +24,7 @@ Defaults variables are listed below, along with its values (see `defaults/main.y elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: 1g - elk_stack_version: 5.4.0 + elastic_stack_version: 5.4.0 ``` Example Playbook diff --git a/ansible-role-elasticsearch/defaults/main.yml b/ansible-role-elasticsearch/defaults/main.yml index 003dc319..2e73fe5b 100644 --- a/ansible-role-elasticsearch/defaults/main.yml +++ b/ansible-role-elasticsearch/defaults/main.yml @@ -4,4 +4,4 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: 1g -elk_stack_version: 5.4.0 +elastic_stack_version: 5.4.0 diff --git a/ansible-role-elasticsearch/tasks/Debian.yml b/ansible-role-elasticsearch/tasks/Debian.yml index e32929fc..0a4cc8bd 100644 --- a/ansible-role-elasticsearch/tasks/Debian.yml +++ b/ansible-role-elasticsearch/tasks/Debian.yml @@ -33,5 +33,5 @@ filename: 'elk_repo' - name: Debian/Ubuntu | Install Elasticsarch - apt: name=elasticsearch={{ elk_stack_version }} state=present update_cache=yes + apt: name=elasticsearch={{ elastic_stack_version }} state=present update_cache=yes tags: install diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/ansible-role-elasticsearch/tasks/RedHat.yml index df21a989..ceaf4357 100644 --- a/ansible-role-elasticsearch/tasks/RedHat.yml +++ b/ansible-role-elasticsearch/tasks/RedHat.yml @@ -26,6 +26,6 @@ gpgcheck: yes - name: RedHat/CentOS/Fedora | Install Elasticsarch - package: name=elasticsearch-{{ elk_stack_version }} state=present + package: name=elasticsearch-{{ elastic_stack_version }} state=present when: oracle_java_task_rpm_installed is defined tags: install diff --git a/ansible-role-kibana/README.md b/ansible-role-kibana/README.md index d9f87ab1..c781b04e 100644 --- a/ansible-role-kibana/README.md +++ b/ansible-role-kibana/README.md @@ -22,7 +22,7 @@ Role Variables elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" - elk_stack_version: 5.4.0 + elastic_stack_version: 5.4.0 ``` Example Playbook diff --git a/ansible-role-kibana/defaults/main.yml b/ansible-role-kibana/defaults/main.yml index 3073ab80..b8bd9381 100644 --- a/ansible-role-kibana/defaults/main.yml +++ b/ansible-role-kibana/defaults/main.yml @@ -3,4 +3,4 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elk_stack_version: 5.4.0 +elastic_stack_version: 5.4.0 diff --git a/ansible-role-kibana/tasks/Debian.yml b/ansible-role-kibana/tasks/Debian.yml index 2a9d265c..8ff200d1 100644 --- a/ansible-role-kibana/tasks/Debian.yml +++ b/ansible-role-kibana/tasks/Debian.yml @@ -17,5 +17,5 @@ filename: 'elk_repo' - name: Debian/Ubuntu | Install Kibana - apt: name=kibana={{ elk_stack_version }} state=present update_cache=yes + apt: name=kibana={{ elastic_stack_version }} state=present update_cache=yes tags: install diff --git a/ansible-role-kibana/tasks/RedHat.yml b/ansible-role-kibana/tasks/RedHat.yml index 8ceb03e7..52759c15 100644 --- a/ansible-role-kibana/tasks/RedHat.yml +++ b/ansible-role-kibana/tasks/RedHat.yml @@ -13,5 +13,5 @@ gpgcheck: yes - name: RedHat/CentOS/Fedora | Install Kibana - package: name=kibana-{{ elk_stack_version }} state=present + package: name=kibana-{{ elastic_stack_version }} state=present tags: install diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml index ba3183db..83d465f7 100644 --- a/ansible-role-kibana/tasks/main.yml +++ b/ansible-role-kibana/tasks/main.yml @@ -20,7 +20,7 @@ tags: configure - name: Checking Wazuh-APP version - shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" + shell: "grep -c -E 'version.*{{ elastic_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo" args: removes: /usr/share/kibana/plugins/wazuh/package.json register: wazuh_app_verify @@ -35,7 +35,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elastic_stack_version }}.zip" args: creates: /usr/share/kibana/plugins/wazuh/package.json notify: restart kibana diff --git a/ansible-role-logstash/README.md b/ansible-role-logstash/README.md index a066b2e4..692bf658 100644 --- a/ansible-role-logstash/README.md +++ b/ansible-role-logstash/README.md @@ -19,7 +19,7 @@ Role Variables --- elasticsearch_network_host: "127.0.0.1" elasticsearch_http_port: "9200" - elk_stack_version: 5.4.0 + elastic_stack_version: 5.4.0 ``` Example Playbook diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml index c021a488..d8a11ad1 100644 --- a/ansible-role-logstash/defaults/main.yml +++ b/ansible-role-logstash/defaults/main.yml @@ -4,7 +4,7 @@ logstash_input_beats: false elasticsearch_network_host: "127.0.0.1" elasticsearch_http_port: "9200" -elk_stack_version: 5.4.0 +elastic_stack_version: 5.4.0 logstash_ssl: false logstash_ssl_dir: /etc/pki/logstash diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml index c982c465..601d1250 100644 --- a/ansible-role-logstash/tasks/Debian.yml +++ b/ansible-role-logstash/tasks/Debian.yml @@ -36,5 +36,5 @@ filename: 'elk_repo' - name: Debian/Ubuntu | Install Logstash - apt: name=logstash=1:{{ elk_stack_version }}-1 state=present update_cache=yes + apt: name=logstash=1:{{ elastic_stack_version }}-1 state=present update_cache=yes tags: install diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml index 31540239..7cc49718 100644 --- a/ansible-role-logstash/tasks/RedHat.yml +++ b/ansible-role-logstash/tasks/RedHat.yml @@ -26,6 +26,6 @@ gpgcheck: yes - name: RedHat/CentOS/Fedora | Install Logstash - package: name=logstash-{{ elk_stack_version }} state=present + package: name=logstash-{{ elastic_stack_version }} state=present when: oracle_java_task_rpm_installed is defined tags: install