From bfc3d4e4e1ef7aa831cf9dbe0f98c9b75503af80 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 21 May 2019 21:05:44 +0200 Subject: [PATCH 01/10] Bump version --- CHANGELOG.md | 6 ++++++ VERSION | 4 ++-- molecule/default/tests/test_default.py | 2 +- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/elastic-stack/ansible-logstash/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 7 files changed, 14 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8fae5c3..d63d2782 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.1] + +### Added + +- Update to Wazuh v3.8.1 +- Support for ELK v6.8.0 ## [v3.9.0] diff --git a/VERSION b/VERSION index 53f0359c..36af7bee 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.9.0" -REVISION="3900" +WAZUH-ANSIBLE_VERSION="v3.9.1" +REVISION="3901" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 9cfab500..27ee3238 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "3.9" + return "3.9.1" def test_wazuh_packages_are_installed(host): diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 4103bca6..e03f7557 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 6.7.1 +elastic_stack_version: 6.8.0 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: true diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index c2779fe8..c9842e7f 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -3,5 +3,5 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 6.7.1 -wazuh_version: 3.9.0 +elastic_stack_version: 6.8.0 +wazuh_version: 3.9.1 diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index a83f68cc..31012c04 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -9,7 +9,7 @@ elasticsearch_network_host: ["Localhost"] elasticsearch_http_port: "9200" elasticsearch_shards: 5 elasticsearch_replicas: 1 -elastic_stack_version: 6.7.1 +elastic_stack_version: 6.8.0 logstash_ssl: false logstash_ssl_dir: /etc/pki/logstash diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index baeb6f25..28ab6d7c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.9.0' + version: '3.9.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477 From faea27f7a1aaf2ee4c0470658a9cac4fc17ea065 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 21 May 2019 21:18:55 +0200 Subject: [PATCH 02/10] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d63d2782..b99b1000 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh v3.8.1 +- Update to Wazuh v3.9.1 - Support for ELK v6.8.0 ## [v3.9.0] From 874a05b3ca14403bf7ad3cb7e60471dd8cf4f979 Mon Sep 17 00:00:00 2001 From: Okynos Date: Mon, 3 Jun 2019 18:53:25 -0700 Subject: [PATCH 03/10] Added a testing purposes workaround --- .../ansible-elasticsearch/defaults/main.yml | 2 +- .../ansible-elasticsearch/tasks/Debian.yml | 2 +- .../ansible-elasticsearch/tasks/RedHat.yml | 4 +- .../ansible-elasticsearch/tasks/main.yml | 2 +- .../wazuh-elastic7-template-alerts.json.j2 | 1456 +++++++++++++++++ .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/Debian.yml | 2 +- .../ansible-kibana/tasks/RedHat.yml | 4 +- .../ansible-kibana/templates/kibana.yml.j2 | 2 +- .../ansible-logstash/defaults/main.yml | 2 +- .../ansible-logstash/tasks/Debian.yml | 2 +- .../ansible-logstash/tasks/RedHat.yml | 4 +- 12 files changed, 1470 insertions(+), 14 deletions(-) create mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index e03f7557..3328165a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 6.8.0 +elastic_stack_version: 7.1.1 elasticsearch_shards: 5 elasticsearch_replicas: 1 elasticsearch_install_java: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index f786d2a3..d5315805 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -17,7 +17,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present filename: 'elastic_repo' update_cache: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 79632b31..64cc0820 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -9,8 +9,8 @@ - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/6.x/yum + description: Elastic repository for 7.x packages + baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index a1f44f88..8d48441e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -104,7 +104,7 @@ method: PUT status_code: 200 body_format: json - body: "{{ lookup('template','wazuh-elastic6-template-alerts.json.j2') }}" + body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" when: wazuh_alerts_template_exits.status != 200 tags: init diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 new file mode 100644 index 00000000..836b2cb2 --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2 @@ -0,0 +1,1456 @@ +{ + "order": 0, + "index_patterns": ["wazuh-alerts-3.x-*"], + "settings": { + "index.refresh_interval": "5s", + "index.number_of_shards": "3", + "index.number_of_replicas": "0", + "index.auto_expand_replicas": "0-1", + "index.mapping.total_fields.limit": 2000 + }, + "mappings": { + "dynamic_templates": [ + { + "string_as_keyword": { + "match_mapping_type": "string", + "mapping": { + "type": "keyword", + "doc_values": "true" + } + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "timestamp": { + "type": "date", + "format": "date_optional_time||epoch_millis" + }, + "@version": { + "type": "text" + }, + "agent": { + "properties": { + "ip": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "manager": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "cluster": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "AlertsFile": { + "type": "keyword", + "doc_values": "true" + }, + "full_log": { + "enabled": false, + "type": "object" + }, + "previous_log": { + "type": "text" + }, + "GeoLocation": { + "properties": { + "area_code": { + "type": "long" + }, + "city_name": { + "type": "keyword", + "doc_values": "true" + }, + "continent_code": { + "type": "text" + }, + "coordinates": { + "type": "double" + }, + "country_code2": { + "type": "text" + }, + "country_code3": { + "type": "text" + }, + "country_name": { + "type": "keyword", + "doc_values": "true" + }, + "dma_code": { + "type": "long" + }, + "ip": { + "type": "keyword", + "doc_values": "true" + }, + "latitude": { + "type": "double" + }, + "location": { + "type": "geo_point" + }, + "longitude": { + "type": "double" + }, + "postal_code": { + "type": "keyword" + }, + "real_region_name": { + "type": "keyword", + "doc_values": "true" + }, + "region_name": { + "type": "keyword", + "doc_values": "true" + }, + "timezone": { + "type": "text" + } + } + }, + "host": { + "type": "keyword", + "doc_values": "true" + }, + "syscheck": { + "properties": { + "path": { + "type": "keyword", + "doc_values": "true" + }, + "sha1_before": { + "type": "keyword", + "doc_values": "true" + }, + "sha1_after": { + "type": "keyword", + "doc_values": "true" + }, + "uid_before": { + "type": "keyword", + "doc_values": "true" + }, + "uid_after": { + "type": "keyword", + "doc_values": "true" + }, + "gid_before": { + "type": "keyword", + "doc_values": "true" + }, + "gid_after": { + "type": "keyword", + "doc_values": "true" + }, + "perm_before": { + "type": "keyword", + "doc_values": "true" + }, + "perm_after": { + "type": "keyword", + "doc_values": "true" + }, + "md5_after": { + "type": "keyword", + "doc_values": "true" + }, + "md5_before": { + "type": "keyword", + "doc_values": "true" + }, + "gname_after": { + "type": "keyword", + "doc_values": "true" + }, + "gname_before": { + "type": "keyword", + "doc_values": "true" + }, + "inode_after": { + "type": "keyword", + "doc_values": "true" + }, + "inode_before": { + "type": "keyword", + "doc_values": "true" + }, + "mtime_after": { + "type": "date", + "format": "dateOptionalTime", + "doc_values": "true" + }, + "mtime_before": { + "type": "date", + "format": "dateOptionalTime", + "doc_values": "true" + }, + "uname_after": { + "type": "keyword", + "doc_values": "true" + }, + "uname_before": { + "type": "keyword", + "doc_values": "true" + }, + "size_before": { + "type": "long", + "doc_values": "true" + }, + "size_after": { + "type": "long", + "doc_values": "true" + }, + "diff": { + "type": "keyword", + "doc_values": "true" + }, + "event": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "location": { + "type": "keyword", + "doc_values": "true" + }, + "message": { + "type": "text" + }, + "offset": { + "type": "keyword" + }, + "rule": { + "properties": { + "description": { + "type": "keyword", + "doc_values": "true" + }, + "groups": { + "type": "keyword", + "doc_values": "true" + }, + "level": { + "type": "long", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "cve": { + "type": "keyword", + "doc_values": "true" + }, + "info": { + "type": "keyword", + "doc_values": "true" + }, + "frequency": { + "type": "long", + "doc_values": "true" + }, + "firedtimes": { + "type": "long", + "doc_values": "true" + }, + "cis": { + "type": "keyword", + "doc_values": "true" + }, + "pci_dss": { + "type": "keyword", + "doc_values": "true" + }, + "gdpr": { + "type": "keyword", + "doc_values": "true" + }, + "gpg13": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "predecoder": { + "properties": { + "program_name": { + "type": "keyword", + "doc_values": "true" + }, + "timestamp": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "decoder": { + "properties": { + "parent": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "ftscomment": { + "type": "keyword", + "doc_values": "true" + }, + "fts": { + "type": "long", + "doc_values": "true" + }, + "accumulate": { + "type": "long", + "doc_values": "true" + } + } + }, + "data": { + "properties": { + "protocol": { + "type": "keyword", + "doc_values": "true" + }, + "action": { + "type": "keyword", + "doc_values": "true" + }, + "srcip": { + "type": "keyword", + "doc_values": "true" + }, + "dstip": { + "type": "keyword", + "doc_values": "true" + }, + "srcport": { + "type": "keyword", + "doc_values": "true" + }, + "dstport": { + "type": "keyword", + "doc_values": "true" + }, + "srcuser": { + "type": "keyword", + "doc_values": "true" + }, + "dstuser": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "status": { + "type": "keyword", + "doc_values": "true" + }, + "data": { + "type": "keyword", + "doc_values": "true" + }, + "system_name": { + "type": "keyword", + "doc_values": "true" + }, + "url": { + "type": "keyword", + "doc_values": "true" + }, + "oscap": { + "properties": { + "check.title": { + "type": "keyword", + "doc_values": "true" + }, + "check.id": { + "type": "keyword", + "doc_values": "true" + }, + "check.result": { + "type": "keyword", + "doc_values": "true" + }, + "check.severity": { + "type": "keyword", + "doc_values": "true" + }, + "check.description": { + "type": "text" + }, + "check.rationale": { + "type": "text" + }, + "check.references": { + "type": "text" + }, + "check.identifiers": { + "type": "text" + }, + "check.oval.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.content": { + "type": "keyword", + "doc_values": "true" + }, + "scan.benchmark.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.profile.title": { + "type": "keyword", + "doc_values": "true" + }, + "scan.profile.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.score": { + "type": "double", + "doc_values": "true" + }, + "scan.return_code": { + "type": "long", + "doc_values": "true" + } + } + }, + "audit": { + "properties": { + "type": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "syscall": { + "type": "keyword", + "doc_values": "true" + }, + "exit": { + "type": "keyword", + "doc_values": "true" + }, + "ppid": { + "type": "keyword", + "doc_values": "true" + }, + "pid": { + "type": "keyword", + "doc_values": "true" + }, + "auid": { + "type": "keyword", + "doc_values": "true" + }, + "uid": { + "type": "keyword", + "doc_values": "true" + }, + "gid": { + "type": "keyword", + "doc_values": "true" + }, + "euid": { + "type": "keyword", + "doc_values": "true" + }, + "suid": { + "type": "keyword", + "doc_values": "true" + }, + "fsuid": { + "type": "keyword", + "doc_values": "true" + }, + "egid": { + "type": "keyword", + "doc_values": "true" + }, + "sgid": { + "type": "keyword", + "doc_values": "true" + }, + "fsgid": { + "type": "keyword", + "doc_values": "true" + }, + "tty": { + "type": "keyword", + "doc_values": "true" + }, + "session": { + "type": "keyword", + "doc_values": "true" + }, + "command": { + "type": "keyword", + "doc_values": "true" + }, + "exe": { + "type": "keyword", + "doc_values": "true" + }, + "key": { + "type": "keyword", + "doc_values": "true" + }, + "cwd": { + "type": "keyword", + "doc_values": "true" + }, + "directory.name": { + "type": "keyword", + "doc_values": "true" + }, + "directory.inode": { + "type": "keyword", + "doc_values": "true" + }, + "directory.mode": { + "type": "keyword", + "doc_values": "true" + }, + "file.name": { + "type": "keyword", + "doc_values": "true" + }, + "file.inode": { + "type": "keyword", + "doc_values": "true" + }, + "file.mode": { + "type": "keyword", + "doc_values": "true" + }, + "acct": { + "type": "keyword", + "doc_values": "true" + }, + "dev": { + "type": "keyword", + "doc_values": "true" + }, + "enforcing": { + "type": "keyword", + "doc_values": "true" + }, + "list": { + "type": "keyword", + "doc_values": "true" + }, + "old-auid": { + "type": "keyword", + "doc_values": "true" + }, + "old-ses": { + "type": "keyword", + "doc_values": "true" + }, + "old_enforcing": { + "type": "keyword", + "doc_values": "true" + }, + "old_prom": { + "type": "keyword", + "doc_values": "true" + }, + "op": { + "type": "keyword", + "doc_values": "true" + }, + "prom": { + "type": "keyword", + "doc_values": "true" + }, + "res": { + "type": "keyword", + "doc_values": "true" + }, + "srcip": { + "type": "keyword", + "doc_values": "true" + }, + "subj": { + "type": "keyword", + "doc_values": "true" + }, + "success": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long", + "doc_values": "true" + }, + "dstaddr": { + "type": "ip", + "doc_values": "true" + }, + "srcaddr": { + "type": "ip", + "doc_values": "true" + }, + "end": { + "type": "date", + "doc_values": "true" + }, + "start": { + "type": "date", + "doc_values": "true" + }, + "source_ip_address": { + "type": "ip", + "doc_values": "true" + }, + "resource.instanceDetails.networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip", + "doc_values": "true" + }, + "publicIp": { + "type": "ip", + "doc_values": "true" + } + } + }, + "service": { + "properties": { + "count": { + "type": "long", + "doc_values": "true" + }, + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip", + "doc_values": "true" + }, + "geoLocation": { + "type": "geo_point", + "doc_values": "true" + } + } + } + } + } + } + }, + "type": { + "type": "keyword", + "doc_values": "true" + }, + "netinfo": { + "properties": { + "iface": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + }, + "mac": { + "type": "keyword", + "doc_values": "true" + }, + "adapter": { + "type": "keyword", + "doc_values": "true" + }, + "type": { + "type": "keyword", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "mtu": { + "type": "long", + "doc_values": "true" + }, + "tx_bytes": { + "type": "long", + "doc_values": "true" + }, + "rx_bytes": { + "type": "long", + "doc_values": "true" + }, + "tx_errors": { + "type": "long", + "doc_values": "true" + }, + "rx_errors": { + "type": "long", + "doc_values": "true" + }, + "tx_dropped": { + "type": "long", + "doc_values": "true" + }, + "rx_dropped": { + "type": "long", + "doc_values": "true" + }, + "tx_packets": { + "type": "long", + "doc_values": "true" + }, + "rx_packets": { + "type": "long", + "doc_values": "true" + }, + "ipv4": { + "properties": { + "gateway": { + "type": "keyword", + "doc_values": "true" + }, + "dhcp": { + "type": "keyword", + "doc_values": "true" + }, + "address": { + "type": "keyword", + "doc_values": "true" + }, + "netmask": { + "type": "keyword", + "doc_values": "true" + }, + "broadcast": { + "type": "keyword", + "doc_values": "true" + }, + "metric": { + "type": "long", + "doc_values": "true" + } + } + }, + "ipv6": { + "properties": { + "gateway": { + "type": "keyword", + "doc_values": "true" + }, + "dhcp": { + "type": "keyword", + "doc_values": "true" + }, + "address": { + "type": "keyword", + "doc_values": "true" + }, + "netmask": { + "type": "keyword", + "doc_values": "true" + }, + "broadcast": { + "type": "keyword", + "doc_values": "true" + }, + "metric": { + "type": "long", + "doc_values": "true" + } + } + } + } + } + } + }, + "os": { + "properties": { + "hostname": { + "type": "keyword", + "doc_values": "true" + }, + "architecture": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "codename": { + "type": "keyword", + "doc_values": "true" + }, + "major": { + "type": "keyword", + "doc_values": "true" + }, + "minor": { + "type": "keyword", + "doc_values": "true" + }, + "build": { + "type": "keyword", + "doc_values": "true" + }, + "platform": { + "type": "keyword", + "doc_values": "true" + }, + "sysname": { + "type": "keyword", + "doc_values": "true" + }, + "release": { + "type": "keyword", + "doc_values": "true" + }, + "release_version": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "port": { + "properties": { + "protocol": { + "type": "keyword", + "doc_values": "true" + }, + "local_ip": { + "type": "ip", + "doc_values": "true" + }, + "local_port": { + "type": "long", + "doc_values": "true" + }, + "remote_ip": { + "type": "ip", + "doc_values": "true" + }, + "remote_port": { + "type": "long", + "doc_values": "true" + }, + "tx_queue": { + "type": "long", + "doc_values": "true" + }, + "rx_queue": { + "type": "long", + "doc_values": "true" + }, + "inode": { + "type": "long", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "pid": { + "type": "long", + "doc_values": "true" + }, + "process": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "hardware": { + "properties": { + "serial": { + "type": "keyword", + "doc_values": "true" + }, + "cpu_name": { + "type": "keyword", + "doc_values": "true" + }, + "cpu_cores": { + "type": "long", + "doc_values": "true" + }, + "cpu_mhz": { + "type": "double", + "doc_values": "true" + }, + "ram_total": { + "type": "long", + "doc_values": "true" + }, + "ram_free": { + "type": "long", + "doc_values": "true" + }, + "ram_usage": { + "type": "long", + "doc_values": "true" + } + } + }, + "program": { + "properties": { + "format": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "priority": { + "type": "keyword", + "doc_values": "true" + }, + "section": { + "type": "keyword", + "doc_values": "true" + }, + "size": { + "type": "long", + "doc_values": "true" + }, + "vendor": { + "type": "keyword", + "doc_values": "true" + }, + "install_time": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "architecture": { + "type": "keyword", + "doc_values": "true" + }, + "multiarch": { + "type": "keyword", + "doc_values": "true" + }, + "source": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "location": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "ppid": { + "type": "long", + "doc_values": "true" + }, + "utime": { + "type": "long", + "doc_values": "true" + }, + "stime": { + "type": "long", + "doc_values": "true" + }, + "cmd": { + "type": "keyword", + "doc_values": "true" + }, + "args": { + "type": "keyword", + "doc_values": "true" + }, + "euser": { + "type": "keyword", + "doc_values": "true" + }, + "ruser": { + "type": "keyword", + "doc_values": "true" + }, + "suser": { + "type": "keyword", + "doc_values": "true" + }, + "egroup": { + "type": "keyword", + "doc_values": "true" + }, + "sgroup": { + "type": "keyword", + "doc_values": "true" + }, + "fgroup": { + "type": "keyword", + "doc_values": "true" + }, + "rgroup": { + "type": "keyword", + "doc_values": "true" + }, + "priority": { + "type": "long", + "doc_values": "true" + }, + "nice": { + "type": "long", + "doc_values": "true" + }, + "size": { + "type": "long", + "doc_values": "true" + }, + "vm_size": { + "type": "long", + "doc_values": "true" + }, + "resident": { + "type": "long", + "doc_values": "true" + }, + "share": { + "type": "long", + "doc_values": "true" + }, + "start_time": { + "type": "long", + "doc_values": "true" + }, + "pgrp": { + "type": "long", + "doc_values": "true" + }, + "session": { + "type": "long", + "doc_values": "true" + }, + "nlwp": { + "type": "long", + "doc_values": "true" + }, + "tgid": { + "type": "long", + "doc_values": "true" + }, + "tty": { + "type": "long", + "doc_values": "true" + }, + "processor": { + "type": "long", + "doc_values": "true" + } + } + }, + "sca": { + "properties": { + "type": { + "type": "keyword", + "doc_values": "true" + }, + "scan_id": { + "type": "keyword", + "doc_values": "true" + }, + "policy": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "file": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "passed": { + "type": "integer", + "doc_values": "true" + }, + "failed": { + "type": "integer", + "doc_values": "true" + }, + "score": { + "type": "long", + "doc_values": "true" + }, + "check": { + "properties": { + "id": { + "type": "keyword", + "doc_values": "true" + }, + "title": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "rationale": { + "type": "keyword", + "doc_values": "true" + }, + "remediation": { + "type": "keyword", + "doc_values": "true" + }, + "compliance": { + "properties": { + "cis": { + "type": "keyword", + "doc_values": "true" + }, + "cis_csc": { + "type": "keyword", + "doc_values": "true" + }, + "pci_dss": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "references": { + "type": "keyword", + "doc_values": "true" + }, + "file": { + "type": "keyword", + "doc_values": "true" + }, + "directory": { + "type": "keyword", + "doc_values": "true" + }, + "registry": { + "type": "keyword", + "doc_values": "true" + }, + "process": { + "type": "keyword", + "doc_values": "true" + }, + "result": { + "type": "keyword", + "doc_values": "true" + }, + "previous_result": { + "type": "keyword", + "doc_values": "true" + } + } + } + } + }, + "win": { + "properties": { + "system": { + "properties": { + "providerName": { + "type": "keyword", + "doc_values": "true" + }, + "providerGuid": { + "type": "keyword", + "doc_values": "true" + }, + "eventSourceName": { + "type": "keyword", + "doc_values": "true" + }, + "securityUserID": { + "type": "keyword", + "doc_values": "true" + }, + "userID": { + "type": "keyword", + "doc_values": "true" + }, + "eventID": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "level": { + "type": "keyword", + "doc_values": "true" + }, + "task": { + "type": "keyword", + "doc_values": "true" + }, + "opcode": { + "type": "keyword", + "doc_values": "true" + }, + "keywords": { + "type": "keyword", + "doc_values": "true" + }, + "systemTime": { + "type": "keyword", + "doc_values": "true" + }, + "eventRecordID": { + "type": "keyword", + "doc_values": "true" + }, + "processID": { + "type": "keyword", + "doc_values": "true" + }, + "threadID": { + "type": "keyword", + "doc_values": "true" + }, + "channel": { + "type": "keyword", + "doc_values": "true" + }, + "computer": { + "type": "keyword", + "doc_values": "true" + }, + "severityValue": { + "type": "keyword", + "doc_values": "true" + }, + "message": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "eventdata": { + "properties": { + "subjectUserSid": { + "type": "keyword", + "doc_values": "true" + }, + "subjectUserName": { + "type": "keyword", + "doc_values": "true" + }, + "subjectDomainName": { + "type": "keyword", + "doc_values": "true" + }, + "subjectLogonId": { + "type": "keyword", + "doc_values": "true" + }, + "targetUserSid": { + "type": "keyword", + "doc_values": "true" + }, + "targetUserName": { + "type": "keyword", + "doc_values": "true" + }, + "targetDomainName": { + "type": "keyword", + "doc_values": "true" + }, + "targetLogonId": { + "type": "keyword", + "doc_values": "true" + }, + "logonType": { + "type": "keyword", + "doc_values": "true" + }, + "logonProcessName": { + "type": "keyword", + "doc_values": "true" + }, + "authenticationPackageName": { + "type": "keyword", + "doc_values": "true" + }, + "logonGuid": { + "type": "keyword", + "doc_values": "true" + }, + "keyLength": { + "type": "keyword", + "doc_values": "true" + }, + "impersonationLevel": { + "type": "keyword", + "doc_values": "true" + }, + "transactionId": { + "type": "keyword", + "doc_values": "true" + }, + "newState": { + "type": "keyword", + "doc_values": "true" + }, + "resourceManager": { + "type": "keyword", + "doc_values": "true" + }, + "processId": { + "type": "keyword", + "doc_values": "true" + }, + "processName": { + "type": "keyword", + "doc_values": "true" + }, + "data": { + "type": "keyword", + "doc_values": "true" + }, + "image": { + "type": "keyword", + "doc_values": "true" + }, + "binary": { + "type": "keyword", + "doc_values": "true" + }, + "parentImage": { + "type": "keyword", + "doc_values": "true" + }, + "categoryId": { + "type": "keyword", + "doc_values": "true" + }, + "subcategoryId": { + "type": "keyword", + "doc_values": "true" + }, + "subcategoryGuid": { + "type": "keyword", + "doc_values": "true" + }, + "auditPolicyChangesId": { + "type": "keyword", + "doc_values": "true" + }, + "category": { + "type": "keyword", + "doc_values": "true" + }, + "subcategory": { + "type": "keyword", + "doc_values": "true" + }, + "auditPolicyChanges": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "rmSessionEvent": { + "properties": { + "rmSessionId": { + "type": "keyword", + "doc_values": "true" + }, + "uTCStartTime": { + "type": "keyword", + "doc_values": "true" + } + } + } + } + } + } + }, + "program_name": { + "type": "keyword", + "doc_values": "true" + }, + "command": { + "type": "keyword", + "doc_values": "true" + }, + "type": { + "type": "text" + }, + "title": { + "type": "keyword", + "doc_values": "true" + } + } + } +} + diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index c9842e7f..921cd436 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -3,5 +3,5 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 6.8.0 +elastic_stack_version: 7.1.1 wazuh_version: 3.9.1 diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 097b19db..67081b86 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -11,7 +11,7 @@ - name: Debian/Ubuntu | Install Elastic repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present filename: 'elastic_repo' update_cache: true diff --git a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml index f5fe2935..1d35d139 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml @@ -2,8 +2,8 @@ - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/6.x/yum + description: Elastic repository for 7.x packages + baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 9b29f17a..edd1b4b4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,7 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.url: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml index 31012c04..403a6127 100644 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml @@ -9,7 +9,7 @@ elasticsearch_network_host: ["Localhost"] elasticsearch_http_port: "9200" elasticsearch_shards: 5 elasticsearch_replicas: 1 -elastic_stack_version: 6.8.0 +elastic_stack_version: 7.1.1 logstash_ssl: false logstash_ssl_dir: /etc/pki/logstash diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 403ee88f..bf8f7a7a 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -17,7 +17,7 @@ - name: Debian/Ubuntu | Install Elasticsearch repo apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present filename: 'elastic_repo' diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index ed16fbc5..289f3a0c 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -9,8 +9,8 @@ - name: RedHat/CentOS/Fedora | Install Logstash repo yum_repository: name: elastic_repo - description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/6.x/yum + description: Elastic repository for 7.x packages + baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true From 3ac36b05f8e8ca592de3a8ab8c70d7bdd6c7888c Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 6 Jun 2019 17:24:18 +0200 Subject: [PATCH 04/10] Deleted Logstash and added new Filebeat.yml template --- .circleci/config.yml | 25 --- .gitignore | 1 - .travis.yml | 8 - CHANGELOG.md | 1 - README.md | 2 - molecule/default/playbook.yml | 3 +- playbooks/wazuh-logstash.yml | 4 - playbooks/wazuh-manager.yml | 2 +- .../elastic-stack/ansible-logstash/README.md | 53 ----- .../ansible-logstash/defaults/main.yml | 19 -- .../ansible-logstash/handlers/main.yml | 3 - .../ansible-logstash/meta/main.yml | 24 --- .../ansible-logstash/tasks/Debian.yml | 45 ---- .../ansible-logstash/tasks/RMDebian.yml | 5 - .../ansible-logstash/tasks/RMRedHat.yml | 5 - .../ansible-logstash/tasks/RedHat.yml | 43 ---- .../ansible-logstash/tasks/config.yml | 27 --- .../ansible-logstash/tasks/main.yml | 40 ---- .../templates/01-wazuh.conf.j2 | 73 ------- roles/wazuh/ansible-filebeat/README.md | 24 --- .../wazuh/ansible-filebeat/defaults/main.yml | 6 +- .../templates/filebeat.yml.j2 | 198 +++++------------- .../ansible-filebeat/tests/requirements.yml | 1 - roles/wazuh/ansible-filebeat/tests/test.yml | 1 - 24 files changed, 56 insertions(+), 557 deletions(-) delete mode 100644 .circleci/config.yml delete mode 100644 .travis.yml delete mode 100644 playbooks/wazuh-logstash.yml delete mode 100644 roles/elastic-stack/ansible-logstash/README.md delete mode 100644 roles/elastic-stack/ansible-logstash/defaults/main.yml delete mode 100644 roles/elastic-stack/ansible-logstash/handlers/main.yml delete mode 100644 roles/elastic-stack/ansible-logstash/meta/main.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/Debian.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/RedHat.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/config.yml delete mode 100644 roles/elastic-stack/ansible-logstash/tasks/main.yml delete mode 100644 roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2 diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 08b3ff16..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 2 -jobs: - test: - machine: - python: - version: 2.7 - services: - - docker - working_directory: ~/wazuh-ansible - steps: - - checkout - - run: - name: Install pipenv - command: pip install pipenv - - run: - name: Install molecule - command: pipenv install --dev --system - - run: - name: Run molecule - command: pipenv run test -workflows: - version: 2 - test_molecule: - jobs: - - test \ No newline at end of file diff --git a/.gitignore b/.gitignore index 148b831f..04c7b54b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,5 @@ wazuh-elastic_stack-distributed.yml wazuh-elastic_stack-single.yml wazuh-elastic.yml wazuh-kibana.yml -wazuh-logstash.yml wazuh-manager.yml *.pyc \ No newline at end of file diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 97c0427b..00000000 --- a/.travis.yml +++ /dev/null @@ -1,8 +0,0 @@ -language: python -services: docker -before_script: - - pip install pipenv - - pipenv install --dev --system -script: - - pipenv run test - - pipenv run agent diff --git a/CHANGELOG.md b/CHANGELOG.md index b99b1000..fad82137 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -126,7 +126,6 @@ Ansible starting point. Roles: - Elastic Stack: - ansible-elasticsearch: This role is prepared to install elasticsearch on the host that runs it. - - ansible-logstash: This role involves the installation of logstash on the host that runs it. - ansible-kibana: Using this role we will install Kibana on the host that runs it. - Wazuh: - ansible-filebeat: This role is prepared to install filebeat on the host that runs it. diff --git a/README.md b/README.md index e91018c8..f684d1a8 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,6 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. │ ├── roles │ │ ├── elastic-stack │ │ │ ├── ansible-elasticsearch - │ │ │ ├── ansible-logstash │ │ │ ├── ansible-kibana │ │ │ │ ├── wazuh @@ -35,7 +34,6 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. │ │ ├── wazuh-elastic_stack-distributed.yml │ │ ├── wazuh-elastic_stack-single.yml │ │ ├── wazuh-kibana.yml - │ │ ├── wazuh-logstash.yml │ │ ├── wazuh-manager.yml │ │ ├── README.md diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index ba33c758..639e6320 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -4,8 +4,7 @@ roles: - role: wazuh/ansible-wazuh-manager -# - {role: wazuh/ansible-filebeat} #, filebeat_output_logstash_hosts: 'your elastic stack server IP' +# - {role: wazuh/ansible-filebeat} #, filebeat_output_elasticsearch_hosts: 'your elastic stack server IP' # Elasticsearch requires too much memory to test multiple containers concurrently - To Fix # - {role: elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} -# - {role: elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost'} # - {role: elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/playbooks/wazuh-logstash.yml b/playbooks/wazuh-logstash.yml deleted file mode 100644 index e3d44687..00000000 --- a/playbooks/wazuh-logstash.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: - roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: ["localhost"]} diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index dc2ad637..d9cc667d 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -2,4 +2,4 @@ - hosts: roles: - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your logstash IP'} + - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'your elasticsearch IP'} diff --git a/roles/elastic-stack/ansible-logstash/README.md b/roles/elastic-stack/ansible-logstash/README.md deleted file mode 100644 index 7be8951d..00000000 --- a/roles/elastic-stack/ansible-logstash/README.md +++ /dev/null @@ -1,53 +0,0 @@ -Ansible Role: Logstash ----------------------- - -An Ansible Role that installs [Logstash](https://www.elastic.co/products/logstash) - -Requirements ------------- - -This role will work on: - * Red Hat - * CentOS - * Fedora - * Debian - * Ubuntu - -Role Variables --------------- -``` - --- - logstash_create_config: true - logstash_input_beats: false - - elasticsearch_network_host: "127.0.0.1" - elasticsearch_http_port: "9200" - elastic_stack_version: 5.5.0 - - logstash_ssl: false - logstash_ssl_dir: /etc/pki/logstash - logstash_ssl_certificate_file: "" - logstash_ssl_key_file: "" -``` - -Example Playbook ----------------- - -``` - - hosts: logstash - roles: - - { role: ansible-role-logstash, elasticsearch_network_host: '192.168.33.182' } -``` - -License and copyright ---------------------- - -WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3) - -### Based on previous work from geerlingguy - - - https://github.com/geerlingguy/ansible-role-elasticsearch - -### Modified by Wazuh - -The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem. diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml deleted file mode 100644 index 403a6127..00000000 --- a/roles/elastic-stack/ansible-logstash/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -logstash_create_config: true -logstash_input_beats: false - -# You can introduce Multiples IPs -# elasticseacrh_network_host: ["Localhost1", "Localhost2", "Localhost3", ...] -elasticsearch_network_host: ["Localhost"] - -elasticsearch_http_port: "9200" -elasticsearch_shards: 5 -elasticsearch_replicas: 1 -elastic_stack_version: 7.1.1 - -logstash_ssl: false -logstash_ssl_dir: /etc/pki/logstash -logstash_ssl_certificate_file: "" -logstash_ssl_key_file: "" - -logstash_install_java: true diff --git a/roles/elastic-stack/ansible-logstash/handlers/main.yml b/roles/elastic-stack/ansible-logstash/handlers/main.yml deleted file mode 100644 index 56f376c8..00000000 --- a/roles/elastic-stack/ansible-logstash/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart logstash - service: name=logstash state=restarted diff --git a/roles/elastic-stack/ansible-logstash/meta/main.yml b/roles/elastic-stack/ansible-logstash/meta/main.yml deleted file mode 100644 index 90234871..00000000 --- a/roles/elastic-stack/ansible-logstash/meta/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -galaxy_info: - author: Wazuh - description: Installing and maintaining Elasticsearch server. - company: wazuh.com - license: license (GPLv3) - min_ansible_version: 2.0 - platforms: - - name: EL - versions: - - all - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - galaxy_tags: - - web - - system - - monitoring diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml deleted file mode 100644 index bf8f7a7a..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates - apt: - name: ['apt-transport-https', 'ca-certificates'] - state: present - -- when: logstash_install_java - block: - - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 - tags: install - -- name: Debian/Ubuntu | Add Elasticsearch GPG key - apt_key: - url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - state: present - -- name: Debian/Ubuntu | Install Elasticsearch repo - apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' - state: present - filename: 'elastic_repo' - -- name: Debian/Ubuntu | Install Logstash - apt: - name: "logstash=1:{{ elastic_stack_version }}-1" - state: present - update_cache: true - tags: install - -- name: Debian/Ubuntu | Checking if wazuh-manager is installed - command: dpkg -l wazuh-manager - register: wazuh_manager_check_deb - when: logstash_input_beats == false - args: - warn: false - -- name: Debian/Ubuntu | Add user logstash to group ossec - user: - name: logstash - groups: ossec - append: true - when: - - logstash_input_beats == false - - wazuh_manager_check_deb.rc == 0 diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml deleted file mode 100644 index 74c59c37..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Debian/Ubuntu | Removing Elasticsearch repository - apt_repository: - repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main - state: absent diff --git a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml deleted file mode 100644 index 78538fe9..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: RedHat/CentOS/Fedora | Remove logstash repository (and clean up left-over metadata) - yum_repository: - name: elastic_repo - state: absent diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml deleted file mode 100644 index 289f3a0c..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- when: logstash_install_java - block: - - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present - register: oracle_java_task_rpm_installed - tags: install - -- name: RedHat/CentOS/Fedora | Install Logstash repo - yum_repository: - name: elastic_repo - description: Elastic repository for 7.x packages - baseurl: https://artifacts.elastic.co/packages/7.x/yum - gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch - gpgcheck: true - -- name: RedHat/CentOS/Fedora | Install Logstash - package: name=logstash-{{ elastic_stack_version }} state=present - when: not logstash_install_java or oracle_java_task_rpm_installed is defined - tags: install - -- name: RedHat/CentOS/Fedora | Checking if wazuh-manager is installed - command: rpm -q wazuh-manager - register: wazuh_manager_check_rpm - when: logstash_input_beats == false - args: - warn: false - -- name: RedHat/CentOS/Fedora | Add user logstash to group ossec - user: - name: logstash - groups: ossec - append: true - when: - - logstash_input_beats == false - - wazuh_manager_check_rpm.rc == 0 - -- name: Amazon Linux change startup group - shell: sed -i 's/.*LS_GROUP=logstash.*/LS_GROUP=ossec/' /etc/logstash/startup.options - when: - - logstash_input_beats == false - - wazuh_manager_check_rpm.rc == 0 - - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/elastic-stack/ansible-logstash/tasks/config.yml b/roles/elastic-stack/ansible-logstash/tasks/config.yml deleted file mode 100644 index 037f0d85..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/config.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Ensure Logstash SSL key pair directory exists. - file: - path: "{{ logstash_ssl_dir }}" - state: directory - when: logstash_ssl - tags: configure - -- name: Copy SSL key and cert for logstash. - copy: - src: "{{ item }}" - dest: "{{ logstash_ssl_dir }}/{{ item | basename }}" - mode: 0644 - with_items: - - "{{ logstash_ssl_key_file }}" - - "{{ logstash_ssl_certificate_file }}" - when: logstash_ssl - tags: configure - -- name: Logstash configuration - template: - src: 01-wazuh.conf.j2 - dest: /etc/logstash/conf.d/01-wazuh.conf - owner: root - group: root - notify: restart logstash - tags: configure diff --git a/roles/elastic-stack/ansible-logstash/tasks/main.yml b/roles/elastic-stack/ansible-logstash/tasks/main.yml deleted file mode 100644 index e114a82f..00000000 --- a/roles/elastic-stack/ansible-logstash/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- import_tasks: RedHat.yml - when: ansible_os_family == 'RedHat' - -- import_tasks: Debian.yml - when: ansible_os_family == "Debian" - -- import_tasks: config.yml - when: logstash_create_config - -- name: Reload systemd - systemd: daemon_reload=yes - ignore_errors: true - when: - - not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - -- name: Amazon Linux create service - shell: /usr/share/logstash/bin/system-install /etc/logstash/startup.options - when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - -- name: Ensure Logstash started and enabled - service: - name: logstash - enabled: true - state: started - -- name: Amazon Linux start Logstash - service: - name: logstash - enabled: true - state: started - when: ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" - -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" diff --git a/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2 b/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2 deleted file mode 100644 index 6ef868e1..00000000 --- a/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2 +++ /dev/null @@ -1,73 +0,0 @@ -#jinja2: trim_blocks:False -# {{ ansible_managed }} -# Wazuh - Logstash configuration file - -{% if logstash_input_beats == true %} -## Remote Wazuh Manager - Filebeat input -input { - beats { - port => 5000 - codec => "json_lines" -{% if logstash_ssl == true %} - ssl => true - ssl_certificate => "{{ logstash_ssl_dir }}/{{ logstash_ssl_certificate_file | basename }}" - ssl_key => "{{ logstash_ssl_dir }}/{{ logstash_ssl_key_file | basename }}" -{% endif %} - } -} -{% else %} -## Local Wazuh Manager - JSON file input -input { - file { - type => "wazuh-alerts" - path => "/var/ossec/logs/alerts/alerts.json" - codec => "json" - } -} -{% endif %} -filter { - if [data][srcip] { - mutate { - add_field => [ "@src_ip", "%{[data][srcip]}" ] - } - } - if [data][aws][sourceIPAddress] { - mutate { - add_field => [ "@src_ip", "%{[data][aws][sourceIPAddress]}" ] - } - } -} -filter { - if [data][srcip] { - mutate { - add_field => [ "@src_ip", "%{[data][srcip]}" ] - } - } - if [data][aws][sourceIPAddress] { - mutate { - add_field => [ "@src_ip", "%{[data][aws][sourceIPAddress]}" ] - } - } -} -filter { - geoip { - source => "@src_ip" - target => "GeoLocation" - fields => ["city_name", "country_name", "region_name", "location"] - } - date { - match => ["timestamp", "ISO8601"] - target => "@timestamp" - } - mutate { - remove_field => [ "timestamp", "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"] - } -} -output { - #stdout { codec => rubydebug } - elasticsearch { - hosts => {{ elasticsearch_network_host | to_json}} - index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}" - document_type => "wazuh" - } -} diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md index 6801e373..ad588e64 100644 --- a/roles/wazuh/ansible-filebeat/README.md +++ b/roles/wazuh/ansible-filebeat/README.md @@ -19,34 +19,10 @@ Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): ``` - filebeat_create_config: true - - filebeat_prospectors: - - input_type: log - paths: - - "/var/ossec/logs/alerts/alerts.json" - document_type: json - json.message_key: log - json.keys_under_root: true - json.overwrite_keys: true - filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" - filebeat_output_logstash_enabled: true - filebeat_output_logstash_hosts: - - "192.168.212.158:5000" - - filebeat_enable_logging: true - filebeat_log_level: debug - filebeat_log_dir: /var/log/mybeat - filebeat_log_filename: mybeat.log - - filebeat_ssl_dir: /etc/pki/logstash - filebeat_ssl_certificate_file: "" - filebeat_ssl_key_file: "" - filebeat_ssl_insecure: "false" ``` License and copyright diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 0f9b5c5a..a00cbbb4 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -14,16 +14,12 @@ filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" -filebeat_output_logstash_enabled: true -filebeat_output_logstash_hosts: - - "192.168.212.158:5000" - filebeat_enable_logging: true filebeat_log_level: debug filebeat_log_dir: /var/log/mybeat filebeat_log_filename: mybeat.log -filebeat_ssl_dir: /etc/pki/logstash +filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index dc4cac82..8e6287ec 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -1,150 +1,58 @@ -filebeat: - # List of prospectors to fetch data. - prospectors: - {{ filebeat_prospectors | to_json }} +# Wazuh - Filebeat configuration file -# Configure what outputs to use when sending the data collected by the beat. -# Multiple outputs may be used. -output: +filebeat.inputs: + - type: log + paths: + - '/var/ossec/logs/alerts/alerts.json' -{% if filebeat_output_elasticsearch_enabled %} - ### Elasticsearch as output - elasticsearch: - # Array of hosts to connect to. - hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} +setup.template.json.enabled: true +setup.template.json.path: "/etc/filebeat/wazuh-template.json" +setup.template.json.name: "wazuh" +setup.template.overwrite: true - # Optional protocol and basic auth credentials. These are deprecated. - #protocol: "https" - #username: "admin" - #password: "s3cr3t" +processors: + - decode_json_fields: + fields: ['message'] + process_array: true + max_depth: 200 + target: '' + overwrite_keys: true + - drop_fields: + fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'] + - rename: + fields: + - from: "data.aws.sourceIPAddress" + to: "@src_ip" + ignore_missing: true + fail_on_error: false + when: + regexp: + data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b + - rename: + fields: + - from: "data.srcip" + to: "@src_ip" + ignore_missing: true + fail_on_error: false + when: + regexp: + data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b + - rename: + fields: + - from: "data.win.eventdata.ipAddress" + to: "@src_ip" + ignore_missing: true + fail_on_error: false + when: + regexp: + data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - # Number of workers per Elasticsearch host. - #worker: 1 +# Send events directly to Elasticsearch +output.elasticsearch: + hosts: {{ filebeat_output_elasticsearch_hosts | to_json }} + #pipeline: geoip + indices: + - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' - # Optional index name. The default is "filebeat" and generates - # [filebeat-]YYYY.MM.DD keys. - #index: "filebeat" - - # Optional HTTP Path - #path: "/elasticsearch" - - # Proxy server URL - # proxy_url: http://proxy:3128 - - # The number of times a particular Elasticsearch index operation is attempted. If - # the indexing operation doesn't succeed after this many retries, the events are - # dropped. The default is 3. - #max_retries: 3 - - # The maximum number of events to bulk in a single Elasticsearch bulk API index request. - # The default is 50. - #bulk_max_size: 50 - - # Configure http request timeout before failing an request to Elasticsearch. - #timeout: 90 - - # The number of seconds to wait for new events between two bulk API index requests. - # If `bulk_max_size` is reached before this interval expires, addition bulk index - # requests are made. - #flush_interval: 1 - - # Boolean that sets if the topology is kept in Elasticsearch. The default is - # false. This option makes sense only for Packetbeat. - #save_topology: false - - # The time to live in seconds for the topology information that is stored in - # Elasticsearch. The default is 15 seconds. - #topology_expire: 15 - -{% if filebeat_ssl_certificate_file and filebeat_ssl_key_file %} - # tls configuration. By default is off. - tls: - # List of root certificates for HTTPS server verifications - #certificate_authorities: ["/etc/pki/root/ca.pem"] - - # Certificate for TLS client authentication - certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_ssl_certificate_file | basename }}" - - # Client Certificate Key - certificate_key: "{{ filebeat_ssl_dir }}/{{ filebeat_ssl_key_file | basename}}" - - # Controls whether the client verifies server certificates and host name. - # If insecure is set to true, all server host names and certificates will be - # accepted. In this mode TLS based connections are susceptible to - # man-in-the-middle attacks. Use only for testing. - insecure: {{ filebeat_ssl_insecure }} - - # Configure cipher suites to be used for TLS connections - #cipher_suites: [] - - # Configure curve types for ECDHE based cipher suites - #curve_types: [] - - # Configure minimum TLS version allowed for connection to logstash - #min_version: 1.0 - - # Configure maximum TLS version allowed for connection to logstash - #max_version: 1.2 -{% endif %} -{% endif %} - -{% if filebeat_output_logstash_enabled %} - ### Logstash as output - logstash: - # The Logstash hosts - hosts: {{ filebeat_output_logstash_hosts | to_json }} - - # Number of workers per Logstash host. - #worker: 1 - - # Optional load balance the events between the Logstash hosts - #loadbalance: true - - # Optional index name. The default index name depends on the each beat. - # For Packetbeat, the default is set to packetbeat, for Topbeat - # top topbeat and for Filebeat to filebeat. - #index: filebeat - -{% if filebeat_ssl_certificate_file and filebeat_ssl_key_file %} - # Optional TLS. By default is off. - tls: - # List of root certificates for HTTPS server verifications - #certificate_authorities: ["/etc/pki/root/ca.pem"] - - # Certificate for TLS client authentication - certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_ssl_certificate_file | basename }}" - - # Client Certificate Key - certificate_key: "{{ filebeat_ssl_dir }}/{{ filebeat_ssl_key_file | basename}}" - - # Controls whether the client verifies server certificates and host name. - # If insecure is set to true, all server host names and certificates will be - # accepted. In this mode TLS based connections are susceptible to - # man-in-the-middle attacks. Use only for testing. - #insecure: true - insecure: {{ filebeat_ssl_insecure }} - - # Configure cipher suites to be used for TLS connections - #cipher_suites: [] - - # Configure curve types for ECDHE based cipher suites - #curve_types: [] -{% endif %} - -{% if filebeat_enable_logging %} -logging: - ### Filebeat log - level: {{ filebeat_log_level }} - - # Enable file rotation with default configuration - to_files: true - - # Do not log to syslog - to_syslog: false - - files: - path: {{ filebeat_log_dir }} - name: {{ filebeat_log_filename }} - keepfiles: 7 -{% endif %} -{% endif %} +# Optional. Send events to Logstash instead of Elasticsearch +#output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml index 141fecdb..63d857e2 100644 --- a/roles/wazuh/ansible-filebeat/tests/requirements.yml +++ b/roles/wazuh/ansible-filebeat/tests/requirements.yml @@ -1,4 +1,3 @@ --- - src: geerlingguy.java - src: geerlingguy.elasticsearch -- src: geerlingguy.logstash diff --git a/roles/wazuh/ansible-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml index 5e71b672..3a4c8f21 100644 --- a/roles/wazuh/ansible-filebeat/tests/test.yml +++ b/roles/wazuh/ansible-filebeat/tests/test.yml @@ -17,5 +17,4 @@ roles: - geerlingguy.java - geerlingguy.elasticsearch - - geerlingguy.logstash - role_under_test From a92b7ad284888853a5d60b0fff21326306dd4d58 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 12 Jun 2019 21:03:55 +0200 Subject: [PATCH 05/10] Supporting cluster node types --- .../templates/elasticsearch.yml.j2 | 97 +++---------------- 1 file changed, 15 insertions(+), 82 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 69f666fc..f0d08cff 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -1,89 +1,22 @@ # {{ ansible_managed }} -# ======================== Elasticsearch Configuration ========================= -# -# NOTE: Elasticsearch comes with reasonable defaults for most settings. -# Before you set out to tweak and tune the configuration, make sure you -# understand what are you trying to accomplish and the consequences. -# -# The primary way of configuring a node is via this file. This template lists -# the most important settings you may want to configure for a production cluster. -# -# Please consult the documentation for further information on configuration options: -# https://www.elastic.co/guide/en/elasticsearch/reference/index.html -# -# ---------------------------------- Cluster ----------------------------------- -# -# Use a descriptive name for your cluster: -# + cluster.name: {{ elasticsearch_cluster_name }} -# -# ------------------------------------ Node ------------------------------------ -# -# Use a descriptive name for the node: -# node.name: {{ elasticsearch_node_name }} -# -# Add custom attributes to the node: -# -#node.attr.rack: r1 -# -# ----------------------------------- Paths ------------------------------------ -# -# Path to directory where to store the data (separate multiple locations by comma): -# path.data: /var/lib/elasticsearch -# -# Path to log files: -# path.logs: /var/log/elasticsearch -# -# ----------------------------------- Memory ----------------------------------- -# -# Lock the memory on startup: -# bootstrap.memory_lock: true -# -# Make sure that the heap size is set to about half the memory available -# on the system and that the owner of the process is allowed to use this -# limit. -# -# Elasticsearch performs poorly when the system is swapping the memory. -# -# ---------------------------------- Network ----------------------------------- -# -# Set the bind address to a specific IP (IPv4 or IPv6): -# network.host: {{ elasticsearch_network_host }} -# -# Set a custom port for HTTP: -# -#http.port: 9200 -# -# For more information, consult the network module documentation. -# -# --------------------------------- Discovery ---------------------------------- -# -# Pass an initial list of hosts to perform discovery when new node is started: -# The default list of hosts is ["127.0.0.1", "[::1]"] -# -#discovery.zen.ping.unicast.hosts: ["host1", "host2"] -# -# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): -# -#discovery.zen.minimum_master_nodes: 3 -# -# For more information, consult the zen discovery module documentation. -# -# ---------------------------------- Gateway ----------------------------------- -# -# Block initial recovery after a full cluster restart until N nodes are started: -# -#gateway.recover_after_nodes: 3 -# -# For more information, consult the gateway module documentation. -# -# ---------------------------------- Various ----------------------------------- -# -# Require explicit names when deleting indices: -# -#action.destructive_requires_name: true + +{% if single_node %} +discovery.type: single-node +{% elif elasticsearch_bootstrap_node %} +cluster.initial_master_nodes: +{% for item in elasticsearch_cluster_nodes %} + - {{ item }} +{% endfor %} +{% elif elasticsearch_master_candidate %} +discovery.seed_hosts: +{% for item in elasticsearch_cluster_nodes %} + - {{ item }} +{% endfor %} +{% endif %} From 7619b44426a0d248bcebdae33d309e6886d72802 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Wed, 12 Jun 2019 21:11:12 +0200 Subject: [PATCH 06/10] Added changes for ELK 7 --- playbooks/wazuh-elastic_stack-single.yml | 9 +- .../ansible-elasticsearch/defaults/main.yml | 8 +- .../ansible-elasticsearch/tasks/Debian.yml | 6 - .../ansible-elasticsearch/tasks/RMDebian.yml | 2 +- .../ansible-elasticsearch/tasks/RedHat.yml | 7 - .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/RMDebian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 2 +- .../wazuh/ansible-filebeat/tasks/RMDebian.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-filebeat/tasks/config.yml | 10 + .../templates/elasticsearch.yml.j2 | 1455 +++++++++++++++++ .../var-ossec-rules-local_rules.xml.j2 | 20 +- 13 files changed, 1482 insertions(+), 45 deletions(-) create mode 100644 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml index 9d3d761a..ac5efaf1 100644 --- a/playbooks/wazuh-elastic_stack-single.yml +++ b/playbooks/wazuh-elastic_stack-single.yml @@ -1,7 +1,6 @@ --- -- hosts: +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager} - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: 'localhost' } - - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } + - {role: ../roles/wazuh/ansible-wazuh-manager} + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '0.0.0.0', single_node: true} + - { role: ../roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' } diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 3328165a..5d380b6b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -5,6 +5,8 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: null elastic_stack_version: 7.1.1 -elasticsearch_shards: 5 -elasticsearch_replicas: 1 -elasticsearch_install_java: true +single_node: false +elasticsearch_bootstrap_node: false +elasticsearch_master_candidate: false +elasticsearch_cluster_nodes: + - 127.0.0.1 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index d5315805..844da315 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -4,12 +4,6 @@ name: ['apt-transport-https', 'ca-certificates'] state: present -- when: elasticsearch_install_java - block: - - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 - tags: install - - name: Debian/Ubuntu | Add Elasticsearch GPG key. apt_key: url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml index 74c59c37..b11eec45 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml @@ -1,5 +1,5 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main state: absent diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 64cc0820..54728b0c 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -1,10 +1,4 @@ --- -- when: elasticsearch_install_java - block: - - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present - register: oracle_java_task_rpm_installed - tags: install - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: @@ -16,5 +10,4 @@ - name: RedHat/CentOS/Fedora | Install Elasticsarch package: name=elasticsearch-{{ elastic_stack_version }} state=present - when: not elasticsearch_install_java or oracle_java_task_rpm_installed is defined tags: install diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 921cd436..cf33aeff 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,4 +4,4 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.1.1 -wazuh_version: 3.9.1 +wazuh_version: 3.9.1 \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml index 74c59c37..b11eec45 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml @@ -1,5 +1,5 @@ --- - name: Debian/Ubuntu | Removing Elasticsearch repository apt_repository: - repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main state: absent diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 455034d6..95b31e0e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -12,6 +12,6 @@ - name: Debian/Ubuntu | Add Filebeat repository. apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/6.x/apt stable main' + repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' state: present update_cache: true diff --git a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml index 580e6d86..f027d4f9 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml @@ -1,5 +1,5 @@ --- - name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata) apt_repository: - repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main + repo: deb https://artifacts.elastic.co/packages/7.x/apt stable main state: absent diff --git a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml index 80798897..e4ddd652 100644 --- a/roles/wazuh/ansible-filebeat/tasks/RedHat.yml +++ b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml @@ -3,6 +3,6 @@ yum_repository: name: elastic_repo description: Elastic repository for 6.x packages - baseurl: https://artifacts.elastic.co/packages/6.x/yum + baseurl: https://artifacts.elastic.co/packages/7.x/yum gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch gpgcheck: true diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index a21e32ac..ce63503d 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -9,6 +9,16 @@ notify: restart filebeat tags: configure +- name: Copy Elasticsearch template. + template: + src: elasticsearch.yml.j2 + dest: "/etc/filebeat/wazuh-template.json" + owner: root + group: root + mode: 0644 + notify: restart filebeat + tags: configure + - name: Ensure Filebeat SSL key pair directory exists. file: path: "{{ filebeat_ssl_dir }}" diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 new file mode 100644 index 00000000..11ef6176 --- /dev/null +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -0,0 +1,1455 @@ +{ + "order": 0, + "index_patterns": ["wazuh-alerts-3.x-*"], + "settings": { + "index.refresh_interval": "5s", + "index.number_of_shards": "3", + "index.number_of_replicas": "0", + "index.auto_expand_replicas": "0-1", + "index.mapping.total_fields.limit": 2000 + }, + "mappings": { + "dynamic_templates": [ + { + "string_as_keyword": { + "match_mapping_type": "string", + "mapping": { + "type": "keyword", + "doc_values": "true" + } + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "timestamp": { + "type": "date", + "format": "date_optional_time||epoch_millis" + }, + "@version": { + "type": "text" + }, + "agent": { + "properties": { + "ip": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "manager": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "cluster": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "AlertsFile": { + "type": "keyword", + "doc_values": "true" + }, + "full_log": { + "enabled": false, + "type": "object" + }, + "previous_log": { + "type": "text" + }, + "GeoLocation": { + "properties": { + "area_code": { + "type": "long" + }, + "city_name": { + "type": "keyword", + "doc_values": "true" + }, + "continent_code": { + "type": "text" + }, + "coordinates": { + "type": "double" + }, + "country_code2": { + "type": "text" + }, + "country_code3": { + "type": "text" + }, + "country_name": { + "type": "keyword", + "doc_values": "true" + }, + "dma_code": { + "type": "long" + }, + "ip": { + "type": "keyword", + "doc_values": "true" + }, + "latitude": { + "type": "double" + }, + "location": { + "type": "geo_point" + }, + "longitude": { + "type": "double" + }, + "postal_code": { + "type": "keyword" + }, + "real_region_name": { + "type": "keyword", + "doc_values": "true" + }, + "region_name": { + "type": "keyword", + "doc_values": "true" + }, + "timezone": { + "type": "text" + } + } + }, + "host": { + "type": "keyword", + "doc_values": "true" + }, + "syscheck": { + "properties": { + "path": { + "type": "keyword", + "doc_values": "true" + }, + "sha1_before": { + "type": "keyword", + "doc_values": "true" + }, + "sha1_after": { + "type": "keyword", + "doc_values": "true" + }, + "uid_before": { + "type": "keyword", + "doc_values": "true" + }, + "uid_after": { + "type": "keyword", + "doc_values": "true" + }, + "gid_before": { + "type": "keyword", + "doc_values": "true" + }, + "gid_after": { + "type": "keyword", + "doc_values": "true" + }, + "perm_before": { + "type": "keyword", + "doc_values": "true" + }, + "perm_after": { + "type": "keyword", + "doc_values": "true" + }, + "md5_after": { + "type": "keyword", + "doc_values": "true" + }, + "md5_before": { + "type": "keyword", + "doc_values": "true" + }, + "gname_after": { + "type": "keyword", + "doc_values": "true" + }, + "gname_before": { + "type": "keyword", + "doc_values": "true" + }, + "inode_after": { + "type": "keyword", + "doc_values": "true" + }, + "inode_before": { + "type": "keyword", + "doc_values": "true" + }, + "mtime_after": { + "type": "date", + "format": "dateOptionalTime", + "doc_values": "true" + }, + "mtime_before": { + "type": "date", + "format": "dateOptionalTime", + "doc_values": "true" + }, + "uname_after": { + "type": "keyword", + "doc_values": "true" + }, + "uname_before": { + "type": "keyword", + "doc_values": "true" + }, + "size_before": { + "type": "long", + "doc_values": "true" + }, + "size_after": { + "type": "long", + "doc_values": "true" + }, + "diff": { + "type": "keyword", + "doc_values": "true" + }, + "event": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "location": { + "type": "keyword", + "doc_values": "true" + }, + "message": { + "type": "text" + }, + "offset": { + "type": "keyword" + }, + "rule": { + "properties": { + "description": { + "type": "keyword", + "doc_values": "true" + }, + "groups": { + "type": "keyword", + "doc_values": "true" + }, + "level": { + "type": "long", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "cve": { + "type": "keyword", + "doc_values": "true" + }, + "info": { + "type": "keyword", + "doc_values": "true" + }, + "frequency": { + "type": "long", + "doc_values": "true" + }, + "firedtimes": { + "type": "long", + "doc_values": "true" + }, + "cis": { + "type": "keyword", + "doc_values": "true" + }, + "pci_dss": { + "type": "keyword", + "doc_values": "true" + }, + "gdpr": { + "type": "keyword", + "doc_values": "true" + }, + "gpg13": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "predecoder": { + "properties": { + "program_name": { + "type": "keyword", + "doc_values": "true" + }, + "timestamp": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "decoder": { + "properties": { + "parent": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "ftscomment": { + "type": "keyword", + "doc_values": "true" + }, + "fts": { + "type": "long", + "doc_values": "true" + }, + "accumulate": { + "type": "long", + "doc_values": "true" + } + } + }, + "data": { + "properties": { + "protocol": { + "type": "keyword", + "doc_values": "true" + }, + "action": { + "type": "keyword", + "doc_values": "true" + }, + "srcip": { + "type": "keyword", + "doc_values": "true" + }, + "dstip": { + "type": "keyword", + "doc_values": "true" + }, + "srcport": { + "type": "keyword", + "doc_values": "true" + }, + "dstport": { + "type": "keyword", + "doc_values": "true" + }, + "srcuser": { + "type": "keyword", + "doc_values": "true" + }, + "dstuser": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "status": { + "type": "keyword", + "doc_values": "true" + }, + "data": { + "type": "keyword", + "doc_values": "true" + }, + "system_name": { + "type": "keyword", + "doc_values": "true" + }, + "url": { + "type": "keyword", + "doc_values": "true" + }, + "oscap": { + "properties": { + "check.title": { + "type": "keyword", + "doc_values": "true" + }, + "check.id": { + "type": "keyword", + "doc_values": "true" + }, + "check.result": { + "type": "keyword", + "doc_values": "true" + }, + "check.severity": { + "type": "keyword", + "doc_values": "true" + }, + "check.description": { + "type": "text" + }, + "check.rationale": { + "type": "text" + }, + "check.references": { + "type": "text" + }, + "check.identifiers": { + "type": "text" + }, + "check.oval.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.content": { + "type": "keyword", + "doc_values": "true" + }, + "scan.benchmark.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.profile.title": { + "type": "keyword", + "doc_values": "true" + }, + "scan.profile.id": { + "type": "keyword", + "doc_values": "true" + }, + "scan.score": { + "type": "double", + "doc_values": "true" + }, + "scan.return_code": { + "type": "long", + "doc_values": "true" + } + } + }, + "audit": { + "properties": { + "type": { + "type": "keyword", + "doc_values": "true" + }, + "id": { + "type": "keyword", + "doc_values": "true" + }, + "syscall": { + "type": "keyword", + "doc_values": "true" + }, + "exit": { + "type": "keyword", + "doc_values": "true" + }, + "ppid": { + "type": "keyword", + "doc_values": "true" + }, + "pid": { + "type": "keyword", + "doc_values": "true" + }, + "auid": { + "type": "keyword", + "doc_values": "true" + }, + "uid": { + "type": "keyword", + "doc_values": "true" + }, + "gid": { + "type": "keyword", + "doc_values": "true" + }, + "euid": { + "type": "keyword", + "doc_values": "true" + }, + "suid": { + "type": "keyword", + "doc_values": "true" + }, + "fsuid": { + "type": "keyword", + "doc_values": "true" + }, + "egid": { + "type": "keyword", + "doc_values": "true" + }, + "sgid": { + "type": "keyword", + "doc_values": "true" + }, + "fsgid": { + "type": "keyword", + "doc_values": "true" + }, + "tty": { + "type": "keyword", + "doc_values": "true" + }, + "session": { + "type": "keyword", + "doc_values": "true" + }, + "command": { + "type": "keyword", + "doc_values": "true" + }, + "exe": { + "type": "keyword", + "doc_values": "true" + }, + "key": { + "type": "keyword", + "doc_values": "true" + }, + "cwd": { + "type": "keyword", + "doc_values": "true" + }, + "directory.name": { + "type": "keyword", + "doc_values": "true" + }, + "directory.inode": { + "type": "keyword", + "doc_values": "true" + }, + "directory.mode": { + "type": "keyword", + "doc_values": "true" + }, + "file.name": { + "type": "keyword", + "doc_values": "true" + }, + "file.inode": { + "type": "keyword", + "doc_values": "true" + }, + "file.mode": { + "type": "keyword", + "doc_values": "true" + }, + "acct": { + "type": "keyword", + "doc_values": "true" + }, + "dev": { + "type": "keyword", + "doc_values": "true" + }, + "enforcing": { + "type": "keyword", + "doc_values": "true" + }, + "list": { + "type": "keyword", + "doc_values": "true" + }, + "old-auid": { + "type": "keyword", + "doc_values": "true" + }, + "old-ses": { + "type": "keyword", + "doc_values": "true" + }, + "old_enforcing": { + "type": "keyword", + "doc_values": "true" + }, + "old_prom": { + "type": "keyword", + "doc_values": "true" + }, + "op": { + "type": "keyword", + "doc_values": "true" + }, + "prom": { + "type": "keyword", + "doc_values": "true" + }, + "res": { + "type": "keyword", + "doc_values": "true" + }, + "srcip": { + "type": "keyword", + "doc_values": "true" + }, + "subj": { + "type": "keyword", + "doc_values": "true" + }, + "success": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "aws": { + "properties": { + "bytes": { + "type": "long", + "doc_values": "true" + }, + "dstaddr": { + "type": "ip", + "doc_values": "true" + }, + "srcaddr": { + "type": "ip", + "doc_values": "true" + }, + "end": { + "type": "date", + "doc_values": "true" + }, + "start": { + "type": "date", + "doc_values": "true" + }, + "source_ip_address": { + "type": "ip", + "doc_values": "true" + }, + "resource.instanceDetails.networkInterfaces": { + "properties": { + "privateIpAddress": { + "type": "ip", + "doc_values": "true" + }, + "publicIp": { + "type": "ip", + "doc_values": "true" + } + } + }, + "service": { + "properties": { + "count": { + "type": "long", + "doc_values": "true" + }, + "action.networkConnectionAction.remoteIpDetails": { + "properties": { + "ipAddressV4": { + "type": "ip", + "doc_values": "true" + }, + "geoLocation": { + "type": "geo_point", + "doc_values": "true" + } + } + } + } + } + } + }, + "type": { + "type": "keyword", + "doc_values": "true" + }, + "netinfo": { + "properties": { + "iface": { + "properties": { + "name": { + "type": "keyword", + "doc_values": "true" + }, + "mac": { + "type": "keyword", + "doc_values": "true" + }, + "adapter": { + "type": "keyword", + "doc_values": "true" + }, + "type": { + "type": "keyword", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "mtu": { + "type": "long", + "doc_values": "true" + }, + "tx_bytes": { + "type": "long", + "doc_values": "true" + }, + "rx_bytes": { + "type": "long", + "doc_values": "true" + }, + "tx_errors": { + "type": "long", + "doc_values": "true" + }, + "rx_errors": { + "type": "long", + "doc_values": "true" + }, + "tx_dropped": { + "type": "long", + "doc_values": "true" + }, + "rx_dropped": { + "type": "long", + "doc_values": "true" + }, + "tx_packets": { + "type": "long", + "doc_values": "true" + }, + "rx_packets": { + "type": "long", + "doc_values": "true" + }, + "ipv4": { + "properties": { + "gateway": { + "type": "keyword", + "doc_values": "true" + }, + "dhcp": { + "type": "keyword", + "doc_values": "true" + }, + "address": { + "type": "keyword", + "doc_values": "true" + }, + "netmask": { + "type": "keyword", + "doc_values": "true" + }, + "broadcast": { + "type": "keyword", + "doc_values": "true" + }, + "metric": { + "type": "long", + "doc_values": "true" + } + } + }, + "ipv6": { + "properties": { + "gateway": { + "type": "keyword", + "doc_values": "true" + }, + "dhcp": { + "type": "keyword", + "doc_values": "true" + }, + "address": { + "type": "keyword", + "doc_values": "true" + }, + "netmask": { + "type": "keyword", + "doc_values": "true" + }, + "broadcast": { + "type": "keyword", + "doc_values": "true" + }, + "metric": { + "type": "long", + "doc_values": "true" + } + } + } + } + } + } + }, + "os": { + "properties": { + "hostname": { + "type": "keyword", + "doc_values": "true" + }, + "architecture": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "codename": { + "type": "keyword", + "doc_values": "true" + }, + "major": { + "type": "keyword", + "doc_values": "true" + }, + "minor": { + "type": "keyword", + "doc_values": "true" + }, + "build": { + "type": "keyword", + "doc_values": "true" + }, + "platform": { + "type": "keyword", + "doc_values": "true" + }, + "sysname": { + "type": "keyword", + "doc_values": "true" + }, + "release": { + "type": "keyword", + "doc_values": "true" + }, + "release_version": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "port": { + "properties": { + "protocol": { + "type": "keyword", + "doc_values": "true" + }, + "local_ip": { + "type": "ip", + "doc_values": "true" + }, + "local_port": { + "type": "long", + "doc_values": "true" + }, + "remote_ip": { + "type": "ip", + "doc_values": "true" + }, + "remote_port": { + "type": "long", + "doc_values": "true" + }, + "tx_queue": { + "type": "long", + "doc_values": "true" + }, + "rx_queue": { + "type": "long", + "doc_values": "true" + }, + "inode": { + "type": "long", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "pid": { + "type": "long", + "doc_values": "true" + }, + "process": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "hardware": { + "properties": { + "serial": { + "type": "keyword", + "doc_values": "true" + }, + "cpu_name": { + "type": "keyword", + "doc_values": "true" + }, + "cpu_cores": { + "type": "long", + "doc_values": "true" + }, + "cpu_mhz": { + "type": "double", + "doc_values": "true" + }, + "ram_total": { + "type": "long", + "doc_values": "true" + }, + "ram_free": { + "type": "long", + "doc_values": "true" + }, + "ram_usage": { + "type": "long", + "doc_values": "true" + } + } + }, + "program": { + "properties": { + "format": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "priority": { + "type": "keyword", + "doc_values": "true" + }, + "section": { + "type": "keyword", + "doc_values": "true" + }, + "size": { + "type": "long", + "doc_values": "true" + }, + "vendor": { + "type": "keyword", + "doc_values": "true" + }, + "install_time": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "architecture": { + "type": "keyword", + "doc_values": "true" + }, + "multiarch": { + "type": "keyword", + "doc_values": "true" + }, + "source": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "location": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "state": { + "type": "keyword", + "doc_values": "true" + }, + "ppid": { + "type": "long", + "doc_values": "true" + }, + "utime": { + "type": "long", + "doc_values": "true" + }, + "stime": { + "type": "long", + "doc_values": "true" + }, + "cmd": { + "type": "keyword", + "doc_values": "true" + }, + "args": { + "type": "keyword", + "doc_values": "true" + }, + "euser": { + "type": "keyword", + "doc_values": "true" + }, + "ruser": { + "type": "keyword", + "doc_values": "true" + }, + "suser": { + "type": "keyword", + "doc_values": "true" + }, + "egroup": { + "type": "keyword", + "doc_values": "true" + }, + "sgroup": { + "type": "keyword", + "doc_values": "true" + }, + "fgroup": { + "type": "keyword", + "doc_values": "true" + }, + "rgroup": { + "type": "keyword", + "doc_values": "true" + }, + "priority": { + "type": "long", + "doc_values": "true" + }, + "nice": { + "type": "long", + "doc_values": "true" + }, + "size": { + "type": "long", + "doc_values": "true" + }, + "vm_size": { + "type": "long", + "doc_values": "true" + }, + "resident": { + "type": "long", + "doc_values": "true" + }, + "share": { + "type": "long", + "doc_values": "true" + }, + "start_time": { + "type": "long", + "doc_values": "true" + }, + "pgrp": { + "type": "long", + "doc_values": "true" + }, + "session": { + "type": "long", + "doc_values": "true" + }, + "nlwp": { + "type": "long", + "doc_values": "true" + }, + "tgid": { + "type": "long", + "doc_values": "true" + }, + "tty": { + "type": "long", + "doc_values": "true" + }, + "processor": { + "type": "long", + "doc_values": "true" + } + } + }, + "sca": { + "properties": { + "type": { + "type": "keyword", + "doc_values": "true" + }, + "scan_id": { + "type": "keyword", + "doc_values": "true" + }, + "policy": { + "type": "keyword", + "doc_values": "true" + }, + "name": { + "type": "keyword", + "doc_values": "true" + }, + "file": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "passed": { + "type": "integer", + "doc_values": "true" + }, + "failed": { + "type": "integer", + "doc_values": "true" + }, + "score": { + "type": "long", + "doc_values": "true" + }, + "check": { + "properties": { + "id": { + "type": "keyword", + "doc_values": "true" + }, + "title": { + "type": "keyword", + "doc_values": "true" + }, + "description": { + "type": "keyword", + "doc_values": "true" + }, + "rationale": { + "type": "keyword", + "doc_values": "true" + }, + "remediation": { + "type": "keyword", + "doc_values": "true" + }, + "compliance": { + "properties": { + "cis": { + "type": "keyword", + "doc_values": "true" + }, + "cis_csc": { + "type": "keyword", + "doc_values": "true" + }, + "pci_dss": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "references": { + "type": "keyword", + "doc_values": "true" + }, + "file": { + "type": "keyword", + "doc_values": "true" + }, + "directory": { + "type": "keyword", + "doc_values": "true" + }, + "registry": { + "type": "keyword", + "doc_values": "true" + }, + "process": { + "type": "keyword", + "doc_values": "true" + }, + "result": { + "type": "keyword", + "doc_values": "true" + }, + "previous_result": { + "type": "keyword", + "doc_values": "true" + } + } + } + } + }, + "win": { + "properties": { + "system": { + "properties": { + "providerName": { + "type": "keyword", + "doc_values": "true" + }, + "providerGuid": { + "type": "keyword", + "doc_values": "true" + }, + "eventSourceName": { + "type": "keyword", + "doc_values": "true" + }, + "securityUserID": { + "type": "keyword", + "doc_values": "true" + }, + "userID": { + "type": "keyword", + "doc_values": "true" + }, + "eventID": { + "type": "keyword", + "doc_values": "true" + }, + "version": { + "type": "keyword", + "doc_values": "true" + }, + "level": { + "type": "keyword", + "doc_values": "true" + }, + "task": { + "type": "keyword", + "doc_values": "true" + }, + "opcode": { + "type": "keyword", + "doc_values": "true" + }, + "keywords": { + "type": "keyword", + "doc_values": "true" + }, + "systemTime": { + "type": "keyword", + "doc_values": "true" + }, + "eventRecordID": { + "type": "keyword", + "doc_values": "true" + }, + "processID": { + "type": "keyword", + "doc_values": "true" + }, + "threadID": { + "type": "keyword", + "doc_values": "true" + }, + "channel": { + "type": "keyword", + "doc_values": "true" + }, + "computer": { + "type": "keyword", + "doc_values": "true" + }, + "severityValue": { + "type": "keyword", + "doc_values": "true" + }, + "message": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "eventdata": { + "properties": { + "subjectUserSid": { + "type": "keyword", + "doc_values": "true" + }, + "subjectUserName": { + "type": "keyword", + "doc_values": "true" + }, + "subjectDomainName": { + "type": "keyword", + "doc_values": "true" + }, + "subjectLogonId": { + "type": "keyword", + "doc_values": "true" + }, + "targetUserSid": { + "type": "keyword", + "doc_values": "true" + }, + "targetUserName": { + "type": "keyword", + "doc_values": "true" + }, + "targetDomainName": { + "type": "keyword", + "doc_values": "true" + }, + "targetLogonId": { + "type": "keyword", + "doc_values": "true" + }, + "logonType": { + "type": "keyword", + "doc_values": "true" + }, + "logonProcessName": { + "type": "keyword", + "doc_values": "true" + }, + "authenticationPackageName": { + "type": "keyword", + "doc_values": "true" + }, + "logonGuid": { + "type": "keyword", + "doc_values": "true" + }, + "keyLength": { + "type": "keyword", + "doc_values": "true" + }, + "impersonationLevel": { + "type": "keyword", + "doc_values": "true" + }, + "transactionId": { + "type": "keyword", + "doc_values": "true" + }, + "newState": { + "type": "keyword", + "doc_values": "true" + }, + "resourceManager": { + "type": "keyword", + "doc_values": "true" + }, + "processId": { + "type": "keyword", + "doc_values": "true" + }, + "processName": { + "type": "keyword", + "doc_values": "true" + }, + "data": { + "type": "keyword", + "doc_values": "true" + }, + "image": { + "type": "keyword", + "doc_values": "true" + }, + "binary": { + "type": "keyword", + "doc_values": "true" + }, + "parentImage": { + "type": "keyword", + "doc_values": "true" + }, + "categoryId": { + "type": "keyword", + "doc_values": "true" + }, + "subcategoryId": { + "type": "keyword", + "doc_values": "true" + }, + "subcategoryGuid": { + "type": "keyword", + "doc_values": "true" + }, + "auditPolicyChangesId": { + "type": "keyword", + "doc_values": "true" + }, + "category": { + "type": "keyword", + "doc_values": "true" + }, + "subcategory": { + "type": "keyword", + "doc_values": "true" + }, + "auditPolicyChanges": { + "type": "keyword", + "doc_values": "true" + } + } + }, + "rmSessionEvent": { + "properties": { + "rmSessionId": { + "type": "keyword", + "doc_values": "true" + }, + "uTCStartTime": { + "type": "keyword", + "doc_values": "true" + } + } + } + } + } + } + }, + "program_name": { + "type": "keyword", + "doc_values": "true" + }, + "command": { + "type": "keyword", + "doc_values": "true" + }, + "type": { + "type": "text" + }, + "title": { + "type": "keyword", + "doc_values": "true" + } + } + } +} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 index 5cbe7670..39eb6a94 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 @@ -1,6 +1,7 @@ + @@ -15,21 +16,4 @@ authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, - - - - - - syscheck - /var/ossec/etc/shared/agent.conf - Linux | agent.conf was modified - - - syscheck - C:\wazuh-agent/shared/agent.conf - Windows | agent.conf was modified - - + \ No newline at end of file From 6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 13 Jun 2019 17:49:05 +0200 Subject: [PATCH 07/10] Supporting ELK 7 cluster --- playbooks/wazuh-elastic_stack-distributed.yml | 1 - roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 6 +++++- .../ansible-elasticsearch/templates/elasticsearch.yml.j2 | 2 ++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 6bdf4857..887cafbd 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -6,5 +6,4 @@ - hosts: roles: - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost'} - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 8d48441e..bd7bc0d4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -95,6 +95,8 @@ url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" method: GET status_code: 200, 404 + when: not elasticsearch_bootstrap_node or single_node + poll: 30 register: wazuh_alerts_template_exits tags: init @@ -105,7 +107,9 @@ status_code: 200 body_format: json body: "{{ lookup('template','wazuh-elastic7-template-alerts.json.j2') }}" - when: wazuh_alerts_template_exits.status != 200 + when: + - wazuh_alerts_template_exits.status is defined + - wazuh_alerts_template_exits.status != 200 tags: init - import_tasks: "RMRedHat.yml" diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index f0d08cff..595dd58a 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -10,11 +10,13 @@ network.host: {{ elasticsearch_network_host }} {% if single_node %} discovery.type: single-node {% elif elasticsearch_bootstrap_node %} +node.master: true cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} {% elif elasticsearch_master_candidate %} +node.master: true discovery.seed_hosts: {% for item in elasticsearch_cluster_nodes %} - {{ item }} From 42a7f0604ec916adbe333f5f6c9c3981d5d71f4d Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 13 Jun 2019 17:53:45 +0200 Subject: [PATCH 08/10] Changed README --- .../ansible-elasticsearch/README.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 3dd45b08..f3089e7e 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -30,10 +30,27 @@ Defaults variables are listed below, along with its values (see `defaults/main.y Example Playbook ---------------- +- Single-node ``` - hosts: elasticsearch roles: - - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182' } + - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_host: true } +``` + +- Three nodes Elasticsearch cluster +``` +--- +- hosts: 172.16.0.161 + roles: + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.161', elasticsearch_bootstrap_node: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + +- hosts: 172.16.0.162 + roles: + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.162', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} + +- hosts: 172.16.0.163 + roles: + - {role: ../roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: '172.16.0.163', elasticsearch_master_candidate: true, elasticsearch_cluster_nodes: ['172.16.0.162','172.16.0.163','172.16.0.161']} ``` License and copyright From 91e88aae50221339223934688c01609634cf4758 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Thu, 13 Jun 2019 18:01:31 +0200 Subject: [PATCH 09/10] Removed Pipfile.lock --- Pipfile.lock | 698 --------------------------------------------------- 1 file changed, 698 deletions(-) delete mode 100644 Pipfile.lock diff --git a/Pipfile.lock b/Pipfile.lock deleted file mode 100644 index 1df7c847..00000000 --- a/Pipfile.lock +++ /dev/null @@ -1,698 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "2d9ee042a6e26f8aee145bcef372b8817aed4bcfa95fc5b518ae0b7b4e8a2a8d" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "2.7" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "ansible": { - "hashes": [ - "sha256:84a42d1e371c4222c82e575cb6961fafd3afe920d84e4b6d87affabe400be294" - ], - "index": "pypi", - "version": "==2.7.10" - }, - "ansible-lint": { - "hashes": [ - "sha256:9430ea6e654ba4bf5b9c6921efc040f46cda9c4fd2896a99ff71d21037bcb123", - "sha256:c1b442b01091eca13ef11d98c3376e9489ba5b69a8467828ca86044f384bc0a1" - ], - "version": "==4.1.0" - }, - "anyconfig": { - "hashes": [ - "sha256:4d6016ae6eecc5e502bc7e99ae0639c5710c5c67bde5f21b06b9eaafd9ce0e7e" - ], - "version": "==0.9.7" - }, - "arrow": { - "hashes": [ - "sha256:3397e5448952e18e1295bf047014659effa5ae8da6a5371d37ff0ddc46fa6872", - "sha256:6f54d9f016c0b7811fac9fb8c2c7fa7421d80c54dbdd75ffb12913c55db60b8a" - ], - "version": "==0.13.1" - }, - "asn1crypto": { - "hashes": [ - "sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87", - "sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49" - ], - "version": "==0.24.0" - }, - "atomicwrites": { - "hashes": [ - "sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4", - "sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6" - ], - "version": "==1.3.0" - }, - "attrs": { - "hashes": [ - "sha256:69c0dbf2ed392de1cb5ec704444b08a5ef81680a61cb899dc08127123af36a79", - "sha256:f0b870f674851ecbfbbbd364d6b5cbdff9dcedbc7f3f5e18a6891057f21fe399" - ], - "version": "==19.1.0" - }, - "backports.functools-lru-cache": { - "hashes": [ - "sha256:9d98697f088eb1b0fa451391f91afb5e3ebde16bbdb272819fd091151fda4f1a", - "sha256:f0b0e4eba956de51238e17573b7087e852dfe9854afd2e9c873f73fc0ca0a6dd" - ], - "markers": "python_version == '2.7'", - "version": "==1.5" - }, - "backports.ssl-match-hostname": { - "hashes": [ - "sha256:bb82e60f9fbf4c080eabd957c39f0641f0fc247d9a16e31e26d594d8f42b9fd2" - ], - "markers": "python_version < '3.5'", - "version": "==3.7.0.1" - }, - "bcrypt": { - "hashes": [ - "sha256:0ba875eb67b011add6d8c5b76afbd92166e98b1f1efab9433d5dc0fafc76e203", - "sha256:21ed446054c93e209434148ef0b362432bb82bbdaf7beef70a32c221f3e33d1c", - "sha256:28a0459381a8021f57230954b9e9a65bb5e3d569d2c253c5cac6cb181d71cf23", - "sha256:2aed3091eb6f51c26b7c2fad08d6620d1c35839e7a362f706015b41bd991125e", - "sha256:2fa5d1e438958ea90eaedbf8082c2ceb1a684b4f6c75a3800c6ec1e18ebef96f", - "sha256:3a73f45484e9874252002793518da060fb11eaa76c30713faa12115db17d1430", - "sha256:3e489787638a36bb466cd66780e15715494b6d6905ffdbaede94440d6d8e7dba", - "sha256:44636759d222baa62806bbceb20e96f75a015a6381690d1bc2eda91c01ec02ea", - "sha256:678c21b2fecaa72a1eded0cf12351b153615520637efcadc09ecf81b871f1596", - "sha256:75460c2c3786977ea9768d6c9d8957ba31b5fbeb0aae67a5c0e96aab4155f18c", - "sha256:8ac06fb3e6aacb0a95b56eba735c0b64df49651c6ceb1ad1cf01ba75070d567f", - "sha256:8fdced50a8b646fff8fa0e4b1c5fd940ecc844b43d1da5a980cb07f2d1b1132f", - "sha256:9b2c5b640a2da533b0ab5f148d87fb9989bf9bcb2e61eea6a729102a6d36aef9", - "sha256:a9083e7fa9adb1a4de5ac15f9097eb15b04e2c8f97618f1b881af40abce382e1", - "sha256:b7e3948b8b1a81c5a99d41da5fb2dc03ddb93b5f96fcd3fd27e643f91efa33e1", - "sha256:b998b8ca979d906085f6a5d84f7b5459e5e94a13fc27c28a3514437013b6c2f6", - "sha256:dd08c50bc6f7be69cd7ba0769acca28c846ec46b7a8ddc2acf4b9ac6f8a7457e", - "sha256:de5badee458544ab8125e63e39afeedfcf3aef6a6e2282ac159c95ae7472d773", - "sha256:ede2a87333d24f55a4a7338a6ccdccf3eaa9bed081d1737e0db4dbd1a4f7e6b6" - ], - "version": "==3.1.6" - }, - "binaryornot": { - "hashes": [ - "sha256:359501dfc9d40632edc9fac890e19542db1a287bbcfa58175b66658392018061", - "sha256:b8b71173c917bddcd2c16070412e369c3ed7f0528926f70cac18a6c97fd563e4" - ], - "version": "==0.4.4" - }, - "cerberus": { - "hashes": [ - "sha256:f5c2e048fb15ecb3c088d192164316093fcfa602a74b3386eefb2983aa7e800a" - ], - "version": "==1.2" - }, - "certifi": { - "hashes": [ - "sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5", - "sha256:b26104d6835d1f5e49452a26eb2ff87fe7090b89dfcaee5ea2212697e1e1d7ae" - ], - "version": "==2019.3.9" - }, - "cffi": { - "hashes": [ - "sha256:00b97afa72c233495560a0793cdc86c2571721b4271c0667addc83c417f3d90f", - "sha256:0ba1b0c90f2124459f6966a10c03794082a2f3985cd699d7d63c4a8dae113e11", - "sha256:0bffb69da295a4fc3349f2ec7cbe16b8ba057b0a593a92cbe8396e535244ee9d", - "sha256:21469a2b1082088d11ccd79dd84157ba42d940064abbfa59cf5f024c19cf4891", - "sha256:2e4812f7fa984bf1ab253a40f1f4391b604f7fc424a3e21f7de542a7f8f7aedf", - "sha256:2eac2cdd07b9049dd4e68449b90d3ef1adc7c759463af5beb53a84f1db62e36c", - "sha256:2f9089979d7456c74d21303c7851f158833d48fb265876923edcb2d0194104ed", - "sha256:3dd13feff00bddb0bd2d650cdb7338f815c1789a91a6f68fdc00e5c5ed40329b", - "sha256:4065c32b52f4b142f417af6f33a5024edc1336aa845b9d5a8d86071f6fcaac5a", - "sha256:51a4ba1256e9003a3acf508e3b4f4661bebd015b8180cc31849da222426ef585", - "sha256:59888faac06403767c0cf8cfb3f4a777b2939b1fbd9f729299b5384f097f05ea", - "sha256:59c87886640574d8b14910840327f5cd15954e26ed0bbd4e7cef95fa5aef218f", - "sha256:610fc7d6db6c56a244c2701575f6851461753c60f73f2de89c79bbf1cc807f33", - "sha256:70aeadeecb281ea901bf4230c6222af0248c41044d6f57401a614ea59d96d145", - "sha256:71e1296d5e66c59cd2c0f2d72dc476d42afe02aeddc833d8e05630a0551dad7a", - "sha256:8fc7a49b440ea752cfdf1d51a586fd08d395ff7a5d555dc69e84b1939f7ddee3", - "sha256:9b5c2afd2d6e3771d516045a6cfa11a8da9a60e3d128746a7fe9ab36dfe7221f", - "sha256:9c759051ebcb244d9d55ee791259ddd158188d15adee3c152502d3b69005e6bd", - "sha256:b4d1011fec5ec12aa7cc10c05a2f2f12dfa0adfe958e56ae38dc140614035804", - "sha256:b4f1d6332339ecc61275bebd1f7b674098a66fea11a00c84d1c58851e618dc0d", - "sha256:c030cda3dc8e62b814831faa4eb93dd9a46498af8cd1d5c178c2de856972fd92", - "sha256:c2e1f2012e56d61390c0e668c20c4fb0ae667c44d6f6a2eeea5d7148dcd3df9f", - "sha256:c37c77d6562074452120fc6c02ad86ec928f5710fbc435a181d69334b4de1d84", - "sha256:c8149780c60f8fd02752d0429246088c6c04e234b895c4a42e1ea9b4de8d27fb", - "sha256:cbeeef1dc3c4299bd746b774f019de9e4672f7cc666c777cd5b409f0b746dac7", - "sha256:e113878a446c6228669144ae8a56e268c91b7f1fafae927adc4879d9849e0ea7", - "sha256:e21162bf941b85c0cda08224dade5def9360f53b09f9f259adb85fc7dd0e7b35", - "sha256:fb6934ef4744becbda3143d30c6604718871495a5e36c408431bf33d9c146889" - ], - "version": "==1.12.2" - }, - "chardet": { - "hashes": [ - "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", - "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" - ], - "version": "==3.0.4" - }, - "click": { - "hashes": [ - "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d", - "sha256:f15516df478d5a56180fbf80e68f206010e6d160fc39fa508b65e035fd75130b" - ], - "version": "==6.7" - }, - "click-completion": { - "hashes": [ - "sha256:7ca12978493a7450486cef155845af4fae48744c3f97b7250a254de65c9e5e5a" - ], - "version": "==0.3.1" - }, - "colorama": { - "hashes": [ - "sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda", - "sha256:48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1" - ], - "version": "==0.3.9" - }, - "configparser": { - "hashes": [ - "sha256:8be81d89d6e7b4c0d4e44bcc525845f6da25821de80cb5e06e7e0238a2899e32", - "sha256:da60d0014fd8c55eb48c1c5354352e363e2d30bbf7057e5e171a468390184c75" - ], - "markers": "python_version < '3.2'", - "version": "==3.7.4" - }, - "cookiecutter": { - "hashes": [ - "sha256:1316a52e1c1f08db0c9efbf7d876dbc01463a74b155a0d83e722be88beda9a3e", - "sha256:ed8f54a8fc79b6864020d773ce11539b5f08e4617f353de1f22d23226f6a0d36" - ], - "version": "==1.6.0" - }, - "cryptography": { - "hashes": [ - "sha256:066f815f1fe46020877c5983a7e747ae140f517f1b09030ec098503575265ce1", - "sha256:210210d9df0afba9e000636e97810117dc55b7157c903a55716bb73e3ae07705", - "sha256:26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6", - "sha256:2afb83308dc5c5255149ff7d3fb9964f7c9ee3d59b603ec18ccf5b0a8852e2b1", - "sha256:2db34e5c45988f36f7a08a7ab2b69638994a8923853dec2d4af121f689c66dc8", - "sha256:409c4653e0f719fa78febcb71ac417076ae5e20160aec7270c91d009837b9151", - "sha256:45a4f4cf4f4e6a55c8128f8b76b4c057027b27d4c67e3fe157fa02f27e37830d", - "sha256:48eab46ef38faf1031e58dfcc9c3e71756a1108f4c9c966150b605d4a1a7f659", - "sha256:6b9e0ae298ab20d371fc26e2129fd683cfc0cfde4d157c6341722de645146537", - "sha256:6c4778afe50f413707f604828c1ad1ff81fadf6c110cb669579dea7e2e98a75e", - "sha256:8c33fb99025d353c9520141f8bc989c2134a1f76bac6369cea060812f5b5c2bb", - "sha256:9873a1760a274b620a135054b756f9f218fa61ca030e42df31b409f0fb738b6c", - "sha256:9b069768c627f3f5623b1cbd3248c5e7e92aec62f4c98827059eed7053138cc9", - "sha256:9e4ce27a507e4886efbd3c32d120db5089b906979a4debf1d5939ec01b9dd6c5", - "sha256:acb424eaca214cb08735f1a744eceb97d014de6530c1ea23beb86d9c6f13c2ad", - "sha256:c8181c7d77388fe26ab8418bb088b1a1ef5fde058c6926790c8a0a3d94075a4a", - "sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460", - "sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd", - "sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6" - ], - "version": "==2.6.1" - }, - "docker-py": { - "hashes": [ - "sha256:35b506e95861914fa5ad57a6707e3217b4082843b883be246190f57013948aba", - "sha256:4c2a75875764d38d67f87bc7d03f7443a3895704efc57962bdf6500b8d4bc415" - ], - "index": "pypi", - "version": "==1.10.6" - }, - "docker-pycreds": { - "hashes": [ - "sha256:6ce3270bcaf404cc4c3e27e4b6c70d3521deae82fb508767870fdbf772d584d4", - "sha256:7266112468627868005106ec19cd0d722702d2b7d5912a28e19b826c3d37af49" - ], - "version": "==0.4.0" - }, - "entrypoints": { - "hashes": [ - "sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19", - "sha256:c70dd71abe5a8c85e55e12c19bd91ccfeec11a6e99044204511f9ed547d48451" - ], - "version": "==0.3" - }, - "enum34": { - "hashes": [ - "sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850", - "sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a", - "sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79", - "sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1" - ], - "markers": "python_version < '3.4'", - "version": "==1.1.6" - }, - "fasteners": { - "hashes": [ - "sha256:427c76773fe036ddfa41e57d89086ea03111bbac57c55fc55f3006d027107e18", - "sha256:564a115ff9698767df401efca29620cbb1a1c2146b7095ebd304b79cc5807a7c" - ], - "version": "==0.14.1" - }, - "flake8": { - "hashes": [ - "sha256:859996073f341f2670741b51ec1e67a01da142831aa1fdc6242dbf88dffbe661", - "sha256:a796a115208f5c03b18f332f7c11729812c8c3ded6c46319c59b53efd3819da8" - ], - "version": "==3.7.7" - }, - "funcsigs": { - "hashes": [ - "sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca", - "sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50" - ], - "markers": "python_version < '3.0'", - "version": "==1.0.2" - }, - "functools32": { - "hashes": [ - "sha256:89d824aa6c358c421a234d7f9ee0bd75933a67c29588ce50aaa3acdf4d403fa0", - "sha256:f6253dfbe0538ad2e387bd8fdfd9293c925d63553f5813c4e587745416501e6d" - ], - "markers": "python_version < '3.2'", - "version": "==3.2.3.post2" - }, - "future": { - "hashes": [ - "sha256:67045236dcfd6816dc439556d009594abf643e5eb48992e36beac09c2ca659b8" - ], - "version": "==0.17.1" - }, - "git-url-parse": { - "hashes": [ - "sha256:4655ee22f1d8bf7a1eb1066c1da16529b186966c6d8331f7f55686a76a9f7aef", - "sha256:7b5f4e3aeb1d693afeee67a3bd4ac063f7206c2e8e46e559f0da0da98445f117", - "sha256:9353ff40d69488ff2299b27f40e0350ad87bd5348ea6ea09a1895eda9e5733de" - ], - "version": "==1.2.2" - }, - "idna": { - "hashes": [ - "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e", - "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16" - ], - "version": "==2.7" - }, - "ipaddress": { - "hashes": [ - "sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794", - "sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c" - ], - "markers": "python_version < '3'", - "version": "==1.0.22" - }, - "jinja2": { - "hashes": [ - "sha256:74c935a1b8bb9a3947c50a54766a969d4846290e1e788ea44c1392163723c3bd", - "sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4" - ], - "version": "==2.10" - }, - "jinja2-time": { - "hashes": [ - "sha256:d14eaa4d315e7688daa4969f616f226614350c48730bfa1692d2caebd8c90d40", - "sha256:d3eab6605e3ec8b7a0863df09cc1d23714908fa61aa6986a845c20ba488b4efa" - ], - "version": "==0.2.0" - }, - "markupsafe": { - "hashes": [ - "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473", - "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161", - "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235", - "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5", - "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff", - "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b", - "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1", - "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e", - "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183", - "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66", - "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1", - "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1", - "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e", - "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b", - "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905", - "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735", - "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d", - "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e", - "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d", - "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c", - "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21", - "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2", - "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5", - "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b", - "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6", - "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f", - "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f", - "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7" - ], - "version": "==1.1.1" - }, - "mccabe": { - "hashes": [ - "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42", - "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f" - ], - "version": "==0.6.1" - }, - "molecule": { - "hashes": [ - "sha256:0e9ef6845cdf2a01f6c386445e4e54add3f515a033ee16b7b658e6122c8f0d76", - "sha256:621797c54299775f284bbb010d5bb9be485500eecaaa14a476cbc0df285d0da7" - ], - "index": "pypi", - "version": "==2.20.1" - }, - "monotonic": { - "hashes": [ - "sha256:23953d55076df038541e648a53676fb24980f7a1be290cdda21300b3bc21dfb0", - "sha256:552a91f381532e33cbd07c6a2655a21908088962bb8fa7239ecbcc6ad1140cc7" - ], - "version": "==1.5" - }, - "more-itertools": { - "hashes": [ - "sha256:38a936c0a6d98a38bcc2d03fdaaedaba9f412879461dd2ceff8d37564d6522e4", - "sha256:c0a5785b1109a6bd7fac76d6837fd1feca158e54e521ccd2ae8bfe393cc9d4fc", - "sha256:fe7a7cae1ccb57d33952113ff4fa1bc5f879963600ed74918f1236e212ee50b9" - ], - "markers": "python_version <= '2.7'", - "version": "==5.0.0" - }, - "paramiko": { - "hashes": [ - "sha256:3c16b2bfb4c0d810b24c40155dbfd113c0521e7e6ee593d704e84b4c658a1f3b", - "sha256:a8975a7df3560c9f1e2b43dc54ebd40fd00a7017392ca5445ce7df409f900fcb" - ], - "version": "==2.4.2" - }, - "pathlib2": { - "hashes": [ - "sha256:25199318e8cc3c25dcb45cbe084cc061051336d5a9ea2a12448d3d8cb748f742", - "sha256:5887121d7f7df3603bca2f710e7219f3eca0eb69e0b7cc6e0a022e155ac931a7" - ], - "markers": "python_version < '3.6'", - "version": "==2.3.3" - }, - "pathspec": { - "hashes": [ - "sha256:54a5eab895d89f342b52ba2bffe70930ef9f8d96e398cccf530d21fa0516a873" - ], - "version": "==0.5.9" - }, - "pbr": { - "hashes": [ - "sha256:f59d71442f9ece3dffc17bc36575768e1ee9967756e6b6535f0ee1f0054c3d68", - "sha256:f6d5b23f226a2ba58e14e49aa3b1bfaf814d0199144b95d78458212444de1387" - ], - "version": "==5.1.1" - }, - "pexpect": { - "hashes": [ - "sha256:2a8e88259839571d1251d278476f3eec5db26deb73a70be5ed5dc5435e418aba", - "sha256:3fbd41d4caf27fa4a377bfd16fef87271099463e6fa73e92a52f92dfee5d425b" - ], - "version": "==4.6.0" - }, - "pluggy": { - "hashes": [ - "sha256:19ecf9ce9db2fce065a7a0586e07cfb4ac8614fe96edf628a264b1c70116cf8f", - "sha256:84d306a647cc805219916e62aab89caa97a33a1dd8c342e87a37f91073cd4746" - ], - "version": "==0.9.0" - }, - "poyo": { - "hashes": [ - "sha256:c34a5413191210ed564640510e9c4a4ba3b698746d6b454d46eb5bfb30edcd1d", - "sha256:d1c317054145a6b1ca0608b5e676b943ddc3bfd671f886a2fe09288b98221edb" - ], - "version": "==0.4.2" - }, - "psutil": { - "hashes": [ - "sha256:0ff2b16e9045d01edb1dd10d7fbcc184012e37f6cd38029e959f2be9c6223f50", - "sha256:254adb6a27c888f141d2a6032ae231d8ed4fc5f7583b4c825e5f7d7c78d26d2e", - "sha256:319e12f6bae4d4d988fbff3bed792953fa3b44c791f085b0a1a230f755671ef7", - "sha256:529ae235896efb99a6f77653a7138273ab701ec9f0343a1f5030945108dee3c4", - "sha256:686e5a35fe4c0acc25f3466c32e716f2d498aaae7b7edc03e2305b682226bcf6", - "sha256:6d981b4d863b20c8ceed98b8ac3d1ca7f96d28707a80845d360fa69c8fc2c44b", - "sha256:7789885a72aa3075d28d028236eb3f2b84d908f81d38ad41769a6ddc2fd81b7c", - "sha256:7f4616bcb44a6afda930cfc40215e5e9fa7c6896e683b287c771c937712fbe2f", - "sha256:7fdb3d02bfd68f508e6745021311a4a4dbfec53fca03721474e985f310e249ba", - "sha256:a9b85b335b40a528a8e2a6b549592138de8429c6296e7361892958956e6a73cf", - "sha256:dc85fad15ef98103ecc047a0d81b55bbf5fe1b03313b96e883acc2e2fa87ed5c" - ], - "version": "==5.4.6" - }, - "ptyprocess": { - "hashes": [ - "sha256:923f299cc5ad920c68f2bc0bc98b75b9f838b93b599941a6b63ddbc2476394c0", - "sha256:d7cc528d76e76342423ca640335bd3633420dc1366f258cb31d05e865ef5ca1f" - ], - "version": "==0.6.0" - }, - "py": { - "hashes": [ - "sha256:64f65755aee5b381cea27766a3a147c3f15b9b6b9ac88676de66ba2ae36793fa", - "sha256:dc639b046a6e2cff5bbe40194ad65936d6ba360b52b3c3fe1d08a82dd50b5e53" - ], - "version": "==1.8.0" - }, - "pyasn1": { - "hashes": [ - "sha256:da2420fe13a9452d8ae97a0e478adde1dee153b11ba832a95b223a2ba01c10f7", - "sha256:da6b43a8c9ae93bc80e2739efb38cc776ba74a886e3e9318d65fe81a8b8a2c6e" - ], - "version": "==0.4.5" - }, - "pycodestyle": { - "hashes": [ - "sha256:95a2219d12372f05704562a14ec30bc76b05a5b297b21a5dfe3f6fac3491ae56", - "sha256:e40a936c9a450ad81df37f549d676d127b1b66000a6c500caa2b085bc0ca976c" - ], - "version": "==2.5.0" - }, - "pycparser": { - "hashes": [ - "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3" - ], - "version": "==2.19" - }, - "pyflakes": { - "hashes": [ - "sha256:17dbeb2e3f4d772725c777fabc446d5634d1038f234e77343108ce445ea69ce0", - "sha256:d976835886f8c5b31d47970ed689944a0262b5f3afa00a5a7b4dc81e5449f8a2" - ], - "version": "==2.1.1" - }, - "pynacl": { - "hashes": [ - "sha256:05c26f93964373fc0abe332676cb6735f0ecad27711035b9472751faa8521255", - "sha256:0c6100edd16fefd1557da078c7a31e7b7d7a52ce39fdca2bec29d4f7b6e7600c", - "sha256:0d0a8171a68edf51add1e73d2159c4bc19fc0718e79dec51166e940856c2f28e", - "sha256:1c780712b206317a746ace34c209b8c29dbfd841dfbc02aa27f2084dd3db77ae", - "sha256:2424c8b9f41aa65bbdbd7a64e73a7450ebb4aa9ddedc6a081e7afcc4c97f7621", - "sha256:2d23c04e8d709444220557ae48ed01f3f1086439f12dbf11976e849a4926db56", - "sha256:30f36a9c70450c7878053fa1344aca0145fd47d845270b43a7ee9192a051bf39", - "sha256:37aa336a317209f1bb099ad177fef0da45be36a2aa664507c5d72015f956c310", - "sha256:4943decfc5b905748f0756fdd99d4f9498d7064815c4cf3643820c9028b711d1", - "sha256:57ef38a65056e7800859e5ba9e6091053cd06e1038983016effaffe0efcd594a", - "sha256:5bd61e9b44c543016ce1f6aef48606280e45f892a928ca7068fba30021e9b786", - "sha256:6482d3017a0c0327a49dddc8bd1074cc730d45db2ccb09c3bac1f8f32d1eb61b", - "sha256:7d3ce02c0784b7cbcc771a2da6ea51f87e8716004512493a2b69016326301c3b", - "sha256:a14e499c0f5955dcc3991f785f3f8e2130ed504fa3a7f44009ff458ad6bdd17f", - "sha256:a39f54ccbcd2757d1d63b0ec00a00980c0b382c62865b61a505163943624ab20", - "sha256:aabb0c5232910a20eec8563503c153a8e78bbf5459490c49ab31f6adf3f3a415", - "sha256:bd4ecb473a96ad0f90c20acba4f0bf0df91a4e03a1f4dd6a4bdc9ca75aa3a715", - "sha256:e2da3c13307eac601f3de04887624939aca8ee3c9488a0bb0eca4fb9401fc6b1", - "sha256:f67814c38162f4deb31f68d590771a29d5ae3b1bd64b75cf232308e5c74777e0" - ], - "version": "==1.3.0" - }, - "pytest": { - "hashes": [ - "sha256:3773f4c235918987d51daf1db66d51c99fac654c81d6f2f709a046ab446d5e5d", - "sha256:b7802283b70ca24d7119b32915efa7c409982f59913c1a6c0640aacf118b95f5" - ], - "version": "==4.4.1" - }, - "python-dateutil": { - "hashes": [ - "sha256:7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb", - "sha256:c89805f6f4d64db21ed966fda138f8a5ed7a4fdbc1a8ee329ce1b74e3c74da9e" - ], - "version": "==2.8.0" - }, - "python-gilt": { - "hashes": [ - "sha256:4fd58c128635d1f4a8c93305e648f23379ce56e23624e4c5479427fcd2d5656e", - "sha256:c7321ef1a8efddbdef657b4fd21c3eaf1b4cb24a9656d97b73a444b1feb2067a", - "sha256:e23a45a6905e6bb7aec3ff7652b48309933a6991fad4546d9e793ac7e0513f8a" - ], - "version": "==1.2.1" - }, - "pyyaml": { - "hashes": [ - "sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b", - "sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf", - "sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a", - "sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3", - "sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1", - "sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1", - "sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613", - "sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04", - "sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f", - "sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537", - "sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531" - ], - "version": "==3.13" - }, - "requests": { - "hashes": [ - "sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e", - "sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b" - ], - "version": "==2.21.0" - }, - "ruamel.ordereddict": { - "hashes": [ - "sha256:08b4b19fe518d32251a5338e039c4dc9eb0876f2919f94c9b8d2f9446ea80806", - "sha256:150ce8e6c514a2a2b62753622a75874962561f8e5eeec81a3172ab952807bf0b", - "sha256:45541836cbfdde630033cae7bbbe35acbac87a0ceec79f944b7a3bedd940fe78", - "sha256:854dd4a524811b16111b1107d8a751e4ca064d2bb103d3d91deab75de36b6620", - "sha256:aee2fa23e884249b4284b728888c553d551e5bfd4de2731f10153fd7813ec55f", - "sha256:bf0a198c8ce5d973c24e5dba12d3abc254996788ca6ad8448eabc6aa710db149" - ], - "markers": "platform_python_implementation == 'CPython' and python_version <= '2.7'", - "version": "==0.4.13" - }, - "ruamel.yaml": { - "hashes": [ - "sha256:09ed5b07bfd09592dd265dc0f645b3e96e6c69de59ac1cd5b6dbcb8a243a28ee", - "sha256:10c194ef72f7419dd2fde7b35746c1e4bdaf80911e07c33eff3aedc1a89d574a", - "sha256:10e49c1b9ba35a9682fb3afffe52c2a1383e442bf05938dd87d30db252ce2e0b", - "sha256:1ca24a5ce2d2e61e6c504cbbbb24ece78127c79af87e8fe3175bb58c048f986d", - "sha256:272ade6dd5c27fdf2b917a497ee2bad1b11f41ad6f3f646a16a21b3ad78c2626", - "sha256:4be750a41289528e446d075b048e8cd06ea6a6779c2ef77f7b87ad3c567117d7", - "sha256:4d5c331e8a0e4423535e9dfecc6ea8f0ec4360b524b103f46432021cb9698d2e", - "sha256:69af34d4034659774e45d9f077e6f930d2c41c38ac721d5e7cb88b7629be446d", - "sha256:70229ffbd67a5171fc6aef24c32caa65042834bf6e8d0b3116d4046920a20be9", - "sha256:70a88e6ae131789e2fbe3816450a10c057b21ae93c875f717435fe2cea5fdcf3", - "sha256:89609fd5696cc82265877cdde3505242ebd2b262fb87a86e46d370fad5ff4111", - "sha256:92ff5ed79f5a98e3a57c741d238afa2846f2cae87d6385eebb93d0dcd6caf5b4", - "sha256:9f1323e7f6d25c8fba5fee5809a22f31805976978c7316a7d08ecdda0c22d6f0", - "sha256:af76d3350062124d8488b31c8dff9664a6a4934a71efb8af35d5c346632a765c", - "sha256:bf6931ac24676189ce061485a42e4ad36d158672dfde2bf7ba953b0edc8ee40b", - "sha256:c6d05e38a141922eca7902135e7a40b605763d6da8ec6624517370631ce9fb6d", - "sha256:dc4237c27602ceb8ff060e0172da2f6a7e759008dba592f58b8fae0003cf0a57", - "sha256:dfa4948d1a2ea577e53f05e9de7396db7cddba286f2827e7177d249fc7303681", - "sha256:e287e894dde92fc8555ad767e240d3e604a9e25afc02eeee35e21f0d25e152b8", - "sha256:e56b6f687a5361bcdab3dbc776cbdeff623a976760afeadc725129e53cf13092", - "sha256:ecaf924ab269c8ea4006792710d93ff5d900f99a81fb74a8040b0eeff3571baf", - "sha256:f624dd645ed2f342015a8b9149691feaac532f26b77fd206df2d724ebf82bd14" - ], - "version": "==0.15.92" - }, - "scandir": { - "hashes": [ - "sha256:2586c94e907d99617887daed6c1d102b5ca28f1085f90446554abf1faf73123e", - "sha256:2ae41f43797ca0c11591c0c35f2f5875fa99f8797cb1a1fd440497ec0ae4b022", - "sha256:2b8e3888b11abb2217a32af0766bc06b65cc4a928d8727828ee68af5a967fa6f", - "sha256:2c712840c2e2ee8dfaf36034080108d30060d759c7b73a01a52251cc8989f11f", - "sha256:4d4631f6062e658e9007ab3149a9b914f3548cb38bfb021c64f39a025ce578ae", - "sha256:67f15b6f83e6507fdc6fca22fedf6ef8b334b399ca27c6b568cbfaa82a364173", - "sha256:7d2d7a06a252764061a020407b997dd036f7bd6a175a5ba2b345f0a357f0b3f4", - "sha256:8c5922863e44ffc00c5c693190648daa6d15e7c1207ed02d6f46a8dcc2869d32", - "sha256:92c85ac42f41ffdc35b6da57ed991575bdbe69db895507af88b9f499b701c188", - "sha256:b24086f2375c4a094a6b51e78b4cf7ca16c721dcee2eddd7aa6494b42d6d519d", - "sha256:cb925555f43060a1745d0a321cca94bcea927c50114b623d73179189a4e100ac" - ], - "markers": "python_version < '3.5'", - "version": "==1.10.0" - }, - "sh": { - "hashes": [ - "sha256:ae3258c5249493cebe73cb4e18253a41ed69262484bad36fdb3efcb8ad8870bb", - "sha256:b52bf5833ed01c7b5c5fb73a7f71b3d98d48e9b9b8764236237bdc7ecae850fc" - ], - "version": "==1.12.14" - }, - "six": { - "hashes": [ - "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", - "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb" - ], - "version": "==1.11.0" - }, - "tabulate": { - "hashes": [ - "sha256:e4ca13f26d0a6be2a2915428dc21e732f1e44dad7f76d7030b2ef1ec251cf7f2" - ], - "version": "==0.8.2" - }, - "testinfra": { - "hashes": [ - "sha256:8dbbf25039674d419598f576c5652947cebdf7cbbea8f23acacc80271009c6cb", - "sha256:d13dda899d5a051465f041a821363e2ebdd079391fbeae04089a2df7d35e3d54" - ], - "version": "==1.19.0" - }, - "tree-format": { - "hashes": [ - "sha256:a538523aa78ae7a4b10003b04f3e1b37708e0e089d99c9d3b9e1c71384c9a7f9", - "sha256:b5056228dbedde1fb81b79f71fb0c23c98e9d365230df9b29af76e8d8003de11" - ], - "version": "==0.1.2" - }, - "typing": { - "hashes": [ - "sha256:4027c5f6127a6267a435201981ba156de91ad0d1d98e9ddc2aa173453453492d", - "sha256:57dcf675a99b74d64dacf6fba08fb17cf7e3d5fdff53d4a30ea2a5e7e52543d4", - "sha256:a4c8473ce11a65999c8f59cb093e70686b6c84c98df58c1dae9b3b196089858a" - ], - "markers": "python_version < '3.5'", - "version": "==3.6.6" - }, - "urllib3": { - "hashes": [ - "sha256:61bf29cada3fc2fbefad4fdf059ea4bd1b4a86d2b6d15e1c7c0b582b9752fe39", - "sha256:de9529817c93f27c8ccbfead6985011db27bd0ddfcdb2d86f3f663385c6a9c22" - ], - "version": "==1.24.1" - }, - "websocket-client": { - "hashes": [ - "sha256:1151d5fb3a62dc129164292e1227655e4bbc5dd5340a5165dfae61128ec50aa9", - "sha256:1fd5520878b68b84b5748bb30e592b10d0a91529d5383f74f4964e72b297fd3a" - ], - "version": "==0.56.0" - }, - "whichcraft": { - "hashes": [ - "sha256:7533870f751901a0ce43c93cc9850186e9eba7fe58c924dfb435968ba9c9fa4e", - "sha256:fecddd531f237ffc5db8b215409afb18fa30300699064cca4817521b4fc81815" - ], - "version": "==0.5.2" - }, - "yamllint": { - "hashes": [ - "sha256:5a53b6ebea563f944420d2964233173532af00a9579ab2c48c4cf8c56b704050", - "sha256:8f25759997acb42e52b96bf3af0b4b942e6516b51198bebd3402640102006af7" - ], - "version": "==1.15.0" - } - }, - "develop": {} -} From fbaa88127f6222f55c4a2e3432b54d1f8834a2f7 Mon Sep 17 00:00:00 2001 From: manuasir Date: Thu, 13 Jun 2019 18:07:23 +0200 Subject: [PATCH 10/10] Updated CHANGELOG --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fad82137..af79a017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,20 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.2_7.1.1] + +### Added + +- Update to Wazuh v3.9.2 +- Support for Elastic 7 +- Ability to deploy an Elasticsearch cluster [#6b95e3](https://github.com/wazuh/wazuh-ansible/commit/6b95e304b6ac4dfec08df5cd0fe29be9cc7dc22c) + +## [v3.9.2_6.8.0] + +### Added + +- Update to Wazuh v3.9.2 + ## [v3.9.1] ### Added