From 82bac449372524e15235749228f4d212861932f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 13:22:15 -0300 Subject: [PATCH 1/8] Wazuh cert tool update --- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- roles/wazuh/wazuh-indexer/templates/config.yml.j2 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 64f227ca..5dd53ad2 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -56,7 +56,7 @@ indexer_http_port: 9200 certs_gen_tool_version: 4.3 # Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/resources/{{ certs_gen_tool_version }}/install_functions/opendistro/wazuh-cert-tool.sh" +certs_gen_tool_url: "https://packages-dev.wazuh.com/resources/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" indexer_admin_password: changeme dashboard_password: changeme diff --git a/roles/wazuh/wazuh-indexer/templates/config.yml.j2 b/roles/wazuh/wazuh-indexer/templates/config.yml.j2 index 8b1babf1..131e5e4b 100644 --- a/roles/wazuh/wazuh-indexer/templates/config.yml.j2 +++ b/roles/wazuh/wazuh-indexer/templates/config.yml.j2 @@ -1,6 +1,6 @@ nodes: - # Elasticsearch server nodes - elasticsearch: + # Indexer server nodes + indexer: {% for (key,value) in instances.items() %} {% if (value.role is defined and value.role == 'indexer') %} name: {{ value.name }} @@ -23,8 +23,8 @@ nodes: {% endif %} {% endfor %} - # Kibana node - kibana: + # Dashboard node + dashboard: {% for (key,value) in instances.items() %} {% if (value.role is defined and value.role == 'dashboard') %} name: {{ value.name }} From 5c6f098d568873c059a1f0128d6a26622b4b0197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 14:56:47 -0300 Subject: [PATCH 2/8] Wazuh cert tool URL corrected --- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 5dd53ad2..1af3eea2 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -56,7 +56,7 @@ indexer_http_port: 9200 certs_gen_tool_version: 4.3 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/resources/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" indexer_admin_password: changeme dashboard_password: changeme From a8731e0fae5d501bf2cff7550baec9b8689e1d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 17:11:05 -0300 Subject: [PATCH 3/8] opensearch yml update --- README.md | 12 ++++++------ .../wazuh/wazuh-indexer/templates/opensearch.yml.j2 | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4fa618f4..f0c775c6 100644 --- a/README.md +++ b/README.md @@ -56,16 +56,16 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb │ │ ├── playbooks │ │ ├── wazuh-agent.yml + │ │ ├── wazuh-dashboard.yml │ │ ├── wazuh-elastic.yml │ │ ├── wazuh-elastic_stack-distributed.yml │ │ ├── wazuh-elastic_stack-single.yml + │ │ ├── wazuh-indexer.yml │ │ ├── wazuh-kibana.yml │ │ ├── wazuh-manager-oss.yml │ │ ├── wazuh-manager.yml - │ │ ├── wazuh-opensearch-opensearch_dashboards.yml - | | ├── wazuh-opensearch-production-ready - │ │ ├── wazuh-opensearch-single.yml - │ │ ├── wazuh-opensearch.yml + | | ├── wazuh-production-ready + │ │ ├── wazuh-single.yml │ │ ├── README.md │ ├── VERSION @@ -321,7 +321,7 @@ ansible_ssh_extra_args='-o StrictHostKeyChecking=no' ### Launching the playbook ```bash -sudo ansible-playbook wazuh-opensearch-production-ready.yml -i inventory +sudo ansible-playbook wazuh-production-ready.yml -i inventory ``` After the playbook execution, the Wazuh UI should be reachable through `https://:5601` @@ -389,7 +389,7 @@ ansible_ssh_extra_args='-o StrictHostKeyChecking=no' ### Launching the playbook ```bash -sudo ansible-playbook wazuh-opensearch-single.yml -i inventory +sudo ansible-playbook wazuh-single.yml -i inventory ``` After the playbook execution, the Wazuh UI should be reachable through `https://:5601` diff --git a/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 b/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 index 654c979d..4a3cbf56 100644 --- a/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 +++ b/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 @@ -42,7 +42,7 @@ plugins.security.ssl.transport.resolve_hostname: false plugins.security.audit.type: internal_opensearch plugins.security.authcz.admin_dn: -- "CN=admin,OU=Docu,O=Wazuh,L=California,C=US" +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: From 264b6e89b584e9bdb352750a897e777116e13fa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 17:25:57 -0300 Subject: [PATCH 4/8] Wazuh template version --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 15d21b1f..50c1687c 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,12 +1,13 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: v4.2.5 filebeat_output_indexer_hosts: - "localhost:9200" -filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat +#filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat +filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module @@ -21,7 +22,10 @@ filebeat_ssl_dir: /etc/pki/filebeat local_certs_path: ./indexer/certificates filebeatrepo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + #yum: 'https://packages.wazuh.com/4.x/yum/' + #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' \ No newline at end of file From e9bd834ba04c01453e6786ecc88c4eff58854c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 18:26:12 -0300 Subject: [PATCH 5/8] DN updated in opensearch yaml --- roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 b/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 index 4a3cbf56..e267084a 100644 --- a/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 +++ b/roles/wazuh/wazuh-indexer/templates/opensearch.yml.j2 @@ -47,7 +47,7 @@ plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: {% for (key,value) in instances.items() %} -- "CN={{ value.name }},OU=Docu,O=Wazuh,L=California,C=US" +- "CN={{ value.name }},OU=Wazuh,O=Wazuh,L=California,C=US" {% endfor %} plugins.security.restapi.roles_enabled: - "all_access" From d38a36e4a23b29cc92de26041b16d07b98f4161f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 8 Mar 2022 22:51:17 -0300 Subject: [PATCH 6/8] config yml updated --- roles/wazuh/wazuh-indexer/templates/config.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/templates/config.yml.j2 b/roles/wazuh/wazuh-indexer/templates/config.yml.j2 index 131e5e4b..c0382f9c 100644 --- a/roles/wazuh/wazuh-indexer/templates/config.yml.j2 +++ b/roles/wazuh/wazuh-indexer/templates/config.yml.j2 @@ -10,7 +10,7 @@ nodes: # Wazuh server nodes # Use node_type only with more than one Wazuh manager - wazuh_servers: + server: {% for (key,value) in instances.items() %} {% if (value.role is defined and value.role == 'wazuh') %} name: {{ value.name }} From e3a4b98bee5d675fc54e947a714f133b42510695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 10 Mar 2022 20:09:52 -0300 Subject: [PATCH 7/8] Log config removed for dashboard --- .../wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 index a28aa9d3..f7910fb4 100644 --- a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 +++ b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 @@ -12,5 +12,4 @@ server.ssl.enabled: true server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem" opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] -logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log" uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global From 781a3fabfa29ed1c1a2e860920f724d84d30dc4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 11 Mar 2022 16:31:42 -0300 Subject: [PATCH 8/8] Restore to packages bucket --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 14 +++++--------- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 50c1687c..15d21b1f 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,13 +1,12 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.2.5 +wazuh_template_branch: v4.3.0 filebeat_output_indexer_hosts: - "localhost:9200" -#filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat -filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module @@ -22,10 +21,7 @@ filebeat_ssl_dir: /etc/pki/filebeat local_certs_path: ./indexer/certificates filebeatrepo: - #apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - #yum: 'https://packages.wazuh.com/4.x/yum/' - #gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' - yum: 'https://packages-dev.wazuh.com/pre-release/yum/' - gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 1af3eea2..a2577773 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -56,7 +56,7 @@ indexer_http_port: 9200 certs_gen_tool_version: 4.3 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" +certs_gen_tool_url: "https://packages.wazuh.com/resources/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" indexer_admin_password: changeme dashboard_password: changeme