afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

resolving conflicts between branchs

Browse Source
This commit is contained in:
vcerenu 2023-04-28 14:33:06 -03:00
commit e228ead890
No known key found for this signature in database
GPG Key ID: 4D7B159107F1244A
42 changed files with 1063 additions and 1895 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
.github/playbooks/aio-wazuh.yml vendored Normal file
View File

@ -0,0 +1,67 @@
- name: Generate certificates prior to converging
hosts: localhost
become: true
become_user: root
roles:
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Converge
hosts: localhost
become: true
become_user: root
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# 2. Wazuh indexer
- role: ../../roles/wazuh/wazuh-indexer
vars:
indexer_node_name: "wazuh-es01"
single_node: true
# 3. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager
- role: ../../roles/wazuh/ansible-filebeat-oss
vars:
filebeat_node_name: "wazuh-mgr01"
filebeat_output_indexer_hosts:
- "localhost:9200"
# 4. Wazuh dashboard
- role: ../../roles/wazuh/wazuh-dashboard
vars:
dashboard_node_name: "wazuh-dash01"
vars:
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node3:
name: wazuh-mgr01
ip: "127.0.0.1"
role: wazuh
node5:
name: wazuh-dash01
ip: "127.0.0.1"
role: dashboard

7
molecule/default/converge.yml → .github/playbooks/single-wazuh.yml vendored
View File

@ -13,7 +13,7 @@
tags:
- generate-certs
- name: ConvergeInstall
hosts: all
hosts: localhost
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
@ -23,7 +23,10 @@
# 2. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager
vars:
- { role: ../../roles/wazuh/ansible-filebeat-oss, filebeat_output_indexer_hosts: "indexer_centos7:9200" }
- role: ../../roles/wazuh/ansible-filebeat-oss
vars:
filebeat_output_indexer_hosts:
- "indexer_centos7:9200"
pre_tasks:
- name: (converge) fix missing packages in cloud images
apt:

67
.github/workflows/al_aio.yml vendored Normal file
View File

@ -0,0 +1,67 @@
---
name: AIO-AL-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.AL2_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

67
.github/workflows/al_wazuh.yml vendored Normal file
View File

@ -0,0 +1,67 @@
---
name: Wazuh-AL-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.AL2_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/centos_aio.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: AIO-CentOS-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/centos_wazuh.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: Wazuh-CentOS-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

66
.github/workflows/main.yml vendored
View File

@ -1,66 +0,0 @@
---
name: Molecule tests for Wazuh Ansible
on: [pull_request, workflow_dispatch, release]
jobs:
scenario-default:
name: Default scenario (smoke)
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
# Hack to get setup-python to work on act
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install poetry
run: pip3 install poetry
- name: Install dependencies
run: poetry install
- name: Run Molecule tests.
run: poetry run molecule test -s default
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
scenario-distributed-wazuh:
name: Distributed Wazuh
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install poetry
run: pip3 install poetry
- name: Install dependencies
run: poetry install
- name: Run Molecule tests.
run: poetry run molecule test -s distributed-wazuh
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'

76
.github/workflows/ubuntu_aio.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: AIO-Ubuntu-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }}
ec2-instance-type: t3a.large
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-aio-single-instance:
name: Installs AIO single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh AIO Single instance
run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-aio-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

76
.github/workflows/ubuntu_wazuh.yml vendored Normal file
View File

@ -0,0 +1,76 @@
---
name: Wazuh-Ubuntu-Single-Instance
on: [pull_request, workflow_dispatch, release]
jobs:
start-runner:
name: Start self-hosted EC2 runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: machulav/ec2-github-runner@v2
with:
mode: start
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }}
ec2-instance-type: t3.small
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SG_ID }}
aws-resource-tags: > # optional, requires additional permissions
[
{"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"},
{"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
{"Key": "team", "Value": "CICD"},
{"Key": "termination_date", "Value": "2022-12-31 21:00:00"}
]
install-wazuh-single-instance:
name: Installs Wazuh server single instance
needs: start-runner # required to start the main job when the runner is ready
runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
- name: Hack to get setup-python to work on act. See act issue 251
run: |
if [ ! -f "/etc/lsb-release" ] ; then
echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
fi
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Ansible Playbook run Wazuh Single instance
run: ansible-playbook ./.github/playbooks/single-wazuh.yml
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
stop-runner:
name: Stop self-hosted EC2 runner
needs:
- start-runner # required to get output from the start-runner job
- install-wazuh-single-instance # required to wait when the main job is done
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Stop EC2 runner
uses: machulav/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}

18
CHANGELOG.md Executable file → Normal file
View File

@ -1,6 +1,18 @@
# Change Log
All notable changes to this project will be documented in this file.
## [v4.4.1]
### Added
- Update to [Wazuh v4.4.1](https://github.com/wazuh/wazuh/blob/v4.4.1/CHANGELOG.md#v441)
## [v4.4.0]
### Added
- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
## [v4.3.11]
### Added
@ -73,6 +85,12 @@ All notable changes to this project will be documented in this file.
- Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
## [v4.2.6]
### Added
- Update to [Wazuh v4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
## [v4.2.5]
### Added

121
README.md
View File

@ -16,6 +16,8 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| Wazuh version | Elastic | ODFE |
|---------------|---------|--------|
| v4.4.1 | | |
| v4.4.0 | | |
| v4.3.11 | | |
| v4.3.10 | | |
| v4.3.9 | | |
@ -28,6 +30,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| v4.3.2 | | |
| v4.3.1 | | |
| v4.3.0 | | |
| v4.2.6 | 7.10.2 | 1.13.2 |
| v4.2.5 | 7.10.2 | 1.13.2 |
| v4.2.4 | 7.10.2 | 1.13.2 |
| v4.2.3 | 7.10.2 | 1.13.2 |
@ -395,6 +398,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory
After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>`
## Example: Wazuh server cluster (without Filebeat)
### Playbook
The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes.
```yaml
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
### Inventory file
```ini
[manager]
<your manager master server host>
[worker01]
<your manager worker01 server host>
[all:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=/path/to/ssh/key.pem
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
```
### Adding additional workers
Add the following block at the end of the playbook
```yaml
- hosts: worker02
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_02'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
```
NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration.
Add the following lines to the inventory file:
```ini
[worker02]
<your manager worker02 server host>
```
### Launching the playbook
```bash
sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory
```
## Contribute
If you want to contribute to our repository, please fork our Github repository and submit a pull request.

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v4.3.11"
REVISION="40324"
WAZUH-ANSIBLE_VERSION="v4.4.1"
REVISION="40406"

16
molecule/default/INSTALL.rst
View File

@ -1,16 +0,0 @@
*******
Install
*******
Requirements
============
* Docker Engine
* docker-py
Install
=======
.. code-block:: bash
$ sudo pip install docker-py

69
molecule/default/molecule.yml
View File

@ -1,69 +0,0 @@
---
# Smoke test: basic manager run
dependency:
name: galaxy
driver:
name: docker
lint: |
yamllint .
ansible-lint roles
flake8 molecule
platforms:
- name: wazuh_manager_centos7
hostname: wazuh-mgr01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: wazuh_manager_debian9
hostname: wazuh-mgr02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
provisioner:
name: ansible
ansible_args:
- -vv
config_options:
defaults:
hash_behaviour: merge
playbooks:
create: create.yml
converge: converge.yml
#destroy: destroy.yml
env:
ANSIBLE_ROLES_PATH: ./roles
lint:
name: ansible-lint
enabled: false
scenario:
name: default
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
#- idempotence
#- verify
- cleanup
- destroy
verifier:
name: testinfra

16
molecule/distributed-wazuh/INSTALL.rst
View File

@ -1,16 +0,0 @@
*******
Install
*******
Requirements
============
* Docker Engine
* docker-py
Install
=======
.. code-block:: bash
$ sudo pip install docker-py

126
molecule/distributed-wazuh/converge.yml
View File

@ -1,126 +0,0 @@
---
- name: Build Facts
hosts: all
become: true
become_user: root
vars:
endpoints_hostvars: '{{ managers_hostvars | union(indexer_hostvars) | union(dashboard_hostvars) }}'
wazuh_managers_common:
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: ansible
max_retries: 5
retry_interval: 5
pre_tasks:
- name: (converge) build instances list dynamically for cert generator consumption
set_fact:
wazuh_endpoint_list: "{{ wazuh_endpoint_list | default({}) | combine({ instance_hostname: instance_item }) }}"
vars:
instance_hostname: '{{ item.ansible_facts.hostname }}'
instance_item:
name: '{{ instance_hostname }}'
ip: '{{ item.private_ip }}'
loop: '{{ endpoints_hostvars }}'
no_log: true
- name: (converge) build wazuh_managers list dynamically for agents to consume
set_fact:
wazuh_managers_list: '{{ wazuh_managers_list | default([]) | union([manager_item]) }}'
vars:
manager_item: '{{ wazuh_managers_common | combine({"address": item}) }}'
loop: '{{ manager_addresses }}'
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Generate certificates prior to converging
hosts: molecule_wazuh_indexer_centos7
become: true
become_user: root
roles:
- role: ../../roles/wazuh/wazuh-indexer
vars:
generate_certs: true
perform_installation: false
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: wazuh-es02
ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}"
role: indexer
node3:
name: wazuh-mgr01
ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}"
role: wazuh
node_type: master
node4:
name: wazuh-mgr02
ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}"
role: wazuh
node_type: worker
node5:
name: wazuh-dash01
ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}"
role: dashboard
pre_tasks:
- name: overview of cert configuration
debug:
var: wazuh_endpoint_list
- name: Converge
hosts: all
become: true
become_user: root
roles:
# 1. Check packages
- role: ../../roles/wazuh/check-packages
become: no
delegate_to: localhost
run_once: true
# 2. Wazuh indexer
- role: ../../roles/wazuh/wazuh-indexer
when: inventory_hostname in groups['indexer']
# 3. Managers
- role: ../../roles/wazuh/ansible-wazuh-manager
when: inventory_hostname in groups['managers']
- role: ../../roles/wazuh/ansible-filebeat-oss
when: inventory_hostname in groups['managers']
# 4. Wazuh dashboard
- role: ../../roles/wazuh/wazuh-dashboard
when: inventory_hostname in groups['dashboard']
# 5. Agents:
- role: ../../roles/wazuh/ansible-wazuh-agent
vars:
wazuh_managers: '{{ wazuh_managers_list }}'
when: inventory_hostname in groups['agents']
vars:
instances:
node1:
name: wazuh-es01 # Important: must be equal to indexer_node_name.
ip: "{{ hostvars.molecule_wazuh_indexer_centos7.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert.
role: indexer
node2:
name: wazuh-es02
ip: "{{ hostvars.molecule_wazuh_indexer_centos7_2.private_ip }}"
role: indexer
node3:
name: wazuh-mgr01
ip: "{{ hostvars.molecule_wazuh_manager_debian9.private_ip }}"
role: wazuh
node_type: master
node4:
name: wazuh-mgr02
ip: "{{ hostvars.molecule_wazuh_manager_centos7.private_ip }}"
role: wazuh
node_type: worker
node5:
name: wazuh-dash01
ip: "{{ hostvars.molecule_wazuh_dashboard_centos7.private_ip }}"
role: dashboard

24
molecule/distributed-wazuh/group_vars/agents.yml
View File

@ -1,24 +0,0 @@
---
wazuh_agent_config:
enrollment:
enabled: 'yes'
#manager_address: ''
#port: 1515
agent_name: '{{ ansible_hostname }}'
#groups: ''
#agent_address: ''
#server_ca_path: ''
#agent_certificate_path: ''
#agent_key_path: ''
#authorization_pass_path : /var/ossec/etc/authd.pass
#auto_method: 'no'
#delay_after_enrollment: 20
#use_source_ip: 'no'
wazuh_agent_authd:
registration_address: '{{ manager_addresses[0] }}'
enable: true
port: 1515
ssl_agent_ca: null
ssl_auto_negotiate: 'no'

16
molecule/distributed-wazuh/group_vars/dashboard.yml
View File

@ -1,16 +0,0 @@
---
dashboard_server_name: '{{ ansible_hostname }}'
indexer_network_host: "{{ indexer_addresses[0] }}"
indexer_node_master: false
indexer_node_ingest: false
indexer_node_data: false
role: 'dashboard'
wazuh_api_credentials:
- id: default
url: 'https://{{ manager_addresses[0] }}'
port: 55000
username: wazuh
password: wazuh

13
molecule/distributed-wazuh/group_vars/indexer.yml
View File

@ -1,13 +0,0 @@
---
single_node: false
indexer_node_master: true
minimum_master_nodes: 1
role: 'indexer'
indexer_network_host: '{{ private_ip }}'
indexer_http_port: 9200
indexer_cluster_nodes: '{{ indexer_addresses }}'
indexer_discovery_nodes: '{{ indexer_addresses }}'

21
molecule/distributed-wazuh/group_vars/managers.yml
View File

@ -1,21 +0,0 @@
---
wazuh_manager_fqdn: '{{ ansible_hostname }}'
filebeat_output_indexer_hosts: '{{ indexer_addresses }}'
node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}"
role: 'wazuh'
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: '{{ ansible_hostname }}'
node_type: "{{ 'master' if ansible_hostname == 'wazuh-mgr01' else 'worker' }}"
nodes: '{{ manager_addresses }}'
hidden: 'no'

162
molecule/distributed-wazuh/molecule.yml
View File

@ -1,162 +0,0 @@
---
# Distributed scenario: clustered manager scenario + connected agents
# 2-core CPU
# 7 GB of RAM memory
# 14 GB of SSD disk space
#
# Source: https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners
dependency:
name: galaxy
driver:
name: docker
lint: |
yamllint .
ansible-lint roles
flake8 molecule
platforms:
################################################
# Wazuh Managers
################################################
- name: molecule_wazuh_manager_centos7
hostname: wazuh-mgr01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_manager_debian9
hostname: wazuh-mgr02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory_reservation: 512m
memory: 1024m
groups:
- managers
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh indexer Cluster
################################################
- name: molecule_wazuh_indexer_centos7
hostname: wazuh-es01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 4096m
memory_reservation: 2048m
groups:
- indexer
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_indexer_centos7_2
hostname: wazuh-es02
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 4096m
memory_reservation: 2048m
groups:
- indexer
ulimits:
- nofile:262144:262144
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh Agents
################################################
- name: molecule_wazuh_agent_centos7
hostname: wazuh-agent01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 1024m
memory_reservation: 512m
groups:
- agents
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- name: molecule_wazuh_agent_debian9
hostname: wazuh-agent02
image: geerlingguy/docker-debian9-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 1024m
memory_reservation: 512m
groups:
- agents
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
################################################
# Wazuh dashboard
################################################
- name: molecule_wazuh_dashboard_centos7
hostname: wazuh-dash01
image: geerlingguy/docker-centos7-ansible
command: /sbin/init
pre_build_image: true
privileged: true
memory: 2048m
memory_reservation: 512m
groups:
- dashboard
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
provisioner:
name: ansible
ansible_args:
- -vv
inventory:
links:
group_vars: group_vars
playbooks:
create: create.yml
converge: converge.yml
#destroy: destroy.yml
config_options:
defaults:
hash_behaviour: merge
env:
ANSIBLE_ROLES_PATH: ./roles
lint:
name: ansible-lint
enabled: false
scenario:
name: distributed-wazuh
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
#- idempotence
#- verify
- cleanup
- destroy
verifier:
name: testinfra

50
playbooks/wazuh-manager-oss-cluster.yml Normal file
View File

@ -0,0 +1,50 @@
---
# Wazuh cluster without Filebeat
- hosts: manager
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'master'
node_type: 'master'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'
wazuh_api_users:
- username: custom-user
password: SecretPassword1!
- hosts: worker01
roles:
- role: "../roles/wazuh/ansible-wazuh-manager"
become: yes
become_user: root
vars:
wazuh_manager_config:
connection:
- type: 'secure'
port: '1514'
protocol: 'tcp'
queue_size: 131072
api:
https: 'yes'
cluster:
disable: 'no'
node_name: 'worker_01'
node_type: 'worker'
key: 'c98b62a9b6169ac5f67dae55ae4a9088'
nodes:
- "{{ hostvars.manager.private_ip }}"
hidden: 'no'

1342
poetry.lock generated
View File

File diff suppressed because it is too large Load Diff

2
pyproject.toml
View File

@ -1,6 +1,6 @@
[tool.poetry]
name = "wazuh-ansible"
version = "4.3.11"
version = "4.4.1"
description = ""
authors = ["neonmei <neonmei@pm.me>"]

53
roles/elastic-stack/ansible-kibana/defaults/main.yml Normal file
View File

@ -0,0 +1,53 @@
---
kibana_node_name: node-1
elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
kibana_conf_path: /etc/kibana
elastic_stack_version: 7.10.2
wazuh_version: 4.4.1
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
# API credentials
wazuh_api_credentials:
- id: "default"
url: "https://localhost"
port: 55000
username: "wazuh"
password: "wazuh"
# Xpack Security
kibana_xpack_security: false
kibana_ssl_verification_mode: "full"
elasticsearch_xpack_security_user: elastic
elasticsearch_xpack_security_password: elastic_pass
node_certs_destination: /etc/kibana/certs
# CA Generation
master_certs_path: "{{ playbook_dir }}/es_certs"
generate_CA: true
ca_cert_name: ""
# Nodejs
nodejs:
repo_dict:
debian: "deb"
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

57
roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: Update cache
apt:
update_cache: yes
- name: Debian 9 (Stretch)
when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
block:
- name: Install OpenDistro dependencies
apt:
name: [
'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
]
state: present
- name: Add the repository key for Debian's Stretch Backports repository
ansible.builtin.apt_key:
keyserver: keyserver.ubuntu.com
id: 648ACFD622F3D138
- name: Add openjdk repository
apt_repository:
repo: "{{ package_repos.apt.openjdk.baseurl }}"
state: present
update_cache: yes
filename: 'wazuh-openjdk'
- name: Install openjdk-11-jdk
apt:
name: openjdk-11-jdk
state: present
environment:
JAVA_HOME: /usr
- name: Add Opendistro repository
block:
- name: Add apt repository signing key
apt_key:
url: "{{ package_repos.apt.opendistro.gpg }}"
state: present
- name: Add Opendistro repository
apt_repository:
repo: "{{ package_repos.apt.opendistro.baseurl }}"
state: present
filename: 'wazuh-opendistro'
update_cache: yes
- name: Install OpenDistro
apt:
name: opendistroforelasticsearch={{ opendistro_version }}-1
state: present
register: install
tags: install

60
roles/opendistro/opendistro-kibana/defaults/main.yml Normal file
View File

@ -0,0 +1,60 @@
---
# Kibana configuration
elasticsearch_http_port: 9200
elastic_api_protocol: https
kibana_conf_path: /etc/kibana
kibana_node_name: node-1
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
kibana_server_name: "kibana"
kibana_max_payload_bytes: 1048576
elastic_stack_version: 7.10.2
wazuh_version: 4.4.1
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
# The OpenDistro package repository
kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
package_repos:
yum:
opendistro:
baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
apt:
opendistro:
baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
# API credentials
wazuh_api_credentials:
- id: "default"
url: "https://localhost"
port: 55000
username: "wazuh"
password: "wazuh"
# opendistro Security
kibana_opendistro_security: true
kibana_newsfeed_enabled: "false"
kibana_telemetry_optin: "false"
kibana_telemetry_enabled: "false"
opendistro_admin_password: changeme
opendistro_kibana_user: kibanaserver
opendistro_kibana_password: changeme
local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
# Nodejs
nodejs:
repo_dict:
debian: "deb"
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources
build_from_sources: false
wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

124
roles/opendistro/opendistro-kibana/tasks/main.yml Executable file
View File

@ -0,0 +1,124 @@
---
- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
fail:
msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
when:
- build_from_sources
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "10"
- import_tasks: RedHat.yml
when: ansible_os_family == 'RedHat'
- import_tasks: Debian.yml
when: ansible_os_family == 'Debian'
- name: Remove Kibana configuration file
file:
# noqa 503
path: "{{ kibana_conf_path }}/kibana.yml"
state: absent
tags: install
- import_tasks: security_actions.yml
- name: Copy Configuration File
blockinfile:
block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}"
dest: "{{ kibana_conf_path }}/kibana.yml"
create: true
group: kibana
owner: kibana
mode: 0640
marker: "## {mark} Kibana general settings ##"
notify: restart kibana
tags:
- install
- configure
- name: Ensuring Kibana directory owner
file:
# noqa 208
path: "/usr/share/kibana"
state: directory
owner: kibana
group: kibana
recurse: yes
- name: Build and Install Wazuh Kibana Plugin from sources
import_tasks: build_wazuh_plugin.yml
when:
- build_from_sources is defined
- build_from_sources
- name: Install Wazuh Plugin (can take a while)
shell: >-
NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
{{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
args:
executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json
chdir: /usr/share/kibana
become: yes
become_user: kibana
notify: restart kibana
tags:
- install
- skip_ansible_lint
when:
- not build_from_sources
- name: Kibana optimization (can take a while)
shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
args:
executable: /bin/bash
become: yes
become_user: kibana
changed_when: false
tags:
- skip_ansible_lint
- name: Wait for Elasticsearch port
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
- name: Select correct API protocol
set_fact:
elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}"
- name: Attempting to delete legacy Wazuh index if exists
uri:
url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
method: DELETE
user: "admin"
password: "{{ opendistro_admin_password }}"
validate_certs: no
status_code: 200, 404
- name: Create wazuh plugin config directory
file:
path: /usr/share/kibana/data/wazuh/config/
state: directory
recurse: yes
owner: kibana
group: kibana
mode: 0751
changed_when: False
- name: Configure Wazuh Kibana Plugin
template:
src: wazuh.yml.j2
dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
owner: kibana
group: kibana
mode: 0751
changed_when: False
- name: Ensure Kibana started and enabled
service:
name: kibana
enabled: true
state: started
- import_tasks: RMRedHat.yml
when: ansible_os_family == 'RedHat'

13
roles/opendistro/opendistro-kibana/tasks/security_actions.yml Normal file
View File

@ -0,0 +1,13 @@
- block:
- name: Copy the certificates from local to the Kibana instance
copy:
src: "{{ local_certs_path }}/certs/{{ item }}"
dest: /usr/share/kibana
mode: 0644
with_items:
- "root-ca.pem"
- "{{ kibana_node_name }}_http.key"
- "{{ kibana_node_name }}_http.pem"
tags:
- security

2
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
filebeat_version: 7.10.2
wazuh_template_branch: 4.3
wazuh_template_branch: 4.4
filebeat_node_name: node-1

2
roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2
View File

@ -16,7 +16,7 @@ setup.ilm.enabled: false
output.elasticsearch:
hosts:
{% for item in filebeat_output_indexer_hosts %}
- {{ item }}:9200
- {{ item }}
{% endfor %}
{% if filebeat_security %}

36
roles/wazuh/ansible-filebeat/defaults/main.yml Normal file
View File

@ -0,0 +1,36 @@
---
filebeat_version: 7.10.2
wazuh_template_branch: v4.4.1
filebeat_create_config: true
filebeat_node_name: node-1
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module
filebeat_module_folder: /usr/share/filebeat/module/wazuh
# Xpack Security
filebeat_xpack_security: false
elasticsearch_xpack_security_user: elastic
elasticsearch_xpack_security_password: elastic_pass
node_certs_destination: /etc/filebeat/certs
# CA Generation
master_certs_path: "{{ playbook_dir }}/es_certs"
generate_CA: true
ca_cert_name: ""
elasticrepo:
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'

6
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
wazuh_agent_version: 4.3.11
wazuh_agent_version: 4.4.1
# Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
wazuh_agent_sources_installation:
enabled: false
branch: "v4.3.11"
branch: "v4.4.1"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
@ -54,7 +54,7 @@ wazuh_winagent_config:
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_md5: True
md5: 34d087f81961413a0a7a04aa716a4409
md5: 7a22e1139e75b05724752778c43493b4
wazuh_dir: "/var/ossec"

2
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -125,7 +125,7 @@
- name: Linux | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: GET
method: POST
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200

4
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
wazuh_manager_version: 4.3.11
wazuh_manager_version: 4.4.1
wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present
@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
# Sources installation
wazuh_manager_sources_installation:
enabled: false
branch: "v4.3.11"
branch: "v4.4.1"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"

2
roles/wazuh/check-packages/defaults/main.yml
View File

@ -1,2 +1,2 @@
---
wazuh_version: 4.3.11
wazuh_version: 4.4.1

2
roles/wazuh/vars/repo.yml
View File

@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
certs_gen_tool_version: 4.3
certs_gen_tool_version: 4.4
# Url of certificates generator tool
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

2
roles/wazuh/vars/repo_pre-release.yml
View File

@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
certs_gen_tool_version: 4.3
certs_gen_tool_version: 4.4
# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"

4
roles/wazuh/wazuh-dashboard/defaults/main.yml
View File

@ -8,12 +8,12 @@ dashboard_node_name: node-1
dashboard_server_host: "0.0.0.0"
dashboard_server_port: "443"
dashboard_server_name: "dashboard"
wazuh_version: 4.3.11
wazuh_version: 4.4.1
indexer_cluster_nodes:
- 127.0.0.1
# The Wazuh dashboard package repository
dashboard_version: "4.3.11"
dashboard_version: "4.4.1"
# API credentials
wazuh_api_credentials:

3
roles/wazuh/wazuh-dashboard/vars/debian.yml
View File

@ -1,3 +1,2 @@
---
dashboard_version: 4.3.11
dashboard_version: 4.4.1

6
roles/wazuh/wazuh-indexer/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
# Cluster Settings
indexer_version: 4.3.11
indexer_version: 4.4.1
single_node: false
indexer_node_name: node-1
@ -26,9 +26,9 @@ minimum_master_nodes: 2
# Example es1.example.com, es2.example.com
domain_name: wazuh.com
indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig
indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security
indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools
indexer_conf_path: /etc/wazuh-indexer/
indexer_conf_path: /etc/wazuh-indexer
indexer_index_path: /var/lib/wazuh-indexer/
# Security password

2
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -83,7 +83,7 @@
JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/securityadmin.sh
-cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9200 -cd {{ indexer_sec_plugin_conf_path }}/
-nhnv
-cacert {{ indexer_conf_path }}/certs/root-ca.pem
-cert {{ indexer_conf_path }}/certs/admin.pem