From 325e18911d2503219fe3199f8d00538713561bb0 Mon Sep 17 00:00:00 2001 From: neonmei Date: Tue, 15 Dec 2020 14:53:45 -0300 Subject: [PATCH 01/12] roles: rename references of ossec-control to wazuh-control --- .../tasks/installation_from_sources.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c382bc0e..ea4db631 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -2,8 +2,8 @@ # Wazuh Manager - name: Check if Wazuh Manager is already installed stat: - path: "{{ wazuh_dir }}/bin/ossec-control" - register: wazuh_ossec_control + path: /var/ossec/bin/wazuh-control + register: wazuh_control_path - name: Installing Wazuh Manager from sources block: @@ -114,7 +114,7 @@ state: absent when: - - not wazuh_ossec_control.stat.exists + - not wazuh_control_path.stat.exists - wazuh_manager_sources_installation.enabled tags: - manager diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 159f875d..b28444ee 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -197,7 +197,7 @@ - config - name: Enable client-syslog - command: "{{ wazuh_dir }}/bin/ossec-control enable client-syslog" + command: "{{ wazuh_dir }}/bin/wazuh-control enable client-syslog" notify: restart wazuh-manager when: - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout @@ -219,7 +219,7 @@ - config - name: Enable ossec-agentlessd - command: "{{ wazuh_dir }}/bin/ossec-control enable agentless" + command: "{{ wazuh_dir }}/bin/wazuh-control enable agentless" notify: restart wazuh-manager when: - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout From 208edeaf7c56c00fef79fdbb83ba16cb6963e9e9 Mon Sep 17 00:00:00 2001 From: Victor Moreno Jimenez Date: Thu, 25 Mar 2021 12:18:34 +0100 Subject: [PATCH 02/12] Fix typo in playbook --- .../ansible-wazuh-manager/tasks/installation_from_sources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index ea4db631..8bd4a10c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -2,7 +2,7 @@ # Wazuh Manager - name: Check if Wazuh Manager is already installed stat: - path: /var/ossec/bin/wazuh-control + path: "{{ wazuh_dir }}/bin/wazuh-control" register: wazuh_control_path - name: Installing Wazuh Manager from sources From 823fd336d39179376234d9e3d11d7e853c38b4c1 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 09:55:05 +0200 Subject: [PATCH 03/12] Add dependencies to install Wazuh manager from sources --- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 6 ++++++ roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9d76fc7f..db734fe1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -97,6 +97,12 @@ tags: - config +- name: Install dependencies to build from sources + apt: + name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++'] + state: present + when: wazuh_manager_sources_installation.enabled + - name: Debian/Ubuntu | Install wazuh-manager apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ebbf08c9..d7a4c8d3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -92,6 +92,12 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" +- name: Install dependencies to build from sources + yum: + name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++'] + state: present + when: wazuh_manager_sources_installation.enabled + - name: CentOS/RedHat/Amazon | Install wazuh-manager package: name: "wazuh-manager-{{ wazuh_manager_version }}" From ef79065de6b16622e11b7952a69a5f6c71cf7e1e Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 10:02:53 +0200 Subject: [PATCH 04/12] Install cmake when installing from sources --- .../tasks/install_cmake.yml | 40 +++++++++++++++++++ .../tasks/installation_from_sources.yml | 5 +++ .../vars/install_cmake.yml | 4 ++ 3 files changed, 49 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml create mode 100644 roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml b/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml new file mode 100644 index 00000000..9940c700 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml @@ -0,0 +1,40 @@ +--- + +# Vars +# cmake_download_url: http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz +# cmake_version: 3.18.3 +# + - name: Include CMake install vars + include_vars: install_cmake.yml + + - name: Download CMake sources + get_url: + url: "{{ cmake_download_url }}" + dest: "/tmp/cmake-{{ cmake_version }}.tar.gz" + register: cmake_download + + - name: Unpack CMake + unarchive: + copy: no + dest: /tmp/ + src: "{{ cmake_download.dest }}" + when: cmake_download.changed + register: cmake_unpack + + - name: Configure CMake + command: "./bootstrap" + args: + chdir: "/tmp/cmake-{{ cmake_version }}" + when: cmake_unpack.changed + register: cmake_configure + + - name: Install CMake + shell: make && make install + args: + chdir: "/tmp/cmake-{{ cmake_version }}" + when: cmake_configure.changed + + - name: Delete installation files + file: + state: absent + path: "/tmp/cmake-{{ cmake_version }}" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 8bd4a10c..74818bc5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -18,6 +18,9 @@ - tar state: present + - name: Install CMake + include_tasks: install_cmake.yml + - name: Removing old files file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" @@ -102,6 +105,8 @@ changed_when: installation_result == 0 args: chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + environment: + PATH: /usr/local/bin:{{ ansible_env.PATH }} - name: Cleanup downloaded files file: diff --git a/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml b/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml new file mode 100644 index 00000000..cda00c6e --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml @@ -0,0 +1,4 @@ +# Install cmake vars + +cmake_version: 3.18.3 +cmake_download_url: "http://packages.wazuh.com/utils/cmake/cmake-{{ cmake_version }}.tar.gz" \ No newline at end of file From 292b4402b3651be122d57dbfe554831e8cb519c1 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 10:52:57 +0200 Subject: [PATCH 05/12] Remove deprecated pai.yaml from wazuh-manager installation --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b28444ee..61409a40 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -141,19 +141,6 @@ when: - shared_agent_config is defined -- name: Installing the api.yaml (api configuration) - template: src=api.yaml.j2 - dest="{{ wazuh_dir }}/api/configuration/api.yaml" - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - when: - - wazuh_manager_config.cluster.node_type == "master" - tags: - - init - - config - - name: Installing the local_internal_options.conf template: src=var-ossec-etc-local-internal-options.conf.j2 dest="{{ wazuh_dir }}/etc/local_internal_options.conf" From 34f06a85abb31dffd284282c513da4285e1cf92f Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 12:57:12 +0200 Subject: [PATCH 06/12] Add apt repo for opendistro and openjdk --- roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index b86dd656..232f3a20 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -32,6 +32,12 @@ package_repos: opendistro: baseurl: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + apt: + opendistro: + baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + openjdk: + baseurl: 'deb http://deb.debian.org/debian stretch-backports main' opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools From e2ce83af3d5ed49d1a7db2bb589f92a240ddbcdd Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 12:58:01 +0200 Subject: [PATCH 07/12] Move opendistro install to task specific OS --- .../opendistro/opendistro-elasticsearch/tasks/RedHat.yml | 7 +++++++ roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 8 ++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml index 08105af1..ee2482f6 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml @@ -39,5 +39,12 @@ - wget - unzip + - name: Install OpenDistro + package: + name: opendistroforelasticsearch-{{ opendistro_version }} + state: present + register: install + tags: install + tags: - install diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index b7c962ed..ddb261c3 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -8,12 +8,8 @@ - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' - - name: Install OpenDistro - package: - name: opendistroforelasticsearch-{{ opendistro_version }} - state: present - register: install - tags: install + - import_tasks: Debian.yml + when: ansible_os_family == 'Debian' - name: Remove elasticsearch configuration file file: From 31dc9952e84985e0220c735c7cb852243544e724 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 12:58:41 +0200 Subject: [PATCH 08/12] Add apt repo to Kibana --- roles/opendistro/opendistro-kibana/defaults/main.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 9a19c3a0..d466fbab 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -21,7 +21,10 @@ package_repos: opendistro: baseurl: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - + apt: + opendistro: + baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' # API credentials wazuh_api_credentials: @@ -38,7 +41,7 @@ kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" opendistro_admin_password: changeme -opendistro_kibana_user: admin +opendistro_kibana_user: changeme opendistro_kibana_password: changeme local_certs_path: "{{ playbook_dir }}/opendistro/certificates" From ee9a529f670a88d67c92cf0d72a0260901d40b1c Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 12:59:21 +0200 Subject: [PATCH 09/12] Add deb support to kibana task --- roles/opendistro/opendistro-kibana/tasks/RedHat.yml | 6 ++++++ roles/opendistro/opendistro-kibana/tasks/main.yml | 8 ++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml index 70b5b70a..4407e165 100644 --- a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml @@ -10,5 +10,11 @@ gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgcheck: true + - name: Install Kibana + package: + name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" + state: present + register: install + tags: - install diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 41980054..8a169664 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -11,12 +11,8 @@ - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- name: Install Kibana - package: - name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" - state: present - register: install - tags: install +- import_tasks: Debian.yml + when: ansible_os_family == 'Debian' - name: Remove Kibana configuration file file: From a7991778d98b974fb5e77afee4f03e55cc2ee5e6 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 12:59:57 +0200 Subject: [PATCH 10/12] Debian support elastic/kibana --- .../opendistro-elasticsearch/tasks/Debian.yml | 43 +++++++++++++++++++ .../opendistro-kibana/tasks/Debian.yml | 23 ++++++++++ .../opendistro-kibana/vars/debian.yml | 3 ++ 3 files changed, 69 insertions(+) create mode 100644 roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml create mode 100644 roles/opendistro/opendistro-kibana/tasks/Debian.yml create mode 100644 roles/opendistro/opendistro-kibana/vars/debian.yml diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml new file mode 100644 index 00000000..41011ddc --- /dev/null +++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml @@ -0,0 +1,43 @@ + +--- + +#- name: Install OpenDistro dependencies +# apt: +# name: [ +# 'unzip', 'wget', 'curl', +# 'apt-transport-https', software-properties-common +# ] +# state: present + +- name: Add openjdk repository + apt_repository: + repo: "{{ package_repos.apt.openjdk.baseurl }}" + state: present + update_cache: yes + +- name: Install openjdk-11-jdk + apt: + name: openjdk-11-jdk + state: present + environment: + JAVA_HOME: /usr + +- name: Add Opendistro repository + block: + - name: Add apt repository signing key + apt_key: + url: "{{ package_repos.apt.opendistro.gpg }}" + state: present + + - name: Add Opendistro repository + apt_repository: + repo: "{{ package_repos.apt.opendistro.baseurl }}" + state: present + update_cache: yes + +- name: Install OpenDistro + apt: + name: opendistroforelasticsearch={{ opendistro_version }}-1 + state: present + register: install + tags: install \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/tasks/Debian.yml b/roles/opendistro/opendistro-kibana/tasks/Debian.yml new file mode 100644 index 00000000..140b2582 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/tasks/Debian.yml @@ -0,0 +1,23 @@ +--- +- block: + + - include_vars: debian.yml + - name: Add apt repository signing key + apt_key: + url: "{{ package_repos.apt.opendistro.gpg }}" + state: present + + - name: Debian systems | Add OpenDistro repo + apt_repository: + repo: "{{ package_repos.apt.opendistro.baseurl }}" + state: present + update_cache: yes + + - name: Install Kibana + apt: + name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}" + state: present + register: install + + tags: + - install \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/vars/debian.yml b/roles/opendistro/opendistro-kibana/vars/debian.yml new file mode 100644 index 00000000..14c7aa99 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/vars/debian.yml @@ -0,0 +1,3 @@ +--- + +kibana_opendistro_version: 1.12.0 \ No newline at end of file From d753c0ddeeb6a34756b3d18a459b574748bd6967 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 13:46:26 +0200 Subject: [PATCH 11/12] Remove conditional install.changed --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index ddb261c3..e3b9aceb 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -15,7 +15,6 @@ file: path: "{{ opendistro_conf_path }}/elasticsearch.yml" state: absent - when: install.changed tags: install - name: Copy Configuration File @@ -26,13 +25,12 @@ group: elasticsearch mode: 0640 marker: "## {mark} Opendistro general settings ##" - when: install.changed tags: install - include_tasks: security_actions.yml tags: - security - when: install.changed + - name: Configure OpenDistro Elasticsearch JVM memmory. template: From df92f85cbe761f28be9518806413867708e648fa Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Wed, 31 Mar 2021 15:05:36 +0200 Subject: [PATCH 12/12] Add ansible_shell_allow_world_readable_temp parameter to playbooks which uses opendistro-kibana role due to error with Debian hosts --- playbooks/wazuh-kibana.yml | 3 ++- playbooks/wazuh-odfe-production-ready.yml | 1 + playbooks/wazuh-odfe-single.yml | 3 ++- playbooks/wazuh-opendistro-kibana.yml | 2 ++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 200f4891..09fe054f 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -3,4 +3,5 @@ roles: - role: ../roles/elastic-stack/ansible-kibana elasticsearch_network_host: - + vars: + ansible_shell_allow_world_readable_temp: true diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index b6cba365..75cc30e9 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -186,3 +186,4 @@ node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" + ansible_shell_allow_world_readable_temp: true diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index ce98cfaf..d3543aa4 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -18,4 +18,5 @@ instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: \ No newline at end of file + ip: + ansible_shell_allow_world_readable_temp: true \ No newline at end of file diff --git a/playbooks/wazuh-opendistro-kibana.yml b/playbooks/wazuh-opendistro-kibana.yml index fa3600c1..8d195ad5 100644 --- a/playbooks/wazuh-opendistro-kibana.yml +++ b/playbooks/wazuh-opendistro-kibana.yml @@ -2,3 +2,5 @@ - hosts: es1 roles: - role: ../roles/opendistro/opendistro-kibana + vars: + ansible_shell_allow_world_readable_temp: true