diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index d5b3a04f..57310642 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -53,10 +53,10 @@ opendistro_jvm_xms: null opendistro_http_port: 9200 -certs_gen_tool_version: 1.7 +certs_gen_tool_version: 1.8 # Url of Search Guard certificates generator tool -certs_gen_tool_url: "https://wazuh-demo.s3-us-west-1.amazonaws.com/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" +certs_gen_tool_url: "https://maven.search-guard.com/search-guard-tlstool/{{ certs_gen_tool_version }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" elasticrepo: apt: 'https://artifacts.elastic.co/packages/7.x/apt' diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml index 3c89e6ab..04f20378 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/local_actions.yml @@ -29,7 +29,7 @@ - name: Local action | Extract the certificates generation tool unarchive: - src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip" + src: "{{ local_certs_path }}/search-guard-tlstool-{{ certs_gen_tool_version }}.zip" dest: "{{ local_certs_path }}/" - name: Local action | Add the execution bit to the binary diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 2dd687bb..565285fc 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -34,10 +34,10 @@ package_repos: # API credentials wazuh_api_credentials: - id: "default" - url: "http://localhost" + url: "https://localhost" port: 55000 - user: "foo" - password: "bar" + username: "wazuh" + password: "wazuh" # opendistro Security kibana_opendistro_security: true diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 6683ede2..d2276a0f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -35,26 +35,10 @@ wazuh_manager_sources_installation: user_ca_store: null threads: "2" -wazuh_api_sources_installation: - enabled: false - branch: "v3.13.1" - update: "y" - remove: "y" - directory: null - port: 55000 - https: "n" - authd: null - proxy: null - country: null - state: null - locality: null - org_name: null - org_unit: null - common_name: null - password: null - -wazuh_api_user: - - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/" +# wazuh_api_users: +# - username: custom_user5 +# password: Custom_password0 +# role: administrator wazuh_manager_config: repo: @@ -68,29 +52,29 @@ wazuh_manager_config: logall_json: 'no' log_format: 'plain' api: - bind_addr: '0.0.0.0' + bind_addr: 0.0.0.0 port: 55000 - behind_proxy_server: 'no' - https: 'yes' - https_key: 'api/configuration/ssl/server.key' - https_cert: 'api/configuration/ssl/server.crt' - https_use_ca: 'False' - https_ca: 'api/configuration/ssl/ca.crt' - logging_level: 'info' - logging_path: 'logs/api.log' - cors: 'no' - cors_source_route: '*' - cors_expose_headers: '*' - cors_allow_headers: '*' - cors_allow_credentials: 'no' - cache: 'yes' + behind_proxy_server: no + https: yes + https_key: "api/configuration/ssl/server.key" + https_cert: "api/configuration/ssl/server.crt" + https_use_ca: False + https_ca: "api/configuration/ssl/ca.crt" + logging_level: "info" + logging_path: "logs/api.log" + cors: no + cors_source_route: "*" + cors_expose_headers: "*" + cors_allow_headers: "*" + cors_allow_credentials: no + cache: yes cache_time: 0.750 access_max_login_attempts: 5 access_block_time: 300 access_max_request_per_minute: 300 - use_only_authd: 'no' - drop_privileges: 'yes' - experimental_features: 'no' + use_only_authd: no + drop_privileges: yes + experimental_features: no cluster: disable: 'yes' name: 'wazuh'