From d44532482a3bdd5db2316d4edfd65c6081927ffa Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 13:58:23 -0300 Subject: [PATCH 1/2] roles/wazuh_manager: remove nodejs as wazuh-api was migrated to python For more information, see: https://github.com/wazuh/wazuh/releases/tag/v4.0.0 --- .../ansible-wazuh-manager/defaults/main.yml | 6 -- .../ansible-wazuh-manager/tasks/RMDebian.yml | 6 -- .../ansible-wazuh-manager/tasks/RMRedHat.yml | 5 - .../ansible-wazuh-manager/tasks/main.yml | 22 ----- .../var-ossec-api-configuration-config.js.j2 | 95 ------------------- 5 files changed, 134 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 57e9d5e2..72227a5f 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -4,12 +4,6 @@ wazuh_manager_version: 4.0.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present -nodejs: - repo_dict: - debian: "deb" - redhat: "rpm" - repo_url_ext: "nodesource.com/setup_10.x" - # Custom packages installation wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml index 05094cfd..2b22dfbc 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml @@ -4,9 +4,3 @@ repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main state: absent changed_when: false - -- name: Debian/Ubuntu | Remove Nodejs repository. - apt_repository: - repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml index 76b7f29f..c725859e 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml @@ -1,9 +1,4 @@ --- -- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata) - yum_repository: - name: NodeJS - state: absent - changed_when: false - name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) yum_repository: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 24274b4a..bdd5ce83 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -15,28 +15,6 @@ - tar state: present -- name: Check if NodeJS service exists - stat: - path: /usr/bin/node - register: node_service_status - -- name: Install NodeJS repository - block: - - name: Download NodeJS repository script - get_url: - url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" - dest: /etc/nodejs.sh - mode: 0775 - changed_when: false - - - name: Run NodeJS bash script - command: sh /etc/nodejs.sh - register: nodejs_script - changed_when: nodejs_script.rc == 0 - when: - - not node_service_status.stat.exists - - wazuh_manager_config.cluster.node_type == "master" - - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 deleted file mode 100644 index bc909dc7..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 +++ /dev/null @@ -1,95 +0,0 @@ - -var config = {}; - -// Basic configuration - -// Path -config.ossec_path = "/var/ossec"; -// The host to bind the API to. -config.host = "{{ wazuh_manager_config.api.bind_addr }}"; -// TCP Port used by the API. -config.port = "{{ wazuh_manager_config.api.port }}"; -// Use HTTP protocol over TLS/SSL. Values: yes, no. -config.https = "{{ wazuh_manager_config.api.https }}"; -// Use HTTP authentication. Values: yes, no. -config.basic_auth = "{{ wazuh_manager_config.api.basic_auth }}"; -//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no. -config.BehindProxyServer = "{{ wazuh_manager_config.api.behind_proxy_server }}"; - -// HTTPS Certificates -config.https_key = "{{ wazuh_manager_config.api.https_key }}" -config.https_cert = "{{ wazuh_manager_config.api.https_cert }}" -config.https_use_ca = "{{ wazuh_manager_config.api.https_use_ca }}" -config.https_ca = "{{ wazuh_manager_config.api.https_ca }}" - -// Advanced configuration - -// Values for API log: disabled, info, warning, error, debug (each level includes the previous level). -config.logs = "info"; -// Cross-origin resource sharing. Values: yes, no. -config.cors = "yes"; -// Cache (time in milliseconds) -config.cache_enabled = "yes"; -config.cache_debug = "no"; -config.cache_time = "750"; -// Log path -config.log_path = config.ossec_path + "/logs/api.log"; -// Python -config.python = [ - // Default installation - { - bin: "python", - lib: "" - }, - // Python 3 - { - bin: "python3", - lib: "" - }, - // Package 'python27' for CentOS 6 - { - bin: "/opt/rh/python27/root/usr/bin/python", - lib: "/opt/rh/python27/root/usr/lib64" - } -]; -// Shared library path -config.ld_library_path = config.ossec_path + "/framework/lib" - -// Option to force the use of authd to remove and add agents -config.use_only_authd = {{ wazuh_manager_config.api.use_only_authd }}; - -// Option to drop privileges (run as ossec) -config.drop_privileges = {{ wazuh_manager_config.api.drop_privileges }}; - -// Activate features still under development -config.experimental_features = {{ wazuh_manager_config.api.experimental_features }}; - -/************************* SSL OPTIONS ****************************************/ -// SSL protocol - -// SSL protocol to use. All available secure protocols available at: -// https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS -config.secureProtocol = "{{ wazuh_manager_config.api.secure_protocol }}"; -try { - // Disable the use of SSLv3, TLSv1.1 and TLSv1.0. All available secureOptions at: - // https://nodejs.org/api/crypto.html#crypto_openssl_options - const crypto = require('crypto'); - config.secureOptions = crypto.constants.SSL_OP_NO_SSLv3 | - crypto.constants.SSL_OP_NO_TLSv1 | - crypto.constants.SSL_OP_NO_TLSv1_1; -} catch (err) { - console.log("Could not configure NodeJS to avoid unsecure SSL/TLS protocols: " + err) -} - -// SSL ciphersuit - -// When choosing a cipher, use the server's preferences instead of the client -// preferences. When not set, the SSL server will always follow the clients -// preferences. More info at: -// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html -config.honorCipherOrder = {{ wazuh_manager_config.api.honor_cipher_order }}; -// Modify default ciphersuit. More info: -// https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite -config.ciphers = "{{ wazuh_manager_config.api.ciphers }}"; - -module.exports = config; From 0f6ea26123aaf97d60c2769ad69441fc8bfd7540 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 9 Nov 2020 14:04:55 -0300 Subject: [PATCH 2/2] roles/wazuh_manager: merge uninstall tasks in a single file --- .../ansible-wazuh-manager/tasks/RMDebian.yml | 6 ------ .../ansible-wazuh-manager/tasks/RMRedHat.yml | 7 ------- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 12 +++--------- .../ansible-wazuh-manager/tasks/uninstall.yml | 15 +++++++++++++++ 4 files changed, 18 insertions(+), 22 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml deleted file mode 100644 index 2b22dfbc..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Debian/Ubuntu | Remove Wazuh repository. - apt_repository: - repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml deleted file mode 100644 index c725859e..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) - yum_repository: - name: wazuh_repo - state: absent - changed_when: false diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index bdd5ce83..72c995b8 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -321,12 +321,6 @@ - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest -- include_tasks: "RMRedHat.yml" - when: - - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - - not wazuh_manager_sources_installation.enabled - -- include_tasks: "RMDebian.yml" - when: - - ansible_os_family == "Debian" - - not wazuh_manager_sources_installation.enabled +- name: Run uninstall tasks + include_tasks: uninstall.yml + when: not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml new file mode 100644 index 00000000..b74f61a4 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml @@ -0,0 +1,15 @@ +--- + +- name: Debian/Ubuntu | Remove Wazuh repository. + apt_repository: + repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main + state: absent + changed_when: false + when: not wazuh_manager_sources_installation.enabled + +- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata) + yum_repository: + name: wazuh_repo + state: absent + changed_when: false + when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon"