afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
91 Commits 1 Branch 0 Tags 3.5 MiB
Jinja 92.7%
Shell 3.7%
Python 3.6%
278336cbf2
Go to file
Pedro Sanchez 278336cbf2 Updating the manager role with the new Wazuh version 2.1
2017-08-18 13:12:57 -07:00
ansible-role-elasticsearch Update to the last Elastic version (5.5.0) 2017-07-19 17:16:11 -07:00
ansible-role-filebeat Replacing ELK with Elastic 2017-07-19 17:34:54 -07:00
ansible-role-kibana Replacing ELK with Elastic 2017-07-19 17:29:32 -07:00
ansible-role-logstash Add logstash user to ossec group 2017-07-20 13:32:18 -04:00
ansible-wazuh-agent Wazuh agent: disable or not the openscap install & scan 2017-08-01 15:50:31 -04:00
ansible-wazuh-manager Updating the manager role with Wazuh 2.1 2017-08-18 16:04:28 -04:00
.gitignore update gitignore list 2017-04-04 11:04:10 -04:00
README.md re-factoring 2017-07-21 18:40:22 +02:00
wazuh-agent.yml Agent playbook - Refactor 2017-07-11 17:31:39 -07:00
wazuh-elastic_stack.yml Rename wazuh-elk.yml to wazuh-elastic_stack.yml 2017-07-25 23:44:43 -04:00
wazuh-elastic.yml split and update formulas 2017-04-04 11:01:24 -04:00
wazuh-kibana.yml split and update formulas 2017-04-04 11:01:24 -04:00
wazuh-logstash.yml re-factoring 2017-07-19 20:54:45 +02:00
wazuh-manager.yml re-factoring 2017-07-19 20:54:45 +02:00

README.md

Install Ansible

Debian
sudo apt-get install ansible

CentOS
sudo yum install ansible (EPEL)

Generate keys

If you do not already have an SSH key pair that you would like to use for Ansible administration, we can create one now on your Ansible, locate in Wazuh Manager host and run:

$ ssh-keygen

Choose ~/.ssh/id_rsa_ansible as output.

Enable ssh-agent and register de key:

$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/id_rsa_ansible

Copy ~/.ssh/id_rsa_ansible.pub content into the .ssh/authorized_keys host where you want to deploy Wazuh Agents in.

Configuring Ansible Hosts

Open the file with root privileges:

$ sudo nano /etc/ansible/hosts

Add destination hosts:

[wazuh-manager]
10.0.0.51

[wazuh-agent]
10.0.0.123
10.0.0.122
10.0.0.121

[elastic-stack]
10.0.0.124

Install roles/playbooks

cd ~
git clone https://github.com/wazuh/wazuh-ansible/
cp -pr wazuh-playbook/* /etc/ansible/roles/

Run the playbook

Create in your home o preferred folder the file agent.yml with the content:

- hosts: all:!wazuh-manager
  roles:
     - { role: ansible-wazuh-agent, wazuh_manager_ip: 10.0.0.51 }

and other file with wazuh-manager.yml with the content:

- hosts: wazuh-manager
  roles:
    - role: ansible-wazuh-server
    - role: ansible-role-filebeat

Run the playbook for a manager

$ ansible-playbook wazuh-manager.yml -e"@vars.yml"

Run the playbook for an agent:

$ ansible-playbook wazuh-agent.yml -e"@vars.yml"

Example Playbook

    - hosts: wazuh-agents
      roles:
        - ansible-wazuh-agent
    - hots: wazuh-manager
        - ansible-wazuh-manager
        - ansible-role-filebeat
    - hosts: elasticsearch
        - ansible-role-elasticsearch

Based on previous work from dj-wasabi

https://github.com/dj-wasabi/ansible-ossec-server

Modified by Wazuh

The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.