371 lines
9.3 KiB
YAML
371 lines
9.3 KiB
YAML
---
|
|
- name: "Install dependencies"
|
|
package:
|
|
name:
|
|
- unzip
|
|
- openssl
|
|
- tar
|
|
state: present
|
|
|
|
- name: Check if NodeJS service exists
|
|
stat:
|
|
path: /usr/bin/node
|
|
register: node_service_status
|
|
|
|
- name: Install NodeJS repository
|
|
block:
|
|
- name: Download NodeJS repository script
|
|
get_url:
|
|
url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
|
|
dest: /etc/nodejs.sh
|
|
mode: 0775
|
|
changed_when: false
|
|
|
|
- name: Run NodeJS bash script
|
|
command: sh /etc/nodejs.sh
|
|
register: nodejs_script
|
|
changed_when: nodejs_script.rc == 0
|
|
when:
|
|
- not node_service_status.stat.exists
|
|
- wazuh_manager_config.cluster.node_type == "master"
|
|
|
|
- name: Installing NodeJS
|
|
package:
|
|
name: nodejs
|
|
state: present
|
|
register: nodejs_service_is_installed
|
|
until: nodejs_service_is_installed is succeeded
|
|
when:
|
|
- wazuh_manager_config.cluster.node_type == "master"
|
|
|
|
tags: init
|
|
|
|
- include_tasks: "RedHat.yml"
|
|
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
|
|
|
|
- include_tasks: "Debian.yml"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Install expect
|
|
package:
|
|
name: expect
|
|
state: "{{ wazuh_manager_package_state }}"
|
|
when:
|
|
- not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6)
|
|
tags: init
|
|
|
|
- name: Generate SSL files for authd
|
|
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/"
|
|
args:
|
|
creates: sslmanager.cert
|
|
chdir: /var/ossec/etc/
|
|
tags:
|
|
- config
|
|
when: wazuh_manager_config.authd.ssl_agent_ca is not none
|
|
|
|
- name: Copy CA, SSL key and cert for authd
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/var/ossec/etc/{{ item }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
|
|
- "{{ wazuh_manager_config.authd.ssl_manager_cert }}"
|
|
- "{{ wazuh_manager_config.authd.ssl_manager_key }}"
|
|
tags:
|
|
- config
|
|
when: wazuh_manager_config.authd.ssl_agent_ca is not none
|
|
|
|
- name: Verifying for old init authd service
|
|
stat: path=/etc/init.d/ossec-authd
|
|
register: old_authd_service
|
|
tags:
|
|
- config
|
|
|
|
- name: Verifying for old systemd authd service
|
|
stat: path=/lib/systemd/system/ossec-authd.service
|
|
register: old_authd_service
|
|
tags:
|
|
- config
|
|
|
|
- name: Ensure ossec-authd service is disabled
|
|
service: name=ossec-authd enabled=no state=stopped
|
|
when: old_authd_service.stat.exists
|
|
tags:
|
|
- config
|
|
|
|
- name: Removing old init authd services
|
|
file: path="{{ item }}" state=absent
|
|
with_items:
|
|
- "/etc/init.d/ossec-authd"
|
|
- "/lib/systemd/system/ossec-authd.service"
|
|
when: old_authd_service.stat.exists
|
|
tags:
|
|
- config
|
|
|
|
- name: Installing the local_rules.xml (default local_rules.xml)
|
|
template: src=var-ossec-rules-local_rules.xml.j2
|
|
dest=/var/ossec/etc/rules/local_rules.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Adding local rules files
|
|
copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
|
|
dest=/var/ossec/etc/rules/
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Installing the local_decoder.xml
|
|
template: src=var-ossec-rules-local_decoder.xml.j2
|
|
dest=/var/ossec/etc/decoders/local_decoder.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Adding local decoders files
|
|
copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
|
|
dest=/var/ossec/etc/decoders/
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Configure the shared-agent.conf
|
|
template:
|
|
src: var-ossec-etc-shared-agent.conf.j2
|
|
dest: /var/ossec/etc/shared/default/agent.conf
|
|
owner: ossec
|
|
group: ossec
|
|
mode: 0640
|
|
validate: '/var/ossec/bin/verify-agent-conf -f %s'
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
when:
|
|
- shared_agent_config is defined
|
|
|
|
- name: Installing the config.js (api configuration)
|
|
template: src=var-ossec-api-configuration-config.js.j2
|
|
dest=/var/ossec/api/configuration/config.js
|
|
owner=root
|
|
group=ossec
|
|
mode=0740
|
|
notify: restart wazuh-api
|
|
when:
|
|
- wazuh_manager_config.cluster.node_type == "master"
|
|
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Installing the local_internal_options.conf
|
|
template: src=var-ossec-etc-local-internal-options.conf.j2
|
|
dest=/var/ossec/etc/local_internal_options.conf
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Retrieving Agentless Credentials
|
|
include_vars: agentless_creds.yml
|
|
tags:
|
|
- config
|
|
|
|
- name: Retrieving authd Credentials
|
|
include_vars: authd_pass.yml
|
|
tags:
|
|
- config
|
|
|
|
|
|
- name: Check if syslog output is enabled
|
|
set_fact: syslog_output=true
|
|
when: item.server is not none
|
|
with_items:
|
|
- "{{ wazuh_manager_config.syslog_outputs }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: Check if client-syslog is enabled
|
|
shell: |
|
|
set -o pipefail
|
|
"grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo"
|
|
args:
|
|
removes: /var/ossec/bin/.process_list
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
check_mode: false
|
|
register: csyslog_enabled
|
|
tags:
|
|
- config
|
|
|
|
- name: Enable client-syslog
|
|
command: /var/ossec/bin/ossec-control enable client-syslog
|
|
notify: restart wazuh-manager
|
|
when:
|
|
- csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
|
|
- syslog_output is defined and syslog_output
|
|
tags:
|
|
- config
|
|
|
|
- name: Check if ossec-agentlessd is enabled
|
|
shell: |
|
|
set -o pipefail
|
|
"grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo"
|
|
args:
|
|
removes: /var/ossec/bin/.process_list
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
check_mode: false
|
|
register: agentlessd_enabled
|
|
tags:
|
|
- config
|
|
|
|
- name: Enable ossec-agentlessd
|
|
command: /var/ossec/bin/ossec-control enable agentless
|
|
notify: restart wazuh-manager
|
|
when:
|
|
- agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout
|
|
- agentless_creds is defined
|
|
tags:
|
|
- config
|
|
|
|
- name: Checking alert log output settings
|
|
fail: msg="Please enable json_output or alerts_log options."
|
|
when:
|
|
- wazuh_manager_config.json_output == 'no'
|
|
- wazuh_manager_config.alerts_log == 'no'
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Linux | Vuls integration deploy (runs in background, can take a while)
|
|
command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}
|
|
args:
|
|
creates: /var/ossec/wodles/vuls/config.toml
|
|
async: 3600
|
|
poll: 0
|
|
when:
|
|
- wazuh_manager_config.vuls.disable != 'yes'
|
|
- ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle', 'Amazon']
|
|
tags:
|
|
- init
|
|
|
|
- name: Configure ossec.conf
|
|
template: src=var-ossec-etc-ossec-server.conf.j2
|
|
dest=/var/ossec/etc/ossec.conf
|
|
owner=root
|
|
group=ossec
|
|
mode=0644
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Ossec-authd password
|
|
template:
|
|
src: authd_pass.j2
|
|
dest: "/var/ossec/etc/authd.pass"
|
|
owner: ossec
|
|
group: ossec
|
|
mode: 0640
|
|
no_log: true
|
|
notify: restart wazuh-manager
|
|
when:
|
|
- wazuh_manager_config.authd.use_password is defined
|
|
- wazuh_manager_config.authd.use_password == 'yes'
|
|
tags:
|
|
- config
|
|
|
|
- name: Wazuh-API User
|
|
template:
|
|
src: api_user.j2
|
|
dest: "/var/ossec/api/configuration/auth/user"
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
no_log: true
|
|
notify: restart wazuh-api
|
|
when:
|
|
- wazuh_api_user is defined
|
|
- wazuh_manager_config.cluster.node_type == "master"
|
|
tags:
|
|
- config
|
|
|
|
- name: Agentless Hosts & Passwd
|
|
template:
|
|
src: agentless.j2
|
|
dest: "/var/ossec/agentless/.passlist_tmp"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
no_log: true
|
|
when: agentless_creds is defined
|
|
tags:
|
|
- config
|
|
|
|
- name: Encode the secret
|
|
shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
|
|
when: agentless_creds is defined
|
|
tags:
|
|
- config
|
|
|
|
- name: Ensure Wazuh Manager service is started and enabled.
|
|
service:
|
|
name: "wazuh-manager"
|
|
enabled: true
|
|
state: started
|
|
tags:
|
|
- config
|
|
|
|
- name: Ensure Wazuh API service is started and enabled.
|
|
service:
|
|
name: "wazuh-api"
|
|
enabled: true
|
|
state: started
|
|
when: wazuh_manager_config.cluster.node_type == "master"
|
|
tags:
|
|
- config
|
|
|
|
- name: Create agent groups
|
|
command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q"
|
|
with_items:
|
|
- "{{ agent_groups }}"
|
|
when:
|
|
- ( agent_groups is defined) and ( agent_groups|length > 0)
|
|
tags: molecule-idempotence-notest
|
|
|
|
- include_tasks: "RMRedHat.yml"
|
|
when:
|
|
- ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
|
|
- not wazuh_manager_sources_installation.enabled
|
|
|
|
- include_tasks: "RMDebian.yml"
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- not wazuh_manager_sources_installation.enabled
|