diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5dcc0e82d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" + target-branch: "4.4" diff --git a/CHANGELOG.md b/CHANGELOG.md old mode 100755 new mode 100644 index 88c1ebf36..91e5916b6 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.4.0] + +### Added + +- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440) + ## [v4.3.10] ### Added @@ -67,6 +73,12 @@ All notable changes to this project will be documented in this file. - Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430) +## [v4.2.6] + +### Added + +- Update to [Wazuh v4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426) + ## [v4.2.5] ### Added diff --git a/README.md b/README.md index 2dab5138e..d39315555 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | Wazuh version | Elastic | ODFE | |---------------|---------|--------| +| v4.4.0 | | | | v4.3.10 | | | | v4.3.9 | | | | v4.3.8 | | | @@ -27,6 +28,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | v4.3.2 | | | | v4.3.1 | | | | v4.3.0 | | | +| v4.2.6 | 7.10.2 | 1.13.2 | | v4.2.5 | 7.10.2 | 1.13.2 | | v4.2.4 | 7.10.2 | 1.13.2 | | v4.2.3 | 7.10.2 | 1.13.2 | @@ -394,6 +396,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory After the playbook execution, the Wazuh UI should be reachable through `https://` +## Example: Wazuh server cluster (without Filebeat) + +### Playbook + +The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes. + +```yaml +--- +# Wazuh cluster without Filebeat + - hosts: manager + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + + - hosts: worker01 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' +``` + +### Inventory file + +```ini +[manager] + + +[worker01] + + +[all:vars] +ansible_ssh_user=vagrant +ansible_ssh_private_key_file=/path/to/ssh/key.pem +ansible_ssh_extra_args='-o StrictHostKeyChecking=no' +``` + +### Adding additional workers + +Add the following block at the end of the playbook + +```yaml + - hosts: worker02 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_02' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' +``` + +NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration. + +Add the following lines to the inventory file: + +```ini +[worker02] + +``` + +### Launching the playbook + +```bash +sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory +``` + ## Contribute If you want to contribute to our repository, please fork our Github repository and submit a pull request. diff --git a/VERSION b/VERSION index 32dbbde64..50f0ba7fb 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.3.10" -REVISION="40323" \ No newline at end of file +WAZUH-ANSIBLE_VERSION="v4.4.0" +REVISION="40400" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 3c364b7c4..2769e498e 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.10" + return "4.4.0" diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml new file mode 100644 index 000000000..dd856b902 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -0,0 +1,36 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" +kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" +kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# Versions +elastic_stack_version: 7.10.2 +filebeat_version: 7.10.2 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 + +# Kibana role appends it automatically. +wazuh_version: 4.4.0 + +######################################################## +# General ELK stack variables + +# Xpack Security: autogenerate CA +generate_CA: true +filebeat_xpack_security: true +kibana_xpack_security: true +elasticsearch_xpack_security: true +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py new file mode 100644 index 000000000..d70bd1ea7 --- /dev/null +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -0,0 +1,64 @@ +import os +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.4.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml new file mode 100644 index 000000000..6fdbc2248 --- /dev/null +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -0,0 +1,23 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# Versions +elastic_stack_version: 7.10.2 +filebeat_version: 7.10.2 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 + +# Kibana role appends it automatically. +wazuh_version: 4.4.0 diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml new file mode 100644 index 000000000..36080bf0f --- /dev/null +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -0,0 +1,47 @@ +--- + +######################################################## +# Helper variables +private_ip: '{{ ansible_default_ipv4.address }}' + +managers_hostvars: "{{ groups['managers'] | map('extract', hostvars) | list }}" +elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" +kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars) | list }}" + +manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" +elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" +kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" + +######################################################## +# General ELK stack variables + +# OpenDistro +kibana_opendistro_security: true + +opendistro_kibana_user: kibanaserver +opendistro_security_user: elastic + +opendistro_kibana_password: changeme +opendistro_security_password: admin +opendistro_admin_password: changeme + +# All nodes are called by IP name +elasticsearch_node_name: '{{ ansible_hostname }}' +kibana_node_name: '{{ ansible_hostname }}' +filebeat_node_name: '{{ ansible_hostname }}' + +######################################################## +# Versions +# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ + +elastic_stack_version: 7.10.2 +opendistro_version: 1.13.2 +filebeat_version: 7.10.2 +kibana_opendistro_version: 1.13.2-1 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 + +# Kibana role appends it automatically. +wazuh_version: 4.4.0 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py new file mode 100644 index 000000000..d70bd1ea7 --- /dev/null +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -0,0 +1,64 @@ +import os +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def get_wazuh_version(): + """This return the version of Wazuh.""" + return "4.4.0" + + +def test_wazuh_packages_are_installed(host): + """Test the main packages are installed.""" + manager = host.package("wazuh-manager") + assert manager.is_installed + assert manager.version.startswith(get_wazuh_version()) + + +def test_wazuh_services_are_running(host): + """Test the services are enabled and running. + + When assert commands are commented, this means that the service command has + a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107 + """ + # This currently doesn't work with out current Docker base images + # manager = host.service("wazuh-manager") + # api = host.service("wazuh-api") + # assert manager.is_running + # assert api.is_running + output = host.check_output( + 'ps aux | grep ossec | tr -s " " | cut -d" " -f11' + ) + assert 'ossec-authd' in output + assert 'wazuh-modulesd' in output + assert 'wazuh-db' in output + assert 'ossec-execd' in output + assert 'ossec-monitord' in output + assert 'ossec-remoted' in output + assert 'ossec-logcollector' in output + assert 'ossec-analysisd' in output + assert 'ossec-syscheckd' in output + + +@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ + ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), + ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), +]) +def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): + """Test Wazuh related files exist and have proper owners and mode.""" + wazuh_file_host = host.file(wazuh_file) + assert wazuh_file_host.user == wazuh_owner + assert wazuh_file_host.group == wazuh_group + assert wazuh_file_host.mode == wazuh_mode + + +def test_filebeat_is_installed(host): + """Test the elasticsearch package is installed.""" + filebeat = host.package("filebeat") + assert filebeat.is_installed + assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh/group_vars/all.yml b/molecule/distributed-wazuh/group_vars/all.yml index 9940eae56..007b0d9af 100644 --- a/molecule/distributed-wazuh/group_vars/all.yml +++ b/molecule/distributed-wazuh/group_vars/all.yml @@ -30,10 +30,10 @@ indexer_node_name: '{{ ansible_facts.hostname }}' dashboard_node_name: '{{ ansible_facts.hostname }}' filebeat_node_name: '{{ ansible_facts.hostname }}' -indexer_version: 4.3.10 +indexer_version: 4.4.0 filebeat_version: 7.10.2 -wazuh_version: 4.3.10 +wazuh_version: 4.4.0 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.10 -wazuh_agent_version: 4.3.10 +wazuh_manager_version: 4.4.0 +wazuh_agent_version: 4.4.0 diff --git a/molecule/distributed-wazuh/tests/test_default.py b/molecule/distributed-wazuh/tests/test_default.py index a160dcc18..d70bd1ea7 100644 --- a/molecule/distributed-wazuh/tests/test_default.py +++ b/molecule/distributed-wazuh/tests/test_default.py @@ -8,7 +8,7 @@ def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.10" + return "4.4.0" def test_wazuh_packages_are_installed(host): diff --git a/playbooks/wazuh-manager-oss-cluster.yml b/playbooks/wazuh-manager-oss-cluster.yml new file mode 100644 index 000000000..571095818 --- /dev/null +++ b/playbooks/wazuh-manager-oss-cluster.yml @@ -0,0 +1,50 @@ +--- +# Wazuh cluster without Filebeat + - hosts: manager + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + + - hosts: worker01 + roles: + - role: "../roles/wazuh/ansible-wazuh-manager" + become: yes + become_user: root + vars: + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' diff --git a/poetry.lock b/poetry.lock index b9b97d384..f91817c38 100644 --- a/poetry.lock +++ b/poetry.lock @@ -49,7 +49,7 @@ wcmatch = ">=7.0" community = ["ansible (>=2.10)"] core = ["ansible-core (>=2.11.4)"] test = ["coverage (>=6.2,<6.3)", "tomli (>=1.2.3,<2.0.0)", "flaky (>=3.7.0)", "pytest (>=6.0.1)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=2.1.0)", "psutil"] -yamllint = ["yamllint (>=1.25.0)"] +cyamllint = ["yamllint (>=1.25.0)"] [[package]] name = "arrow" diff --git a/pyproject.toml b/pyproject.toml index f15094efb..e0825ad76 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.3.10" +version = "4.4.0" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml new file mode 100644 index 000000000..9edcf5d48 --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -0,0 +1,53 @@ +--- +kibana_node_name: node-1 + +elasticsearch_http_port: "9200" +elasticsearch_network_host: "127.0.0.1" +kibana_server_host: "0.0.0.0" +kibana_server_port: "5601" +kibana_conf_path: /etc/kibana +elastic_stack_version: 7.10.2 +wazuh_version: 4.4.0 +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana + +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' + +# API credentials +wazuh_api_credentials: + - id: "default" + url: "https://localhost" + port: 55000 + username: "wazuh" + password: "wazuh" + +# Xpack Security +kibana_xpack_security: false +kibana_ssl_verification_mode: "full" + +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +node_certs_destination: /etc/kibana/certs + +# CA Generation +master_certs_path: "{{ playbook_dir }}/es_certs" +generate_CA: true +ca_cert_name: "" + +# Nodejs +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_10.x" + +# Build from sources +build_from_sources: false +wazuh_plugin_branch: 4.1-7.10 + +#Nodejs NODE_OPTIONS +node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml new file mode 100644 index 000000000..5b4908445 --- /dev/null +++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml @@ -0,0 +1,57 @@ + +--- + +- name: Update cache + apt: + update_cache: yes + +- name: Debian 9 (Stretch) + when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9") + block: + + - name: Install OpenDistro dependencies + apt: + name: [ + 'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common + ] + state: present + + - name: Add the repository key for Debian's Stretch Backports repository + ansible.builtin.apt_key: + keyserver: keyserver.ubuntu.com + id: 648ACFD622F3D138 + + - name: Add openjdk repository + apt_repository: + repo: "{{ package_repos.apt.openjdk.baseurl }}" + state: present + update_cache: yes + filename: 'wazuh-openjdk' + +- name: Install openjdk-11-jdk + apt: + name: openjdk-11-jdk + state: present + environment: + JAVA_HOME: /usr + +- name: Add Opendistro repository + block: + - name: Add apt repository signing key + apt_key: + url: "{{ package_repos.apt.opendistro.gpg }}" + state: present + + - name: Add Opendistro repository + apt_repository: + repo: "{{ package_repos.apt.opendistro.baseurl }}" + state: present + filename: 'wazuh-opendistro' + update_cache: yes + +- name: Install OpenDistro + apt: + name: opendistroforelasticsearch={{ opendistro_version }}-1 + state: present + register: install + tags: install \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml new file mode 100644 index 000000000..ce5eb14b8 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -0,0 +1,60 @@ +--- + +# Kibana configuration +elasticsearch_http_port: 9200 +elastic_api_protocol: https +kibana_conf_path: /etc/kibana +kibana_node_name: node-1 +kibana_server_host: "0.0.0.0" +kibana_server_port: "5601" +kibana_server_name: "kibana" +kibana_max_payload_bytes: 1048576 +elastic_stack_version: 7.10.2 +wazuh_version: 4.4.0 +wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana + +# The OpenDistro package repository +kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts + +package_repos: + yum: + opendistro: + baseurl: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + apt: + opendistro: + baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + +# API credentials +wazuh_api_credentials: + - id: "default" + url: "https://localhost" + port: 55000 + username: "wazuh" + password: "wazuh" + +# opendistro Security +kibana_opendistro_security: true +kibana_newsfeed_enabled: "false" +kibana_telemetry_optin: "false" +kibana_telemetry_enabled: "false" + +opendistro_admin_password: changeme +opendistro_kibana_user: kibanaserver +opendistro_kibana_password: changeme +local_certs_path: "{{ playbook_dir }}/opendistro/certificates" + +# Nodejs +nodejs: + repo_dict: + debian: "deb" + redhat: "rpm" + repo_url_ext: "nodesource.com/setup_10.x" + +# Build from sources +build_from_sources: false +wazuh_plugin_branch: 4.1-7.10 + +#Nodejs NODE_OPTIONS +node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml new file mode 100755 index 000000000..acfd1f908 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -0,0 +1,124 @@ +--- + +- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible + fail: + msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924" + when: + - build_from_sources + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + +- import_tasks: RedHat.yml + when: ansible_os_family == 'RedHat' + +- import_tasks: Debian.yml + when: ansible_os_family == 'Debian' + +- name: Remove Kibana configuration file + file: + # noqa 503 + path: "{{ kibana_conf_path }}/kibana.yml" + state: absent + tags: install + +- import_tasks: security_actions.yml + +- name: Copy Configuration File + blockinfile: + block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}" + dest: "{{ kibana_conf_path }}/kibana.yml" + create: true + group: kibana + owner: kibana + mode: 0640 + marker: "## {mark} Kibana general settings ##" + notify: restart kibana + tags: + - install + - configure + +- name: Ensuring Kibana directory owner + file: + # noqa 208 + path: "/usr/share/kibana" + state: directory + owner: kibana + group: kibana + recurse: yes + +- name: Build and Install Wazuh Kibana Plugin from sources + import_tasks: build_wazuh_plugin.yml + when: + - build_from_sources is defined + - build_from_sources + +- name: Install Wazuh Plugin (can take a while) + shell: >- + NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install + {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip + args: + executable: /bin/bash + creates: /usr/share/kibana/plugins/wazuh/package.json + chdir: /usr/share/kibana + become: yes + become_user: kibana + notify: restart kibana + tags: + - install + - skip_ansible_lint + when: + - not build_from_sources + +- name: Kibana optimization (can take a while) + shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml + args: + executable: /bin/bash + become: yes + become_user: kibana + changed_when: false + tags: + - skip_ansible_lint + +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200, 404 + +- name: Create wazuh plugin config directory + file: + path: /usr/share/kibana/data/wazuh/config/ + state: directory + recurse: yes + owner: kibana + group: kibana + mode: 0751 + changed_when: False + +- name: Configure Wazuh Kibana Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/data/wazuh/config/wazuh.yml + owner: kibana + group: kibana + mode: 0751 + changed_when: False + +- name: Ensure Kibana started and enabled + service: + name: kibana + enabled: true + state: started + +- import_tasks: RMRedHat.yml + when: ansible_os_family == 'RedHat' diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml new file mode 100644 index 000000000..ee21f1c1f --- /dev/null +++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml @@ -0,0 +1,13 @@ +- block: + + - name: Copy the certificates from local to the Kibana instance + copy: + src: "{{ local_certs_path }}/certs/{{ item }}" + dest: /usr/share/kibana + mode: 0644 + with_items: + - "root-ca.pem" + - "{{ kibana_node_name }}_http.key" + - "{{ kibana_node_name }}_http.pem" + tags: + - security diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 808210d18..eb90b20a4 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: 4.3 +wazuh_template_branch: 4.4 filebeat_node_name: node-1 diff --git a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 index aeeab17df..a9da9dbd6 100644 --- a/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2 @@ -16,7 +16,7 @@ setup.ilm.enabled: false output.elasticsearch: hosts: {% for item in filebeat_output_indexer_hosts %} - - {{ item }}:9200 + - {{ item }} {% endfor %} {% if filebeat_security %} diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml new file mode 100644 index 000000000..6c048fbf1 --- /dev/null +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -0,0 +1,36 @@ +--- +filebeat_version: 7.10.2 + +wazuh_template_branch: v4.4.0 + +filebeat_create_config: true + +filebeat_node_name: node-1 + +filebeat_output_elasticsearch_hosts: + - "localhost:9200" + +filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat +filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz +filebeat_module_package_path: /tmp/ +filebeat_module_destination: /usr/share/filebeat/module +filebeat_module_folder: /usr/share/filebeat/module/wazuh + +# Xpack Security +filebeat_xpack_security: false + +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +node_certs_destination: /etc/filebeat/certs + +# CA Generation +master_certs_path: "{{ playbook_dir }}/es_certs" +generate_CA: true +ca_cert_name: "" + +elasticrepo: + apt: 'https://artifacts.elastic.co/packages/7.x/apt' + yum: 'https://artifacts.elastic.co/packages/7.x/yum' + gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d778cbc45..7b3335ef3 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_agent_version: 4.3.10 +wazuh_agent_version: 4.4.0 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.3.10" + branch: "v4.4.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -54,7 +54,7 @@ wazuh_winagent_config: # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True - md5: eee54087d25a42ceb27ecf8ad562143f + md5: 8ffa75d13280f1aa6ffca54f4273df4d wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 1348f3e18..99913e7b4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -125,7 +125,7 @@ - name: Linux | Obtain JWT Token uri: url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' - method: GET + method: POST url_username: '{{ target_manager.api_user }}' url_password: '{{ api_pass }}' status_code: 200 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3f946db28..74172080e 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_manager_version: 4.3.10 +wazuh_manager_version: 4.4.0 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.3.10" + branch: "v4.4.0" user_language: "en" user_no_stop: "y" user_install_type: "server" diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml index c2d1e902a..4cfb06cc1 100644 --- a/roles/wazuh/check-packages/defaults/main.yml +++ b/roles/wazuh/check-packages/defaults/main.yml @@ -1,2 +1,2 @@ --- -wazuh_version: 4.3.10 \ No newline at end of file +wazuh_version: 4.4.0 diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 2ec55ff17..d4c0d3116 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -6,7 +6,7 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -certs_gen_tool_version: 4.3 +certs_gen_tool_version: 4.4 # Url of certificates generator tool certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 6dd08dc64..76a04f17d 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -6,7 +6,7 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -certs_gen_tool_version: 4.3 +certs_gen_tool_version: 4.4 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index 5a7108897..25ed85636 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -8,12 +8,12 @@ dashboard_node_name: node-1 dashboard_server_host: "0.0.0.0" dashboard_server_port: "443" dashboard_server_name: "dashboard" -wazuh_version: 4.3.10 +wazuh_version: 4.4.0 indexer_cluster_nodes: - 127.0.0.1 # The Wazuh dashboard package repository -dashboard_version: "4.3.10" +dashboard_version: "4.4.0" # API credentials wazuh_api_credentials: diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml index 6ebfce697..09be1e06d 100644 --- a/roles/wazuh/wazuh-dashboard/vars/debian.yml +++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml @@ -1,3 +1,2 @@ --- - -dashboard_version: 4.3.10 \ No newline at end of file +dashboard_version: 4.4.0 diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index db67d3882..7c52a6961 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -indexer_version: 4.3.10 +indexer_version: 4.4.0 single_node: false indexer_node_name: node-1 @@ -26,9 +26,9 @@ minimum_master_nodes: 2 # Example es1.example.com, es2.example.com domain_name: wazuh.com -indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig +indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools -indexer_conf_path: /etc/wazuh-indexer/ +indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ # Security password diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 2b481cc29..26b83fd75 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -83,7 +83,7 @@ JAVA_HOME=/usr/share/wazuh-indexer/jdk {{ indexer_sec_plugin_tools_path }}/securityadmin.sh -cd {{ indexer_sec_plugin_conf_path }}/ - -icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/ + -icl -p 9200 -cd {{ indexer_sec_plugin_conf_path }}/ -nhnv -cacert {{ indexer_conf_path }}/certs/root-ca.pem -cert {{ indexer_conf_path }}/certs/admin.pem