From 58c5005bedcc3cbd1e0c9f39fc840a3d191614d6 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 15:01:05 +0100 Subject: [PATCH 1/5] Set new API configuration behavior --- .../ansible-kibana/defaults/main.yml | 8 ++ .../ansible-kibana/tasks/main.yml | 25 ++++ .../ansible-kibana/templates/wazuh.yml.j2 | 134 ++++++++++++++++++ 3 files changed, 167 insertions(+) create mode 100644 roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 72e512543..22dcf3eac 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -9,6 +9,14 @@ elastic_stack_version: 7.5.1 wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +# API credentials +api_auth: + - api_id: "default" + api_url: "http://localhost" + api_port: 55000 + api_user: "foo" + api_password: "bar" + # Xpack Security kibana_xpack_security: false diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dd0e423ff..c37a23eb9 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -134,6 +134,31 @@ when: - not build_from_sources +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200, 404 + ignore_errors: yes + +- name: Configure Wazuh Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + owner: kibana + group: root + mode: 0644 + - name: Reload systemd configuration systemd: daemon_reload: true diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 new file mode 100644 index 000000000..4895c105c --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -0,0 +1,134 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2019 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-3.x-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# ------------------------------ Advanced indices ------------------------------ +# +# Configure .wazuh indices shards and replicas. +#wazuh.shards : 1 +#wazuh.replicas : 0 +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-3.x-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +# +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# user: +# password: + +hosts: +{% for api in api_auth %} + - {{ api['api_id'] }}: + url: {{ api['api_url'] }} + port: {{ api['api_port'] }} + user: {{ api['api_user'] }} + password: {{ api['api_password'] }} +{% endfor %} From c7ca41169e07da37cddf82847d47c5fd88778a1d Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:06:08 +0100 Subject: [PATCH 2/5] Rename API variables --- .../elastic-stack/ansible-kibana/defaults/main.yml | 14 +++++++------- .../ansible-kibana/templates/wazuh.yml.j2 | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 22dcf3eac..0f1b0611a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -10,12 +10,12 @@ wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials -api_auth: - - api_id: "default" - api_url: "http://localhost" - api_port: 55000 - api_user: "foo" - api_password: "bar" +wazuh_api_credentials: + - id: "default" + url: "http://localhost" + port: 55000 + user: "foo" + password: "bar" # Xpack Security kibana_xpack_security: false @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +wazuh_plugin_branch: 3.10-7.4 diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 index 4895c105c..1cbc9e2d6 100644 --- a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -125,10 +125,10 @@ # password: hosts: -{% for api in api_auth %} - - {{ api['api_id'] }}: - url: {{ api['api_url'] }} - port: {{ api['api_port'] }} - user: {{ api['api_user'] }} - password: {{ api['api_password'] }} +{% for api in wazuh_api_credentials %} + - {{ api['id'] }}: + url: {{ api['url'] }} + port: {{ api['port'] }} + user: {{ api['user'] }} + password: {{ api['password'] }} {% endfor %} From 2d91a5c126c615a9b0541ea202853f3046b62b8c Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:10:04 +0100 Subject: [PATCH 3/5] Rename task --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c37a23eb9..5e3009346 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -151,7 +151,7 @@ status_code: 200, 404 ignore_errors: yes -- name: Configure Wazuh Plugin +- name: Configure Wazuh Kibana Plugin template: src: wazuh.yml.j2 dest: /usr/share/kibana/plugins/wazuh/wazuh.yml From 71e52de80f33fcb8be0c3b620e3cfbc2f10fc2b3 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:21:47 +0100 Subject: [PATCH 4/5] Do not ignore errors on index removal --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 5e3009346..d21dea919 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -149,7 +149,6 @@ password: "{{ elasticsearch_xpack_security_password }}" validate_certs: no status_code: 200, 404 - ignore_errors: yes - name: Configure Wazuh Kibana Plugin template: From 5b895233d458203e5a97acbc07bdae846224fa38 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:29:20 +0100 Subject: [PATCH 5/5] Fix missing bump --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0f1b0611a..4e32c8388 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -41,4 +41,4 @@ nodejs: # Build from sources build_from_sources: false -wazuh_plugin_branch: 3.10-7.4 +wazuh_plugin_branch: 3.11-7.5