wazuh-api

gfolga · Apr 15, 2017 · bd9f816 · bd9f816
1 parent a057e1a
commit bd9f816
Show file tree

Hide file tree

Showing 9 changed files with 253 additions and 49 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -2,7 +2,13 @@
 # defaults file for ossec-wazuh
 #
 ossec_wazuh_version: 1.1.1
+ossec_wazuh_api_version: 1.2.1
 ossec_email_from: ""
 ossec_email_address: ""
 ossec_enable_email: "n"
 ossec_clean_previous: true
+ossec_wazuh_api: true
+ossec_wazuh_api_config_https: "no"
+ossec_wazuh_api_config_basic_auth: "no"
+ossec_wazuh_api_config_port: "55000"
+ossec_wazuh_api_config_https: "no"
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -6,4 +6,6 @@
            state=started
            enabled=yes
 
-
+- name: restart wazuh-api
+  service: name=wazuh-api
+           state=restarted
diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Install ossec wazuh required packages for compilation
+  yum: state=latest name={{ item }}
+  with_items:
+    - gcc
+    - make
+    - git
+    - openssl-devel
+    - epel-release
+    - libselinux-python
+
+- name: Install ossec wazuh API required packages for installation
+  yum: state=latest name={{ item }} enablerepo=epel
+  with_items:
+    - nodejs
+    - npm
+  when: ossec_wazuh_api
diff --git a/tasks/api.yml b/tasks/api.yml
@@ -0,0 +1,23 @@
+- name: download wazhu-api
+  get_url: url=https://github.com/wazuh/wazuh-api/archive/v{{ ossec_wazuh_api_version }}.tar.gz
+           dest=/tmp/wazuh-API-{{ ossec_wazuh_api_version }}.tar.gz
+
+- name: unzip wazuh api software
+  unarchive: src="/tmp/wazuh-API-{{ ossec_wazuh_api_version }}.tar.gz"  dest="/var/ossec" copy=no creates=/var/ossec/api/app.js
+
+- name: wazuh api link
+  file: src=/var/ossec/wazuh-api-{{ ossec_wazuh_api_version }} dest=/var/ossec/api owner=root group=ossec state=link
+
+- name: wazuh api config
+  template: src=api_config.js.j2 dest=/var/ossec/api/config.js owner=root group=ossec
+  notify:
+    - restart wazuh-api
+
+- name: install wazuh api
+  npm: path=/var/ossec/api global=no
+
+- name: init script for wazuh api
+  template: src=wazuh_api.j2 dest=/etc/init.d/wazuh-api owner=root group=root mode=0755
+
+- name: service enabled ( wazuh api )
+  service: name=wazuh-api state=started enabled=yes
diff --git a/tasks/api_config.js.j2 b/tasks/api_config.js.j2
@@ -0,0 +1,30 @@
+var config = {};
+
+// Port
+// TCP Port used by the API.
+config.port = "{{ config.port }}";
+
+// Security
+// Use HTTP protocol over TLS/SSL
+config.https = "{{ config.https }}";
+
+// Use HTTP authentication
+config.basic_auth = "{{ config.basic_auth }}";
+
+// In case the API run behind a proxy server, turn to "yes" this feature.
+config.BehindProxyServer = "no";
+
+// Cross-origin resource sharing
+config.cors = "yes";
+
+// Paths
+config.ossec_path = "/var/ossec";
+config.log_path = "/var/ossec/logs/api.log";
+config.api_path = __dirname;
+
+// Logs
+// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
+config.logs = "info";
+config.logs_tag = "WazuhAPI";
+
+module.exports = config;
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Stop Ossec
+  command: "/var/ossec/bin/ossec-control stop"
+  ignore_errors: yes
+  when: ossec_clean_previous
+
+- name: Stop Wazuh-API
+  command: "/etc/init.d/wazuh-api stop"
+  ignore_errors: yes
+  when: ossec_clean_previous
+
+- name: Clean OSSEC directory
+  file: path=/var/ossec
+        state=absent
+  ignore_errors: yes
+  when: ossec_clean_previous
+
+#- name: create folder ossec_tmp
+#  file: path=/root/ossec_tmp state=directory
+
+- name: download file ossec-wazuh
+  get_url:
+    url: https://github.com/wazuh/ossec-wazuh/archive/v{{ ossec_wazuh_version }}.tar.gz
+    dest: /root/v{{ ossec_wazuh_version }}.tar.gz
+
+- name: extract ossec-wazuh source
+  unarchive:
+    src=/root/v{{ ossec_wazuh_version }}.tar.gz
+    dest=/root/
+    creates=/root/wazuh-{{ ossec_wazuh_version }}
+    copy=no
+
+- name: Configure Preloaded ossec vars (needed for automatic installation)
+  template: src=preloaded-vars.conf.j2
+            dest=/root/wazuh-{{ ossec_wazuh_version }}/etc/preloaded-vars.conf
+
+- name: Install init script
+  copy: remote_src=yes
+        src="/root/wazuh-{{ ossec_wazuh_version }}/src/init/ossec-hids-rh.init"
+        dest=/etc/init.d/ossec
+        mode=755
+  when: ansible_os_family == "RedHat"
+
+- name: Compile and install ossec-wazuh
+  command: /root/wazuh-{{ ossec_wazuh_version }}/install.sh
+    chdir="/root/wazuh-{{ ossec_wazuh_version }}"
+    creates=/var/ossec/etc
+  notify: start ossec
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,53 +1,9 @@
 ---
 # tasks file for ossec-wazuh
-- name: Install ossec wazuh required packages for compilation
-  yum: state=latest name={{ item }}
-  with_items:
-    - gcc
-    - make
-    - git
-    - openssl-devel
-    - epel-release
-    - libselinux-python
 
-- name: Stop Ossec
-  command: "/var/ossec/bin/ossec-control stop"
-  ignore_errors: yes
-  when: ossec_clean_previous
+- include: RedHat.yml
+  when: ansible_os_family == "RedHat"
 
-- name: Clean OSSEC directory
-  file: path=/var/ossec
-        state=absent
-  ignore_errors: yes
-  when: ossec_clean_previous
+- include: install.yml
 
-#- name: create folder ossec_tmp
-#  file: path=/root/ossec_tmp state=directory
-
-- name: download file ossec-wazuh
-  get_url:
-    url: https://github.com/wazuh/ossec-wazuh/archive/v{{ ossec_wazuh_version }}.tar.gz
-    dest: /root/v{{ ossec_wazuh_version }}.tar.gz
-
-- name: extract ossec-wazuh source
-  unarchive:
-    src=/root/v{{ ossec_wazuh_version }}.tar.gz
-    dest=/root/
-    creates=/root/wazuh-{{ ossec_wazuh_version }}
-    copy=no
-
-- name: Configure Preloaded ossec vars (needed for automatic installation)
-  template: src=preloaded-vars.conf.j2
-            dest=/root/wazuh-{{ ossec_wazuh_version }}/etc/preloaded-vars.conf
-
-- name: Install init script
-  copy: remote_src=yes
-        src="/root/wazuh-{{ ossec_wazuh_version }}/src/init/ossec-hids-rh.init"
-        dest=/etc/init.d/ossec
-        mode=755
-
-- name: Compile and install ossec-wazuh
-  command: /root/wazuh-{{ ossec_wazuh_version }}/install.sh
-    chdir="/root/wazuh-{{ ossec_wazuh_version }}"
-    creates=/var/ossec/etc
-  notify: start ossec
+- include: api.yml
diff --git a/templates/api_config.js.j2 b/templates/api_config.js.j2
@@ -0,0 +1,30 @@
+var config = {};
+
+// Port
+// TCP Port used by the API.
+config.port = "{{ ossec_wazuh_api_config_port }}";
+
+// Security
+// Use HTTP protocol over TLS/SSL
+config.https = "{{ ossec_wazuh_api_config_https }}";
+
+// Use HTTP authentication
+config.basic_auth = "{{ ossec_wazuh_api_config_basic_auth }}";
+
+// In case the API run behind a proxy server, turn to "yes" this feature.
+config.BehindProxyServer = "no";
+
+// Cross-origin resource sharing
+config.cors = "yes";
+
+// Paths
+config.ossec_path = "/var/ossec";
+config.log_path = "/var/ossec/logs/api.log";
+config.api_path = __dirname;
+
+// Logs
+// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
+config.logs = "info";
+config.logs_tag = "WazuhAPI";
+
+module.exports = config;
diff --git a/templates/wazuh_api.j2 b/templates/wazuh_api.j2
@@ -0,0 +1,90 @@
+#!/bin/sh
+# WAZUH API Service
+# Author: Wazuh
+
+### BEGIN INIT INFO
+# Provides:          wazuh_api
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Should-Start:      $network
+# Should-Stop:       $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Wazuh API
+# Description:       Wazuh API daemon
+#
+### END INIT INFO
+
+# Instructions:
+#  sudo install -m 755 -o root -g root /var/ossec/api/scripts/wazuh-api /etc/init.d/
+#  sudo systemctl enable wazuh-api
+#  sudo systemctl daemon-reload
+#  sudo systemctl restart wazuh-api
+
+BIN_DIR="/usr/bin/node"
+APP_PATH="/var/ossec/api/app.js"
+OSSEC_PATH="/var/ossec"
+PID_PATH="$OSSEC_PATH/var/run/wazuh-api.pid"
+API_LOGS="$OSSEC_PATH/logs/api.log"
+
+start() {
+  if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then
+    echo "WAZUH-API is already running."
+  else
+    $BIN_DIR $APP_PATH > /dev/null 2>&1 < /dev/null &
+
+    if [ "$?" = "0" ]; then
+      echo $! > $PID_PATH
+    else
+      echo "Start error"
+      exit 1
+    fi
+
+    echo "WAZUH-API started."
+  fi
+}
+
+stop() {
+  if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then
+    kill `cat $PID_PATH` >  /dev/null 2>&1
+    while [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; do sleep 0.1; done
+    rm -f $PID_PATH
+    echo "WAZUH-API stopped."
+  else
+    echo "WAZUH-API is not running."
+  fi
+}
+
+status() {
+  if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then
+    echo "WAZUH-API is running."
+  else
+    echo "WAZUH-API is stopped."
+    if [ -f $API_LOGS ]; then
+      echo ""
+      echo "Last 20 log entries:"
+      tail -n 20 $API_LOGS
+      echo ""
+    fi
+    echo "Full log: $API_LOGS"
+  fi
+}
+
+case "$1" in
+start)
+  start
+  ;;
+stop)
+  stop
+  ;;
+restart)
+stop
+  start
+  ;;
+status)
+  status
+  ;;
+*)
+  echo "*** Usage: $0 {start|stop|restart|status}"
+  exit 1
+esac