forked from antoniobarbaro/ansible-role-ossec-wazuh
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Gustavo Folga
committed
Apr 15, 2017
1 parent
a057e1a
commit bd9f816
Showing
9 changed files
with
253 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,4 +6,6 @@ | |
state=started | ||
enabled=yes | ||
|
||
|
||
- name: restart wazuh-api | ||
service: name=wazuh-api | ||
state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
|
||
- name: Install ossec wazuh required packages for compilation | ||
yum: state=latest name={{ item }} | ||
with_items: | ||
- gcc | ||
- make | ||
- git | ||
- openssl-devel | ||
- epel-release | ||
- libselinux-python | ||
|
||
- name: Install ossec wazuh API required packages for installation | ||
yum: state=latest name={{ item }} enablerepo=epel | ||
with_items: | ||
- nodejs | ||
- npm | ||
when: ossec_wazuh_api |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
- name: download wazhu-api | ||
get_url: url=https://github.com/wazuh/wazuh-api/archive/v{{ ossec_wazuh_api_version }}.tar.gz | ||
dest=/tmp/wazuh-API-{{ ossec_wazuh_api_version }}.tar.gz | ||
|
||
- name: unzip wazuh api software | ||
unarchive: src="/tmp/wazuh-API-{{ ossec_wazuh_api_version }}.tar.gz" dest="/var/ossec" copy=no creates=/var/ossec/api/app.js | ||
|
||
- name: wazuh api link | ||
file: src=/var/ossec/wazuh-api-{{ ossec_wazuh_api_version }} dest=/var/ossec/api owner=root group=ossec state=link | ||
|
||
- name: wazuh api config | ||
template: src=api_config.js.j2 dest=/var/ossec/api/config.js owner=root group=ossec | ||
notify: | ||
- restart wazuh-api | ||
|
||
- name: install wazuh api | ||
npm: path=/var/ossec/api global=no | ||
|
||
- name: init script for wazuh api | ||
template: src=wazuh_api.j2 dest=/etc/init.d/wazuh-api owner=root group=root mode=0755 | ||
|
||
- name: service enabled ( wazuh api ) | ||
service: name=wazuh-api state=started enabled=yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
var config = {}; | ||
|
||
// Port | ||
// TCP Port used by the API. | ||
config.port = "{{ config.port }}"; | ||
|
||
// Security | ||
// Use HTTP protocol over TLS/SSL | ||
config.https = "{{ config.https }}"; | ||
|
||
// Use HTTP authentication | ||
config.basic_auth = "{{ config.basic_auth }}"; | ||
|
||
// In case the API run behind a proxy server, turn to "yes" this feature. | ||
config.BehindProxyServer = "no"; | ||
|
||
// Cross-origin resource sharing | ||
config.cors = "yes"; | ||
|
||
// Paths | ||
config.ossec_path = "/var/ossec"; | ||
config.log_path = "/var/ossec/logs/api.log"; | ||
config.api_path = __dirname; | ||
|
||
// Logs | ||
// Values for API log: disabled, info, warning, error, debug (each level includes the previous level). | ||
config.logs = "info"; | ||
config.logs_tag = "WazuhAPI"; | ||
|
||
module.exports = config; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
--- | ||
|
||
- name: Stop Ossec | ||
command: "/var/ossec/bin/ossec-control stop" | ||
ignore_errors: yes | ||
when: ossec_clean_previous | ||
|
||
- name: Stop Wazuh-API | ||
command: "/etc/init.d/wazuh-api stop" | ||
ignore_errors: yes | ||
when: ossec_clean_previous | ||
|
||
- name: Clean OSSEC directory | ||
file: path=/var/ossec | ||
state=absent | ||
ignore_errors: yes | ||
when: ossec_clean_previous | ||
|
||
#- name: create folder ossec_tmp | ||
# file: path=/root/ossec_tmp state=directory | ||
|
||
- name: download file ossec-wazuh | ||
get_url: | ||
url: https://github.com/wazuh/ossec-wazuh/archive/v{{ ossec_wazuh_version }}.tar.gz | ||
dest: /root/v{{ ossec_wazuh_version }}.tar.gz | ||
|
||
- name: extract ossec-wazuh source | ||
unarchive: | ||
src=/root/v{{ ossec_wazuh_version }}.tar.gz | ||
dest=/root/ | ||
creates=/root/wazuh-{{ ossec_wazuh_version }} | ||
copy=no | ||
|
||
- name: Configure Preloaded ossec vars (needed for automatic installation) | ||
template: src=preloaded-vars.conf.j2 | ||
dest=/root/wazuh-{{ ossec_wazuh_version }}/etc/preloaded-vars.conf | ||
|
||
- name: Install init script | ||
copy: remote_src=yes | ||
src="/root/wazuh-{{ ossec_wazuh_version }}/src/init/ossec-hids-rh.init" | ||
dest=/etc/init.d/ossec | ||
mode=755 | ||
when: ansible_os_family == "RedHat" | ||
|
||
- name: Compile and install ossec-wazuh | ||
command: /root/wazuh-{{ ossec_wazuh_version }}/install.sh | ||
chdir="/root/wazuh-{{ ossec_wazuh_version }}" | ||
creates=/var/ossec/etc | ||
notify: start ossec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,9 @@ | ||
--- | ||
# tasks file for ossec-wazuh | ||
- name: Install ossec wazuh required packages for compilation | ||
yum: state=latest name={{ item }} | ||
with_items: | ||
- gcc | ||
- make | ||
- git | ||
- openssl-devel | ||
- epel-release | ||
- libselinux-python | ||
|
||
- name: Stop Ossec | ||
command: "/var/ossec/bin/ossec-control stop" | ||
ignore_errors: yes | ||
when: ossec_clean_previous | ||
- include: RedHat.yml | ||
when: ansible_os_family == "RedHat" | ||
|
||
- name: Clean OSSEC directory | ||
file: path=/var/ossec | ||
state=absent | ||
ignore_errors: yes | ||
when: ossec_clean_previous | ||
- include: install.yml | ||
|
||
#- name: create folder ossec_tmp | ||
# file: path=/root/ossec_tmp state=directory | ||
|
||
- name: download file ossec-wazuh | ||
get_url: | ||
url: https://github.com/wazuh/ossec-wazuh/archive/v{{ ossec_wazuh_version }}.tar.gz | ||
dest: /root/v{{ ossec_wazuh_version }}.tar.gz | ||
|
||
- name: extract ossec-wazuh source | ||
unarchive: | ||
src=/root/v{{ ossec_wazuh_version }}.tar.gz | ||
dest=/root/ | ||
creates=/root/wazuh-{{ ossec_wazuh_version }} | ||
copy=no | ||
|
||
- name: Configure Preloaded ossec vars (needed for automatic installation) | ||
template: src=preloaded-vars.conf.j2 | ||
dest=/root/wazuh-{{ ossec_wazuh_version }}/etc/preloaded-vars.conf | ||
|
||
- name: Install init script | ||
copy: remote_src=yes | ||
src="/root/wazuh-{{ ossec_wazuh_version }}/src/init/ossec-hids-rh.init" | ||
dest=/etc/init.d/ossec | ||
mode=755 | ||
|
||
- name: Compile and install ossec-wazuh | ||
command: /root/wazuh-{{ ossec_wazuh_version }}/install.sh | ||
chdir="/root/wazuh-{{ ossec_wazuh_version }}" | ||
creates=/var/ossec/etc | ||
notify: start ossec | ||
- include: api.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
var config = {}; | ||
|
||
// Port | ||
// TCP Port used by the API. | ||
config.port = "{{ ossec_wazuh_api_config_port }}"; | ||
|
||
// Security | ||
// Use HTTP protocol over TLS/SSL | ||
config.https = "{{ ossec_wazuh_api_config_https }}"; | ||
|
||
// Use HTTP authentication | ||
config.basic_auth = "{{ ossec_wazuh_api_config_basic_auth }}"; | ||
|
||
// In case the API run behind a proxy server, turn to "yes" this feature. | ||
config.BehindProxyServer = "no"; | ||
|
||
// Cross-origin resource sharing | ||
config.cors = "yes"; | ||
|
||
// Paths | ||
config.ossec_path = "/var/ossec"; | ||
config.log_path = "/var/ossec/logs/api.log"; | ||
config.api_path = __dirname; | ||
|
||
// Logs | ||
// Values for API log: disabled, info, warning, error, debug (each level includes the previous level). | ||
config.logs = "info"; | ||
config.logs_tag = "WazuhAPI"; | ||
|
||
module.exports = config; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
#!/bin/sh | ||
# WAZUH API Service | ||
# Author: Wazuh | ||
|
||
### BEGIN INIT INFO | ||
# Provides: wazuh_api | ||
# Required-Start: $remote_fs $syslog | ||
# Required-Stop: $remote_fs $syslog | ||
# Should-Start: $network | ||
# Should-Stop: $network | ||
# Default-Start: 2 3 4 5 | ||
# Default-Stop: 0 1 6 | ||
# Short-Description: Wazuh API | ||
# Description: Wazuh API daemon | ||
# | ||
### END INIT INFO | ||
|
||
# Instructions: | ||
# sudo install -m 755 -o root -g root /var/ossec/api/scripts/wazuh-api /etc/init.d/ | ||
# sudo systemctl enable wazuh-api | ||
# sudo systemctl daemon-reload | ||
# sudo systemctl restart wazuh-api | ||
|
||
BIN_DIR="/usr/bin/node" | ||
APP_PATH="/var/ossec/api/app.js" | ||
OSSEC_PATH="/var/ossec" | ||
PID_PATH="$OSSEC_PATH/var/run/wazuh-api.pid" | ||
API_LOGS="$OSSEC_PATH/logs/api.log" | ||
|
||
start() { | ||
if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then | ||
echo "WAZUH-API is already running." | ||
else | ||
$BIN_DIR $APP_PATH > /dev/null 2>&1 < /dev/null & | ||
|
||
if [ "$?" = "0" ]; then | ||
echo $! > $PID_PATH | ||
else | ||
echo "Start error" | ||
exit 1 | ||
fi | ||
|
||
echo "WAZUH-API started." | ||
fi | ||
} | ||
|
||
stop() { | ||
if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then | ||
kill `cat $PID_PATH` > /dev/null 2>&1 | ||
while [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; do sleep 0.1; done | ||
rm -f $PID_PATH | ||
echo "WAZUH-API stopped." | ||
else | ||
echo "WAZUH-API is not running." | ||
fi | ||
} | ||
|
||
status() { | ||
if [ -f $PID_PATH ] && [ -n "$(ps --no-headers -p `cat $PID_PATH`)" ]; then | ||
echo "WAZUH-API is running." | ||
else | ||
echo "WAZUH-API is stopped." | ||
if [ -f $API_LOGS ]; then | ||
echo "" | ||
echo "Last 20 log entries:" | ||
tail -n 20 $API_LOGS | ||
echo "" | ||
fi | ||
echo "Full log: $API_LOGS" | ||
fi | ||
} | ||
|
||
case "$1" in | ||
start) | ||
start | ||
;; | ||
stop) | ||
stop | ||
;; | ||
restart) | ||
stop | ||
start | ||
;; | ||
status) | ||
status | ||
;; | ||
*) | ||
echo "*** Usage: $0 {start|stop|restart|status}" | ||
exit 1 | ||
esac |