From 6378d4d12b898ddfb9eb89da3716aef18fd116eb Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 5 Sep 2022 12:07:16 +0100 Subject: [PATCH 1/4] feat: add `wazuh` page to admin guide --- source/data/deployment.yml | 9 +++++++++ source/include/wazuh_ansible.rst | 1 + source/index.rst | 1 + source/wazuh.rst | 24 ++++++++++++++++++++++++ 4 files changed, 35 insertions(+) create mode 100644 source/include/wazuh_ansible.rst create mode 100644 source/wazuh.rst diff --git a/source/data/deployment.yml b/source/data/deployment.yml index 209d2fd..874c82c 100644 --- a/source/data/deployment.yml +++ b/source/data/deployment.yml @@ -16,3 +16,12 @@ ironic_automated_cleaning: true # Whether Kayobe manages physical network devices. kayobe_manages_physical_network: true + +# Whether the deployment includes Wazuh. +wazuh: true + +# Whether the Wazuh deployment is managed via StackHPC. +wazuh_managed: true + +# Whether the Wazuh deployment is handled via Ansible. +wazuh_ansible: true diff --git a/source/include/wazuh_ansible.rst b/source/include/wazuh_ansible.rst new file mode 100644 index 0000000..cf14c70 --- /dev/null +++ b/source/include/wazuh_ansible.rst @@ -0,0 +1 @@ +One of method for deploying Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. diff --git a/source/index.rst b/source/index.rst index 05cdd86..b05a42b 100644 --- a/source/index.rst +++ b/source/index.rst @@ -24,6 +24,7 @@ Contents ceph_storage managing_users_and_projects operations_and_monitoring + wazuh customising_deployment gpus_in_openstack baremetal_management diff --git a/source/wazuh.rst b/source/wazuh.rst new file mode 100644 index 0000000..f9bcb94 --- /dev/null +++ b/source/wazuh.rst @@ -0,0 +1,24 @@ +.. include:: vars.rst + +======================= +Wazuh Security Platform +======================= + +.. ifconfig:: deployment['wazuh'] + + The |project_name| deployment uses Wazuh as security platform to detect intruders within your network. + +.. ifconfig:: deployment['wazuh_managed'] + + The Wazuh deployment is managed by StackHPC Ltd. + +.. ifconfig:: not deployment['wazuh_managed'] + + The Wazuh deployment is not managed by StackHPC Ltd. + +.. ifconfig:: deployment ['wazuh_ansible'] + + Wazuh deployment via Ansible + ============================ + + .. include:: include/wazuh_ansible.rst \ No newline at end of file From e5aa7e8aef32a515ed2b9c3335c918501ccc0500 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 5 Sep 2022 15:39:35 +0100 Subject: [PATCH 2/4] feat: add guide for deploying wazuh manager --- source/include/wazuh_ansible.rst | 153 +++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) diff --git a/source/include/wazuh_ansible.rst b/source/include/wazuh_ansible.rst index cf14c70..d1513f7 100644 --- a/source/include/wazuh_ansible.rst +++ b/source/include/wazuh_ansible.rst @@ -1 +1,154 @@ One of method for deploying Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. + +Hosts & Groups +-------------- +To begin the deployment of Wazuh we must first configure our hosts and groups definitions. + +Firstly, we can edit the groups under ``etc/kayobe/inventory/groups`` to define the related Wazuh groups. + +.. code-block:: ini + + [infra-vms:children] + wazuh-master + + [wazuh:children] + wazuh-master + wazuh-agent + + [wazuh-master] + + [wazuh-agent] + + [wazuh-agent:children] + +Secondly, we can edit the hosts file found ``etc/kayobe/inventory/hosts`` to associate membership between hosts and groups. + +.. code-block:: ini + + [wazuh-master] + wazuh-master-01 + + [wazuh-agent] + + +Provision infra-vm & install roles +---------------------------------- + +With the hosts and groups files created we can begin to provision the infra-vm as well install the Wazuh Ansible role. + +To provision the infra-vm we can use the kayobe command ``kayobe infra vm provision``. +Once completed we can then install the Wazuh Ansible role we can be achieved by adding the role definition to the ``etc/kayobe/ansible/requirements.yml``. + +.. code-block:: yaml + + + roles: + - src: https://github.com/stackhpc/wazuh-ansible.git + version: v4.2.3-opendistro-ubuntu + +Once added we can then perform a ``kayobe control host bootstrap`` which shall install this role and any other missing roles. + +Configuring Wazuh Manager +------------------------- + +We are almost ready to deploy Wazuh manager. +However, before we can, we must first download the Wazuh manager playbook which can be done by downloading ``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/wazuh-manager.yml`` into ``etc/kayobe/ansible/wazuh-manager.yml``. +Once downloaded it is recommended you make any changes your deployment/environment requires. + +Next we must create the group varibles for the `wazuh-master` group. +This can be easily accomplished by first creating a directory ``etc/kayobe/inventory/group_vars/wazuh-master/`` which is where we shall download the next two files to. + +``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/elasticsearch-custom.yml`` + +``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/wazuh-manager.yml`` + +Feel free to modify any of the varibles within these files. +It is expected that you would want to edit the following varibles: + +* domain_name + +* wazuh_manager_ip + +Secrets +------- + +We must ensure that Wazuh has access to a set secrets for all of the services it interacts with. +To automate this process we can use an Ansible playbook and template. + +First create a playbook called ``etc/kayobe/ansible/wazuh-secrets.yml`` and add the following contents to it. + +.. code-block:: yaml + + --- + - hosts: localhost + gather_facts: false + vars: + wazuh_secrets_path: "{{ kayobe_env_config_path }}/inventory/group_vars/wazuh/wazuh-secrets.yml" + tasks: + - name: install passlib[bcrypt] + pip: + name: passlib[bcrypt] + virtualenv: "{{ ansible_playbook_python | dirname | dirname }}" + + - name: Include existing secrets if they exist + include_vars: "{{ wazuh_secrets_path }}" + ignore_errors: true + + - name: Ensure secrets directory exists + file: + path: "{{ wazuh_secrets_path | dirname }}" + state: directory + + - name: Template new secrets + template: + src: wazuh-secrets.yml.j2 + dest: "{{ wazuh_secrets_path }}" + +Then proceed to create a template in ``etc/kayobe/templates/wazuh-secrets.yml.j2`` with the following contents. + +.. code-block:: jinja + + --- + {% set wazuh_admin_pass = secrets_wazuh.wazuh_admin_pass | default(lookup('password', '/dev/null'), true) -%} + {%- set wazuh_user_pass = secrets_wazuh.wazuh_user_pass | default(lookup('password', '/dev/null'), true) -%} + + # Secrets used by Wazuh managers and agents + # Store these securely and use lookups here + secrets_wazuh: + # Wazuh agent authd pass + authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}" + # Strengthen default wazuh api user pass + wazuh_api_users: + - username: "wazuh" + password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('password', '/dev/null length=30' ), true) }}" + # Elasticsearch 'admin' user pass + opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}" + # Elasticsearch 'kibanaserver' user pass + opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}" + # Wazuh/Kibana 'wazuh_admin' custom user pass + wazuh_admin_pass: "{{ wazuh_admin_pass }}" + # Wazuh/Kibana 'wazuh_admin' custom user pass has + # bcrypt ($2y) hash + wazuh_admin_hash: "{{ secrets_wazuh.wazuh_admin_hash | default(wazuh_admin_pass | password_hash('bcrypt'), true) }}" + # Wazuh/Kibana 'wazuh_user' custom user pass + # bcrypt ($2y) hash + wazuh_user_pass: "{{ wazuh_user_pass }}" + wazuh_user_hash: "{{ secrets_wazuh.wazuh_user_hash | default(wazuh_user_pass | password_hash('bcrypt'), true) }}" + +And finally, run the following commands to generate and encrypt the secrets. + +.. code-block:: bash + + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen) + ansible-vault encrypt --vault-password-file ~/vault.pass $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml + +.. note:: you must have a vault password store outside the source control directory in a file called `vault.pass` + +Deploying Wazuh Manager +----------------------- + +It is now time to deploy Wazuh manager. +This can be achieved with one simple command. ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` + +Once the playbook is finished running you should be able to access the Wazuh manager from the ``wazuh-master-01`` ip address at ``5601`` over ``https``. +You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``. \ No newline at end of file From c641a1ff7d67c1663001198fe3d636e03cbf8b62 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Tue, 6 Sep 2022 14:02:31 +0100 Subject: [PATCH 3/4] feat: add a more concise admin guide for wazuh --- source/include/wazuh_ansible.rst | 173 ++++++++----------------------- source/vars.rst | 3 + 2 files changed, 45 insertions(+), 131 deletions(-) diff --git a/source/include/wazuh_ansible.rst b/source/include/wazuh_ansible.rst index d1513f7..05b11f1 100644 --- a/source/include/wazuh_ansible.rst +++ b/source/include/wazuh_ansible.rst @@ -1,154 +1,65 @@ -One of method for deploying Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. +One of methods for deploying and maintaining Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. -Hosts & Groups --------------- -To begin the deployment of Wazuh we must first configure our hosts and groups definitions. - -Firstly, we can edit the groups under ``etc/kayobe/inventory/groups`` to define the related Wazuh groups. - -.. code-block:: ini - - [infra-vms:children] - wazuh-master - - [wazuh:children] - wazuh-master - wazuh-agent - - [wazuh-master] - - [wazuh-agent] - - [wazuh-agent:children] - -Secondly, we can edit the hosts file found ``etc/kayobe/inventory/hosts`` to associate membership between hosts and groups. - -.. code-block:: ini - - [wazuh-master] - wazuh-master-01 +Configuring Wazuh Manager +------------------------- - [wazuh-agent] +Wazuh manager can easily be configured by editing the ``wazuh-manager.yml`` groups vars file found at ``etc/kayobe/inventory/group_vars/wazuh-master/``. +This file gives you control over various important aspects of the Wazuh manager. +Most notably; +*domain_name*: + the domain used by Search Guard CE when generating certificates. -Provision infra-vm & install roles ----------------------------------- +*wazuh_manager_ip*: + the IP address that the wazuh manager shall reside on for communicating with the agents. -With the hosts and groups files created we can begin to provision the infra-vm as well install the Wazuh Ansible role. +*wazuh_manager_connection*: + used to define port and protocol for the manager to be listening on. -To provision the infra-vm we can use the kayobe command ``kayobe infra vm provision``. -Once completed we can then install the Wazuh Ansible role we can be achieved by adding the role definition to the ``etc/kayobe/ansible/requirements.yml``. +*wazuh_manager_authd*: + connection settings for the daemon responsible for registering new agents. -.. code-block:: yaml +Running ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these changes. +Secrets +------- - roles: - - src: https://github.com/stackhpc/wazuh-ansible.git - version: v4.2.3-opendistro-ubuntu +Wazuh requires that secrets or passwords are set for itself and the services it communiticates with. +The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets which can then be encrypted with Ansible Vault. -Once added we can then perform a ``kayobe control host bootstrap`` which shall install this role and any other missing roles. +To update the secrets you can execute the following two commands -Configuring Wazuh Manager -------------------------- +.. code-block:: console + :substitutions: -We are almost ready to deploy Wazuh manager. -However, before we can, we must first download the Wazuh manager playbook which can be done by downloading ``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/wazuh-manager.yml`` into ``etc/kayobe/ansible/wazuh-manager.yml``. -Once downloaded it is recommended you make any changes your deployment/environment requires. + kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen) + kayobe# ansible-vault encrypt --vault-password-file |vault_password_file_path| $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml -Next we must create the group varibles for the `wazuh-master` group. -This can be easily accomplished by first creating a directory ``etc/kayobe/inventory/group_vars/wazuh-master/`` which is where we shall download the next two files to. +Once generated you can run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which shall copy the secrets into place. -``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/elasticsearch-custom.yml`` +.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password`` -``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/wazuh-manager.yml`` +Adding a New Agent +------------------ +When adding a new host it should be automically picked up by the ``wazuh-agent:children`` group in ``etc/kayobe/inventory/groups`` as it would be included in the ``overcloud`` member. -Feel free to modify any of the varibles within these files. -It is expected that you would want to edit the following varibles: +.. code-block:: ini -* domain_name + [wazuh-agent:children] + seed + overcloud -* wazuh_manager_ip +Running the follow playbook ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml`` will deploy the agent to the new host. +This should automatically be registered and accessible within the Wazuh manager dashboard. -Secrets -------- +The playbook ``wazuh-agent.yml`` can be setup as a hook within kayobe, which will automatically run either pre or post a given kayobe command. +See `here `_ for more details. -We must ensure that Wazuh has access to a set secrets for all of the services it interacts with. -To automate this process we can use an Ansible playbook and template. - -First create a playbook called ``etc/kayobe/ansible/wazuh-secrets.yml`` and add the following contents to it. - -.. code-block:: yaml - - --- - - hosts: localhost - gather_facts: false - vars: - wazuh_secrets_path: "{{ kayobe_env_config_path }}/inventory/group_vars/wazuh/wazuh-secrets.yml" - tasks: - - name: install passlib[bcrypt] - pip: - name: passlib[bcrypt] - virtualenv: "{{ ansible_playbook_python | dirname | dirname }}" - - - name: Include existing secrets if they exist - include_vars: "{{ wazuh_secrets_path }}" - ignore_errors: true - - - name: Ensure secrets directory exists - file: - path: "{{ wazuh_secrets_path | dirname }}" - state: directory - - - name: Template new secrets - template: - src: wazuh-secrets.yml.j2 - dest: "{{ wazuh_secrets_path }}" - -Then proceed to create a template in ``etc/kayobe/templates/wazuh-secrets.yml.j2`` with the following contents. - -.. code-block:: jinja - - --- - {% set wazuh_admin_pass = secrets_wazuh.wazuh_admin_pass | default(lookup('password', '/dev/null'), true) -%} - {%- set wazuh_user_pass = secrets_wazuh.wazuh_user_pass | default(lookup('password', '/dev/null'), true) -%} - - # Secrets used by Wazuh managers and agents - # Store these securely and use lookups here - secrets_wazuh: - # Wazuh agent authd pass - authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}" - # Strengthen default wazuh api user pass - wazuh_api_users: - - username: "wazuh" - password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('password', '/dev/null length=30' ), true) }}" - # Elasticsearch 'admin' user pass - opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}" - # Elasticsearch 'kibanaserver' user pass - opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}" - # Wazuh/Kibana 'wazuh_admin' custom user pass - wazuh_admin_pass: "{{ wazuh_admin_pass }}" - # Wazuh/Kibana 'wazuh_admin' custom user pass has - # bcrypt ($2y) hash - wazuh_admin_hash: "{{ secrets_wazuh.wazuh_admin_hash | default(wazuh_admin_pass | password_hash('bcrypt'), true) }}" - # Wazuh/Kibana 'wazuh_user' custom user pass - # bcrypt ($2y) hash - wazuh_user_pass: "{{ wazuh_user_pass }}" - wazuh_user_hash: "{{ secrets_wazuh.wazuh_user_hash | default(wazuh_user_pass | password_hash('bcrypt'), true) }}" - -And finally, run the following commands to generate and encrypt the secrets. - -.. code-block:: bash - - kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen) - ansible-vault encrypt --vault-password-file ~/vault.pass $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml - -.. note:: you must have a vault password store outside the source control directory in a file called `vault.pass` - -Deploying Wazuh Manager +Accessing Wazuh Manager ----------------------- -It is now time to deploy Wazuh manager. -This can be achieved with one simple command. ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` +To access the Wazuh manager dashboard, navigate to the ip address of the |wazuh_master_name| (|wazuh_master_url|). + +You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``. -Once the playbook is finished running you should be able to access the Wazuh manager from the ``wazuh-master-01`` ip address at ``5601`` over ``https``. -You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``. \ No newline at end of file +.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password`` diff --git a/source/vars.rst b/source/vars.rst index b95f4ce..d99999c 100644 --- a/source/vars.rst +++ b/source/vars.rst @@ -48,3 +48,6 @@ .. |tempest_recipes| replace:: https://github.com/acme-openstack/tempest-recipes.git .. |tls_setup| replace:: TLS is implemented using a wildcard certificate available for ``*.acme.example``. .. |vault_password_file_path| replace:: ~/vault-password +.. |wazuh_master_url| replace:: https://|wazuh_master_ip| +.. |wazuh_master_ip| replace:: 172.168.0.10:5601 +.. |wazuh_master_name| replace:: wazuh-master01 \ No newline at end of file From 55142164a409041e27fc05455b60abb3dbd0837f Mon Sep 17 00:00:00 2001 From: Stig Telfer Date: Wed, 14 Sep 2022 16:32:02 +0100 Subject: [PATCH 4/4] Updates on Wazuh text --- source/include/wazuh_ansible.rst | 77 ++++++++++++++++++++++---------- source/vars.rst | 6 +-- source/wazuh.rst | 8 +++- 3 files changed, 62 insertions(+), 29 deletions(-) diff --git a/source/include/wazuh_ansible.rst b/source/include/wazuh_ansible.rst index 05b11f1..a71abcc 100644 --- a/source/include/wazuh_ansible.rst +++ b/source/include/wazuh_ansible.rst @@ -1,47 +1,61 @@ -One of methods for deploying and maintaining Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. +One method for deploying and maintaining Wazuh is the `official +Ansible playbooks `_. These +can be integrated into |kayobe_config| as a custom playbook. Configuring Wazuh Manager ------------------------- -Wazuh manager can easily be configured by editing the ``wazuh-manager.yml`` groups vars file found at ``etc/kayobe/inventory/group_vars/wazuh-master/``. -This file gives you control over various important aspects of the Wazuh manager. -Most notably; +Wazuh Manager is configured by editing the ``wazuh-manager.yml`` +groups vars file found at +``etc/kayobe/inventory/group_vars/wazuh-manager/``. This file +controls various aspects of Wazuh Manager configuration. +Most notably: *domain_name*: - the domain used by Search Guard CE when generating certificates. + The domain used by Search Guard CE when generating certificates. *wazuh_manager_ip*: - the IP address that the wazuh manager shall reside on for communicating with the agents. + The IP address that the Wazuh Manager shall reside on for communicating with the agents. *wazuh_manager_connection*: - used to define port and protocol for the manager to be listening on. + Used to define port and protocol for the manager to be listening on. *wazuh_manager_authd*: - connection settings for the daemon responsible for registering new agents. + Connection settings for the daemon responsible for registering new agents. -Running ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these changes. +Running ``kayobe playbook run +$KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these +changes. Secrets ------- -Wazuh requires that secrets or passwords are set for itself and the services it communiticates with. -The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets which can then be encrypted with Ansible Vault. +Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates. +The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets, which should then be encrypted with Ansible Vault. To update the secrets you can execute the following two commands -.. code-block:: console +.. code-block:: shell :substitutions: - kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen) - kayobe# ansible-vault encrypt --vault-password-file |vault_password_file_path| $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml + kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml \ + -e wazuh_user_pass=$(uuidgen) \ + -e wazuh_admin_pass=$(uuidgen) + kayobe# ansible-vault encrypt --vault-password-file |vault_password_file_path| \ + $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml -Once generated you can run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which shall copy the secrets into place. +Once generated, run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which copies the secrets into place. -.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password`` +.. note:: Use ``ansible-vault`` to view the secrets: + + ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml`` Adding a New Agent ------------------ -When adding a new host it should be automically picked up by the ``wazuh-agent:children`` group in ``etc/kayobe/inventory/groups`` as it would be included in the ``overcloud`` member. +The Wazuh Agent is deployed to all hosts in the ``wazuh-agent`` +inventory group, comprising the ``seed`` group (containing |seed_name|) +plus the ``overcloud`` group (containing all hosts in the +OpenStack control plane). .. code-block:: ini @@ -49,17 +63,32 @@ When adding a new host it should be automically picked up by the ``wazuh-agent:c seed overcloud -Running the follow playbook ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml`` will deploy the agent to the new host. -This should automatically be registered and accessible within the Wazuh manager dashboard. +The following playbook deploys the Wazuh Agent to all hosts in the +``wazuh-agent`` group: + +.. code-block:: shell + + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml -The playbook ``wazuh-agent.yml`` can be setup as a hook within kayobe, which will automatically run either pre or post a given kayobe command. -See `here `_ for more details. +The hosts running Wazuh Agent should automatically be registered +and visible within the Wazuh Manager dashboard. + +.. note:: It is good practice to use a `Kayobe deploy hook + `_ + to automate deployment and configuration of the Wazuh Agent + following a run of ``kayobe overcloud host configure``. Accessing Wazuh Manager ----------------------- -To access the Wazuh manager dashboard, navigate to the ip address of the |wazuh_master_name| (|wazuh_master_url|). +To access the Wazuh Manager dashboard, navigate to the ip address +of |wazuh_manager_name| (|wazuh_manager_url|). + +You can login to the dashboard with the username ``admin``. The +password for ``admin`` is defined in the secret +``opendistro_admin_password`` which can be found within +``etc/kayobe/inventory/group_vars/wazuh-manager/wazuh-secrets.yml``. -You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``. +.. note:: Use ``ansible-vault`` to view Wazuh secrets: -.. note:: If you need to view the secrets it is recommended you use ``ansible-vault view --vault-password-file ~/vault.password`` + ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml`` diff --git a/source/vars.rst b/source/vars.rst index d99999c..61f5239 100644 --- a/source/vars.rst +++ b/source/vars.rst @@ -48,6 +48,6 @@ .. |tempest_recipes| replace:: https://github.com/acme-openstack/tempest-recipes.git .. |tls_setup| replace:: TLS is implemented using a wildcard certificate available for ``*.acme.example``. .. |vault_password_file_path| replace:: ~/vault-password -.. |wazuh_master_url| replace:: https://|wazuh_master_ip| -.. |wazuh_master_ip| replace:: 172.168.0.10:5601 -.. |wazuh_master_name| replace:: wazuh-master01 \ No newline at end of file +.. |wazuh_manager_url| replace:: https://172.168.0.10:5601 +.. |wazuh_manager_ip| replace:: 172.168.0.10:5601 +.. |wazuh_manager_name| replace:: wazuh-manager01 diff --git a/source/wazuh.rst b/source/wazuh.rst index f9bcb94..316b97b 100644 --- a/source/wazuh.rst +++ b/source/wazuh.rst @@ -6,7 +6,11 @@ Wazuh Security Platform .. ifconfig:: deployment['wazuh'] - The |project_name| deployment uses Wazuh as security platform to detect intruders within your network. + The |project_name| deployment uses `Wazuh `_ as security monitoring platform. Among other things, Wazuh monitors for: + +* Security-related system events. +* Known vulnerabilities (CVEs) in versions of installed software. +* Misconfigurations in system security. .. ifconfig:: deployment['wazuh_managed'] @@ -21,4 +25,4 @@ Wazuh Security Platform Wazuh deployment via Ansible ============================ - .. include:: include/wazuh_ansible.rst \ No newline at end of file + .. include:: include/wazuh_ansible.rst