wazuh · manuasir · Jul 17, 2019 · Jul 5, 2019 · Jul 5, 2019 · Jul 8, 2019
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,6 @@ wazuh-elastic_stack-single.yml
 wazuh-elastic.yml
 wazuh-kibana.yml
 wazuh-manager.yml
-*.pyc
+*.pyc
+Pipfile.lock
+*.swp
diff --git a/Pipfile b/Pipfile
@@ -4,9 +4,9 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-molecule = "*"
 docker-py = "*"
-ansible = "*"
+ansible = "==2.7.11"
+molecule = "*"
 
 [dev-packages]
 

diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
@@ -9,7 +9,7 @@
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "3.9.2"
+    return "3.9.0"
 
 
 def test_wazuh_packages_are_installed(host):

diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml
@@ -5,35 +5,39 @@ driver:
   name: docker
 lint:
   name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
 platforms:
   - name: bionic
     image: solita/ubuntu-systemd:bionic
     command: /sbin/init
     ulimits:
       - nofile:262144:262144
     privileged: true
-    memory_reservation: 1024m
+    memory_reservation: 2048m
   - name: xenial
     image: solita/ubuntu-systemd:xenial
     privileged: true
-    memory_reservation: 1024m
+    memory_reservation: 2048m
     command: /sbin/init
     ulimits:
       - nofile:262144:262144
-  - name: trusty
-    image: ubuntu:trusty
-    memory_reservation: 1024m
-    ulimits:
-      - nofile:262144:262144
+#  - name: trusty
+#    image: ubuntu:trusty
+#    privileged: true
+#    memory_reservation: 2048m
+#    ulimits:
+#      - nofile:262144:262144
   - name: centos6
     image: centos:6
     privileged: true
-    memory_reservation: 1024m
+    memory_reservation: 2048m
     ulimits:
       - nofile:262144:262144
   - name: centos7
     image: milcom/centos7-systemd
-    memory_reservation: 1024m
+    memory_reservation: 2048m
     privileged: true
     ulimits:
       - nofile:262144:262144

diff --git a/molecule/elasticsearch/tests/test_default.py b/molecule/elasticsearch/tests/test_default.py
@@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host):
     """Test if the elasticsearch package is installed."""
     elasticsearch = host.package("elasticsearch")
     assert elasticsearch.is_installed
-    assert elasticsearch.version.startswith('6.7.1')
+    assert elasticsearch.version.startswith('7.1.1')
 
 
 def test_elasticsearch_is_running(host):

diff --git a/molecule/filebeat/molecule.yml b/molecule/filebeat/molecule.yml
@@ -5,6 +5,9 @@ driver:
   name: docker
 lint:
   name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
 platforms:
   - name: trusty
     image: ubuntu:trusty

diff --git a/molecule/filebeat/tests/test_default.py b/molecule/filebeat/tests/test_default.py
@@ -4,3 +4,10 @@
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_filebeat_is_installed(host):
+    """Test if the elasticsearch package is installed."""
+    filebeat = host.package("filebeat")
+    assert filebeat.is_installed
+    assert filebeat.version.startswith('7.1.1')
diff --git a/molecule/kibana/molecule.yml b/molecule/kibana/molecule.yml
@@ -5,6 +5,9 @@ driver:
   name: docker
 lint:
   name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
 platforms:
   - name: bionic
     image: solita/ubuntu-systemd:bionic
@@ -20,11 +23,11 @@ platforms:
     command: /sbin/init
     ulimits:
       - nofile:262144:262144
-  - name: trusty
-    image: ubuntu:trusty
-    memory_reservation: 1024m
-    ulimits:
-      - nofile:262144:262144
+#  - name: trusty
+#    image: ubuntu:trusty
+#    memory_reservation: 1024m
+#    ulimits:
+#      - nofile:262144:262144
   - name: centos6
     image: centos:6
     privileged: true

diff --git a/molecule/kibana/tests/test_default.py b/molecule/kibana/tests/test_default.py
@@ -14,7 +14,7 @@ def test_port_kibana_is_open(host):
 def test_find_correct_elasticsearch_version(host):
     """Test if we find the kibana/elasticsearch version in package.json"""
     kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json")
-    assert kibana.contains("6.7.1")
+    assert kibana.contains("7.1.1")
 
 
 def test_wazuh_plugin_installed(host):

diff --git a/molecule/wazuh-agent/molecule.yml b/molecule/wazuh-agent/molecule.yml
@@ -3,8 +3,13 @@ dependency:
   name: galaxy
 driver:
   name: docker
+  #lint:
+  #  name: yamllint
 lint:
   name: yamllint
+  options:
+    config-data:
+      ignore: .virtualenv
 platforms:
   - name: wazuh_server_centos7
     image: milcom/centos7-systemd
@@ -72,7 +77,6 @@ provisioner:
           ssl_agent_cert: null
           ssl_agent_key: null
           ssl_auto_negotiate: 'no'
-
   lint:
     name: ansible-lint
     enabled: true

diff --git a/molecule/wazuh-agent/tests/test_agents.py b/molecule/wazuh-agent/tests/test_agents.py
@@ -7,6 +7,11 @@
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent')
 
 
+def get_wazuh_version():
+    """This return the version of Wazuh."""
+    return "3.9.0"
+
+
 def test_ossec_package_installed(Package):
     ossec = Package('wazuh-agent')
     assert ossec.is_installed

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
@@ -14,17 +14,47 @@
     - ansible_distribution == "Ubuntu"
     - ansible_distribution_major_version | int == 14
 
+- name: Update and upgrade apt packages
+  become: true
+  apt:
+    upgrade: yes
+    update_cache: yes
+    cache_valid_time: 86400 #One day
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+
+- name: Install Oracle Java 8
+  become: true
+  apt: name=openjdk-8-jdk state=latest
+
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+
+- name: Update and upgrade apt packages
+  become: true
+  apt:
+    upgrade: yes
+    update_cache: yes
+    cache_valid_time: 86400 #One day
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+
 - name: Debian/Ubuntu | Add Elasticsearch GPG key.
   apt_key:
     url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
     state: present
 
+
 - name: Debian/Ubuntu | Install Elastic repo
   apt_repository:
     repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
     state: present
     filename: 'elastic_repo'
     update_cache: true
+  changed_when: false
 
 - name: Debian/Ubuntu | Install Elasticsarch
   apt:

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
@@ -9,6 +9,13 @@
     gpgcheck: true
   changed_when: false
 
+- name: CentOS x.x => x.x < 7.0 | Installing Java
+  yum:
+    name: java-1.8.0-openjdk.x86_64
+    state: present
+  when:
+    - ansible_distribution in ['CentOS', 'RedHat'] and ansible_distribution_major_version|int < 7
+
 - name: RedHat/CentOS/Fedora | Install Elasticsarch
   package: name=elasticsearch-{{ elastic_stack_version }} state=present
   tags: install
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -197,7 +197,29 @@
   when:
     - elasticsearch_xpack_security
 
-- name: Reload systemd
+- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf
+  lineinfile:
+    path: /etc/security/limits.conf
+    line: elasticsearch - memlock unlimited
+    create: yes
+  become: true
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+  changed_when: false
+
+- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf
+  lineinfile:
+    path: /etc/security/limits.d/elasticsearch.conf
+    line: elasticsearch - memlock unlimited
+    create: yes
+  become: true
+  changed_when: false
+  when:
+    - ansible_distribution == "Ubuntu"
+    - ansible_distribution_major_version | int == 14
+
+- name: Distribution != one of [ centos 6.*,  trusty ] | Reload systemd
   systemd: daemon_reload=true
   ignore_errors: true
   when:
@@ -206,6 +228,13 @@
     - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
     - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
 
+- name: Distribution is centos 6.* | Enable Elasticsearch
+  service: name=elasticsearch enabled=yes
+
+- name: Distribution is centos 6.* | Start Elasticsearch
+  service: name=elasticsearch state=started
+  ignore_errors: true
+
 - name: Ensure Elasticsearch started and enabled
   service:
     name: elasticsearch
@@ -247,6 +276,5 @@
 - import_tasks: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-
 - import_tasks: "RMDebian.yml"
   when: ansible_os_family == "Debian"
diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -16,43 +16,47 @@
 
 - name: Check if certificate exists locally
   stat:
-    path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt"
+    path: "{{ node_certs_destination }}/{{ kibana_node_name }}.crt"
   register: certificate_file_exists
   when:
-    - kibana_xpack_security 
+    - kibana_xpack_security
 
 - name: Copy key & certificate files in generator node (locally)
   synchronize:
-    src: "{{node_certs_source}}/{{kibana_node_name}}/"
-    dest: "{{node_certs_destination}}/"
+    src: "{{ node_certs_source }}/{{ kibana_node_name }}/"
+    dest: "{{ node_certs_destination }}/"
   delegate_to: "{{ node_certs_generator_ip }}"
-  when: 
+  when:
     - node_certs_generator
     - kibana_xpack_security
     - not certificate_file_exists.stat.exists
   tags: xpack-security
 
 - name: Copy ca certificate file in generator node (locally)
   synchronize:
-    src: "{{node_certs_source}}/ca/"
-    dest: "{{node_certs_destination}}/"
+    src: "{{ node_certs_source }}/ca/"
+    dest: "{{ node_certs_destination }}/"
   delegate_to: "{{ node_certs_generator_ip }}"
-  when: 
+  when:
     - node_certs_generator
     - kibana_xpack_security
     - not certificate_file_exists.stat.exists
   tags: xpack-security
-  
+
 - name: Importing key & certificate files from generator node
-  shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/"
+  command: >-
+    {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}:
+    {{ node_certs_source }}/{{ kibana_node_name }}/ {{ node_certs_destination }}/
   when:
     - not node_certs_generator
     - kibana_xpack_security
     - not certificate_file_exists.stat.exists
   tags: xpack-security
 
-- name: Importing ca certificate file from generator node 
-  shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/"
+- name: Importing ca certificate file from generator node
+  command: >-
+    {{ rsync_path }} {{ rsync_extra_parameters }} {{ rsync_user }}@{{ node_certs_generator_ip }}:
+    {{ node_certs_source }}/ca/ {{ node_certs_destination }}/
   when:
     - not node_certs_generator
     - kibana_xpack_security
@@ -61,14 +65,22 @@
   tags: xpack-security
 
 - name: Ensuring certificates folder owner
-  shell: "chown -R kibana: {{node_certs_destination}}/"
+  file:
+    path: "{{ node_certs_destination }}/"
+    state: directory
+    recurse: yes
+    owner: kibana
+    group: kibana
   when:
     - check_certs_permissions is defined
     - kibana_xpack_security
   tags: xpack-security
 
 - name: Ensuring certificates folder owner
-  shell: "chmod -R 770 {{node_certs_destination}}/"
+  file:
+    path: "{{ node_certs_destination }}/"
+    mode: '0770'
+    recurse: yes
   when:
     - check_certs_permissions is defined
     - kibana_xpack_security

diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+filebeat_version: 7.1.1
+
 filebeat_create_config: true
 
 filebeat_prospectors: