134 lines
2.8 KiB
YAML
134 lines
2.8 KiB
YAML
---
|
|
- name: Deploy Wazuh Security Manager
|
|
hosts: security_servers
|
|
become: true
|
|
vars:
|
|
wazuh_version: "4.7.0"
|
|
wazuh_manager_config:
|
|
email_notification: false
|
|
log_level: 3
|
|
|
|
tasks:
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Install required packages
|
|
apt:
|
|
name:
|
|
- curl
|
|
- apt-transport-https
|
|
- lsb-release
|
|
- gnupg2
|
|
state: present
|
|
|
|
- name: Download Wazuh GPG key
|
|
get_url:
|
|
url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
|
dest: /tmp/GPG-KEY-WAZUH
|
|
|
|
- name: Add Wazuh GPG key
|
|
apt_key:
|
|
file: /tmp/GPG-KEY-WAZUH
|
|
state: present
|
|
|
|
- name: Add Wazuh repository
|
|
apt_repository:
|
|
repo: "deb https://packages.wazuh.com/4.x/apt/ stable main"
|
|
state: present
|
|
|
|
- name: Install Wazuh manager
|
|
apt:
|
|
name:
|
|
- wazuh-manager
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Configure Wazuh manager
|
|
template:
|
|
src: ossec.conf.j2
|
|
dest: /var/ossec/etc/ossec.conf
|
|
backup: yes
|
|
owner: root
|
|
group: ossec
|
|
mode: '0640'
|
|
notify: restart wazuh-manager
|
|
|
|
- name: Start and enable Wazuh manager
|
|
service:
|
|
name: wazuh-manager
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Install Wazuh indexer
|
|
apt:
|
|
name: wazuh-indexer
|
|
state: present
|
|
|
|
- name: Start and enable Wazuh indexer
|
|
service:
|
|
name: wazuh-indexer
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Install Wazuh dashboard
|
|
apt:
|
|
name: wazuh-dashboard
|
|
state: present
|
|
|
|
- name: Start and enable Wazuh dashboard
|
|
service:
|
|
name: wazuh-dashboard
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Open required firewall ports
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
loop:
|
|
- 1514 # Wazuh agent connection
|
|
- 1515 # Wazuh agent registration
|
|
- 55000 # Wazuh API
|
|
- 9200 # Wazuh indexer
|
|
- 443 # Wazuh dashboard
|
|
|
|
- name: Wait for services to be ready
|
|
wait_for:
|
|
port: "{{ item }}"
|
|
host: 127.0.0.1
|
|
delay: 30
|
|
loop:
|
|
- 55000
|
|
- 9200
|
|
- 443
|
|
|
|
- name: Display Wazuh information
|
|
debug:
|
|
msg: |
|
|
Wazuh has been successfully deployed:
|
|
- Manager API: https://{{ ansible_default_ipv4.address }}:55000
|
|
- Dashboard: https://{{ ansible_default_ipv4.address }}:443
|
|
- Indexer: https://{{ ansible_default_ipv4.address }}:9200
|
|
|
|
Default credentials:
|
|
- Username: admin
|
|
- Password: admin (change immediately)
|
|
|
|
handlers:
|
|
- name: restart wazuh-manager
|
|
service:
|
|
name: wazuh-manager
|
|
state: restarted
|
|
|
|
- name: restart wazuh-indexer
|
|
service:
|
|
name: wazuh-indexer
|
|
state: restarted
|
|
|
|
- name: restart wazuh-dashboard
|
|
service:
|
|
name: wazuh-dashboard
|
|
state: restarted
|