ansible
/
security_ansible_playbook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
security_ansible_playbook/roles/wazuh/tasks/main.yaml

192 lines
4.3 KiB
YAML
Raw Permalink Blame History

---
- name: Update apt cache
apt:
update_cache: yes
- name: Install required packages
apt:
name:
- curl
- apt-transport-https
- lsb-release
- gnupg2
state: present
- name: Add Wazuh repository key
get_url:
url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
dest: /tmp/GPG-KEY-WAZUH
- name: Add Wazuh GPG key
apt_key:
file: /tmp/GPG-KEY-WAZUH
state: present
- name: Add Wazuh repository
apt_repository:
repo: "deb https://packages.wazuh.com/4.x/apt/ stable main"
state: present
- name: Install Wazuh manager first
apt:
name: wazuh-manager
state: present
update_cache: yes
- name: Start and enable Wazuh manager
service:
name: wazuh-manager
state: started
enabled: yes
- name: Install Wazuh indexer
apt:
name: wazuh-indexer
state: present
update_cache: yes
- name: Stop Wazuh indexer before configuration
service:
name: wazuh-indexer
state: stopped
- name: Configure Wazuh indexer with security disabled
copy:
content: |
cluster.name: wazuh-cluster
node.name: wazuh-node-1
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
network.host: 127.0.0.1
http.port: 9200
transport.host: 127.0.0.1
transport.tcp.port: 9300
bootstrap.memory_lock: false
cluster.initial_master_nodes: ["wazuh-node-1"]
# Disable security plugin to avoid certificate issues
plugins.security.disabled: true
# Memory settings
indices.memory.index_buffer_size: 10%
# Discovery settings
discovery.type: single-node
dest: /etc/wazuh-indexer/opensearch.yml
backup: yes
owner: wazuh-indexer
group: wazuh-indexer
mode: '0660'
- name: Set JVM heap size for Wazuh indexer (1GB system has plenty of RAM)
copy:
content: |
-Xms1g
-Xmx1g
-XX:+UseG1GC
-XX:MaxGCPauseMillis=200
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-XX:+DisableExplicitGC
-Djava.io.tmpdir=/tmp
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/lib/wazuh-indexer
-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
-XX:+PrintGCDetails
-XX:+PrintGCTimeStamps
-XX:+PrintGCDateStamps
-XX:+PrintClassHistogram
-XX:+PrintTenuringDistribution
-XX:+PrintGCApplicationStoppedTime
-Xloggc:/var/log/wazuh-indexer/gc.log
-XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=32
-XX:GCLogFileSize=64m
dest: /etc/wazuh-indexer/jvm.options
backup: yes
owner: wazuh-indexer
group: wazuh-indexer
mode: '0660'
- name: Set vm.max_map_count for Wazuh indexer
sysctl:
name: vm.max_map_count
value: '262144'
state: present
reload: yes
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Start and enable Wazuh indexer
service:
name: wazuh-indexer
state: started
enabled: yes
register: indexer_start
- name: Wait for Wazuh indexer to be ready
wait_for:
port: 9200
host: 127.0.0.1
delay: 10
timeout: 120
when: not indexer_start.failed
- name: Test Wazuh indexer API
uri:
url: http://127.0.0.1:9200
method: GET
register: indexer_api_test
ignore_errors: true
- name: Show indexer API test result
debug:
var: indexer_api_test
- name: Install Wazuh dashboard
apt:
name: wazuh-dashboard
state: present
update_cache: yes
when: not indexer_start.failed
- name: Configure Wazuh dashboard
copy:
content: |
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: ["http://127.0.0.1:9200"]
opensearch.ssl.verificationMode: none
opensearch.security.auth.type: "basicauth"
opensearch_security.cookie.secure: false
dest: /etc/wazuh-dashboard/opensearch_dashboards.yml
backup: yes
owner: wazuh-dashboard
group: wazuh-dashboard
mode: '0660'
when: not indexer_start.failed
- name: Start and enable Wazuh dashboard
service:
name: wazuh-dashboard
state: started
enabled: yes
when: not indexer_start.failed
- name: Verify Wazuh services status
shell: systemctl status {{ item }} --no-pager
register: wazuh_status
changed_when: false
ignore_errors: true
loop:
- wazuh-manager
- wazuh-indexer
- wazuh-dashboard
- name: Show Wazuh services status
debug:
var: wazuh_status.results
Reference in New Issue View Git Blame Copy Permalink