Comments (2)
Tests
The default username and password were modified in the corresponding playbooks.
A test is carried out with the same modifications of the attached PR, but on the v4.7.4
tag:
root@master:/etc/ansible/roles# sudo git clone https://github.com/wazuh/wazuh-ansible.git
Cloning into 'wazuh-ansible'...
remote: Enumerating objects: 21362, done.
remote: Counting objects: 100% (2755/2755), done.
remote: Compressing objects: 100% (1081/1081), done.
remote: Total 21362 (delta 1463), reused 2441 (delta 1220), pack-reused 18607
Receiving objects: 100% (21362/21362), 6.56 MiB | 15.36 MiB/s, done.
Resolving deltas: 100% (13033/13033), done.
root@master:/etc/ansible/roles# cd wazuh-ansible/
root@master:/etc/ansible/roles/wazuh-ansible# git checkout test-api-user
Branch 'test-api-user' set up to track remote branch 'test-api-user' from 'origin'.
Switched to a new branch 'test-api-user'
Your branch is up to date with 'origin/test-api-user'.
root@master:/etc/ansible/roles/wazuh-ansible# tree roles -d
roles
├── elastic-stack
│ └── ansible-kibana
│ └── defaults
├── opendistro
│ └── opendistro-kibana
│ └── defaults
└── wazuh
├── ansible-filebeat
│ └── defaults
├── ansible-filebeat-oss
│ ├── defaults
│ ├── handlers
│ ├── meta
│ ├── tasks
│ └── templates
├── ansible-wazuh-agent
│ ├── defaults
│ ├── handlers
│ ├── meta
│ ├── tasks
│ └── templates
├── ansible-wazuh-manager
│ ├── defaults
│ ├── files
│ │ └── custom_ruleset
│ │ ├── decoders
│ │ └── rules
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── check-packages
│ ├── defaults
│ ├── files
│ ├── scripts
│ └── tasks
├── vars
├── wazuh-dashboard
│ ├── defaults
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
└── wazuh-indexer
├── defaults
├── handlers
├── meta
├── tasks
└── templates
50 directories
root@master:/etc/ansible/roles/wazuh-ansible# vi playbooks/wazuh-indexer-and-dashboard.yml
root@master:/etc/ansible/roles/wazuh-ansible# cd playbooks/
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-indexer-and-dashboard.yml -b -K
BECOME password:
PLAY [all_in_one] ***********************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
changed: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
skipping: [127.0.0.1]
PLAY [all_in_one] ***********************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_vars] **************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Check if certificates already exists] **************************************************************************************************************************************
ok: [127.0.0.1 -> localhost]
TASK [../roles/wazuh/wazuh-indexer : Local action | Create local temporary directory for certificates generation] ***********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Check that the generation tool exists] **********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Download certificates generation tool] **********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Prepare the certificates generation template file] **********************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Local action | Generate the node & admin certificates in local] ************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Add Wazuh indexer repo] *****************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Amazon extras] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure vm.max_map_count] ************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update vm.max_map_count] ***************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Install Indexer dependencies] ***********************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Update cache] **************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer dependencies] ****************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add apt repository signing key] ********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Add Wazuh indexer repository] **********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Install Wazuh indexer] *****************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove performance analyzer plugin from Wazuh indexer] *********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Opensearch configuration file] **************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy Opensearch Configuration File] ****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : include_tasks] *************************************************************************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml for 127.0.0.1
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Private address)] ********************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure IP (Public address)] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure Indexer certificates directory permissions.] ************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy the node & admin certificates to Wazuh indexer cluster] ***************************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=root-ca.key)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=admin-key.pem)
changed: [127.0.0.1] => (item=admin.pem)
TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] *************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Copy the Opensearch security internal users template] **********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Hashing the custom admin password] *****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Set the Admin user password] ***********************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Hash the kibanaserver role/user pasword] ***********************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Set the kibanaserver user password] ****************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Initialize the Opensearch security index in Wazuh indexer] *****************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Create custom user] ********************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Configure Wazuh indexer JVM memmory.] **************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Ensure extra time for Wazuh indexer to start on reboots] *******************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Index files to remove] *****************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Remove Index Files] ********************************************************************************************************************************************************
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/batch_metrics_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 6, 'inode': 262190, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/performance_analyzer_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262187, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [127.0.0.1] => (item={'path': '/var/lib/wazuh-indexer/rca_enabled.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 114, 'gid': 119, 'size': 5, 'inode': 262188, 'dev': 64768, 'nlink': 1, 'atime': 1716292689.8788218, 'mtime': 1716292689.8788218, 'ctime': 1716292689.8828237, 'gr_name': 'wazuh-indexer', 'pw_name': 'wazuh-indexer', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
TASK [../roles/wazuh/wazuh-indexer : Ensure Wazuh indexer started and enabled] **********************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API] ************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Wait for Wazuh indexer API (Private IP)] ***********************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : RedHat/CentOS/Fedora | Remove Wazuh indexer repository (and clean up left-over metadata)] **********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-indexer : Reload systemd configuration] **********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : RedHat/CentOS/Fedora | Add Wazuh dashboard repo] *************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : include_vars] ************************************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Add apt repository signing key] ******************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Debian systems | Add Wazuh dashboard repo] *******************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Install Wazuh dashboard] *************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Remove Dashboard configuration file] *************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensure Dashboard certificates directory permissions.] ********************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Copy the certificates from local to the Wazuh dashboard instance] ********************************************************************************************************
changed: [127.0.0.1] => (item=root-ca.pem)
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
TASK [../roles/wazuh/wazuh-dashboard : Copy Configuration File] *************************************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensuring Wazuh dashboard directory owner] ********************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Wait for Wazuh-Indexer port] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Select correct API protocol] *********************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Attempting to delete legacy Wazuh index if exists] ***********************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Create Wazuh Plugin config directory] ************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Configure Wazuh Dashboard Plugin] ****************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Configure opensearch.password in opensearch_dashboards.keystore] *********************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Ensure Wazuh dashboard started and enabled] ******************************************************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/wazuh-dashboard : Remove Wazuh dashboard repository (and clean up left-over metadata)] *****************************************************************************************************
skipping: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/wazuh-indexer : restart wazuh-indexer] ******************************************************************************************************************************************
changed: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/wazuh-dashboard : restart wazuh-dashboard] **************************************************************************************************************************************
changed: [127.0.0.1]
PLAY RECAP ******************************************************************************************************************************************************************************************************
127.0.0.1 : ok=58 changed=32 unreachable=0 failed=0 skipped=49 rescued=0 ignored=0
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 11:59:55 UTC; 4s ago
Docs: https://documentation.wazuh.com
Main PID: 10200 (java)
Tasks: 51 (limit: 9388)
Memory: 4.2G
CPU: 27.937s
CGroup: /system.slice/wazuh-indexer.service
└─10200 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headles>
May 21 11:59:43 master systemd[1]: Starting Wazuh-indexer...
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
May 21 11:59:46 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: A terminally deprecated method in java.lang.System has been called
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
May 21 11:59:47 master systemd-entrypoint[10200]: WARNING: System::setSecurityManager will be removed in a future release
May 21 11:59:55 master systemd[1]: Started Wazuh-indexer.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 11:59:56 UTC; 17s ago
Main PID: 10451 (node)
Tasks: 11 (limit: 9388)
Memory: 237.2M
CPU: 4.721s
CGroup: /system.slice/wazuh-dashboard.service
└─10451 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_>
May 21 12:00:07 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:07Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Starting saved objects migrations"}
May 21 12:00:09 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:09Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Creating index .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Pointing alias .kibana to .kibana_1."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","savedobjects-service"],"pid":10451,"message":"Finished in 174ms."}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","plugins-system"],"pid":10451,"message":"Starting [44] plugins: [alertingDashboards,usageC>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["listening","info"],"pid":10451,"message":"Server running at https://0.0.0.0:443"}
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10451,"message":"http server running at http>
May 21 12:00:10 master opensearch-dashboards[10451]: {"type":"log","@timestamp":"2024-05-21T12:00:10Z","tags":["error","opensearch","data"],"pid":10451,"message":"[ResponseError]: Response Error"}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# vi wazuh-manager-oss.yml
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# ansible-playbook wazuh-manager-oss.yml -b -K
BECOME password:
PLAY [all_in_one] ******************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies] *****************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_vars] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Overlay wazuh_manager_config on top of defaults] **************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] *****************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)] **************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Installing Wazuh repository key] **************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Add Wazuh repositories] ***********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu] **********************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK-8 repo] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenJDK 1.8] **************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install OpenScap] *****************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Get OpenScap installed version] ***************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Check OpenScap version] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install dependencies to build from sources] *******************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Install wazuh-manager] ************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : include_tasks] ************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Install expect] ***********************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Generate SSL files for authd] *********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Copy CA, SSL key and cert for authd] **************************************************************************
skipping: [127.0.0.1] => (item=)
skipping: [127.0.0.1] => (item=sslmanager.cert)
skipping: [127.0.0.1] => (item=sslmanager.key)
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old init authd service] *************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Verifying for old systemd authd service] **********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure ossec-authd service is disabled] ***********************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Removing old init authd services] *****************************************************************************
skipping: [127.0.0.1] => (item=/etc/init.d/ossec-authd)
skipping: [127.0.0.1] => (item=/lib/systemd/system/ossec-authd.service)
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_rules.xml (default local_rules.xml)] *****************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local rules files] *************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_decoder.xml] *****************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Adding local decoders files] **********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Configure the shared-agent.conf] ******************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Installing the local_internal_options.conf] *******************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving Agentless Credentials] *****************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Retrieving authd Credentials] *********************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if syslog output is enabled] ****************************************************************************
skipping: [127.0.0.1] => (item={'server': None, 'port': None, 'format': None})
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if client-syslog is enabled] ****************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Enable client-syslog] *****************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Check if ossec-agentlessd is enabled] *************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Enable ossec-agentlessd] **************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Checking alert log output settings] ***************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Configure ossec.conf] *****************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ossec-authd password] *****************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Copy create_user script] **************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Create admin.json] ********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Execute create_user script] ***********************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Agentless Hosts & Passwd] *************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Encode the secret] ********************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Ensure Wazuh Manager service is started and enabled.] *********************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Create agent groups] ******************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : Run uninstall tasks] ******************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-wazuh-manager : Debian/Ubuntu | Remove Wazuh repository.] *********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-wazuh-manager : RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)] *****************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_vars] **************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl] ******************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Elasticsearch apt key.] ********************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Add Filebeat-oss repository.] ******************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Redhat] *************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Install Filebeat | Debian] *************************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module folder file exists] ****************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Download Filebeat module package] ******************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Unpack Filebeat module package] ********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Setting 0755 permission for Filebeat module folder] ************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Checking if Filebeat Module package file exists] ***************************************************************
ok: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Delete Filebeat module package file] ***************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Copy Filebeat configuration.] **********************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Fetch latest Wazuh alerts template] ****************************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat SSL key pair directory exists.] ****************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : Copy the certificates from local to the Manager instance] ******************************************************
changed: [127.0.0.1] => (item=node-1-key.pem)
changed: [127.0.0.1] => (item=node-1.pem)
changed: [127.0.0.1] => (item=root-ca.pem)
TASK [../roles/wazuh/ansible-filebeat-oss : Ensure Filebeat is started and enabled at boot.] ***************************************************************
changed: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
skipping: [127.0.0.1]
TASK [../roles/wazuh/ansible-filebeat-oss : include_tasks] *************************************************************************************************
included: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat-oss/tasks/RMDebian.yml for 127.0.0.1
TASK [../roles/wazuh/ansible-filebeat-oss : Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)] **********************************
ok: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-manager : restart wazuh-manager] *****************************************************************************
changed: [127.0.0.1]
RUNNING HANDLER [../roles/wazuh/ansible-filebeat-oss : restart filebeat] ***********************************************************************************
changed: [127.0.0.1]
PLAY RECAP *************************************************************************************************************************************************
127.0.0.1 : ok=50 changed=23 unreachable=0 failed=0 skipped=33 rescued=0 ignored=0
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
Process: 59276 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 141 (limit: 9388)
Memory: 321.1M
CPU: 35.598s
CGroup: /system.slice/wazuh-manager.service
├─59333 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59334 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59337 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59340 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
├─59381 /var/ossec/bin/wazuh-authd
├─59397 /var/ossec/bin/wazuh-db
├─59421 /var/ossec/bin/wazuh-execd
├─59435 /var/ossec/bin/wazuh-analysisd
├─59496 /var/ossec/bin/wazuh-syscheckd
├─59511 /var/ossec/bin/wazuh-remoted
├─59543 /var/ossec/bin/wazuh-logcollector
├─59578 /var/ossec/bin/wazuh-monitord
└─59634 /var/ossec/bin/wazuh-modulesd
May 21 12:14:57 master env[59276]: Started wazuh-db...
May 21 12:14:58 master env[59276]: Started wazuh-execd...
May 21 12:14:59 master env[59276]: Started wazuh-analysisd...
May 21 12:14:59 master env[59276]: Started wazuh-syscheckd...
May 21 12:15:00 master env[59276]: Started wazuh-remoted...
May 21 12:15:01 master env[59276]: Started wazuh-logcollector...
May 21 12:15:02 master env[59276]: Started wazuh-monitord...
May 21 12:15:03 master env[59276]: Started wazuh-modulesd...
May 21 12:15:05 master env[59276]: Completed.
May 21 12:15:05 master systemd[1]: Started Wazuh manager.
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-05-21 12:15:05 UTC; 15min ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 60205 (filebeat)
Tasks: 9 (limit: 9388)
Memory: 9.5M
CPU: 159ms
CGroup: /system.slice/filebeat.service
└─60205 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /et>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z INFO [publisher] pipeline/retry.go:219 retryer: send unwait si>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.482Z INFO [publisher] pipeline/retry.go:223 done
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.494Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.495Z INFO [esclientleg] eslegclient/connection.go:314 Attempting to>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.497Z INFO template/load.go:183 Existing template will be overwritten, as o>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.498Z INFO template/load.go:117 Try loading template wazuh to Elasticsearch
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z INFO template/load.go:109 template with name 'wazuh' loaded.
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.534Z INFO [index-management] idxmgmt/std.go:298 Loaded index templa>
May 21 12:15:06 master filebeat[60205]: 2024-05-21T12:15:06.537Z INFO [publisher_pipeline_output] pipeline/output.go:151 Connec>
May 21 12:21:12 master filebeat[60205]: 2024-05-21T12:21:12.807Z INFO log/harvester.go:333 File is inactive: /var/ossec/logs/alerts/al>
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# TOKEN=$(curl -s -u wazuh-wui:wazuh-wui -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
root@master:/etc/ansible/roles/wazuh-ansible/playbooks# cat /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
---
#
# Wazuh app - App configuration file
# Copyright (C) 2016, Wazuh Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-dashboard-plugins
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-4.x-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api : true
#checks.setup : true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci : true
#extensions.gdpr : true
#extensions.hipaa : true
#extensions.nist : true
#extensions.audit : true
#extensions.oscap : false
#extensions.ciscat : false
#extensions.aws : false
#extensions.virustotal: false
#extensions.osquery : false
#extensions.docker : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# ------------------------------ Advanced indices ------------------------------
#
# Configure .wazuh indices shards and replicas.
#wazuh.shards : 1
#wazuh.replicas : 0
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-4.x-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-4.x-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-4.x-*
#
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
# - <id>:
# url: http(s)://<url>
# port: <port>
# user: <user>
# password: <password>
hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: "wazuh-wui"
root@master:/etc/ansible/roles/wazuh-ansible/playbooks#
The Wazuh dashboard connection is verified using the Wazuh API:
from wazuh-ansible.
Tests
Demo deployment with api username and password changed:
from wazuh-ansible.
Related Issues (20)
- Support new stage RC 2 for 4.7.4 in wazuh-ansible repository HOT 1
- Generate final tag and publish draft release for Wazuh 4.7.4
- Post release tasks for 4.7.4
- Repository 5.x does not have release file HOT 4
- Support new stage RC 1 for 4.8.0 in wazuh-ansible repository HOT 1
- Support new stage RC 2 for 4.8.0 in wazuh-ansible repository HOT 1
- Unified certificate paths for filebeat: Aligning ansible installation method with standard configuration HOT 1
- Support new Wazuh version 4.7.5 in wazuh-ansible repository
- Change APT sources and keys management HOT 1
- Support new stage RC 1 for 4.7.5 in wazuh-ansible repository HOT 1
- Scheduled upward merges for numbered branches in wazuh-ansible repository - Fortnight #10 HOT 1
- Support new stage RC 3 for 4.8.0 in wazuh-ansible repository
- Support new stage RC 2 for 4.7.5 in wazuh-ansible repository HOT 1
- Generate final tag and publish draft release for Wazuh 4.7.5
- Post release tasks for 4.7.5
- Support new Wazuh version 4.8.1 in wazuh-ansible repository
- Support new stage RC 4 for 4.8.0 in wazuh-ansible repository HOT 1
- Generate final tag and publish draft release for Wazuh 4.8.0
- Post release tasks for 4.8.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wazuh-ansible.