|
1 | 1 | One of method for deploying Wazuh is with the use of the official Ansible playbooks, integrated into a Kayobe Config. |
| 2 | + |
| 3 | +Hosts & Groups |
| 4 | +-------------- |
| 5 | +To begin the deployment of Wazuh we must first configure our hosts and groups definitions. |
| 6 | + |
| 7 | +Firstly, we can edit the groups under ``etc/kayobe/inventory/groups`` to define the related Wazuh groups. |
| 8 | + |
| 9 | +.. code-block:: ini |
| 10 | +
|
| 11 | + [infra-vms:children] |
| 12 | + wazuh-master |
| 13 | +
|
| 14 | + [wazuh:children] |
| 15 | + wazuh-master |
| 16 | + wazuh-agent |
| 17 | +
|
| 18 | + [wazuh-master] |
| 19 | +
|
| 20 | + [wazuh-agent] |
| 21 | +
|
| 22 | + [wazuh-agent:children] |
| 23 | +
|
| 24 | +Secondly, we can edit the hosts file found ``etc/kayobe/inventory/hosts`` to associate membership between hosts and groups. |
| 25 | + |
| 26 | +.. code-block:: ini |
| 27 | +
|
| 28 | + [wazuh-master] |
| 29 | + wazuh-master-01 |
| 30 | +
|
| 31 | + [wazuh-agent] |
| 32 | +
|
| 33 | +
|
| 34 | +Provision infra-vm & install roles |
| 35 | +---------------------------------- |
| 36 | + |
| 37 | +With the hosts and groups files created we can begin to provision the infra-vm as well install the Wazuh Ansible role. |
| 38 | + |
| 39 | +To provision the infra-vm we can use the kayobe command ``kayobe infra vm provision``. |
| 40 | +Once completed we can then install the Wazuh Ansible role we can be achieved by adding the role definition to the ``etc/kayobe/ansible/requirements.yml``. |
| 41 | + |
| 42 | +.. code-block:: yaml |
| 43 | +
|
| 44 | +
|
| 45 | + roles: |
| 46 | + - src: https://github.com/stackhpc/wazuh-ansible.git |
| 47 | + version: v4.2.3-opendistro-ubuntu |
| 48 | +
|
| 49 | +Once added we can then perform a ``kayobe control host bootstrap`` which shall install this role and any other missing roles. |
| 50 | + |
| 51 | +Configuring Wazuh Manager |
| 52 | +------------------------- |
| 53 | + |
| 54 | +We are almost ready to deploy Wazuh manager. |
| 55 | +However, before we can, we must first download the Wazuh manager playbook which can be done by downloading ``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/wazuh-manager.yml`` into ``etc/kayobe/ansible/wazuh-manager.yml``. |
| 56 | +Once downloaded it is recommended you make any changes your deployment/environment requires. |
| 57 | + |
| 58 | +Next we must create the group varibles for the `wazuh-master` group. |
| 59 | +This can be easily accomplished by first creating a directory ``etc/kayobe/inventory/group_vars/wazuh-master/`` which is where we shall download the next two files to. |
| 60 | + |
| 61 | +``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/elasticsearch-custom.yml`` |
| 62 | + |
| 63 | +``https://raw.githubusercontent.com/stackhpc/kayobe-ops/master/vars/wazuh-manager.yml`` |
| 64 | + |
| 65 | +Feel free to modify any of the varibles within these files. |
| 66 | +It is expected that you would want to edit the following varibles: |
| 67 | + |
| 68 | +* domain_name |
| 69 | + |
| 70 | +* wazuh_manager_ip |
| 71 | + |
| 72 | +Secrets |
| 73 | +------- |
| 74 | + |
| 75 | +We must ensure that Wazuh has access to a set secrets for all of the services it interacts with. |
| 76 | +To automate this process we can use an Ansible playbook and template. |
| 77 | + |
| 78 | +First create a playbook called ``etc/kayobe/ansible/wazuh-secrets.yml`` and add the following contents to it. |
| 79 | + |
| 80 | +.. code-block:: yaml |
| 81 | +
|
| 82 | + --- |
| 83 | + - hosts: localhost |
| 84 | + gather_facts: false |
| 85 | + vars: |
| 86 | + wazuh_secrets_path: "{{ kayobe_env_config_path }}/inventory/group_vars/wazuh/wazuh-secrets.yml" |
| 87 | + tasks: |
| 88 | + - name: install passlib[bcrypt] |
| 89 | + pip: |
| 90 | + name: passlib[bcrypt] |
| 91 | + virtualenv: "{{ ansible_playbook_python | dirname | dirname }}" |
| 92 | +
|
| 93 | + - name: Include existing secrets if they exist |
| 94 | + include_vars: "{{ wazuh_secrets_path }}" |
| 95 | + ignore_errors: true |
| 96 | +
|
| 97 | + - name: Ensure secrets directory exists |
| 98 | + file: |
| 99 | + path: "{{ wazuh_secrets_path | dirname }}" |
| 100 | + state: directory |
| 101 | +
|
| 102 | + - name: Template new secrets |
| 103 | + template: |
| 104 | + src: wazuh-secrets.yml.j2 |
| 105 | + dest: "{{ wazuh_secrets_path }}" |
| 106 | +
|
| 107 | +Then proceed to create a template in ``etc/kayobe/templates/wazuh-secrets.yml.j2`` with the following contents. |
| 108 | + |
| 109 | +.. code-block:: jinja |
| 110 | +
|
| 111 | + --- |
| 112 | + {% set wazuh_admin_pass = secrets_wazuh.wazuh_admin_pass | default(lookup('password', '/dev/null'), true) -%} |
| 113 | + {%- set wazuh_user_pass = secrets_wazuh.wazuh_user_pass | default(lookup('password', '/dev/null'), true) -%} |
| 114 | +
|
| 115 | + # Secrets used by Wazuh managers and agents |
| 116 | + # Store these securely and use lookups here |
| 117 | + secrets_wazuh: |
| 118 | + # Wazuh agent authd pass |
| 119 | + authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}" |
| 120 | + # Strengthen default wazuh api user pass |
| 121 | + wazuh_api_users: |
| 122 | + - username: "wazuh" |
| 123 | + password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('password', '/dev/null length=30' ), true) }}" |
| 124 | + # Elasticsearch 'admin' user pass |
| 125 | + opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}" |
| 126 | + # Elasticsearch 'kibanaserver' user pass |
| 127 | + opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}" |
| 128 | + # Wazuh/Kibana 'wazuh_admin' custom user pass |
| 129 | + wazuh_admin_pass: "{{ wazuh_admin_pass }}" |
| 130 | + # Wazuh/Kibana 'wazuh_admin' custom user pass has |
| 131 | + # bcrypt ($2y) hash |
| 132 | + wazuh_admin_hash: "{{ secrets_wazuh.wazuh_admin_hash | default(wazuh_admin_pass | password_hash('bcrypt'), true) }}" |
| 133 | + # Wazuh/Kibana 'wazuh_user' custom user pass |
| 134 | + # bcrypt ($2y) hash |
| 135 | + wazuh_user_pass: "{{ wazuh_user_pass }}" |
| 136 | + wazuh_user_hash: "{{ secrets_wazuh.wazuh_user_hash | default(wazuh_user_pass | password_hash('bcrypt'), true) }}" |
| 137 | +
|
| 138 | +And finally, run the following commands to generate and encrypt the secrets. |
| 139 | + |
| 140 | +.. code-block:: bash |
| 141 | +
|
| 142 | + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml -e wazuh_user_pass=$(uuidgen) -e wazuh_admin_pass=$(uuidgen) |
| 143 | + ansible-vault encrypt --vault-password-file ~/vault.pass $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-master/wazuh-secrets.yml |
| 144 | +
|
| 145 | +.. note:: you must have a vault password store outside the source control directory in a file called `vault.pass` |
| 146 | + |
| 147 | +Deploying Wazuh Manager |
| 148 | +----------------------- |
| 149 | + |
| 150 | +It is now time to deploy Wazuh manager. |
| 151 | +This can be achieved with one simple command. ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` |
| 152 | + |
| 153 | +Once the playbook is finished running you should be able to access the Wazuh manager from the ``wazuh-master-01`` ip address at ``5601`` over ``https``. |
| 154 | +You can login to the dashboard with the username ``admin`` and the password for ``opendistro_admin_password`` which can be found within ``etc/kayobe/inventory/group_vars/wazuh-master/wazuh-secrets.yml``. |
0 commit comments