|
| 1 | +======================= |
| 2 | +Wazuh Security Platform |
| 3 | +======================= |
| 4 | + |
| 5 | +`Wazuh <https://wazuh.com>`_ is a security monitoring platform. |
| 6 | +It monitors for: |
| 7 | + |
| 8 | +* Security-related system events. |
| 9 | +* Known vulnerabilities (CVEs) in versions of installed software. |
| 10 | +* Misconfigurations in system security. |
| 11 | + |
| 12 | +One method for deploying and maintaining Wazuh is the `official |
| 13 | +Ansible playbooks <https://github.com/wazuh/wazuh-ansible>`_. These |
| 14 | +can be integrated into ``kayobe-config`` as a custom playbook. |
| 15 | + |
| 16 | +Configuring Wazuh Manager |
| 17 | +------------------------- |
| 18 | + |
| 19 | +Wazuh Manager is configured by editing the ``wazuh-manager.yml`` |
| 20 | +groups vars file found at |
| 21 | +``etc/kayobe/inventory/group_vars/wazuh-manager/``. This file |
| 22 | +controls various aspects of Wazuh Manager configuration. |
| 23 | +Most notably: |
| 24 | + |
| 25 | +*domain_name*: |
| 26 | + The domain used by Search Guard CE when generating certificates. |
| 27 | + |
| 28 | +*wazuh_manager_ip*: |
| 29 | + The IP address that the Wazuh Manager shall reside on for communicating with the agents. |
| 30 | + |
| 31 | +*wazuh_manager_connection*: |
| 32 | + Used to define port and protocol for the manager to be listening on. |
| 33 | + |
| 34 | +*wazuh_manager_authd*: |
| 35 | + Connection settings for the daemon responsible for registering new agents. |
| 36 | + |
| 37 | +Running ``kayobe playbook run |
| 38 | +$KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` will deploy these |
| 39 | +changes. |
| 40 | + |
| 41 | +Secrets |
| 42 | +------- |
| 43 | + |
| 44 | +Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates. |
| 45 | +The playbook ``etc/kayobe/ansible/wazuh-secrets.yml`` automates the creation of these secrets, which should then be encrypted with Ansible Vault. |
| 46 | + |
| 47 | +To update the secrets you can execute the following two commands |
| 48 | + |
| 49 | +.. code-block:: shell |
| 50 | +
|
| 51 | + kayobe# kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-secrets.yml \ |
| 52 | + -e wazuh_user_pass=$(uuidgen) \ |
| 53 | + -e wazuh_admin_pass=$(uuidgen) |
| 54 | + kayobe# ansible-vault encrypt --vault-password-file <Vault password file path> \ |
| 55 | + $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml |
| 56 | +
|
| 57 | +Once generated, run ``kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-manager.yml`` which copies the secrets into place. |
| 58 | + |
| 59 | +.. note:: Use ``ansible-vault`` to view the secrets: |
| 60 | + |
| 61 | + ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/wazuh-secrets.yml`` |
| 62 | + |
| 63 | +Adding a New Agent |
| 64 | +------------------ |
| 65 | +The Wazuh Agent is deployed to all hosts in the ``wazuh-agent`` |
| 66 | +inventory group, comprising the ``seed`` group |
| 67 | +plus the ``overcloud`` group (containing all hosts in the |
| 68 | +OpenStack control plane). |
| 69 | + |
| 70 | +.. code-block:: ini |
| 71 | +
|
| 72 | + [wazuh-agent:children] |
| 73 | + seed |
| 74 | + overcloud |
| 75 | +
|
| 76 | +The following playbook deploys the Wazuh Agent to all hosts in the |
| 77 | +``wazuh-agent`` group: |
| 78 | + |
| 79 | +.. code-block:: shell |
| 80 | +
|
| 81 | + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/wazuh-agent.yml |
| 82 | +
|
| 83 | +The hosts running Wazuh Agent should automatically be registered |
| 84 | +and visible within the Wazuh Manager dashboard. |
| 85 | + |
| 86 | +.. note:: It is good practice to use a `Kayobe deploy hook |
| 87 | + <https://docs.openstack.org/kayobe/wallaby/custom-ansible-playbooks.html#hooks>`_ |
| 88 | + to automate deployment and configuration of the Wazuh Agent |
| 89 | + following a run of ``kayobe overcloud host configure``. |
0 commit comments