gadmin/vagrant
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ameliorations diverses

Browse Source
This commit is contained in:
phil 2025-02-01 20:49:46 +01:00
parent f29e7d8290
commit 9fe6b402c6
3 changed files with 16 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
wazuh/README.md
View File

@ -1,23 +1,17 @@
# Serveur kea DHCP HA avec serveur Stork
# Serveur Wazuh All in One et machine wazuh-agent debian 12
## Présentation
Cette `Vagrantfile` permet d'installer :
* un serveur DHCP **kea1** en mode HA (primary)
* un serveur DHCP **kea2** en mode HA (secondary)
* un serveur de suivi/administration web **stork** pour kea
* un serveur Wazuh **wazuh** All-In-One ( indexer + manager + Dashboard) - Ubuntu 24.04
* un serveur Linux **wazuh-cli** ( wazuh-agent ) - Debian 12.9
La Vagrantfile utilise les playbooks ansible suivants :
* **provision/setup-stork.yml** qui:
* installe les dépots ISC pour stork
* installe les paquets **postgresql**, **postgresql-contrib**, **stork-server**
* crée la base de données stork et genère le fichiers de configuration de **stork-server**
* relance le service **isc-stork-server**
* **provision/setup-kea.yml** qui:
* installe les dépots ISC pour kea
* installe les paquets **isc-kea-dhcp4-server**, **isc-kea-ctrl-agent**, **isc-kea-hooks**
* **provision/setup-wazuh.yml** qui:
* recupère le script **wazuh-install.sh** et le lance
* **provision/setup-wazuh-cli.yml** qui:
* installe les dépots pour wazuh
* installe les paquets **wazuh-agent**,
* installe les dépots ISC pour stork
* installe le paquet **stork-agent**
* genére les fichiers de configuration pour chacun des services
@ -35,12 +29,11 @@ La Vagrantfile utilise les playbooks ansible suivants :
## Utilisation de la Vagrantfile
````shell
vagrant up stork
vagrant up kea1
vagrant up kea2
vagrant up wazuh
vagrant up wazuh-cli
````
On peut alors se connecter au serveur **stork** avec un navigateur : http://adresse:8080
(admin/admin)
On peut alors se connecter au serveur **wazuh** avec un navigateur : http://adresse
(admin/mdp)
Une fois connecté, on doit autoriser chacun des deux serveurs **kea1** et **kea2** inscrits

7
wazuh/Vagrantfile vendored
View File

@ -14,6 +14,7 @@ Vagrant.configure("2") do |config|
v.linked_clone = true
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--ioapic", "on"]
v.check_guest_additions = false
end
# wazuh.
@ -22,11 +23,11 @@ Vagrant.configure("2") do |config|
wazuh.vm.hostname = "wazuh"
wazuh.vm.network :private_network, ip: "192.168.56.5"
wazuh.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--memory", 4024]
v.customize ["modifyvm", :id, "--memory", 4100]
v.cpus = 2
end
wazuh.vm.provision "shell",
inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget gnupg"
wazuh.vm.provision "ansible" do |ansible|
ansible.extra_vars = {
wazuh_db_name: "wazuh",
@ -45,7 +46,7 @@ Vagrant.configure("2") do |config|
v.customize ["modifyvm", :id, "--memory", 1024]
end
wazucli.vm.provision "shell",
inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
inline: "sudo apt-get update ; sudo apt-get install -y vim curl wgeti gnupg"
wazucli.vm.provision "ansible" do |ansible|
ansible.extra_vars = {
srv_name: "wazu-cli",

93
wazuh/provision/setup-kea.yml
View File

@ -1,93 +0,0 @@
---
- hosts: all
become: true
tasks:
- name: Preparation
ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-6/setup.deb.sh' | sudo -E bash
- name: Update apt
ansible.builtin.apt:
update_cache: yes
- name: Installation isc-kea-dhcp4
ansible.builtin.apt:
name: isc-kea-dhcp4-server
state: present
- name: Installation isc-kea-ctrl-agent
ansible.builtin.apt:
name: isc-kea-ctrl-agent
state: present
- name: Installation isc-kea-hooks
ansible.builtin.apt:
name: isc-kea-hooks
state: present
- name: Generation du fichier de configuration kea-ctrl-agent
ansible.builtin.template:
src: kea-ctrl-agent.conf.j2
dest: /etc/kea/kea-ctrl-agent.conf
backup: yes
notify:
- relance isc-kea-ctrl-agent
- name: Generation du fichier de configuration kea-dhcp4.conf
ansible.builtin.template:
src: kea-dhcp4.conf.j2
dest: /etc/kea/kea-dhcp4.conf
backup: yes
notify:
- relance isc-kea-dhcp4-server
# - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf
# ansible.builtin.replace:
# path: /etc/kea/kea-ctrl-agent.conf
# regexp: '"http-host": "127.0.0.1",'
# replace: '"http-host": "{{ srv_ip }}",'
# backup: yes
#
- name: Preparation depot stork agent
ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
- name: Update apt
ansible.builtin.apt:
update_cache: yes
- name: Installation isc-stork-agent
ansible.builtin.apt:
name: isc-stork-agent
state: present
- name: Generation du fichier agent.env pour stork-agent
ansible.builtin.template:
src: agent.env.j2
dest: /etc/stork/agent.env
backup: yes
notify:
- relance isc-stork-agent
- name: Preparation stork agent
ansible.builtin.shell: sudo su stork-agent -s /bin/sh -c "stork-agent register --non-interactive --agent-host {{ srv_ip }} --server-url http://192.168.56.5:8080"
handlers:
- name: relance isc-kea-ctrl-agent
ansible.builtin.service:
name: isc-kea-ctrl-agent
state: restarted
enabled: yes
- name: relance isc-stork-agent
ansible.builtin.service:
name: isc-stork-agent
state: restarted
enabled: yes
- name: relance isc-kea-dhcp4-server
ansible.builtin.service:
name: isc-kea-dhcp4-server
state: restarted
enabled: yes