diff --git a/CHANGELOG.md b/CHANGELOG.md
index 54ee6666..7b892715 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,11 +1,22 @@
# Change Log
All notable changes to this project will be documented in this file.
-## [v3.8.1]
+
+## [v3.9.0]
+
+
+## [v3.8.2]
### Changed
+
+- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150))
+
+## [v3.8.1]
+
+### Changed
- Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148))
+
## [v3.8.0]
### Added
@@ -14,7 +25,7 @@ All notable changes to this project will be documented in this file.
- Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118))
- Added labels to ossec.conf ([#135](https://github.com/wazuh/wazuh-ansible/pull/135))
-### Changed
+### Changed
- Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116))
- move redundant tags to the outer block ([#133](https://github.com/wazuh/wazuh-ansible/pull/133))
@@ -50,7 +61,7 @@ All notable changes to this project will be documented in this file.
- Changed windows agent version. ([#89](https://github.com/wazuh/wazuh-ansible/pull/89))
- Updating to Elastic Stack to 6.5.3 and Wazuh 3.7.1. ([#108](https://github.com/wazuh/wazuh-ansible/pull/108))
-
+
### Fixed
- Solve the conflict betwwen tha agent configuration and the shared master configuration. Also include monitoring for `/var/log/auth.log`. ([#90](https://github.com/wazuh/wazuh-ansible/pull/90))
diff --git a/VERSION b/VERSION
index 7d501c8d..a85b3d76 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v3.8.1"
-REVISION="3800"
+WAZUH-ANSIBLE_VERSION="v3.8.3"
+REVISION="3802"
diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
index 677517a9..9e397d4a 100644
--- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
@@ -4,7 +4,7 @@ elasticsearch_node_name: node-1
elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1
elasticsearch_jvm_xms: null
-elastic_stack_version: 6.5.4
+elastic_stack_version: 6.7.1
elasticsearch_shards: 5
elasticsearch_replicas: 1
elasticsearch_install_java: yes
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
index ae4e717f..162ed42f 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
@@ -1,12 +1,8 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
- cache_valid_time: 3600
- with_items:
- - apt-transport-https
- - ca-certificates
- when: elasticsearch_install_java
block:
diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
index 149a162c..5853f636 100644
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@@ -3,6 +3,6 @@ elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0"
kibana_server_port: "5601"
-elastic_stack_version: 6.5.4
-wazuh_version: 3.8.1
+elastic_stack_version: 6.7.1
+wazuh_version: 3.8.2
diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
index 9cb809d2..a7db7dee 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
@@ -1,12 +1,8 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
- cache_valid_time: 3600
- with_items:
- - apt-transport-https
- - ca-certificates
- name: Debian/Ubuntu | Add Elasticsearch GPG key
apt_key:
diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml
index 955fcf6f..208301be 100644
--- a/roles/elastic-stack/ansible-logstash/defaults/main.yml
+++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml
@@ -9,7 +9,7 @@ elasticsearch_network_host: ["Localhost"]
elasticsearch_http_port: "9200"
elasticsearch_shards: 5
elasticsearch_replicas: 1
-elastic_stack_version: 6.5.4
+elastic_stack_version: 6.7.1
logstash_ssl: false
logstash_ssl_dir: /etc/pki/logstash
diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
index 628fd8e4..1fc5a1f8 100644
--- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
@@ -1,12 +1,8 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
- cache_valid_time: 3600
- with_items:
- - apt-transport-https
- - ca-certificates
- when: logstash_install_java
block:
diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
index 45494c26..226f145e 100644
--- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
@@ -1,12 +1,9 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
- cache_valid_time: 3600
- with_items:
- - apt-transport-https
- - ca-certificates
+
- name: Debian/Ubuntu | Add Elasticsearch apt key.
apt_key:
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index e08b891d..d35983c6 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -23,7 +23,7 @@ wazuh_winagent_config:
install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
- version: '3.8.1'
+ version: '3.8.2'
revision: '1'
repo: https://packages.wazuh.com/3.x/windows/
md5: 43936e7bc7eb51bd186f47dac4a6f477
@@ -223,7 +223,7 @@ wazuh_agent_config:
log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log'
config_path: '/etc/osquery/osquery.conf'
config_path_win: 'C:\ProgramData\osquery\osquery.conf'
- ad_labels: 'yes'
+ add_labels: 'yes'
syscollector:
disable: 'no'
interval: '1h'
@@ -281,10 +281,10 @@ wazuh_agent_config:
- format: 'syslog'
location: '/var/ossec/logs/active-responses.log'
- format: 'command'
- command: 'df -P'
+ command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360'
- format: 'full_command'
- command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports'
frequency: '360'
- format: 'full_command'
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index d8affe84..5fef8bad 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -1,12 +1,8 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
- cache_valid_time: 3600
- with_items:
- - apt-transport-https
- - ca-certificates
- name: Debian/Ubuntu | Installing repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
@@ -49,15 +45,11 @@
- name: Debian/Ubuntu | Install OpenScap
apt:
- name: "{{ item }}"
+ name: ['libopenscap8', 'xsltproc']
state: present
- cache_valid_time: 3600
- when: wazuh_agent_config.openscap.disable == 'no'
- with_items:
- - libopenscap8
- - xsltproc
- tags:
- - init
+ when: wazuh_agent_config.openscap.disable == 'no'
+ tags:
+ - init
- name: Debian/Ubuntu | Get OpenScap installed version
shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2
index 6e3c86a8..81979e59 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2
@@ -10,3 +10,7 @@
# This is the template of Ansible for the file local_internal_options.conf
# In this file you could include the configuration settings for your agents
+
+# Logcollector - If it should accept remote commands from the manager
+logcollector.remote_commands=1
+
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 6327441a..bfcf86e4 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -291,6 +291,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
{{ localfile.command }}
{{ localfile.frequency }}
+ {% if localfile.alias is defined %}
+ {{ localfile.alias }}
+ {% endif %}
{% else %}
{{ localfile.location }}
{% endif %}
@@ -305,6 +308,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
{{ localfile.command }}
{{ localfile.frequency }}
+ {% if localfile.alias is defined %}
+ {{ localfile.alias }}
+ {% endif %}
{% else %}
{{ localfile.location }}
{% endif %}
@@ -319,6 +325,9 @@
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
{{ localfile.command }}
{{ localfile.frequency }}
+ {% if localfile.alias is defined %}
+ {{ localfile.alias }}
+ {% endif %}
{% else %}
{{ localfile.location }}
{% endif %}
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index b9817a3a..80b39c06 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -29,7 +29,6 @@ wazuh_manager_config:
node_name: 'manager_01'
node_type: 'master'
key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
- interval: '2m'
port: '1516'
bind_addr: '0.0.0.0'
nodes:
@@ -183,10 +182,10 @@ wazuh_manager_config:
localfiles:
common:
- format: 'command'
- command: 'df -P'
+ command: df -P -x squashfs -x tmpfs -x devtmpfs
frequency: '360'
- format: 'full_command'
- command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
alias: 'netstat listening ports'
frequency: '360'
- format: 'full_command'
@@ -256,17 +255,6 @@ wazuh_manager_config:
decoders_path: 'custom_ruleset/decoders/'
rule_exclude:
- '0215-policy_rules.xml'
- active_responses:
- - command: 'restart-ossec'
- location: 'local'
- rules_id: '100002'
- - command: 'win_restart-ossec'
- location: 'local'
- rules_id: '100003'
- - command: 'host-deny'
- location: 'local'
- level: 6
- timeout: 600
syslog_outputs:
- server: null
port: null
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index 671d39c1..05b6a5a7 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -1,7 +1,7 @@
---
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
apt:
- name: "{{ item }}"
+ name: ['apt-transport-https', 'ca-certificates']
state: present
cache_valid_time: 3600
with_items:
@@ -9,6 +9,7 @@
- ca-certificates
- urllib3
+
- name: Debian/Ubuntu | Installing Wazuh repository key
apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 71201e92..65ae38fb 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -11,11 +11,7 @@
{{ wazuh_manager_config.alerts_log }}
{{ wazuh_manager_config.logall }}
{{ wazuh_manager_config.logall_json }}
- {% if wazuh_manager_config.email_notification | lower == "yes" %}
- yes
- {% else %}
- no
- {% endif %}
+ {{ wazuh_manager_config.email_notification }}
{% for to in wazuh_manager_config.mail_to %}
{{ to }}
{% endfor %}
@@ -235,7 +231,7 @@
{{ wazuh_manager_config.vul_detector.ubuntu.disable }}
{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}
-
+
{{ wazuh_manager_config.vul_detector.redhat.disable }}
{{ wazuh_manager_config.vul_detector.redhat.update_interval }}
@@ -308,12 +304,6 @@
{% endfor %}
-
-
ruleset/decoders
@@ -398,21 +388,22 @@
{% endif %}
-
+
+{% if wazuh_manager_config.active_responses is defined %}
+ {% for response in wazuh_manager_config.active_responses %}
+
+ {% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}
+ {%if response.command is defined %}{{ response.command }}{% endif %}
+ {%if response.location is defined %}{{ response.location }}{% endif %}
+ {%if response.agent_id is defined %}{{ response.agent_id }}{% endif %}
+ {%if response.level is defined %}{{ response.level }}{% endif %}
+ {%if response.rules_group is defined %}{{ response.rules_group }}{% endif %}
+ {%if response.rules_id is defined %}{{ response.rules_id }}{% endif %}
+ {%if response.timeout is defined %}{{ response.timeout }}{% endif %}
+ {%if response.repeated_offenders is defined %}{{ response.repeated_offenders }}{% endif %}
+
+ {% endfor %}
+{% endif %}
{% for localfile in wazuh_manager_config.localfiles.common %}
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 6b40451d..4ae5a145 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -2,6 +2,7 @@
{% if wazuh_agent_configs is defined %}
{% for agent_config in wazuh_agent_configs %}
+ {% if agent_config.syscheck is defined %}
{{ agent_config.syscheck.auto_ignore }}
{{ agent_config.syscheck.alert_new_files }}
@@ -40,6 +41,7 @@
{% endfor %}
{% endif %}
+ {% endif %}
{% for localfile in agent_config.localfiles %}