diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e8aba74..391875b0 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,18 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.3.0] + +### Added + +- Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430) + +## [v4.2.0] + +### Added + +- Update to [Wazuh v4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420) + ## [v4.1.4] ### Added diff --git a/README.md b/README.md index 74dff0a0..8277167b 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,10 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| - +| v4.3.0 | 7.10.0 | 1.12.0 | +|---------------|---------|--------| +| v4.2.0 | 7.10.0 | 1.12.0 | +|---------------|---------|--------| | v4.1.4 | 7.10.0 | 1.12.0 | |---------------|---------|--------| | v4.1.3 | 7.10.0 | 1.12.0 | diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index c0296428..8526d8e0 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.4" + return "4.3.0" @@ -47,8 +47,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index b13dcf37..3730410d 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -18,11 +18,11 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.4-1 -wazuh_agent_version: 4.1.4-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.1.4 +wazuh_version: 4.3.0 ######################################################## # General ELK stack variables diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index fe444218..75940cf0 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.4" + return "4.3.0" def test_wazuh_packages_are_installed(host): @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index 4053d17d..3124a9c9 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -16,9 +16,8 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.4-1 -wazuh_agent_version: 4.1.4-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.1.4 - +wazuh_version: 4.3.0 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index fe444218..75940cf0 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.4" + return "4.3.0" def test_wazuh_packages_are_installed(host): @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index 7807b5d6..afd3c9b3 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -40,8 +40,8 @@ filebeat_version: 7.10.0 kibana_opendistro_version: 1.12.0-1 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.4-1 -wazuh_agent_version: 4.1.4-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.1.4 +wazuh_version: 4.3.0 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index 54a2c114..e142551b 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.4" + return "4.3.0" def test_wazuh_packages_are_installed(host): @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index 200f4891..09fe054f 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -3,4 +3,5 @@ roles: - role: ../roles/elastic-stack/ansible-kibana elasticsearch_network_host: - + vars: + ansible_shell_allow_world_readable_temp: true diff --git a/playbooks/wazuh-odfe-production-ready.yml b/playbooks/wazuh-odfe-production-ready.yml index b6cba365..75cc30e9 100644 --- a/playbooks/wazuh-odfe-production-ready.yml +++ b/playbooks/wazuh-odfe-production-ready.yml @@ -186,3 +186,4 @@ node6: name: node-6 ip: "{{ hostvars.kibana.private_ip }}" + ansible_shell_allow_world_readable_temp: true diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index ce98cfaf..d3543aa4 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -18,4 +18,5 @@ instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: \ No newline at end of file + ip: + ansible_shell_allow_world_readable_temp: true \ No newline at end of file diff --git a/playbooks/wazuh-opendistro-kibana.yml b/playbooks/wazuh-opendistro-kibana.yml index fa3600c1..8d195ad5 100644 --- a/playbooks/wazuh-opendistro-kibana.yml +++ b/playbooks/wazuh-opendistro-kibana.yml @@ -2,3 +2,5 @@ - hosts: es1 roles: - role: ../roles/opendistro/opendistro-kibana + vars: + ansible_shell_allow_world_readable_temp: true diff --git a/pyproject.toml b/pyproject.toml index ccc294da..550e0acf 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.1.4" +version = "4.3.0" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 437f0a78..b6e50c08 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.10.2 -wazuh_version: 4.1.4 +wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index b86dd656..232f3a20 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -32,6 +32,12 @@ package_repos: opendistro: baseurl: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + apt: + opendistro: + baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + openjdk: + baseurl: 'deb http://deb.debian.org/debian stretch-backports main' opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml new file mode 100644 index 00000000..41011ddc --- /dev/null +++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml @@ -0,0 +1,43 @@ + +--- + +#- name: Install OpenDistro dependencies +# apt: +# name: [ +# 'unzip', 'wget', 'curl', +# 'apt-transport-https', software-properties-common +# ] +# state: present + +- name: Add openjdk repository + apt_repository: + repo: "{{ package_repos.apt.openjdk.baseurl }}" + state: present + update_cache: yes + +- name: Install openjdk-11-jdk + apt: + name: openjdk-11-jdk + state: present + environment: + JAVA_HOME: /usr + +- name: Add Opendistro repository + block: + - name: Add apt repository signing key + apt_key: + url: "{{ package_repos.apt.opendistro.gpg }}" + state: present + + - name: Add Opendistro repository + apt_repository: + repo: "{{ package_repos.apt.opendistro.baseurl }}" + state: present + update_cache: yes + +- name: Install OpenDistro + apt: + name: opendistroforelasticsearch={{ opendistro_version }}-1 + state: present + register: install + tags: install \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml index 08105af1..ee2482f6 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml @@ -39,5 +39,12 @@ - wget - unzip + - name: Install OpenDistro + package: + name: opendistroforelasticsearch-{{ opendistro_version }} + state: present + register: install + tags: install + tags: - install diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index b7c962ed..e3b9aceb 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -8,18 +8,13 @@ - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' - - name: Install OpenDistro - package: - name: opendistroforelasticsearch-{{ opendistro_version }} - state: present - register: install - tags: install + - import_tasks: Debian.yml + when: ansible_os_family == 'Debian' - name: Remove elasticsearch configuration file file: path: "{{ opendistro_conf_path }}/elasticsearch.yml" state: absent - when: install.changed tags: install - name: Copy Configuration File @@ -30,13 +25,12 @@ group: elasticsearch mode: 0640 marker: "## {mark} Opendistro general settings ##" - when: install.changed tags: install - include_tasks: security_actions.yml tags: - security - when: install.changed + - name: Configure OpenDistro Elasticsearch JVM memmory. template: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 9a19c3a0..71d1fcd1 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -10,7 +10,7 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.10.0 -wazuh_version: 4.1.4 +wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository @@ -21,7 +21,10 @@ package_repos: opendistro: baseurl: 'https://packages.wazuh.com/4.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - + apt: + opendistro: + baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' # API credentials wazuh_api_credentials: @@ -38,7 +41,7 @@ kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" opendistro_admin_password: changeme -opendistro_kibana_user: admin +opendistro_kibana_user: changeme opendistro_kibana_password: changeme local_certs_path: "{{ playbook_dir }}/opendistro/certificates" diff --git a/roles/opendistro/opendistro-kibana/tasks/Debian.yml b/roles/opendistro/opendistro-kibana/tasks/Debian.yml new file mode 100644 index 00000000..140b2582 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/tasks/Debian.yml @@ -0,0 +1,23 @@ +--- +- block: + + - include_vars: debian.yml + - name: Add apt repository signing key + apt_key: + url: "{{ package_repos.apt.opendistro.gpg }}" + state: present + + - name: Debian systems | Add OpenDistro repo + apt_repository: + repo: "{{ package_repos.apt.opendistro.baseurl }}" + state: present + update_cache: yes + + - name: Install Kibana + apt: + name: "opendistroforelasticsearch-kibana={{ kibana_opendistro_version }}" + state: present + register: install + + tags: + - install \ No newline at end of file diff --git a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml index 70b5b70a..4407e165 100644 --- a/roles/opendistro/opendistro-kibana/tasks/RedHat.yml +++ b/roles/opendistro/opendistro-kibana/tasks/RedHat.yml @@ -10,5 +10,11 @@ gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgcheck: true + - name: Install Kibana + package: + name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" + state: present + register: install + tags: - install diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 41980054..8a169664 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -11,12 +11,8 @@ - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- name: Install Kibana - package: - name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}" - state: present - register: install - tags: install +- import_tasks: Debian.yml + when: ansible_os_family == 'Debian' - name: Remove Kibana configuration file file: diff --git a/roles/opendistro/opendistro-kibana/vars/debian.yml b/roles/opendistro/opendistro-kibana/vars/debian.yml new file mode 100644 index 00000000..14c7aa99 --- /dev/null +++ b/roles/opendistro/opendistro-kibana/vars/debian.yml @@ -0,0 +1,3 @@ +--- + +kibana_opendistro_version: 1.12.0 \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 63b18a6f..1df647d0 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.0 -wazuh_template_branch: v4.1.4 +wazuh_template_branch: v4.3.0 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 1e97c8f7..68d949b5 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.1.4 +wazuh_template_branch: v4.3.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 0c197dbe..300c7c93 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,7 +1,6 @@ --- -wazuh_agent_version: 4.1.4-1 - +wazuh_agent_version: 4.3.0-1 # Custom packages installation @@ -13,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.1.4" + branch: "v4.3.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -56,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.4-1.msi -wazuh_winagent_package_name: wazuh-agent-4.1.4-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi +wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml index 1858906b..84f3ff45 100644 --- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml @@ -3,4 +3,4 @@ service: name=wazuh-agent state=restarted enabled=yes - name: Windows | Restart Wazuh Agent - win_service: name=OssecSvc start_mode=auto state=restarted + win_service: name=WazuhSvc start_mode=auto state=restarted diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index ee628416..9f4127dd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -223,7 +223,7 @@ src: var-ossec-etc-ossec-agent.conf.j2 dest: "{{ wazuh_dir }}/etc/ossec.conf" owner: root - group: ossec + group: wazuh mode: 0644 notify: restart wazuh-agent tags: @@ -235,7 +235,7 @@ src: var-ossec-etc-local-internal-options.conf.j2 dest: "{{ wazuh_dir }}/etc/local_internal_options.conf" owner: root - group: ossec + group: wazuh mode: 0640 notify: restart wazuh-agent tags: @@ -246,8 +246,8 @@ template: src: authd_pass.j2 dest: "{{ wazuh_dir }}/etc/authd.pass" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 when: - wazuh_agent_config.enrollment.enabled == 'yes' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 598c6ad4..91394f61 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_manager_version: 4.1.4-1 +wazuh_manager_version: 4.3.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.1.4" + branch: "v4.3.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -62,7 +62,7 @@ wazuh_manager_mailto: - 'admin@example.net' wazuh_manager_email_smtp_server: smtp.example.wazuh.com -wazuh_manager_email_from: ossecm@example.wazuh.com +wazuh_manager_email_from: wazuh@example.wazuh.com wazuh_manager_email_maxperhour: 12 wazuh_manager_email_queue_size: 131072 wazuh_manager_email_log_source: 'alerts.log' @@ -260,7 +260,7 @@ wazuh_manager_commands: executable: 'restart-ossec.sh' expect: '' - name: 'firewall-drop' - executable: 'firewall-drop.sh' + executable: 'firewall-drop' expect: 'srcip' timeout_allowed: 'yes' - name: 'host-deny' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9d76fc7f..db734fe1 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -97,6 +97,12 @@ tags: - config +- name: Install dependencies to build from sources + apt: + name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++'] + state: present + when: wazuh_manager_sources_installation.enabled + - name: Debian/Ubuntu | Install wazuh-manager apt: name: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index ebbf08c9..d7a4c8d3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -92,6 +92,12 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" +- name: Install dependencies to build from sources + yum: + name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++'] + state: present + when: wazuh_manager_sources_installation.enabled + - name: CentOS/RedHat/Amazon | Install wazuh-manager package: name: "wazuh-manager-{{ wazuh_manager_version }}" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml b/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml new file mode 100644 index 00000000..9940c700 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/install_cmake.yml @@ -0,0 +1,40 @@ +--- + +# Vars +# cmake_download_url: http://packages.wazuh.com/utils/cmake/cmake-3.18.3.tar.gz +# cmake_version: 3.18.3 +# + - name: Include CMake install vars + include_vars: install_cmake.yml + + - name: Download CMake sources + get_url: + url: "{{ cmake_download_url }}" + dest: "/tmp/cmake-{{ cmake_version }}.tar.gz" + register: cmake_download + + - name: Unpack CMake + unarchive: + copy: no + dest: /tmp/ + src: "{{ cmake_download.dest }}" + when: cmake_download.changed + register: cmake_unpack + + - name: Configure CMake + command: "./bootstrap" + args: + chdir: "/tmp/cmake-{{ cmake_version }}" + when: cmake_unpack.changed + register: cmake_configure + + - name: Install CMake + shell: make && make install + args: + chdir: "/tmp/cmake-{{ cmake_version }}" + when: cmake_configure.changed + + - name: Delete installation files + file: + state: absent + path: "/tmp/cmake-{{ cmake_version }}" \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c382bc0e..74818bc5 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -2,8 +2,8 @@ # Wazuh Manager - name: Check if Wazuh Manager is already installed stat: - path: "{{ wazuh_dir }}/bin/ossec-control" - register: wazuh_ossec_control + path: "{{ wazuh_dir }}/bin/wazuh-control" + register: wazuh_control_path - name: Installing Wazuh Manager from sources block: @@ -18,6 +18,9 @@ - tar state: present + - name: Install CMake + include_tasks: install_cmake.yml + - name: Removing old files file: path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" @@ -102,6 +105,8 @@ changed_when: installation_result == 0 args: chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" + environment: + PATH: /usr/local/bin:{{ ansible_env.PATH }} - name: Cleanup downloaded files file: @@ -114,7 +119,7 @@ state: absent when: - - not wazuh_ossec_control.stat.exists + - not wazuh_control_path.stat.exists - wazuh_manager_sources_installation.enabled tags: - manager diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 159f875d..b7640a5c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -81,8 +81,8 @@ - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest="{{ wazuh_dir }}/etc/rules/local_rules.xml" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -93,8 +93,8 @@ - name: Adding local rules files copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" dest="{{ wazuh_dir }}/etc/rules/" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -105,8 +105,8 @@ - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest="{{ wazuh_dir }}/etc/decoders/local_decoder.xml" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -117,8 +117,8 @@ - name: Adding local decoders files copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" dest="{{ wazuh_dir }}/etc/decoders/" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -130,8 +130,8 @@ template: src: var-ossec-etc-shared-agent.conf.j2 dest: "{{ wazuh_dir }}/etc/shared/default/agent.conf" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 validate: "{{ wazuh_dir }}/bin/verify-agent-conf -f %s" notify: restart wazuh-manager @@ -141,24 +141,11 @@ when: - shared_agent_config is defined -- name: Installing the api.yaml (api configuration) - template: src=api.yaml.j2 - dest="{{ wazuh_dir }}/api/configuration/api.yaml" - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - when: - - wazuh_manager_config.cluster.node_type == "master" - tags: - - init - - config - - name: Installing the local_internal_options.conf template: src=var-ossec-etc-local-internal-options.conf.j2 dest="{{ wazuh_dir }}/etc/local_internal_options.conf" owner=root - group=ossec + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -197,7 +184,7 @@ - config - name: Enable client-syslog - command: "{{ wazuh_dir }}/bin/ossec-control enable client-syslog" + command: "{{ wazuh_dir }}/bin/wazuh-control enable client-syslog" notify: restart wazuh-manager when: - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout @@ -219,7 +206,7 @@ - config - name: Enable ossec-agentlessd - command: "{{ wazuh_dir }}/bin/ossec-control enable agentless" + command: "{{ wazuh_dir }}/bin/wazuh-control enable agentless" notify: restart wazuh-manager when: - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout @@ -241,7 +228,7 @@ src: var-ossec-etc-ossec-server.conf.j2 dest: "{{ wazuh_dir }}/etc/ossec.conf" owner: root - group: ossec + group: wazuh mode: 0644 notify: restart wazuh-manager tags: @@ -252,8 +239,8 @@ template: src: authd_pass.j2 dest: "{{ wazuh_dir }}/etc/authd.pass" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 no_log: true notify: restart wazuh-manager @@ -270,7 +257,7 @@ src: create_user.py dest: "{{ wazuh_dir }}/framework/scripts/create_user.py" owner: root - group: ossec + group: wazuh mode: 0644 - name: Execute create_user script diff --git a/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml b/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml new file mode 100644 index 00000000..cda00c6e --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/vars/install_cmake.yml @@ -0,0 +1,4 @@ +# Install cmake vars + +cmake_version: 3.18.3 +cmake_download_url: "http://packages.wazuh.com/utils/cmake/cmake-{{ cmake_version }}.tar.gz" \ No newline at end of file