From 272dbe547fbd434a54079debfa85354e1f5f555e Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 26 Jul 2023 13:35:17 -0300 Subject: [PATCH 1/6] delete update_from_year parameter --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 -- .../templates/var-ossec-etc-ossec-server.conf.j2 | 3 --- 2 files changed, 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index be69a795..16f6e3bf 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -192,11 +192,9 @@ wazuh_manager_vulnerability_detector: update_interval: '1h' name: '"debian"' - enabled: 'no' - update_from_year: '2010' update_interval: '1h' name: '"redhat"' - enabled: 'no' - update_from_year: '2010' update_interval: '1h' name: '"nvd"' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index cf87a44c..fef3a953 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -279,9 +279,6 @@ {{ os_ }} {% endfor %} {% endif %} - {% if provider_.update_from_year is defined %} - {{ provider_.update_from_year }} - {% endif %} {% if provider_.update_interval is defined %} {{ provider_.update_interval }} {% endif %} From 63cd551ad9aaba1553ea2442fc6764abfe959886 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Tue, 1 Aug 2023 12:41:09 -0300 Subject: [PATCH 2/6] Added retry in Debian/Ubuntu installs --- roles/wazuh/ansible-filebeat-oss/tasks/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml index f86de14b..f39f6e73 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -23,6 +23,9 @@ tags: - install - init + until: "install is not failed" + retries: 10 + delay: 10 when: ansible_os_family == 'Debian' - name: Checking if Filebeat Module folder file exists diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 57ee132d..3e3e9a08 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -8,6 +8,10 @@ - tar - curl state: present + register: package_status + until: "package_status is not failed" + retries: 10 + delay: 10 - include_vars: ../../vars/repo_vars.yml From bb8a0f315204b19074266fbe5683bbd0c74b79cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Wed, 9 Aug 2023 15:18:17 +0200 Subject: [PATCH 3/6] Changed check_packages order --- .github/playbooks/aio-wazuh.yml | 17 +++++++++-------- .github/playbooks/single-wazuh.yml | 11 +++++------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml index 099f5876..d9f7e0d4 100644 --- a/.github/playbooks/aio-wazuh.yml +++ b/.github/playbooks/aio-wazuh.yml @@ -3,6 +3,12 @@ become: true become_user: root roles: + # 1. Check packages + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true + # 2. Generate certificates - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true @@ -30,24 +36,19 @@ become: true become_user: root roles: - # 1. Check packages - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true - # 2. Wazuh indexer + # 1. Wazuh indexer - role: ../../roles/wazuh/wazuh-indexer vars: indexer_node_name: "wazuh-es01" single_node: true - # 3. Managers + # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager - role: ../../roles/wazuh/ansible-filebeat-oss vars: filebeat_node_name: "wazuh-mgr01" filebeat_output_indexer_hosts: - "localhost:9200" - # 4. Wazuh dashboard + # 3. Wazuh dashboard - role: ../../roles/wazuh/wazuh-dashboard vars: dashboard_node_name: "wazuh-dash01" diff --git a/.github/playbooks/single-wazuh.yml b/.github/playbooks/single-wazuh.yml index 5f55a22b..164b19a9 100644 --- a/.github/playbooks/single-wazuh.yml +++ b/.github/playbooks/single-wazuh.yml @@ -2,6 +2,10 @@ - name: ConvergeCerts hosts: localhost roles: + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true - role: ../../roles/wazuh/wazuh-indexer perform_installation: false vars: @@ -15,12 +19,7 @@ - name: ConvergeInstall hosts: localhost roles: - # 1. Check packages - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true - # 2. Managers + # Managers - role: ../../roles/wazuh/ansible-wazuh-manager vars: - role: ../../roles/wazuh/ansible-filebeat-oss From f32a85aaaa97b9b5d2667e13282d0e39e5918c94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 10 Aug 2023 10:50:08 +0200 Subject: [PATCH 4/6] Added missing providers --- .../ansible-wazuh-manager/defaults/main.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 88a9fb20..4ead9992 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -195,6 +195,30 @@ wazuh_manager_vulnerability_detector: update_from_year: '2010' update_interval: '1h' name: '"redhat"' + - enabled: 'no' + os: + - 'amazon-linux' + - 'amazon-linux-2' + update_interval: '1h' + name: '"alas"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"arch"' + - enabled: 'no' + os: + - '11-server' + - '11-desktop' + - '12-server' + - '12-desktop' + - '15-server' + - '15-desktop' + update_interval: '1h' + name: '"suse"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"msu"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' From 238eb05b3c7368bddd505a21f9773902776a36bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 10 Aug 2023 13:48:33 +0200 Subject: [PATCH 5/6] Edited VD config and jinja2 template --- .../ansible-wazuh-manager/defaults/main.yml | 22 +++++++++++-------- .../var-ossec-etc-ossec-server.conf.j2 | 3 +++ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 4ead9992..3251a6ce 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -174,6 +174,7 @@ wazuh_manager_sca: wazuh_manager_vulnerability_detector: enabled: 'no' interval: '5m' + min_full_scan_interval: '6h' run_on_start: 'yes' providers: - enabled: 'no' @@ -181,18 +182,23 @@ wazuh_manager_vulnerability_detector: - 'trusty' - 'xenial' - 'bionic' + - 'focal' + - 'jammy' update_interval: '1h' name: '"canonical"' - enabled: 'no' os: - - 'wheezy' - - 'stretch' - - 'jessie' - 'buster' + - 'bullseye' update_interval: '1h' name: '"debian"' - enabled: 'no' - update_from_year: '2010' + os: + - '5' + - '6' + - '7' + - '8' + - '9' update_interval: '1h' name: '"redhat"' - enabled: 'no' @@ -201,10 +207,6 @@ wazuh_manager_vulnerability_detector: - 'amazon-linux-2' update_interval: '1h' name: '"alas"' - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: '"arch"' - enabled: 'no' os: - '11-server' @@ -216,7 +218,9 @@ wazuh_manager_vulnerability_detector: update_interval: '1h' name: '"suse"' - enabled: 'no' - update_from_year: '2010' + update_interval: '1h' + name: '"arch"' + - enabled: 'no' update_interval: '1h' name: '"msu"' - enabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index cf87a44c..658fcf43 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -265,6 +265,9 @@ {% if wazuh_manager_config.vulnerability_detector.interval is defined %} {{ wazuh_manager_config.vulnerability_detector.interval }} {% endif %} + {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %} + {{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }} + {% endif %} {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} From d58be72ee1cff76f6cc8acd0ab922c385972692a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 11 Aug 2023 13:12:24 +0200 Subject: [PATCH 6/6] Removed NVD `update_year` parameter --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3251a6ce..cd6e3bce 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -224,7 +224,6 @@ wazuh_manager_vulnerability_detector: update_interval: '1h' name: '"msu"' - enabled: 'no' - update_from_year: '2010' update_interval: '1h' name: '"nvd"'