afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #547 from wazuh/release-4.1.1

Browse Source 
Apply Wazuh v4.1.1 changes
This commit is contained in:
Alberto Rodríguez 2021-03-04 19:57:18 +01:00 committed by GitHub
commit 26faf0db65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 111 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -9,13 +9,13 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
## Branches ## Branches
* `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable. * `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable.
* `3.13` branch on correspond to the last Wazuh Ansible stable version. * `4.1` branch on correspond to the last Wazuh Ansible stable version.
## Compatibility Matrix ## Compatibility Matrix
| Wazuh version | Elastic | ODFE | | Wazuh version | Elastic | ODFE |
|---------------|---------|--------| |---------------|---------|--------|
| v4.0.4 | 7.9.3 | 1.11.0 | | v4.1.1 | 7.10.0 | 1.12.0 |
## Documentation ## Documentation

4
molecule/default/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "4.0.4" return "4.1.1"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed.""" """Test the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.9.1') assert filebeat.version.startswith('7.10.0')

10
molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
View File

@ -14,15 +14,15 @@ kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
######################################################## ########################################################
# Versions # Versions
elastic_stack_version: 7.9.3 elastic_stack_version: 7.10.2
filebeat_version: 7.9.3 filebeat_version: 7.10.2
# Debian packages need the ${VERSION}-1 # Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.0.4-1 wazuh_manager_version: 4.1.1-1
wazuh_agent_version: 4.0.4-1 wazuh_agent_version: 4.1.1-1
# Kibana role appends it automatically. # Kibana role appends it automatically.
wazuh_version: 4.0.4 wazuh_version: 4.1.1
######################################################## ########################################################

4
molecule/distributed-wazuh-elk-xpack/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "4.0.4" return "4.1.1"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed.""" """Test the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.9.3') assert filebeat.version.startswith('7.10.2')

10
molecule/distributed-wazuh-elk/group_vars/all.yml
View File

@ -12,12 +12,12 @@ elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
######################################################## ########################################################
# Versions # Versions
elastic_stack_version: 7.9.3 elastic_stack_version: 7.10.2
filebeat_version: 7.9.3 filebeat_version: 7.10.2
# Debian packages need the ${VERSION}-1 # Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.0.4-1 wazuh_manager_version: 4.1.1-1
wazuh_agent_version: 4.0.4-1 wazuh_agent_version: 4.1.1-1
# Kibana role appends it automatically. # Kibana role appends it automatically.
wazuh_version: 4.0.4 wazuh_version: 4.1.1

4
molecule/distributed-wazuh-elk/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "4.0.4" return "4.1.1"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed.""" """Test the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.9.3') assert filebeat.version.startswith('7.10.2')

14
molecule/distributed-wazuh-odfe/group_vars/all.yml
View File

@ -34,14 +34,14 @@ filebeat_node_name: '{{ ansible_hostname }}'
# Versions # Versions
# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ # See: https://opendistro.github.io/for-elasticsearch-docs/version-history/
elastic_stack_version: 7.9.1 elastic_stack_version: 7.10.0
opendistro_version: 1.11.0 opendistro_version: 1.12.0
filebeat_version: 7.9.1 filebeat_version: 7.10.0
kibana_opendistro_version: -1.11.0-1 kibana_opendistro_version: 1.12.0-1
# Debian packages need the ${VERSION}-1 # Debian packages need the ${VERSION}-1
wazuh_manager_version: 4.0.4-1 wazuh_manager_version: 4.1.1-1
wazuh_agent_version: 4.0.4-1 wazuh_agent_version: 4.1.1-1
# Kibana role appends it automatically. # Kibana role appends it automatically.
wazuh_version: 4.0.4 wazuh_version: 4.1.1

4
molecule/distributed-wazuh-odfe/tests/test_default.py
View File

@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "4.0.4" return "4.1.1"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
"""Test the elasticsearch package is installed.""" """Test the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.9.1') assert filebeat.version.startswith('7.10.0')

2
pyproject.toml
View File

@ -1,6 +1,6 @@
[tool.poetry] [tool.poetry]
name = "wazuh-ansible" name = "wazuh-ansible"
version = "4.0.4" version = "4.1.1"
description = "" description = ""
authors = ["neonmei <neonmei@pm.me>"] authors = ["neonmei <neonmei@pm.me>"]

2
roles/elastic-stack/ansible-elasticsearch/README.md
View File

@ -36,7 +36,7 @@ Example Playbook
``` ```
- hosts: elasticsearch - hosts: elasticsearch
roles: roles:
- { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_host: true } - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_node: true }
``` ```
- Three nodes Elasticsearch cluster - Three nodes Elasticsearch cluster

2
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -4,7 +4,7 @@ elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1 elasticsearch_network_host: 127.0.0.1
elasticsearch_reachable_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1
elasticsearch_jvm_xms: null elasticsearch_jvm_xms: null
elastic_stack_version: 7.9.3 elastic_stack_version: 7.10.2
elasticsearch_lower_disk_requirements: false elasticsearch_lower_disk_requirements: false
elasticsearch_path_repo: [] elasticsearch_path_repo: []

6
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -6,8 +6,8 @@ elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
kibana_conf_path: /etc/kibana kibana_conf_path: /etc/kibana
elastic_stack_version: 7.9.3 elastic_stack_version: 7.10.2
wazuh_version: 4.0.4 wazuh_version: 4.1.1
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
elasticrepo: elasticrepo:
@ -47,7 +47,7 @@ nodejs:
# Build from sources # Build from sources
build_from_sources: false build_from_sources: false
wazuh_plugin_branch: 4.0-7.9 wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

10
roles/elastic-stack/ansible-kibana/tasks/main.yml
View File

@ -88,7 +88,7 @@
- name: Removing bundles - name: Removing bundles
file: file:
path: /usr/share/kibana/optimize/bundles path: /usr/share/kibana/data/bundles
state: absent state: absent
when: wazuh_app_verify.rc == 1 when: wazuh_app_verify.rc == 1
tags: install tags: install
@ -131,10 +131,10 @@
- not build_from_sources - not build_from_sources
- name: Kibana optimization (can take a while) - name: Kibana optimization (can take a while)
shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize -c {{ kibana_conf_path }}/kibana.yml shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
args: args:
executable: /bin/bash executable: /bin/bash
creates: /usr/share/kibana/optimize/wazuh/ creates: /usr/share/kibana/data/wazuh/
become: yes become: yes
become_user: kibana become_user: kibana
tags: tags:
@ -159,7 +159,7 @@
- name: Create wazuh plugin config directory - name: Create wazuh plugin config directory
file: file:
path: /usr/share/kibana/optimize/wazuh/config/ path: /usr/share/kibana/data/wazuh/config/
state: directory state: directory
recurse: yes recurse: yes
owner: kibana owner: kibana
@ -170,7 +170,7 @@
- name: Configure Wazuh Kibana Plugin - name: Configure Wazuh Kibana Plugin
template: template:
src: wazuh.yml.j2 src: wazuh.yml.j2
dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
owner: kibana owner: kibana
group: kibana group: kibana
mode: 0751 mode: 0751

9
roles/opendistro/opendistro-elasticsearch/defaults/main.yml
View File

@ -1,6 +1,6 @@
--- ---
# Cluster Settings # Cluster Settings
opendistro_version: 1.11.0 opendistro_version: 1.12.0
single_node: false single_node: false
elasticsearch_node_name: node-1 elasticsearch_node_name: node-1
@ -30,11 +30,8 @@ domain_name: wazuh.com
package_repos: package_repos:
yum: yum:
opendistro: opendistro:
baseurl: 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
elasticsearch_oss:
baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig opendistro_sec_plugin_conf_path: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig
opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools opendistro_sec_plugin_tools_path: /usr/share/elasticsearch/plugins/opendistro_security/tools

10
roles/opendistro/opendistro-elasticsearch/tasks/RedHat.yml
View File

@ -11,16 +11,6 @@
gpgcheck: true gpgcheck: true
changed_when: false changed_when: false
- name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo
yum_repository:
file: opendistro
name: elasticsearch_oss_repo
description: Elasticsearch-oss yum repository
baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}"
gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}"
gpgcheck: true
changed_when: false
- name: RedHat/CentOS/Fedora | Install OpenJDK 11 - name: RedHat/CentOS/Fedora | Install OpenJDK 11
yum: yum:
name: java-11-openjdk-devel name: java-11-openjdk-devel

95
roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2
View File

@ -1,5 +1,3 @@
#jinja2: trim_blocks:False
# {{ ansible_managed }}
## JVM configuration ## JVM configuration
################################################################ ################################################################
@ -21,21 +19,23 @@
# Xms represents the initial size of total heap space # Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space # Xmx represents the maximum size of total heap space
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
{% if opendistro_jvm_xms is not none %} {% if opendistro_jvm_xms is not none %}
{% if opendistro_jvm_xms < 32000 %} {% if opendistro_jvm_xms < 32000 %}
-Xms{{ opendistro_jvm_xms }}m -Xms{{ opendistro_jvm_xms }}m
-Xmx{{ opendistro_jvm_xms }}m -Xmx{{ opendistro_jvm_xms }}m
{% else %} {% else %}
-Xms32000m -Xms32000m
-Xmx32000m -Xmx32000m
{% endif %} {% endif %}
{% else %} {% else %}
-Xms{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %} -Xms{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
-Xmx{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %} -Xmx{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
{% endif %} {% endif %}
################################################################ ################################################################
## Expert settings ## Expert settings
################################################################ ################################################################
@ -47,44 +47,22 @@
################################################################ ################################################################
## GC configuration ## GC configuration
-XX:+UseConcMarkSweepGC 8-13:-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75 8-13:-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly 8-13:-XX:+UseCMSInitiatingOccupancyOnly
## optimizations ## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30
# pre-touch memory pages used by the JVM during initialization ## JVM temporary directory
-XX:+AlwaysPreTouch -Djava.io.tmpdir=${ES_TMPDIR}
## basic
# force the server VM
-server
# explicitly set the stack size
-Xss1m
# set to headless, just in case
-Djava.awt.headless=true
# ensure UTF-8 encoding by default (e.g. filenames)
-Dfile.encoding=UTF-8
# use our provided JNA always versus the system one
-Djna.nosys=true
# turn off a JDK optimization that throws away stack traces for common
# exceptions because stack traces are important for debugging
-XX:-OmitStackTraceInFastThrow
# flags to configure Netty
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
# log4j 2
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
## heap dumps ## heap dumps
@ -92,26 +70,27 @@
# heap dumps are created in the working directory of the JVM # heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps # specify an alternative path for heap dumps; ensure the directory exists and
# ensure the directory exists and has sufficient space # has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch -XX:HeapDumpPath=/var/lib/elasticsearch
## GC logging # specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
#-XX:+PrintGCDetails ## JDK 8 GC logging
#-XX:+PrintGCTimeStamps 8:-XX:+PrintGCDetails
#-XX:+PrintGCDateStamps 8:-XX:+PrintGCDateStamps
#-XX:+PrintClassHistogram 8:-XX:+PrintTenuringDistribution
#-XX:+PrintTenuringDistribution 8:-XX:+PrintGCApplicationStoppedTime
#-XX:+PrintGCApplicationStoppedTime 8:-Xloggc:/var/log/elasticsearch/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
# log GC status to a file with time stamps # JDK 9+ GC logging
# ensure the directory exists 9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
#-Xloggc:${loggc}
# By default, the GC log file will not rotate. ## OpenDistro Performance Analyzer
# By uncommenting the lines below, the GC log file -Dclk.tck=100
# will be rotated every 128MB at most 32 times. -Djdk.attach.allowAttachSelf=true
#-XX:+UseGCLogFileRotation -Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy
#-XX:NumberOfGCLogFiles=32
#-XX:GCLogFileSize=128M

15
roles/opendistro/opendistro-kibana/defaults/main.yml
View File

@ -9,21 +9,18 @@ kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
kibana_server_name: "kibana" kibana_server_name: "kibana"
kibana_max_payload_bytes: 1048576 kibana_max_payload_bytes: 1048576
elastic_stack_version: 7.9.1 elastic_stack_version: 7.10.0
wazuh_version: 4.0.4 wazuh_version: 4.1.1
wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
# The OpenDistro package repository # The OpenDistro package repository
kibana_opendistro_version: -1.11.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts kibana_opendistro_version: 1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
package_repos: package_repos:
yum: yum:
opendistro: opendistro:
baseurl: 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' baseurl: 'https://packages.wazuh.com/4.x/yum/'
gpg: 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
elasticsearch_oss:
baseurl: 'https://artifacts.elastic.co/packages/oss-7.x/yum'
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
# API credentials # API credentials
@ -54,7 +51,7 @@ nodejs:
# Build from sources # Build from sources
build_from_sources: false build_from_sources: false
wazuh_plugin_branch: 4.0-7.9 wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

9
roles/opendistro/opendistro-kibana/tasks/RedHat.yml
View File

@ -10,14 +10,5 @@
gpgkey: "{{ package_repos.yum.opendistro.gpg }}" gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
gpgcheck: true gpgcheck: true
- name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo
yum_repository:
file: opendistro
name: elasticsearch_oss_repo
description: Elasticsearch-oss yum repository
baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}"
gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}"
gpgcheck: true
tags: tags:
- install - install

8
roles/opendistro/opendistro-kibana/tasks/main.yml
View File

@ -13,7 +13,7 @@
- name: Install Kibana - name: Install Kibana
package: package:
name: "opendistroforelasticsearch-kibana{{ kibana_opendistro_version }}" name: "opendistroforelasticsearch-kibana-{{ kibana_opendistro_version }}"
state: present state: present
register: install register: install
tags: install tags: install
@ -75,7 +75,7 @@
- not build_from_sources - not build_from_sources
- name: Kibana optimization (can take a while) - name: Kibana optimization (can take a while)
shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize -c {{ kibana_conf_path }}/kibana.yml shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
args: args:
executable: /bin/bash executable: /bin/bash
become: yes become: yes
@ -102,7 +102,7 @@
- name: Create wazuh plugin config directory - name: Create wazuh plugin config directory
file: file:
path: /usr/share/kibana/optimize/wazuh/config/ path: /usr/share/kibana/data/wazuh/config/
state: directory state: directory
recurse: yes recurse: yes
owner: kibana owner: kibana
@ -113,7 +113,7 @@
- name: Configure Wazuh Kibana Plugin - name: Configure Wazuh Kibana Plugin
template: template:
src: wazuh.yml.j2 src: wazuh.yml.j2
dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
owner: kibana owner: kibana
group: kibana group: kibana
mode: 0751 mode: 0751

4
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -1,7 +1,7 @@
--- ---
filebeat_version: 7.9.1 filebeat_version: 7.10.0
wazuh_template_branch: v4.0.4 wazuh_template_branch: v4.1.1
filebeat_output_elasticsearch_hosts: filebeat_output_elasticsearch_hosts:
- "localhost:9200" - "localhost:9200"

4
roles/wazuh/ansible-filebeat/defaults/main.yml
View File

@ -1,7 +1,7 @@
--- ---
filebeat_version: 7.9.3 filebeat_version: 7.10.2
wazuh_template_branch: v4.0.4 wazuh_template_branch: v4.1.1
filebeat_create_config: true filebeat_create_config: true

14
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_agent_version: 4.0.4-1 wazuh_agent_version: 4.1.1-1
# Custom packages installation # Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
wazuh_agent_sources_installation: wazuh_agent_sources_installation:
enabled: false enabled: false
branch: "v4.0.4" branch: "v4.1.1"
user_language: "y" user_language: "y"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "agent" user_install_type: "agent"
@ -55,8 +55,8 @@ wazuh_winagent_config:
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_md5: True check_md5: True
md5: 8ffa75d13280f1aa6ffca54f4273df4d md5: 8ffa75d13280f1aa6ffca54f4273df4d
wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.1-1.msi
wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi wazuh_winagent_package_name: wazuh-agent-4.1.1-1.msi
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
@ -96,7 +96,7 @@ wazuh_managers:
## Authentication Method: Enrollment section (4.x) ## Authentication Method: Enrollment section (4.x)
# For more information see: # For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment # * https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#enrollment
wazuh_agent_enrollment: wazuh_agent_enrollment:
enabled: 'yes' enabled: 'yes'
@ -117,7 +117,7 @@ wazuh_agent_enrollment:
## Authentication Method: invoking agent-auth ## Authentication Method: invoking agent-auth
# For more information see: # For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/registering/password-authorization-registration.html # * https://documentation.wazuh.com/current/user-manual/registering/password-authorization-registration.html
wazuh_agent_authd: wazuh_agent_authd:
registration_address: 127.0.0.1 registration_address: 127.0.0.1
@ -133,7 +133,7 @@ wazuh_agent_authd:
## Authentication Method: REST API ## Authentication Method: REST API
# For more information see: # For more information see:
# * https://documentation.wazuh.com/4.0/user-manual/registering/restful-api-registration.html # * https://documentation.wazuh.com/current/user-manual/registering/restful-api-registration.html
wazuh_agent_api_validate: yes wazuh_agent_api_validate: yes
## Client buffer ## Client buffer

10
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_version: 4.0.4-1 wazuh_manager_version: 4.1.1-1
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present wazuh_manager_package_state: present
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
# Sources installation # Sources installation
wazuh_manager_sources_installation: wazuh_manager_sources_installation:
enabled: false enabled: false
branch: "v4.0.4" branch: "v4.1.1"
user_language: "en" user_language: "en"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "server" user_install_type: "server"
@ -71,6 +71,9 @@ wazuh_manager_globals:
- '^localhost.localdomain$' - '^localhost.localdomain$'
- '127.0.0.53' - '127.0.0.53'
wazuh_manager_agent_disconnection_time: '20s'
wazuh_manager_agents_disconnection_alert_time: '100s'
## Alerts ## Alerts
wazuh_manager_log_level: 3 wazuh_manager_log_level: 3
wazuh_manager_email_level: 12 wazuh_manager_email_level: 12
@ -365,7 +368,6 @@ wazuh_manager_authd:
force_time: 0 force_time: 0
purge: 'yes' purge: 'yes'
use_password: 'no' use_password: 'no'
limit_maxagents: 'yes'
ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
ssl_agent_ca: null ssl_agent_ca: null
ssl_verify_host: 'no' ssl_verify_host: 'no'
@ -469,6 +471,8 @@ wazuh_manager_config_defaults:
integrations: '{{ wazuh_manager_integrations }}' integrations: '{{ wazuh_manager_integrations }}'
monitor_aws: '{{ wazuh_manager_monitor_aws }}' monitor_aws: '{{ wazuh_manager_monitor_aws }}'
labels: '{{ wazuh_manager_labels }}' labels: '{{ wazuh_manager_labels }}'
agents_disconnection_time: '{{ wazuh_manager_agent_disconnection_time }}'
agents_disconnection_alert_time: '{{ wazuh_manager_agents_disconnection_alert_time }}'
# shared-agent.conf # shared-agent.conf

5
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -19,6 +19,8 @@
<email_from>{{ wazuh_manager_config.mail_from }}</email_from> <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
<email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour> <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
<email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source> <email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source>
<agents_disconnection_time>{{ wazuh_manager_config.agents_disconnection_time }}</agents_disconnection_time>
<agents_disconnection_alert_time>{{ wazuh_manager_config.agents_disconnection_alert_time }}</agents_disconnection_alert_time>
</global> </global>
<alerts> <alerts>
@ -633,9 +635,6 @@
{% if wazuh_manager_config.authd.use_password is not none %} {% if wazuh_manager_config.authd.use_password is not none %}
<use_password>{{wazuh_manager_config.authd.use_password}}</use_password> <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.limit_maxagents is not none %}
<limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
{% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %} {% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers> <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %} {% endif %}