From 31d3cd64d1b2a79ef14fedcbe5fa1087991ba9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 26 Apr 2022 09:59:33 -0300 Subject: [PATCH 1/6] Repositories variables unified --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 9 +-------- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 10 ++++++++++ roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 +------- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 10 ++++++++++ roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml | 2 +- roles/wazuh/wazuh-dashboard/defaults/main.yml | 10 ---------- roles/wazuh/wazuh-dashboard/tasks/Debian.yml | 4 ++-- roles/wazuh/wazuh-dashboard/tasks/RedHat.yml | 4 ++-- roles/wazuh/wazuh-dashboard/tasks/main.yml | 9 +++++++++ roles/wazuh/wazuh-indexer/defaults/main.yml | 7 ------- roles/wazuh/wazuh-indexer/tasks/Debian.yml | 4 ++-- roles/wazuh/wazuh-indexer/tasks/RedHat.yml | 4 ++-- roles/wazuh/wazuh-indexer/tasks/main.yml | 9 +++++++++ 16 files changed, 52 insertions(+), 44 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 5e47eb65..241e5026 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: 4.3 filebeat_node_name: node-1 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8706a992..19b56f5d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -55,17 +55,10 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi wazuh_dir: "/var/ossec" -wazuh_agent_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - # This is deprecated, see: wazuh_agent_address wazuh_agent_nat: false @@ -367,7 +360,7 @@ wazuh_agent_log_format: 'plain' # wazuh_agent_config wazuh_agent_config_defaults: - repo: '{{ wazuh_agent_repo }}' + repo: '{{ wazuh_repo }}' active_response: '{{ wazuh_agent_active_response }}' log_format: '{{ wazuh_agent_log_format }}' client_buffer: '{{ wazuh_agent_client_buffer }}' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d9b3e255..37ab9afd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -14,7 +14,7 @@ become: true shell: | set -o pipefail - curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - + curl -s {{ wazuh_agent_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 43aa2ca3..52501861 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,5 +1,15 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='lt') }}" + - name: Overlay wazuh_agent_config on top of defaults set_fact: wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 2e694ab5..3dc5b2d5 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -37,12 +37,6 @@ wazuh_manager_sources_installation: threads: "2" wazuh_dir: "/var/ossec" -wazuh_manager_repo: - apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - yum: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' - ########################################## ### Wazuh-OSSEC @@ -421,7 +415,7 @@ wazuh_manager_config_overlay: true ## Other/Wrappers wazuh_manager_config_defaults: - repo: '{{ wazuh_manager_repo }}' + repo: '{{ wazuh_repo }}' json_output: '{{ wazuh_manager_json_output }}' alerts_log: '{{ wazuh_manager_alerts_log }}' logall: '{{ wazuh_manager_logall }}' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 717add8c..ee903eb9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -16,7 +16,7 @@ become: true shell: | set -o pipefail - curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - + curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add - args: warn: false executable: /bin/bash diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 65ded135..d86a863a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -1,5 +1,15 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(wazuh_manager_version, operator='lt') }}" + - name: Overlay wazuh_manager_config on top of defaults set_fact: wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml index 6dcf5df9..824e6926 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml @@ -2,7 +2,7 @@ - name: Debian/Ubuntu | Remove Wazuh repository. apt_repository: - repo: deb https://packages.wazuh.com/4.x/apt {{ ansible_distribution_release }} main + repo: "{{ wazuh_manager_config.repo.apt }}" state: absent changed_when: false when: ansible_os_family == "Debian" diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index 7e50fb26..64e50752 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -15,16 +15,6 @@ indexer_cluster_nodes: # The Wazuh dashboard package repository dashboard_version: "4.3.0" -package_repos: - yum: - dashboard: - baseurl: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - apt: - dashboard: - baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - # API credentials wazuh_api_credentials: - id: "default" diff --git a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml index 2d6c67b7..f41b3671 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml @@ -4,12 +4,12 @@ - include_vars: debian.yml - name: Add apt repository signing key apt_key: - url: "{{ package_repos.apt.dashboard.gpg }}" + url: "{{ wazuh_repo.gpg }}" state: present - name: Debian systems | Add Wazuh dashboard repo apt_repository: - repo: "{{ package_repos.apt.dashboard.baseurl }}" + repo: "{{ wazuh_repo.apt }}" state: present update_cache: yes diff --git a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml index 994f2a0f..39900d43 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml @@ -6,8 +6,8 @@ file: wazuh name: wazuh_repo description: Wazuh yum repository - baseurl: "{{ package_repos.yum.dashboard.baseurl }}" - gpgkey: "{{ package_repos.yum.dashboard.gpg }}" + baseurl: "{{ wazuh_repo.yum }}" + gpgkey: "{{ wazuh_repo.gpg }}" gpgcheck: true - name: Install Wazuh dashboard diff --git a/roles/wazuh/wazuh-dashboard/tasks/main.yml b/roles/wazuh/wazuh-dashboard/tasks/main.yml index c477df58..ac451b3d 100755 --- a/roles/wazuh/wazuh-dashboard/tasks/main.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(dashboard_version, operator='lt') }}" - import_tasks: RedHat.yml when: ansible_os_family == 'RedHat' diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index e2a4bb48..01a1923e 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,14 +28,7 @@ domain_name: wazuh.com # The Wazuh indexer package repository package_repos: - yum: - indexer: - baseurl: 'https://packages.wazuh.com/4.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' apt: - indexer: - baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' openjdk: baseurl: 'deb http://deb.debian.org/debian stretch-backports main' diff --git a/roles/wazuh/wazuh-indexer/tasks/Debian.yml b/roles/wazuh/wazuh-indexer/tasks/Debian.yml index 7e67fb2f..9b6ef404 100644 --- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml +++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml @@ -39,12 +39,12 @@ block: - name: Add apt repository signing key apt_key: - url: "{{ package_repos.apt.indexer.gpg }}" + url: "{{ wazuh_repo.apt.gpg }}" state: present - name: Add Wazuh indexer repository apt_repository: - repo: "{{ package_repos.apt.indexer.baseurl }}" + repo: "{{ wazuh_repo.apt }}" state: present filename: 'wazuh-indexer' update_cache: yes diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml index 4bb1ca05..0daa7c3b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml @@ -6,8 +6,8 @@ file: wazuh name: wazuh_repo description: Wazuh yum repository - baseurl: "{{ package_repos.yum.indexer.baseurl }}" - gpgkey: "{{ package_repos.yum.indexer.gpg }}" + baseurl: "{{ wazuh_repo.yum }}" + gpgkey: "{{ wazuh_repo.gpg }}" gpgcheck: true changed_when: false diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml index 03316b38..0e18d05f 100644 --- a/roles/wazuh/wazuh-indexer/tasks/main.yml +++ b/roles/wazuh/wazuh-indexer/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Get latest wazuh release + shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" + register: wazuh_latest_release + +- include_vars: ../../vars/repo.yml + when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='ge') }}" + +- include_vars: ../../vars/repo_dev.yml + when: "{{ wazuh_latest_release.stdout is version(indexer_version, operator='lt') }}" - import_tasks: local_actions.yml when: From 60b891084e032f7b002da263987317d7f83078d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 26 Apr 2022 17:08:47 -0300 Subject: [PATCH 2/6] Conditions for CentOS 8 --- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index d7a4c8d3..b873b021 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -35,7 +35,8 @@ until: wazuh_manager_openscp_packages_installed is succeeded tags: - init - when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") + when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") and + not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") - name: CentOS 6 | Install Software Collections (SCL) Repository package: name=centos-release-scl state=present diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index d86a863a..08698f73 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -36,7 +36,8 @@ name: expect state: "{{ wazuh_manager_package_state }}" when: - - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) + - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) and + not (ansible_distribution|lower == "centos" and ansible_distribution_major_version|int == 8) tags: init - name: Generate SSL files for authd From 5dc31f4731fdb788e1a5cb51c7a0e07712a31a5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 26 Apr 2022 17:09:58 -0300 Subject: [PATCH 3/6] Remove OpenJDK install from Indexer role --- roles/wazuh/wazuh-indexer/defaults/main.yml | 11 ---------- roles/wazuh/wazuh-indexer/tasks/Debian.yml | 21 +------------------ roles/wazuh/wazuh-indexer/tasks/RedHat.yml | 12 ++--------- .../wazuh-indexer/tasks/security_actions.yml | 8 +++++-- 4 files changed, 9 insertions(+), 43 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 01a1923e..f5c4e07e 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -26,12 +26,6 @@ minimum_master_nodes: 2 # Example es1.example.com, es2.example.com domain_name: wazuh.com -# The Wazuh indexer package repository -package_repos: - apt: - openjdk: - baseurl: 'deb http://deb.debian.org/debian stretch-backports main' - indexer_sec_plugin_conf_path: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools indexer_conf_path: /etc/wazuh-indexer/ @@ -46,11 +40,6 @@ indexer_jvm_xms: null indexer_http_port: 9200 -certs_gen_tool_version: 4.3 - -# Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - indexer_admin_password: changeme dashboard_password: changeme diff --git a/roles/wazuh/wazuh-indexer/tasks/Debian.yml b/roles/wazuh/wazuh-indexer/tasks/Debian.yml index 9b6ef404..2c2b370b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml +++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml @@ -16,30 +16,11 @@ ] state: present - - name: Add the repository key for Debian's Stretch Backports repository - ansible.builtin.apt_key: - keyserver: keyserver.ubuntu.com - id: 648ACFD622F3D138 - - - name: Add openjdk repository - apt_repository: - repo: "{{ package_repos.apt.openjdk.baseurl }}" - state: present - update_cache: yes - filename: 'wazuh-openjdk' - -- name: Install openjdk-11-jdk - apt: - name: openjdk-11-jdk - state: present - environment: - JAVA_HOME: /usr - - name: Add Wazuh indexer repository block: - name: Add apt repository signing key apt_key: - url: "{{ wazuh_repo.apt.gpg }}" + url: "{{ wazuh_repo.gpg }}" state: present - name: Add Wazuh indexer repository diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml index 0daa7c3b..53a67ab6 100644 --- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml @@ -11,23 +11,15 @@ gpgcheck: true changed_when: false - - name: RedHat/CentOS/Fedora | Install OpenJDK 11 - yum: - name: java-11-openjdk-devel - state: present - when: - - ansible_distribution != 'Amazon' - - name: Amazon Linux | Install OpenJDK 11 + + - name: Amazon Linux | Install Amazon extras block: - name: Install Amazon extras yum: name: amazon-linux-extras state: present - - name: Install OpenJDK 11 - shell: amazon-linux-extras install java-openjdk11 -y - - name: Configure vm.max_map_count lineinfile: line: "vm.max_map_count=262144" diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index b3804f63..405bfe33 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -46,7 +46,9 @@ run_once: true - name: Hashing the custom admin password - command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}" # noqa 301 + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} register: indexer_admin_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true @@ -62,7 +64,9 @@ # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword - command: "{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}" # noqa 301 + shell: | + export JAVA_HOME=/usr/share/wazuh-indexer/jdk + {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }} register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' run_once: true From acec9638268c1789e9da833b0c549ac19e621ed4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 3 May 2022 16:06:10 -0300 Subject: [PATCH 4/6] Vars file added --- roles/wazuh/vars/repo.yml | 11 +++++++++++ roles/wazuh/vars/repo_dev.yml | 11 +++++++++++ 2 files changed, 22 insertions(+) create mode 100644 roles/wazuh/vars/repo.yml create mode 100644 roles/wazuh/vars/repo_dev.yml diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml new file mode 100644 index 00000000..08dd3255 --- /dev/null +++ b/roles/wazuh/vars/repo.yml @@ -0,0 +1,11 @@ +wazuh_repo: + apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' + yum: 'https://packages.wazuh.com/4.x/yum/' + gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi + +certs_gen_tool_version: 4.3 + +# Url of certificates generator tool +certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_dev.yml b/roles/wazuh/vars/repo_dev.yml new file mode 100644 index 00000000..25d83315 --- /dev/null +++ b/roles/wazuh/vars/repo_dev.yml @@ -0,0 +1,11 @@ +wazuh_repo: + apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' + key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' +wazuh_winagent_config_url: https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-4.3.0-1.msi + +certs_gen_tool_version: 4.3 + +# Url of certificates generator tool +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file From bbe2a2280b83925071d00d9d5300a56d278745bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 3 May 2022 16:56:14 -0300 Subject: [PATCH 5/6] Localfiles fix --- .../var-ossec-etc-shared-agent.conf.j2 | 72 ++++++++++--------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 6ac6b41d..7af5e3f3 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -43,41 +43,43 @@ {% endif %} - {% for localfile in agent_config.localfiles %} - - {{ localfile.format }} - {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% if localfile.frequency is defined %} - {{ localfile.frequency }} - {% endif %} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'eventchannel' %} - {% if localfile.only_future_events is defined %} - {{ localfile.only_future_events }} - {% endif %} - {% if localfile.query is defined %} - {{ localfile.query }} - {% endif %} - {% endif %} - {% endif %} - {% if localfile.format == 'json' and localfile.labels is defined %} - {% for item in localfile.labels %} - - {% endfor %} - {% endif %} - {% if localfile.target is defined %} - {{ localfile.target }} - {% endif %} - {% if localfile.out_format is defined %} - {{ localfile.out_format }} - {% endif %} - - {% endfor %} + {% if agent_config.localfiles is defined %} + {% for localfile in agent_config.localfiles %} + + {{ localfile.format }} + {% if localfile.format == 'command' or localfile.format == 'full_command' %} + {{ localfile.command }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} + {% if localfile.frequency is defined %} + {{ localfile.frequency }} + {% endif %} + {% else %} + {{ localfile.location }} + {% if localfile.format == 'eventchannel' %} + {% if localfile.only_future_events is defined %} + {{ localfile.only_future_events }} + {% endif %} + {% if localfile.query is defined %} + {{ localfile.query }} + {% endif %} + {% endif %} + {% endif %} + {% if localfile.format == 'json' and localfile.labels is defined %} + {% for item in localfile.labels %} + + {% endfor %} + {% endif %} + {% if localfile.target is defined %} + {{ localfile.target }} + {% endif %} + {% if localfile.out_format is defined %} + {{ localfile.out_format }} + {% endif %} + + {% endfor %} + {% endif %} {% if agent_config.rootcheck is defined %} From 111a6c90707ff4aa14d12d7c0bce1c8471d73e73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 4 May 2022 10:08:10 -0300 Subject: [PATCH 6/6] Get latest release updated for Agent role --- roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 52501861..9c433e0f 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,8 +1,9 @@ --- -- name: Get latest wazuh release +- name: Get latest Wazuh release shell: "curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\\1/'| cut -c 2-" register: wazuh_latest_release + delegate_to: localhost - include_vars: ../../vars/repo.yml when: "{{ wazuh_latest_release.stdout is version(wazuh_agent_version, operator='ge') }}"