diff --git a/CHANGELOG.md b/CHANGELOG.md index 391875b0..a9122084 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,17 @@ All notable changes to this project will be documented in this file. ### Added - Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430) +## [v4.2.2] + +### Added + +- Update to [Wazuh v4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v420) + +## [v4.2.1] + +### Added + +- Update to [Wazuh v4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v420) ## [v4.2.0] diff --git a/README.md b/README.md index bce5e14a..6a7d166f 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| | v4.3.0 | 7.10.2 | 1.13.2 | +| v4.2.2 | 7.10.2 | 1.13.2 | +| v4.2.1 | 7.10.2 | 1.13.2 | | v4.2.0 | 7.10.2 | 1.13.2 | | v4.1.5 | 7.10.2 | 1.13.2 | | v4.1.4 | 7.10.0 | 1.12.0 | @@ -23,7 +25,6 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | v4.1.2 | 7.10.0 | 1.12.0 | | v4.1.1 | 7.10.0 | 1.12.0 | - ## Documentation * [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html) diff --git a/VERSION b/VERSION index 61785a6e..b5f0aa38 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4" -REVISION="40000" +WAZUH-ANSIBLE_VERSION="v4.2.2" +REVISION="40215" diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index be73e030..22fcfa77 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -1,5 +1,7 @@ --- - hosts: + become: yes + become_user: root roles: - ../roles/wazuh/ansible-wazuh-agent vars: diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index 27f30df9..53b7dee3 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -12,9 +12,9 @@ single_node: true minimum_master_nodes: 1 elasticsearch_node_master: true - elasticsearch_network_host: 127.0.0.1 + elasticsearch_network_host: 127.0.0.1 filebeat_node_name: node-1 - filebeat_output_elasticsearch_hosts: 127.0.0.1 + filebeat_output_elasticsearch_hosts: 127.0.0.1 instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 0470e477..bea869a9 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -11,8 +11,11 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - - name: Remove Performance analyzer plugin - command: "/usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro-performance-analyzer" + - name: Remove performance analyzer plugin from elasticsearch + become: true + command: ./elasticsearch-plugin remove opendistro-performance-analyzer + args: + chdir: /usr/share/elasticsearch/bin/ - name: Remove elasticsearch configuration file file: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 782c4ec9..6441ad3d 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -9,7 +9,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 -elastic_stack_version: 2 +elastic_stack_version: 7.10.2 wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana @@ -41,7 +41,7 @@ kibana_telemetry_optin: "false" kibana_telemetry_enabled: "false" opendistro_admin_password: changeme -opendistro_kibana_user: changeme +opendistro_kibana_user: kibanaserver opendistro_kibana_password: changeme local_certs_path: "{{ playbook_dir }}/opendistro/certificates" diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml index d5b784cf..d7a20408 100644 --- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml @@ -11,4 +11,4 @@ - "{{ kibana_node_name }}_http.pem" tags: - security - when: install.changed \ No newline at end of file + when: install.changed diff --git a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 index e624f2a3..9280daca 100644 --- a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 @@ -33,4 +33,4 @@ newsfeed.enabled: {{ kibana_newsfeed_enabled }} telemetry.optIn: {{ kibana_telemetry_optin }} telemetry.enabled: {{ kibana_telemetry_enabled }} -server.defaultRoute: /app/wazuh?security_tenant=global \ No newline at end of file +server.defaultRoute: /app/wazuh?security_tenant=global diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 66d962cc..bcf6e1f0 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -84,7 +84,7 @@ - config - name: Windows | Installing local_internal_options.conf - win_template: + template: src: var-ossec-etc-local-internal-options.conf.j2 dest: "{{ wazuh_agent_win_path }}local_internal_options.conf" notify: Windows | Restart Wazuh Agent diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 91394f61..4a2442d4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -253,39 +253,25 @@ wazuh_manager_syscheck: ## Command wazuh_manager_commands: - name: 'disable-account' - executable: 'disable-account.sh' - expect: 'user' + executable: 'disable-account' timeout_allowed: 'yes' - - name: 'restart-ossec' - executable: 'restart-ossec.sh' - expect: '' + - name: 'restart-wazuh' + executable: 'restart-wazuh' - name: 'firewall-drop' executable: 'firewall-drop' expect: 'srcip' timeout_allowed: 'yes' - name: 'host-deny' - executable: 'host-deny.sh' - expect: 'srcip' + executable: 'host-deny' timeout_allowed: 'yes' - name: 'route-null' - executable: 'route-null.sh' - expect: 'srcip' + executable: 'route-null' timeout_allowed: 'yes' - name: 'win_route-null' - executable: 'route-null.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'win_route-null-2012' - executable: 'route-null-2012.cmd' - expect: 'srcip' + executable: 'route-null.exe' timeout_allowed: 'yes' - name: 'netsh' - executable: 'netsh.cmd' - expect: 'srcip' - timeout_allowed: 'yes' - - name: 'netsh-win-2016' - executable: 'netsh-win-2016.cmd' - expect: 'srcip' + executable: 'netsh.exe' timeout_allowed: 'yes' ## Localfile