Apply Wazuh v4.1.1 changes

README.md

@@ -9,13 +9,13 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 
 ## Branches
 * `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable.
-* `3.13` branch on correspond to the last Wazuh Ansible stable version.
+* `4.1` branch on correspond to the last Wazuh Ansible stable version.
 
 ## Compatibility Matrix
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
-| v4.0.4        | 7.9.3   | 1.11.0 |
+| v4.1.1        | 7.10.0  | 1.12.0 |
 
 ## Documentation
 

molecule/default/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.4"
+    return "4.1.1"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
     """Test the elasticsearch package is installed."""
     filebeat = host.package("filebeat")
     assert filebeat.is_installed
-    assert filebeat.version.startswith('7.9.1')
+    assert filebeat.version.startswith('7.10.0')

molecule/distributed-wazuh-elk-xpack/group_vars/all.yml

@@ -14,15 +14,15 @@ kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
 
 ########################################################
 # Versions
-elastic_stack_version: 7.9.3
+elastic_stack_version: 7.10.2
-filebeat_version: 7.9.3
+filebeat_version: 7.10.2
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.4-1
+wazuh_manager_version: 4.1.1-1
-wazuh_agent_version: 4.0.4-1
+wazuh_agent_version: 4.1.1-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.4
+wazuh_version: 4.1.1
 
 
 ########################################################

molecule/distributed-wazuh-elk-xpack/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.4"
+    return "4.1.1"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
     """Test the elasticsearch package is installed."""
     filebeat = host.package("filebeat")
     assert filebeat.is_installed
-    assert filebeat.version.startswith('7.9.3')
+    assert filebeat.version.startswith('7.10.2')

molecule/distributed-wazuh-elk/group_vars/all.yml

@@ -12,12 +12,12 @@ elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
 
 ########################################################
 # Versions
-elastic_stack_version: 7.9.3
+elastic_stack_version: 7.10.2
-filebeat_version: 7.9.3
+filebeat_version: 7.10.2
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.4-1
+wazuh_manager_version: 4.1.1-1
-wazuh_agent_version: 4.0.4-1
+wazuh_agent_version: 4.1.1-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.4
+wazuh_version: 4.1.1

molecule/distributed-wazuh-elk/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.4"
+    return "4.1.1"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
     """Test the elasticsearch package is installed."""
     filebeat = host.package("filebeat")
     assert filebeat.is_installed
-    assert filebeat.version.startswith('7.9.3')
+    assert filebeat.version.startswith('7.10.2')

molecule/distributed-wazuh-odfe/group_vars/all.yml

@@ -34,14 +34,14 @@ filebeat_node_name: '{{ ansible_hostname }}'
 # Versions
 # See: https://opendistro.github.io/for-elasticsearch-docs/version-history/
 
-elastic_stack_version: 7.9.1
+elastic_stack_version: 7.10.0
-opendistro_version: 1.11.0
+opendistro_version: 1.12.0
-filebeat_version: 7.9.1
+filebeat_version: 7.10.0
-kibana_opendistro_version: -1.11.0-1
+kibana_opendistro_version: -1.12.0-1
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.4-1
+wazuh_manager_version: 4.1.1-1
-wazuh_agent_version: 4.0.4-1
+wazuh_agent_version: 4.1.1-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.4
+wazuh_version: 4.1.1

molecule/distributed-wazuh-odfe/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.4"
+    return "4.1.1"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -61,4 +61,4 @@ def test_filebeat_is_installed(host):
     """Test the elasticsearch package is installed."""
     filebeat = host.package("filebeat")
     assert filebeat.is_installed
-    assert filebeat.version.startswith('7.9.1')
+    assert filebeat.version.startswith('7.10.0')

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "wazuh-ansible"
-version = "4.0.4"
+version = "4.1.1"
 description = ""
 authors = ["neonmei <neonmei@pm.me>"]
 

roles/elastic-stack/ansible-elasticsearch/README.md

@@ -36,7 +36,7 @@ Example Playbook
 ```
   - hosts: elasticsearch
     roles:
-      - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_host: true }
+      - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182', single_node: true }
 ```
 
 - Three nodes Elasticsearch cluster

roles/elastic-stack/ansible-elasticsearch/defaults/main.yml

@@ -4,7 +4,7 @@ elasticsearch_http_port: 9200
 elasticsearch_network_host: 127.0.0.1
 elasticsearch_reachable_host: 127.0.0.1
 elasticsearch_jvm_xms: null
-elastic_stack_version: 7.9.3
+elastic_stack_version: 7.10.2
 elasticsearch_lower_disk_requirements: false
 elasticsearch_path_repo: []
 

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -6,8 +6,8 @@ elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_conf_path: /etc/kibana
-elastic_stack_version: 7.9.3
+elastic_stack_version: 7.10.2
-wazuh_version: 4.0.4
+wazuh_version: 4.1.1
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 elasticrepo:
@@ -47,7 +47,7 @@ nodejs:
 
 # Build from sources
 build_from_sources: false
-wazuh_plugin_branch: 4.0-7.9
+wazuh_plugin_branch: 4.1-7.10
 
 #Nodejs NODE_OPTIONS
 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -88,7 +88,7 @@
 
 - name: Removing bundles
   file:
-    path: /usr/share/kibana/optimize/bundles
+    path: /usr/share/kibana/data/bundles
     state: absent
   when: wazuh_app_verify.rc == 1
   tags: install
@@ -131,10 +131,10 @@
     - not build_from_sources
 
 - name: Kibana optimization (can take a while)
-  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize -c {{ kibana_conf_path }}/kibana.yml
+  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
   args:
     executable: /bin/bash
-    creates: /usr/share/kibana/optimize/wazuh/
+    creates: /usr/share/kibana/data/wazuh/
   become: yes
   become_user: kibana
   tags:
@@ -159,7 +159,7 @@
 
 - name: Create wazuh plugin config directory
   file:
-    path: /usr/share/kibana/optimize/wazuh/config/
+    path: /usr/share/kibana/data/wazuh/config/
     state: directory
     recurse: yes
     owner: kibana
@@ -170,7 +170,7 @@
 - name: Configure Wazuh Kibana Plugin
   template:
     src: wazuh.yml.j2
-    dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml
+    dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
     owner: kibana
     group: kibana
     mode: 0751

roles/opendistro/opendistro-elasticsearch/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Cluster Settings
-opendistro_version: 1.11.0
+opendistro_version: 1.12.0
 
 single_node: false
 elasticsearch_node_name: node-1

roles/opendistro/opendistro-kibana/defaults/main.yml

@@ -9,12 +9,12 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_server_name: "kibana"
 kibana_max_payload_bytes: 1048576
-elastic_stack_version: 7.9.1
+elastic_stack_version: 7.10.0
-wazuh_version: 4.0.4
+wazuh_version: 4.1.1
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 # The OpenDistro package repository
-kibana_opendistro_version: -1.11.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
+kibana_opendistro_version: -1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
 
 package_repos:
   yum:
@@ -54,7 +54,7 @@ nodejs:
 
 # Build from sources
 build_from_sources: false
-wazuh_plugin_branch: 4.0-7.9
+wazuh_plugin_branch: 4.1-7.10
 
 #Nodejs NODE_OPTIONS
 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

roles/opendistro/opendistro-kibana/tasks/main.yml

@@ -102,7 +102,7 @@
 
 - name: Create wazuh plugin config directory
   file:
-    path: /usr/share/kibana/optimize/wazuh/config/
+    path: /usr/share/kibana/data/wazuh/config/
     state: directory
     recurse: yes
     owner: kibana
@@ -113,7 +113,7 @@
 - name: Configure Wazuh Kibana Plugin
   template:
     src: wazuh.yml.j2
-    dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml
+    dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
     owner: kibana
     group: kibana
     mode: 0751

roles/wazuh/ansible-filebeat-oss/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
-filebeat_version: 7.9.1
+filebeat_version: 7.10.0
 
-wazuh_template_branch: v4.0.4
+wazuh_template_branch: v4.1.1
 
 filebeat_output_elasticsearch_hosts:
   - "localhost:9200"

roles/wazuh/ansible-filebeat/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
-filebeat_version: 7.9.3
+filebeat_version: 7.10.2
 
-wazuh_template_branch: v4.0.4
+wazuh_template_branch: v4.1.1
 
 filebeat_create_config: true
 

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 4.0.4-1
+wazuh_agent_version: 4.1.1-1
 
 
 # Custom packages installation
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v4.0.4"
+  branch: "v4.1.1"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"
@@ -55,8 +55,8 @@ wazuh_winagent_config:
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
   check_md5: True
   md5: 8ffa75d13280f1aa6ffca54f4273df4d
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi
+wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.1-1.msi
-wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi
+wazuh_winagent_package_name: wazuh-agent-4.1.1-1.msi
 
 wazuh_dir: "/var/ossec"
 
@@ -96,7 +96,7 @@ wazuh_managers:
 ## Authentication Method: Enrollment section (4.x)
 
 # For more information see:
-# * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment
+# * https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#enrollment
 
 wazuh_agent_enrollment:
   enabled: 'yes'
@@ -117,7 +117,7 @@ wazuh_agent_enrollment:
 ## Authentication Method: invoking agent-auth
 
 # For more information see:
-# * https://documentation.wazuh.com/4.0/user-manual/registering/password-authorization-registration.html
+# * https://documentation.wazuh.com/current/user-manual/registering/password-authorization-registration.html
 
 wazuh_agent_authd:
   registration_address: 127.0.0.1
@@ -133,7 +133,7 @@ wazuh_agent_authd:
 ## Authentication Method: REST API
 
 # For more information see:
-# * https://documentation.wazuh.com/4.0/user-manual/registering/restful-api-registration.html
+# * https://documentation.wazuh.com/current/user-manual/registering/restful-api-registration.html
 wazuh_agent_api_validate: yes
 
 ## Client buffer

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.0.4-1
+wazuh_manager_version: 4.1.1-1
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v4.0.4"
+  branch: "v4.1.1"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"
@@ -71,6 +71,9 @@ wazuh_manager_globals:
   - '^localhost.localdomain$'
   - '127.0.0.53'
 
+wazuh_manager_agent_disconnection_time: '20s'
+wazuh_manager_agents_disconnection_alert_time: '100s'
+
 ## Alerts
 wazuh_manager_log_level: 3
 wazuh_manager_email_level: 12
@@ -365,7 +368,6 @@ wazuh_manager_authd:
   force_time: 0
   purge: 'yes'
   use_password: 'no'
-  limit_maxagents: 'yes'
   ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
   ssl_agent_ca: null
   ssl_verify_host: 'no'
@@ -469,6 +471,8 @@ wazuh_manager_config_defaults:
   integrations: '{{ wazuh_manager_integrations }}'
   monitor_aws: '{{ wazuh_manager_monitor_aws }}'
   labels: '{{ wazuh_manager_labels }}'
+  agents_disconnection_time: '{{ wazuh_manager_agent_disconnection_time }}'
+  agents_disconnection_alert_time: '{{ wazuh_manager_agents_disconnection_alert_time }}'
 
 # shared-agent.conf
 

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -19,6 +19,8 @@
     <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
     <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
     <email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source>
+    <agents_disconnection_time>{{ wazuh_manager_config.agents_disconnection_time }}</agents_disconnection_time>
+    <agents_disconnection_alert_time>{{ wazuh_manager_config.agents_disconnection_alert_time }}</agents_disconnection_alert_time>
   </global>
 
   <alerts>
@@ -633,9 +635,6 @@
     {% if wazuh_manager_config.authd.use_password is not none %}
     <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
     {% endif %}
-    {% if wazuh_manager_config.authd.limit_maxagents is not none %}
-    <limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
-    {% endif %}
     {% if wazuh_manager_config.authd.ciphers is not none %}
     <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
     {% endif %}