From 5ef3d1cc3ec55b08fe1ef5cfc19ae915aed7f910 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 14 Jul 2023 16:17:53 -0300 Subject: [PATCH 01/46] bump master to 4.8.0 --- CHANGELOG.md | 6 ++++++ README.md | 1 + VERSION | 4 ++-- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- roles/wazuh/check-packages/defaults/main.yml | 2 +- roles/wazuh/vars/repo.yml | 2 +- roles/wazuh/vars/repo_pre-release.yml | 2 +- roles/wazuh/vars/repo_staging.yml | 2 +- roles/wazuh/wazuh-dashboard/defaults/main.yml | 4 ++-- roles/wazuh/wazuh-dashboard/vars/debian.yml | 2 +- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- 13 files changed, 22 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d1960e3..f220a190 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.8.0] + +### Added + +- Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480) + ## [v4.7.0] ### Added diff --git a/README.md b/README.md index 02162632..425a677a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | Wazuh version | Elastic | ODFE | |---------------|---------|--------| +| v4.8.0 | | | | v4.7.0 | | | | v4.6.0 | | | | v4.5.1 | | | diff --git a/VERSION b/VERSION index c9470816..636f052c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.7.0" -REVISION="40700" +WAZUH-ANSIBLE_VERSION="v4.8.0" +REVISION="40800" diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 0ef6cd56..fdcaeec2 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: 4.7 +wazuh_template_branch: 4.8 filebeat_node_name: node-1 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8f34b6cb..b4845560 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.7.0 +wazuh_agent_version: 4.8.0 # Custom packages installation @@ -11,7 +11,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.7.0" + branch: "v4.8.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 4feed92b..5d7f988b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.7.0 +wazuh_manager_version: 4.8.0 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.7.0" + branch: "v4.8.0" user_language: "en" user_no_stop: "y" user_install_type: "server" diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml index b56d15f1..7a915138 100644 --- a/roles/wazuh/check-packages/defaults/main.yml +++ b/roles/wazuh/check-packages/defaults/main.yml @@ -1,2 +1,2 @@ --- -wazuh_version: 4.7.0 +wazuh_version: 4.8.0 diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 6aa760bb..1c66d559 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -6,7 +6,7 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -certs_gen_tool_version: 4.7 +certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 2fe4ac27..23469ce1 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -6,7 +6,7 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -certs_gen_tool_version: 4.7 +certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 24b8b7b4..06343c88 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -6,7 +6,7 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -certs_gen_tool_version: 4.7 +certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index 00833b2f..c21f5bba 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -8,12 +8,12 @@ dashboard_node_name: node-1 dashboard_server_host: "0.0.0.0" dashboard_server_port: "443" dashboard_server_name: "dashboard" -wazuh_version: 4.7.0 +wazuh_version: 4.8.0 indexer_cluster_nodes: - 127.0.0.1 # The Wazuh dashboard package repository -dashboard_version: "4.7.0" +dashboard_version: "4.8.0" # API credentials wazuh_api_credentials: diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml index 4df73543..ad178fec 100644 --- a/roles/wazuh/wazuh-dashboard/vars/debian.yml +++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml @@ -1,2 +1,2 @@ --- -dashboard_version: 4.7.0 +dashboard_version: 4.8.0 diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 0777babb..9b68f219 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -indexer_version: 4.7.0 +indexer_version: 4.8.0 single_node: false indexer_node_name: node-1 From ea3ded19fde15dedb140793ae8d431992ef0a344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= <72193239+davidcr01@users.noreply.github.com> Date: Wed, 20 Sep 2023 13:52:51 +0200 Subject: [PATCH 02/46] Create SECURITY.md Wazuh security policy added. Related: https://github.com/wazuh/internal-devel-requests/issues/263 --- SECURITY.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..54e59de1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,45 @@ +# Wazuh Open Source Project Security Policy + +Version: 2023-06-12 + +## Introduction +This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities. + +## Scope +This policy applies to all open source projects developed, maintained, or hosted by Wazuh. + +## Reporting Security Vulnerabilities +If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly. + +Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com). + +## Vulnerability Disclosure Policy +Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps: + +- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation. +- Validation: We will validate the issue and work on reproducing it in our environment. +- Remediation: We will work on a fix and thoroughly test it +- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party. +- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments. + +This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability. + +## Automatic Scanning +We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner. + +## Credit +We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report. + +We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future. + +## Compliance with this Policy +We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. + +Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact. + +We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy. + +## Changes to this Security Policy +This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date. + +If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com). From 237a5de1c8694bd610916a554dee91dee703b1d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 22 Sep 2023 12:48:59 +0200 Subject: [PATCH 03/46] Added empty line in CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a45798f..0e6d1ab3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added - Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480) + ## [v4.7.1] ### Added From af5b41ad29d5c7c222cea1c2a073511a55ed6984 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 3 Oct 2023 17:04:35 +0200 Subject: [PATCH 04/46] Initial variables created --- roles/wazuh/ansible-wazuh-agent/README.md | 2 ++ roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 5 +++++ roles/wazuh/vars/repo.yml | 5 +++++ roles/wazuh/vars/repo_pre-release.yml | 5 +++++ roles/wazuh/vars/repo_staging.yml | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md index baf7e57e..10255e54 100644 --- a/roles/wazuh/ansible-wazuh-agent/README.md +++ b/roles/wazuh/ansible-wazuh-agent/README.md @@ -12,6 +12,8 @@ This role is compatible with: * Fedora * Debian * Ubuntu + * Windows + * macOS Role Variables diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3c27e7c1..68ac7415 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -54,6 +54,11 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_sha512: True +# macOS deployment +wazuh_macos_config: + download_dir: / + install_dir: /Library/Ossec/ + wazuh_dir: "/var/ossec" # This is deprecated, see: wazuh_agent_address diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index d038f024..1703c4c2 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -7,6 +7,11 @@ wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{ wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" +wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" +wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" +wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}" +wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}" + certs_gen_tool_version: 4.8 # Url of certificates generator tool diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 3ad401c6..502aa584 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -7,6 +7,11 @@ wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/w wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" +wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" +wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" +wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}" +wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}" + certs_gen_tool_version: 4.8 # Url of certificates generator tool diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 06343c88..7bd37414 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -6,6 +6,11 @@ wazuh_repo: wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" +wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" +wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" +wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}" +wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}" + certs_gen_tool_version: 4.8 # Url of certificates generator tool From e1568d00ebcf7cab14c2aacd730df577ef6533ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 3 Oct 2023 17:05:22 +0200 Subject: [PATCH 05/46] Initial macOS tasks created --- .../wazuh/ansible-wazuh-agent/tasks/macOS.yml | 18 ++++++++++++++++++ roles/wazuh/ansible-wazuh-agent/tasks/main.yml | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml new file mode 100644 index 00000000..4021bfd7 --- /dev/null +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -0,0 +1,18 @@ +--- +- name: macOS | Check architecture + command: "/usr/bin/uname -m" + register: uname_result + +- name: macOS | Set architecture variable + set_fact: + macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}" + +- name: macOS | Set package name and URL based on architecture + set_fact: + wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}" + wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}" + +- name: macOS | Check if Wazuh installer is already downloaded + stat: + path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" + register: wazuh_package_downloaded \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index d12446b1..26c27817 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -23,3 +23,6 @@ - include_tasks: "Linux.yml" when: ansible_system == "Linux" + +- include_tasks: "macOS.yml" + when: ansible_system == "Darwin" \ No newline at end of file From 4ef5c37970f775409faf66fc12e4e31c275e585d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 3 Oct 2023 17:16:38 +0200 Subject: [PATCH 06/46] Agent package is downloaded and deleted --- .../wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 68ac7415..9e9b627f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -56,7 +56,7 @@ wazuh_winagent_config: # macOS deployment wazuh_macos_config: - download_dir: / + download_dir: /tmp/ install_dir: /Library/Ossec/ wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml index 4021bfd7..e3cd51c4 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -15,4 +15,18 @@ - name: macOS | Check if Wazuh installer is already downloaded stat: path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" - register: wazuh_package_downloaded \ No newline at end of file + register: wazuh_package_downloaded + +- name: macOS | Download Wazuh Agent package + get_url: + url: "{{ wazuh_macos_package_url }}" + dest: "{{ wazuh_macos_config.download_dir }}" + when: + - not wazuh_package_downloaded.stat.exists + +- name: macOS | Delete downloaded Wazuh agent installer file + file: + path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" + state: absent + when: + - wazuh_package_downloaded.stat.exists \ No newline at end of file From d327883df70568b1e875e8ddd0ba88fcdddcc80b Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 5 Oct 2023 11:14:06 -0300 Subject: [PATCH 07/46] Testing after removing build from sources --- .../ansible-kibana/defaults/main.yml | 4 - .../opendistro-kibana/defaults/main.yml | 3 - .../ansible-wazuh-agent/defaults/main.yml | 24 ---- .../ansible-wazuh-agent/tasks/Debian.yml | 3 - .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 8 -- .../ansible-wazuh-agent/tasks/RedHat.yml | 2 - .../tasks/installation_from_sources.yml | 100 -------------- .../templates/preloaded_vars_agent.conf.j2 | 7 - .../ansible-wazuh-manager/defaults/main.yml | 26 ---- .../ansible-wazuh-manager/tasks/Debian.yml | 14 -- .../ansible-wazuh-manager/tasks/RedHat.yml | 13 -- .../tasks/installation_from_sources.yml | 125 ------------------ .../ansible-wazuh-manager/tasks/main.yml | 1 - .../templates/preloaded_vars_manager.conf.j2 | 7 - 14 files changed, 337 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml delete mode 100644 roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml delete mode 100644 roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 778b4f48..2a911a4e 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -45,9 +45,5 @@ nodejs: redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" -# Build from sources -build_from_sources: false -wazuh_plugin_branch: 4.1-7.10 - #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 165a0891..1099b158 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -52,9 +52,6 @@ nodejs: redhat: "rpm" repo_url_ext: "nodesource.com/setup_10.x" -# Build from sources -build_from_sources: false -wazuh_plugin_branch: 4.1-7.10 #Nodejs NODE_OPTIONS node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 3c27e7c1..68649d8b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -7,30 +7,6 @@ wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_deb_url: "" wazuh_custom_packages_installation_agent_rpm_url: "" -# Sources installation - -wazuh_agent_sources_installation: - enabled: false - branch: "v4.8.0" - user_language: "y" - user_no_stop: "y" - user_install_type: "agent" - user_dir: "/var/ossec" - user_delete_dir: "y" - user_enable_active_response: "y" - user_enable_syscheck: "y" - user_enable_rootcheck: "y" - user_enable_openscap: "n" - user_enable_sca: "y" - user_enable_authd: "y" - user_generate_authd_cert: "n" - user_update: "y" - user_binaryinstall: null - user_agent_server_ip: "YOUR_MANAGER_IP" - user_agent_server_name: null - user_agent_config_profile: null - user_ca_store: "{{ wazuh_dir }}/wpk_root.pem" - wazuh_agent_yum_lock_timeout: 30 # We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 1c9af638..52b41b24 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -30,7 +30,6 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Installing Wazuh repository key @@ -39,7 +38,6 @@ id: "{{ wazuh_agent_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Add Wazuh repositories @@ -49,7 +47,6 @@ state: present update_cache: true when: - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for debian diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 99913e7b..64ac3400 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -5,10 +5,6 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- include_tasks: "installation_from_sources.yml" - when: - - wazuh_agent_sources_installation.enabled - - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_agent_enabled @@ -20,7 +16,6 @@ lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}' when: - ansible_os_family|lower == "redhat" - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled tags: - init @@ -32,7 +27,6 @@ cache_valid_time: 3600 when: - ansible_os_family|lower != "redhat" - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled - not ansible_check_mode tags: @@ -271,9 +265,7 @@ - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" - - not wazuh_agent_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - - not wazuh_agent_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 17d97c96..5c053542 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -10,7 +10,6 @@ when: - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled register: repo_v5_installed @@ -24,7 +23,6 @@ changed_when: false when: - repo_v5_installed is skipped - - not wazuh_agent_sources_installation.enabled - not wazuh_custom_packages_installation_agent_enabled - name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml deleted file mode 100644 index fbfecd5b..00000000 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present - - - name: Removing old files - file: - path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent - - - name: Removing old folders - file: - path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent - - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python - when: - - ansible_os_family|lower == "redhat" - - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" - - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" - changed_when: false - - - name: Create folder to extract Wazuh branch - file: - path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - mode: 0755 - state: directory - changed_when: false - - - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: >- - tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz - --strip 1 - --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }} - register: wazuh_untar - changed_when: false - args: - warn: false - - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false - - - name: Render the "preloaded-vars.conf" file - template: - src: "templates/preloaded_vars_agent.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: 0644 - changed_when: false - - - name: Executing "install.sh" script to build and install the Wazuh Agent - shell: ./install.sh > /tmp/build_agent_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - - - name: Cleanup downloaded files - file: - path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz" - state: absent - changed_when: false - - - name: Cleanup created folders - file: - path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}" - state: absent - changed_when: false \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 deleted file mode 100644 index 0887b367..00000000 --- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% for key, value in wazuh_agent_sources_installation.items() %} -{% if "user_" in key %} -{% if value is defined and value is not none %} -{{ key|upper }}="{{ value }}" -{% endif %} -{% endif %} -{% endfor %} \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 5c930637..43c3958d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -9,32 +9,6 @@ wazuh_custom_packages_installation_manager_enabled: false wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/" -# Sources installation -wazuh_manager_sources_installation: - enabled: false - branch: "v4.8.0" - user_language: "en" - user_no_stop: "y" - user_install_type: "server" - user_dir: "/var/ossec" - user_delete_dir: null - user_enable_active_response: null - user_enable_syscheck: "y" - user_enable_rootcheck: "y" - user_enable_openscap: "n" - user_enable_authd: "y" - user_generate_authd_cert: null - user_update: "y" - user_binaryinstall: null - user_enable_email: "n" - user_auto_start: "y" - user_email_address: null - user_email_smpt: null - user_enable_syslog: "n" - user_white_list: "n" - user_ca_store: null - threads: "2" - wazuh_dir: "/var/ossec" ########################################## diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 1079f8d2..87931b8a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -24,7 +24,6 @@ when: - ansible_distribution == "Ubuntu" - ansible_distribution_major_version | int == 14 - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Installing Wazuh repository key @@ -33,7 +32,6 @@ id: "{{ wazuh_manager_config.repo.key_id }}" when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Add Wazuh repositories @@ -44,7 +42,6 @@ update_cache: true changed_when: false when: - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu @@ -98,12 +95,6 @@ tags: - config -- name: Install dependencies to build from sources - apt: - name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++'] - state: present - when: wazuh_manager_sources_installation.enabled - - name: Debian/Ubuntu | Install wazuh-manager apt: name: @@ -111,13 +102,8 @@ state: present tags: init when: - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled -- include_tasks: "installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - - include_tasks: "installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index b873b021..d652c26f 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -10,7 +10,6 @@ when: - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - (ansible_distribution_major_version|int <= 5) - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled register: repo_v5_manager_installed @@ -24,7 +23,6 @@ changed_when: false when: - repo_v5_manager_installed is skipped - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled - name: RedHat/CentOS/Fedora | Install openscap @@ -93,12 +91,6 @@ when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" -- name: Install dependencies to build from sources - yum: - name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++'] - state: present - when: wazuh_manager_sources_installation.enabled - - name: CentOS/RedHat/Amazon | Install wazuh-manager package: name: "wazuh-manager-{{ wazuh_manager_version }}" @@ -107,15 +99,10 @@ until: wazuh_manager_main_packages_installed is succeeded when: - ansible_os_family|lower == "redhat" - - not wazuh_manager_sources_installation.enabled - not wazuh_custom_packages_installation_manager_enabled tags: - init -- include_tasks: "../tasks/installation_from_sources.yml" - when: - - wazuh_manager_sources_installation.enabled - - include_tasks: "../tasks/installation_from_custom_packages.yml" when: - wazuh_custom_packages_installation_manager_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml deleted file mode 100644 index 74818bc5..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -# Wazuh Manager - - name: Check if Wazuh Manager is already installed - stat: - path: "{{ wazuh_dir }}/bin/wazuh-control" - register: wazuh_control_path - - - name: Installing Wazuh Manager from sources - block: - - name: Install dependencies to build Wazuh packages - package: - name: - - make - - gcc - - automake - - autoconf - - libtool - - tar - state: present - - - name: Install CMake - include_tasks: install_cmake.yml - - - name: Removing old files - file: - path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent - - - name: Removing old folders - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent - - - name: Installing policycoreutils-python (RedHat families) - package: - name: - - policycoreutils-python - when: - - ansible_os_family|lower == "redhat" - - - name: Installing policycoreutils-python-utils (Debian families) - package: - name: - - libc6-dev - - curl - - policycoreutils - when: - - ansible_os_family|lower == "debian" - - - name: Remove old repository folder - file: - path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} - state: absent - - - name: Download required packages from github.com/wazuh/wazuh - get_url: - url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - delegate_to: "{{ inventory_hostname }}" - - - name: Create folder to extract Wazuh branch - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - owner: root - group: root - mode: 0644 - state: directory - - # When downloading "v3.11.0" extracted folder name is 3.11.0. - - # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - - - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip - command: >- - tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz - --strip 1 - --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }} - register: wazuh_untar - changed_when: wazuh_untar.rc ==0 - args: - warn: false - - - name: Clean remaining files from others builds - command: "make -C src {{ item }}" - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/" - with_items: - - "clean" - - "clean-deps" - register: clean_result - changed_when: clean_result.rc == 0 - failed_when: false - - - name: Render the "preloaded-vars.conf" file - template: - src: "templates/preloaded_vars_manager.conf.j2" - dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" - owner: root - group: root - mode: 0644 - - - name: Executing "install.sh" script to build and install the Wazuh Manager - shell: ./install.sh > /tmp/build_wazuh_manager_log.txt - register: installation_result - changed_when: installation_result == 0 - args: - chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - environment: - PATH: /usr/local/bin:{{ ansible_env.PATH }} - - - name: Cleanup downloaded files - file: - path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz" - state: absent - - - name: Cleanup created folders - file: - path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" - state: absent - - when: - - not wazuh_control_path.stat.exists - - wazuh_manager_sources_installation.enabled - tags: - - manager diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 3e3e9a08..1c029b6c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -336,4 +336,3 @@ - name: Run uninstall tasks include_tasks: uninstall.yml - when: not wazuh_manager_sources_installation.enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 deleted file mode 100644 index 3dacef92..00000000 --- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% for key, value in wazuh_manager_sources_installation.items() %} -{% if "user_" in key %} -{% if value is defined and value is not none %} -{{ key|upper }}="{{ value }}" -{% endif %} -{% endif %} -{% endfor %} From 7ebfe2c2ad4c10c8fdc42224ad235ba46929ff06 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Fri, 6 Oct 2023 10:15:10 -0300 Subject: [PATCH 08/46] Fixed create_user.py --- roles/wazuh/ansible-wazuh-manager/files/create_user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/files/create_user.py b/roles/wazuh/ansible-wazuh-manager/files/create_user.py index abb44eec..0216d58d 100644 --- a/roles/wazuh/ansible-wazuh-manager/files/create_user.py +++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py @@ -13,7 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_" try: - from wazuh.rbac.orm import create_rbac_db + from wazuh.rbac.orm import check_database_integrity from wazuh.security import ( create_user, get_users, @@ -69,7 +69,7 @@ if __name__ == "__main__": username, password = read_user_file() # create RBAC database - create_rbac_db() + check_database_integrity() initial_users = db_users() if username not in initial_users: From 4d6205a9688d6dcfabbdcb8c7527de8d4e203660 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Mon, 9 Oct 2023 12:37:22 -0300 Subject: [PATCH 09/46] Removed wazuh repository --- roles/wazuh/wazuh-dashboard/tasks/RedHat.yml | 1 - roles/wazuh/wazuh-indexer/tasks/RedHat.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml index 7ba36704..d457e962 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml @@ -3,7 +3,6 @@ - name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo yum_repository: - file: wazuh name: wazuh_repo description: Wazuh yum repository baseurl: "{{ wazuh_repo.yum }}" diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml index 53a67ab6..d1d0a060 100644 --- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml +++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml @@ -3,7 +3,6 @@ - name: RedHat/CentOS/Fedora | Add Wazuh indexer repo yum_repository: - file: wazuh name: wazuh_repo description: Wazuh yum repository baseurl: "{{ wazuh_repo.yum }}" From 490bcfff25d190ec8a3def56c5bfd6e00f3fcf63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 10 Oct 2023 15:05:20 +0200 Subject: [PATCH 10/46] Updated ossec.conf template to support macOS --- .../ansible-wazuh-agent/defaults/main.yml | 18 ++++++ .../ansible-wazuh-agent/handlers/main.yml | 3 + .../var-ossec-etc-ossec-agent.conf.j2 | 55 +++++++++++++++++-- 3 files changed, 70 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9e9b627f..399e94ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -40,6 +40,7 @@ authd_pass: '' wazuh_api_reachable_from_agent: yes wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' +wazuh_profile_macos: 'darwin, darwin21, darwin21.1' wazuh_auto_restart: 'yes' wazuh_notify_time: '10' @@ -230,6 +231,11 @@ wazuh_agent_syscheck: checks: '' - dirs: /bin,/sbin,/boot checks: '' + macos_directories: + - dirs: /etc,/usr/bin,/usr/sbin + checks: '' + - dirs: /bin,/sbin + checks: '' win_directories: - dirs: '%WINDIR%' checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' @@ -332,6 +338,17 @@ wazuh_agent_localfiles: command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d alias: 'netstat listening ports' frequency: '360' + macos: + - format: 'full_command' + command: netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u + alias: 'netstat listening ports' + frequency: '360' + - format: 'macos' + location: 'macos' + query: + type: 'trace,log,activity' + level: 'info' + value: (process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd") windows: - format: 'eventlog' location: 'Application' @@ -355,6 +372,7 @@ wazuh_agent_active_response: ar_disabled: 'no' ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem" ca_store_win: 'wpk_root.pem' + ca_store_macos: 'etc/wpk_root.pem' ca_verification: 'yes' ## Logging diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml index 84f3ff45..f4770eb3 100644 --- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml @@ -4,3 +4,6 @@ - name: Windows | Restart Wazuh Agent win_service: name=WazuhSvc start_mode=auto state=restarted + +- name: macOS | Restart Wazuh Agent + command: /Library/Ossec/bin/wazuh-control restart \ No newline at end of file diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 8eef3d1d..dd40b21e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -30,6 +30,9 @@ {{ wazuh_profile_ubuntu }} {% endif %} {% endif %} + {% if ansible_system == "Darwin" %} + {{ wazuh_profile_macos }} + {% endif %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {{ wazuh_notify_time }} {{ wazuh_time_reconnect }} @@ -91,7 +94,7 @@ {% if wazuh_agent_config.rootcheck is defined %} no - {% if ansible_system == "Linux" %} + {% if ansible_system == "Linux" or ansible_system == "Darwin" %} yes yes yes @@ -103,10 +106,14 @@ {{ wazuh_agent_config.rootcheck.frequency }} + {% if ansible_system == "Darwin" %} + etc/shared/rootkit_files.txt + etc/shared/rootkit_trojans.txt + {% else %} {{ wazuh_dir }}/etc/shared/rootkit_files.txt {{ wazuh_dir }}/etc/shared/rootkit_trojans.txt - yes {% endif %} + yes {% if ansible_os_family == "Windows" %} ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt @@ -179,6 +186,7 @@ {% endif %} + {% if ansible_system != "Darwin" %} {{ wazuh_agent_config.cis_cat.disable }} {{ wazuh_agent_config.cis_cat.timeout }} @@ -193,6 +201,7 @@ {% endif %} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %} + {% endif %} @@ -249,13 +258,18 @@ no {{ wazuh_agent_config.syscheck.frequency }} - {% if ansible_system == "Linux" %} + {% if ansible_system == "Linux" or ansible_system == "Darwin" %} {{ wazuh_agent_config.syscheck.scan_on_start }} {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% for directory in wazuh_agent_config.syscheck.directories %} {{ directory.dirs }} {% endfor %} + {% elif ansible_system == "Darwin" %} + {% for directory in wazuh_agent_config.syscheck.macos_directories %} + {{ directory.dirs }} + {% endfor %} + {% endif %} {% endif %} {% endif %} @@ -267,7 +281,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %} + {% if wazuh_agent_config.syscheck.ignore is defined and (ansible_system == "Linux" or ansible_system == "Darwin") %} {% for ignore in wazuh_agent_config.syscheck.ignore %} {{ ignore }} {% endfor %} @@ -286,7 +300,7 @@ {% endfor %} {% endif %} - {% if ansible_system == "Linux" %} + {% if ansible_system == "Linux" or ansible_system == "Darwin" %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %} {{ no_diff }} @@ -363,6 +377,27 @@ {% endfor %} {% endif %} + {% if ansible_system == "Darwin" %} + {% for localfile in wazuh_agent_config.localfiles.macos %} + + + {{ localfile.format }} + {% if localfile.format == 'command' or localfile.format == 'full_command' %} + {{ localfile.command }} + {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} + {% else %} + {{ localfile.location }} + {% if localfile.format == 'macos' %} + {{ localfile.query.value }} + {% endif %} + {% endif %} + + {% endfor %} + {% endif %} + {% if ansible_os_family == "Debian" %} {% for localfile in wazuh_agent_config.localfiles.debian %} @@ -439,7 +474,15 @@ {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %} + + {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }} + {% else %} + {% if ansible_system == "Darwin" %}{{ wazuh_agent_config.active_response.ca_store_macos }} + {% else %} + {{ wazuh_agent_config.active_response.ca_store }} + {% endif %} + {% endif %} + {{ wazuh_agent_config.active_response.ca_verification }} From eabc38dc84854f74f019a673c9dce07d9207a6b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 10 Oct 2023 15:08:04 +0200 Subject: [PATCH 11/46] Added authd enrollment alternative to macOS.yml --- .../wazuh/ansible-wazuh-agent/tasks/macOS.yml | 115 +++++++++++++++++- 1 file changed, 110 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml index e3cd51c4..469dd2e6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -21,12 +21,117 @@ get_url: url: "{{ wazuh_macos_package_url }}" dest: "{{ wazuh_macos_config.download_dir }}" + register: download_result when: - not wazuh_package_downloaded.stat.exists + +- name: macOS | Check if Wazuh Agent is already installed + stat: + path: "{{ wazuh_macos_config.install_dir }}" + register: wazuh_installed + +- name: macOS | Install Agent if not already installed + command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /" + register: install_result + +- name: macOS | Check if client.keys exists + stat: + path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys" + register: client_keys_file + tags: + - config + +- name: macOS | Agent registration via authd + block: + + - name: Copy CA root certificate to verify authd + copy: + src: "{{ wazuh_agent_authd.ssl_agent_ca }}" + dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + mode: 0644 + when: + - wazuh_agent_authd.ssl_agent_ca is not none + + - name: Copy TLS/SSL certificate for agent verification + copy: + src: "{{ item }}" + dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ item | basename }}" + mode: 0644 + with_items: + - "{{ wazuh_agent_authd.ssl_agent_cert }}" + - "{{ wazuh_agent_authd.ssl_agent_key }}" + when: + - wazuh_agent_authd.ssl_agent_cert is not none + - wazuh_agent_authd.ssl_agent_key is not none + - name: macOS | Register agent (via authd) + shell: > + {{ wazuh_macos_config.install_dir }}/bin/agent-auth + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} + -m {{ wazuh_agent_authd.registration_address }} + -p {{ wazuh_agent_authd.port }} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} + -v "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} + -x "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} + -k "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} + {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} + -G "{{ wazuh_agent_authd.groups | join(',') }}" + {% endif %} + register: agent_auth_output + notify: macOS | Restart Wazuh Agent + vars: + agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" + when: + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 + - wazuh_agent_authd.registration_address is not none + + - name: macOS | Verify agent registration + shell: > + sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'" + when: + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 + - wazuh_agent_authd.registration_address is not none + when: + - wazuh_agent_authd.enable | bool + - wazuh_agent_config.enrollment.enabled != 'yes' + tags: + - config + - authd + +- name: macOS | Installing agent configuration (ossec.conf) + template: + src: var-ossec-etc-ossec-agent.conf.j2 + dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf" + owner: root + group: wazuh + mode: 0644 + notify: macOS | Restart Wazuh Agent + tags: + - init + - config + +- name: macOS | Installing local_internal_options.conf + template: + src: var-ossec-etc-local-internal-options.conf.j2 + dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf" + owner: root + group: wazuh + mode: 0640 + notify: macOS | Restart Wazuh Agent + tags: + - init + - config - name: macOS | Delete downloaded Wazuh agent installer file - file: - path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" - state: absent - when: - - wazuh_package_downloaded.stat.exists \ No newline at end of file + file: + path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" + state: absent \ No newline at end of file From 58ed9c241a93d88170671ac0e1d3a8dff81ac4fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 10 Oct 2023 17:59:05 +0200 Subject: [PATCH 12/46] Updated API enrollment variables --- playbooks/wazuh-agent.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml index 22fcfa77..16ff48ae 100644 --- a/playbooks/wazuh-agent.yml +++ b/playbooks/wazuh-agent.yml @@ -10,7 +10,7 @@ port: 1514 protocol: tcp api_port: 55000 - api_proto: 'http' - api_user: ansible + api_proto: 'https' + api_user: wazuh max_retries: 5 retry_interval: 5 \ No newline at end of file From 61c40a1fec098899e7d097b20944352358a37b36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 10 Oct 2023 18:15:07 +0200 Subject: [PATCH 13/46] Added API enrollment alternative to macOS.yml --- .../wazuh/ansible-wazuh-agent/tasks/macOS.yml | 101 +++++++++++++++++- 1 file changed, 100 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml index 469dd2e6..49fe677d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -107,6 +107,105 @@ - config - authd +- name: macOS | Agent registration via rest-API + block: + + - name: macOS | Establish target Wazuh Manager for registration task + set_fact: + target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}' + vars: + manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}" + manager_fallback: "{{ wazuh_managers | list }}" + + - name: macOS | Obtain JWT Token + uri: + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' + method: POST + url_username: '{{ target_manager.api_user }}' + url_password: '{{ api_pass }}' + status_code: 200 + return_content: yes + force_basic_auth: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' + changed_when: api_jwt_result.json.error == 0 + register: api_jwt_result + become: no + tags: + - config + - api + + - name: macOS | Create the agent key via rest-API + uri: + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents' + method: POST + body_format: json + body: + name: '{{ agent_name }}' + headers: + Authorization: 'Bearer {{ jwt_token }}' + status_code: 200 + return_content: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' + become: no + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' + changed_when: api_agent_post.json.error == 0 + register: api_agent_post + vars: + agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' + jwt_token: '{{ api_jwt_result.json.data.token }}' + tags: + - config + - api + + - name: macOS | Validate registered agent key matches manager record + uri: + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key' + method: GET + headers: + Authorization: 'Bearer {{ jwt_token }}' + status_code: 200 + return_content: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' + become: no + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' + register: api_agent_validation + vars: + agent_id: '{{ api_agent_post.json.data.id }}' + agent_key: '{{ api_agent_post.json.data.key }}' + jwt_token: '{{ api_jwt_result.json.data.token }}' + failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key + when: + - wazuh_agent_api_validate | bool + - api_agent_post.json.error == 0 + tags: + - config + - api + + - name: macOS | Import Key (via rest-API) + command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents" + environment: + OSSEC_ACTION: i + OSSEC_AGENT_NAME: '{{ agent_name }}' + OSSEC_AGENT_IP: '{{ wazuh_agent_address }}' + OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}' + OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}' + OSSEC_ACTION_CONFIRMED: y + register: manage_agents_output + vars: + agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' + notify: macOS | Restart Wazuh Agent + when: + - not ( wazuh_agent_authd.enable | bool ) + - wazuh_agent_config.enrollment.enabled != 'yes' + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 + tags: + - config + - api + - name: macOS | Installing agent configuration (ossec.conf) template: src: var-ossec-etc-ossec-agent.conf.j2 @@ -132,6 +231,6 @@ - config - name: macOS | Delete downloaded Wazuh agent installer file - file: + file: path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" state: absent \ No newline at end of file From 07d4228fa496cd34eba400d12545c8a636e0540d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 10 Oct 2023 19:06:42 +0200 Subject: [PATCH 14/46] Added auto enrollment alternative to macOS.yml --- .../wazuh/ansible-wazuh-agent/tasks/macOS.yml | 24 +++++++++++++++++++ .../var-ossec-etc-ossec-agent.conf.j2 | 4 +++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml index 49fe677d..3988d126 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -206,6 +206,16 @@ - config - api +- name: macOS | Agent registration via auto-enrollment + debug: + msg: Agent registration will be performed through enrollment option in templated ossec.conf + when: wazuh_agent_config.enrollment.enabled == 'yes' + +- name: macOS | Ensure group "wazuh" exists + ansible.builtin.group: + name: wazuh + state: present + - name: macOS | Installing agent configuration (ossec.conf) template: src: var-ossec-etc-ossec-agent.conf.j2 @@ -230,6 +240,20 @@ - init - config +- name: Create auto-enrollment password file + template: + src: authd_pass.j2 + dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass" + owner: wazuh + group: wazuh + mode: 0640 + when: + - wazuh_agent_config.enrollment.enabled == 'yes' + - wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0 + - authd_pass | length > 0 + tags: + - config + - name: macOS | Delete downloaded Wazuh agent installer file file: path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index dd40b21e..1ae07862 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -67,8 +67,10 @@ {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} {{ wazuh_agent_config.enrollment.agent_key_path }} {% endif %} - {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} + {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %} {{ wazuh_agent_config.enrollment.authorization_pass_path }} + {% else %} + {{ wazuh_agent_config.enrollment.authorization_pass_path_macos }} {% endif %} {% if wazuh_agent_config.enrollment.auto_method | length > 0 %} {{ wazuh_agent_config.enrollment.auto_method }} From 1432f9273f94b4158b0acdc4687117328d16a1b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 16 Oct 2023 15:13:41 +0200 Subject: [PATCH 15/46] Added password path in macOS --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 399e94ce..93a0dc32 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -106,6 +106,7 @@ wazuh_agent_enrollment: agent_certificate_path: '' agent_key_path: '' authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass" + authorization_pass_path_macos: "/etc/authd.pass" auto_method: 'no' delay_after_enrollment: 20 use_source_ip: 'no' From b2d2f5cd29063d56672858077b2fe1b4d28191f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 17 Oct 2023 16:11:55 +0200 Subject: [PATCH 16/46] Removed agent verification in macOS deployment --- .../wazuh/ansible-wazuh-agent/tasks/macOS.yml | 29 ------------------- 1 file changed, 29 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml index 3988d126..9c1f6ce7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml @@ -43,26 +43,6 @@ - name: macOS | Agent registration via authd block: - - - name: Copy CA root certificate to verify authd - copy: - src: "{{ wazuh_agent_authd.ssl_agent_ca }}" - dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" - mode: 0644 - when: - - wazuh_agent_authd.ssl_agent_ca is not none - - - name: Copy TLS/SSL certificate for agent verification - copy: - src: "{{ item }}" - dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ item | basename }}" - mode: 0644 - with_items: - - "{{ wazuh_agent_authd.ssl_agent_cert }}" - - "{{ wazuh_agent_authd.ssl_agent_key }}" - when: - - wazuh_agent_authd.ssl_agent_cert is not none - - wazuh_agent_authd.ssl_agent_key is not none - name: macOS | Register agent (via authd) shell: > {{ wazuh_macos_config.install_dir }}/bin/agent-auth @@ -73,15 +53,6 @@ -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} - -v "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" - {% endif %} - {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} - -x "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" - {% endif %} - {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} - -k "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" - {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} -G "{{ wazuh_agent_authd.groups | join(',') }}" From 1337cbbe40608b4e205adc2f9324da22e4e053cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Mon, 23 Oct 2023 09:59:07 -0300 Subject: [PATCH 17/46] Dashboard default route update --- .../wazuh-dashboard/templates/opensearch_dashboards.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 index 75ee61f8..100d9f2b 100644 --- a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 +++ b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 @@ -12,4 +12,4 @@ server.ssl.enabled: true server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem" server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem" opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wazuh +uiSettings.overrides.defaultRoute: /app/wz-home From 74d182e732561f71796e7f9b7701f6181965e142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 1 Nov 2023 15:22:40 -0300 Subject: [PATCH 18/46] Rollover alias tasks added --- roles/wazuh/vars/repo.yml | 7 ++++++- roles/wazuh/vars/repo_pre-release.yml | 7 ++++++- roles/wazuh/vars/repo_staging.yml | 7 ++++++- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 10 +++++++++- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 1703c4c2..6d7ef99c 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -15,4 +15,9 @@ wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_maco certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 502aa584..4131b206 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -15,4 +15,9 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{ certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 7bd37414..00d6d63f 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -14,4 +14,9 @@ wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wa certs_gen_tool_version: 4.8 # Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" \ No newline at end of file +certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" + +rollover_alias_tool_version: 4.8 + +# Url of certificates generator tool +rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 26b83fd7..a06df8b4 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -93,8 +93,16 @@ delay: 5 register: result until: result.rc == 0 - run_once: true + - name: Download Rollover alias script + get_url: + url: "{{ rollover_alias_url }}" + dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" + + - name: Initialize Rollover alias + command: > + INDEXER_PASSWORD={{ indexer_admin_password }} INDEXER_HOSTNAME={{ target_address }} ./{{ indexer_conf_path }}/indexerRolloverAlias.sh + run_once: true - name: Create custom user uri: From a69937e5335fd25413053428b0ac35816ba0e3bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 1 Nov 2023 16:38:07 -0300 Subject: [PATCH 19/46] Environment variables added --- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index a06df8b4..51a22a2b 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -98,10 +98,17 @@ get_url: url: "{{ rollover_alias_url }}" dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" + mode: 744 - name: Initialize Rollover alias command: > - INDEXER_PASSWORD={{ indexer_admin_password }} INDEXER_HOSTNAME={{ target_address }} ./{{ indexer_conf_path }}/indexerRolloverAlias.sh + {{ indexer_conf_path }}/indexerRolloverAlias.sh + environment: + INDEXER_PASSWORD: "{{ indexer_admin_password }}" + INDEXER_HOSTNAME: "{{ target_address }}" + become: yes + become_user: root + run_once: true - name: Create custom user From 9835b2f3bcf5b206346f9a8ed02514d59c30b26f Mon Sep 17 00:00:00 2001 From: c-bordon Date: Wed, 8 Nov 2023 13:00:30 -0300 Subject: [PATCH 20/46] Updated this PR with the new changes of indexer-ism-init script --- roles/wazuh/vars/repo.yml | 5 ----- roles/wazuh/vars/repo_pre-release.yml | 5 ----- roles/wazuh/vars/repo_staging.yml | 5 ----- roles/wazuh/wazuh-indexer/defaults/main.yml | 1 + .../wazuh-indexer/tasks/security_actions.yml | 21 +++++++------------ 5 files changed, 8 insertions(+), 29 deletions(-) diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index 6d7ef99c..1362b116 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 4131b206..eaafa611 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -16,8 +16,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 00d6d63f..0bba2c4b 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -15,8 +15,3 @@ certs_gen_tool_version: 4.8 # Url of certificates generator tool certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" - -rollover_alias_tool_version: 4.8 - -# Url of certificates generator tool -rollover_alias_url: "https://packages-dev.wazuh.com/{{ rollover_alias_tool_version }}/indexerRolloverInit.sh" \ No newline at end of file diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 9b68f219..8c959c50 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,6 +28,7 @@ domain_name: wazuh.com indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools +indexer_bin_path: /usr/share/wazuh-indexer/bin indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 51a22a2b..cdf604d9 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -52,7 +52,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ indexer_admin_password }}' register: indexer_admin_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the Admin user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -60,7 +60,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" - + # this can also be achieved with password_hash, but it requires dependencies on the controller - name: Hash the kibanaserver role/user pasword shell: | @@ -68,7 +68,7 @@ {{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ dashboard_password }}' register: indexer_kibanaserver_password_hashed no_log: '{{ indexer_nolog_sensible | bool }}' - + - name: Set the kibanaserver user password replace: path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" @@ -76,7 +76,7 @@ replace: "{{ indexer_password_hash | quote }}" vars: indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" - + - name: Initialize the Opensearch security index in Wazuh indexer command: > sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} @@ -94,18 +94,11 @@ register: result until: result.rc == 0 - - name: Download Rollover alias script - get_url: - url: "{{ rollover_alias_url }}" - dest: "{{ indexer_conf_path }}/indexerRolloverAlias.sh" - mode: 744 - - name: Initialize Rollover alias command: > - {{ indexer_conf_path }}/indexerRolloverAlias.sh - environment: - INDEXER_PASSWORD: "{{ indexer_admin_password }}" - INDEXER_HOSTNAME: "{{ target_address }}" + {{ indexer_bin_path }}/indexer-ism-init.sh + -p {{ indexer_admin_password }} + -i {{ target_address }} become: yes become_user: root From 0b0ad880cf9467ca2b1e70e7b30e0fee19b31f42 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Wed, 8 Nov 2023 13:02:05 -0300 Subject: [PATCH 21/46] Update task name --- roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index cdf604d9..797e2dbd 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -94,7 +94,7 @@ register: result until: result.rc == 0 - - name: Initialize Rollover alias + - name: Initialize ISM script command: > {{ indexer_bin_path }}/indexer-ism-init.sh -p {{ indexer_admin_password }} From 588aced3139d7b4c2981aaf33c2a7891c294880f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 23 Nov 2023 12:11:28 -0300 Subject: [PATCH 22/46] Staging variables added --- roles/wazuh/vars/repo_staging.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 0bba2c4b..6fe182e0 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -5,6 +5,9 @@ wazuh_repo: key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" +wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" +check_sha512: False +filebeat_module_package_url: https://packages-dev.wazuh.com/staging/filebeat wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" From c7ccfa361ab3bb0f117968010ac5a6fa3ebae2b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 7 Dec 2023 13:26:38 -0300 Subject: [PATCH 23/46] Endif added --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 1ae07862..a042a71e 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -116,11 +116,13 @@ {{ wazuh_dir }}/etc/shared/rootkit_trojans.txt {% endif %} yes + {% endif %} {% if ansible_os_family == "Windows" %} ./shared/win_applications_rcl.txt ./shared/win_malware_rcl.txt {% endif %} + {% endif %} From 58c2734362777cce7bd23b31a2af3470b3840292 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 7 Dec 2023 18:32:43 +0100 Subject: [PATCH 24/46] Removed endif tag --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index a042a71e..b1a28249 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -275,7 +275,6 @@ {% endfor %} {% endif %} {% endif %} - {% endif %} {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %} From cffba0df19fb2bfc396ad41cb08b00cdb0dc1e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 15 Dec 2023 16:38:58 +0100 Subject: [PATCH 25/46] Changed configuration to new VD and indexer --- .../ansible-filebeat-oss/defaults/main.yml | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 80 ++++--------------- .../var-ossec-etc-ossec-server.conf.j2 | 55 ++++++------- 3 files changed, 42 insertions(+), 95 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index ab43f383..2fb39ab6 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -6,7 +6,7 @@ wazuh_template_branch: v4.8.0 filebeat_node_name: node-1 filebeat_output_indexer_hosts: - - "localhost:9200" + - "localhost" filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz filebeat_module_package_path: /tmp/ diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 43c3958d..7ffcd970 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -144,69 +144,23 @@ wazuh_manager_sca: time: '' ## Vulnerability Detector -wazuh_manager_vulnerability_detector: - enabled: 'no' - interval: '5m' - min_full_scan_interval: '6h' - run_on_start: 'yes' - providers: - - enabled: 'no' - os: - - 'trusty' - - 'xenial' - - 'bionic' - - 'focal' - - 'jammy' - update_interval: '1h' - name: '"canonical"' - - enabled: 'no' - os: - - 'buster' - - 'bullseye' - - 'bookworm' - update_interval: '1h' - name: '"debian"' - - enabled: 'no' - os: - - '5' - - '6' - - '7' - - '8' - - '9' - update_interval: '1h' - name: '"redhat"' - - enabled: 'no' - os: - - '8' - - '9' - update_interval: '1h' - name: '"almalinux"' - - enabled: 'no' - os: - - 'amazon-linux' - - 'amazon-linux-2' - - 'amazon-linux-2023' - update_interval: '1h' - name: '"alas"' - - enabled: 'no' - os: - - '11-server' - - '11-desktop' - - '12-server' - - '12-desktop' - - '15-server' - - '15-desktop' - update_interval: '1h' - name: '"suse"' - - enabled: 'no' - update_interval: '1h' - name: '"arch"' - - enabled: 'no' - update_interval: '1h' - name: '"msu"' - - enabled: 'no' - update_interval: '1h' - name: '"nvd"' +filebeat_node_name: node-1 +filebeat_output_indexer_hosts: + - "localhost" +filebeat_output_indexer_port: 9200 +indexer_security_user: admin +indexer_security_password: changeme +filebeat_ssl_dir: /etc/pki/filebeat + +wazuh_manager_vulnerability_detection: + enabled: 'yes' + indexer_status: 'yes' + feed_update_interval: '60m' + +wazuh_manager_indexer: + enabled: 'yes' + hosts: + - "{{ filebeat_output_indexer_hosts }}" ## Syscheck wazuh_manager_syscheck: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index c83dd4fd..d951c80f 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -258,37 +258,30 @@ {% endif %} - - {% if wazuh_manager_config.vulnerability_detector.enabled is defined %} - {{ wazuh_manager_config.vulnerability_detector.enabled }} - {% endif %} - {% if wazuh_manager_config.vulnerability_detector.interval is defined %} - {{ wazuh_manager_config.vulnerability_detector.interval }} - {% endif %} - {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %} - {{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }} - {% endif %} - {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} - {{ wazuh_manager_config.vulnerability_detector.run_on_start }} - {% endif %} - {% if wazuh_manager_config.vulnerability_detector.providers is defined %} - {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %} - - {% if provider_.enabled is defined %} - {{ provider_.enabled }} - {% endif %} - {% if provider_.os is defined %} - {% for os_ in provider_.os %} - {{ os_ }} - {% endfor %} - {% endif %} - {% if provider_.update_interval is defined %} - {{ provider_.update_interval }} - {% endif %} - - {% endfor %} - {% endif %} - + + {{ wazuh_manager_config.vulnerability_detection.enabled }} + {{ wazuh_manager_config.vulnerability_detection.indexer_status }} + {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} + + + + {{ wazuh_manager_config.wazuh_manager_indexer.enabled }} + + {% for item in wazuh_manager_indexer.hosts %} + https://{{ item }}:{{filebeat_output_indexer_port}} + {% endfor %} + + + {{ indexer_security_user }} + "{{ indexer_security_password }}" + + + {{ filebeat_ssl_dir }}/root-ca.pem + + {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem + {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem + + From 56d627aacfba6b8230b3d3d489d02bc3feae90ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 11:28:00 +0100 Subject: [PATCH 26/46] Indexer and VD must coincide in config --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d951c80f..42283cf1 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -259,13 +259,13 @@ - {{ wazuh_manager_config.vulnerability_detection.enabled }} + {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %} {{ wazuh_manager_config.vulnerability_detection.indexer_status }} {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} - {{ wazuh_manager_config.wazuh_manager_indexer.enabled }} + {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %} {% for item in wazuh_manager_indexer.hosts %} https://{{ item }}:{{filebeat_output_indexer_port}} From 29b78076e5a4ce75785975bf7033c0bf1496ce9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 12:47:20 +0100 Subject: [PATCH 27/46] Modify indexer variables --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 42283cf1..cef65c8d 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -259,21 +259,21 @@ - {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %} + {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} {{ wazuh_manager_config.vulnerability_detection.indexer_status }} {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} - {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.wazuh_manager_indexer.enabled == 'yes' %}yes{% else %}no{% endif %} + {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} - {% for item in wazuh_manager_indexer.hosts %} + {% for item in wazuh_manager_config.indexer.hosts %} https://{{ item }}:{{filebeat_output_indexer_port}} {% endfor %} {{ indexer_security_user }} - "{{ indexer_security_password }}" + {{ indexer_security_password }} {{ filebeat_ssl_dir }}/root-ca.pem From 57c70de47f08b9ec249926cd7227d4997ac5ea5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 14:55:13 +0100 Subject: [PATCH 28/46] Added spaces between variable --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index cef65c8d..77305ee6 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -268,7 +268,7 @@ {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} {% for item in wazuh_manager_config.indexer.hosts %} - https://{{ item }}:{{filebeat_output_indexer_port}} + https://{{ item }}:{{ filebeat_output_indexer_port }} {% endfor %} From b47c14033325e780288912e39823fbe61c45aa35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 15:20:09 +0100 Subject: [PATCH 29/46] Updated Filebeat module version to 0.4 --- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index ab43f383..3b39063a 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -8,7 +8,7 @@ filebeat_node_name: node-1 filebeat_output_indexer_hosts: - "localhost:9200" -filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz +filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz filebeat_module_package_path: /tmp/ filebeat_module_destination: /usr/share/filebeat/module filebeat_module_folder: /usr/share/filebeat/module/wazuh From 4193cb0850a9365db5c72ee13a6f5363314af1aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 18:28:09 +0100 Subject: [PATCH 30/46] Changed names in the default configuration --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 7ffcd970..517fc455 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -402,7 +402,8 @@ wazuh_manager_config_defaults: osquery: '{{ wazuh_manager_osquery }}' syscollector: '{{ wazuh_manager_syscollector }}' sca: '{{ wazuh_manager_sca }}' - vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' + vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}' + indexer: '{{ wazuh_manager_indexer }}' log_level: '{{ wazuh_manager_log_level }}' email_level: '{{ wazuh_manager_email_level }}' localfiles: '{{ wazuh_manager_localfiles }}' From bac757cb69aefe1efd4f3896e7cb2dc77365cd88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Mon, 18 Dec 2023 19:07:07 +0100 Subject: [PATCH 31/46] Fixed Filebeat node list --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 517fc455..1e650233 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -159,8 +159,7 @@ wazuh_manager_vulnerability_detection: wazuh_manager_indexer: enabled: 'yes' - hosts: - - "{{ filebeat_output_indexer_hosts }}" + hosts: "{{ filebeat_output_indexer_hosts }}" ## Syscheck wazuh_manager_syscheck: From f08c8930de6b34f6ebdbe9be02ebb769e4188d7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 19 Dec 2023 15:00:35 +0100 Subject: [PATCH 32/46] Fixed manager template in VD config --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 77305ee6..d14a7bf6 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -259,13 +259,13 @@ - {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} + {{ wazuh_manager_config.vulnerability_detection.enabled }} {{ wazuh_manager_config.vulnerability_detection.indexer_status }} {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} - {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' and wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} + {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} {% for item in wazuh_manager_config.indexer.hosts %} https://{{ item }}:{{ filebeat_output_indexer_port }} From 6f65896a15666c236874d483c9e814238a5a152b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 9 Jan 2024 10:41:19 -0300 Subject: [PATCH 33/46] Bump revision for alpha2 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 636f052c..cc9ada50 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40800" +REVISION="40802" From 65d896ec7f4cd1cc8e51a3b62b85dc9f1c02e13b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 24 Jan 2024 10:39:31 -0300 Subject: [PATCH 34/46] VD keystore changes --- .../ansible-wazuh-manager/tasks/main.yml | 9 ++++++++ .../var-ossec-etc-ossec-server.conf.j2 | 22 +++++++++---------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1c029b6c..1b928113 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -252,6 +252,15 @@ - init - config +- name: Generate the wazuh-keystore + shell: > + /var/ossec/bin/wazuh-keystore -f indexer -k user -v {{ indexer_security_user }} + /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }} + notify: restart wazuh-manager + tags: + - init + - config + - name: Ossec-authd password template: src: authd_pass.j2 diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d14a7bf6..d0b33170 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -267,20 +267,18 @@ {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %} - {% for item in wazuh_manager_config.indexer.hosts %} - https://{{ item }}:{{ filebeat_output_indexer_port }} - {% endfor %} + {% for item in wazuh_manager_config.indexer.hosts %} + https://{{ item }}:{{ filebeat_output_indexer_port }} + {% endfor %} - {{ indexer_security_user }} - {{ indexer_security_password }} - - - {{ filebeat_ssl_dir }}/root-ca.pem - - {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem - {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem - + + + {{ filebeat_ssl_dir }}/root-ca.pem + + {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem + {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem + From 5936bf290f645fb1d1dabb0e6ae924096a83e8e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 31 Jan 2024 09:26:13 -0300 Subject: [PATCH 35/46] Changed user for username in the wazuh-keystore command --- roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 1b928113..e8de0338 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -254,7 +254,7 @@ - name: Generate the wazuh-keystore shell: > - /var/ossec/bin/wazuh-keystore -f indexer -k user -v {{ indexer_security_user }} + /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }} /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }} notify: restart wazuh-manager tags: From b8203475687d1c394a3998d413639b07ac4ae192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 1 Feb 2024 16:13:41 +0100 Subject: [PATCH 36/46] Splitted wazuh-keystore generation task --- .../ansible-wazuh-manager/tasks/main.yml | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index e8de0338..ba1c5080 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -37,6 +37,22 @@ - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" +- name: Generate the wazuh-keystore (username) + shell: > + /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }} + notify: restart wazuh-manager + tags: + - init + - config + +- name: Generate the wazuh-keystore (password) + shell: > + /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }} + notify: restart wazuh-manager + tags: + - init + - config + - name: Install expect package: name: expect @@ -252,15 +268,6 @@ - init - config -- name: Generate the wazuh-keystore - shell: > - /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }} - /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }} - notify: restart wazuh-manager - tags: - - init - - config - - name: Ossec-authd password template: src: authd_pass.j2 From 21bfbac8cdd311f11b9e6024d26e536b2bb761fd Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 5 Feb 2024 04:58:29 -0300 Subject: [PATCH 37/46] bump revision --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index cc9ada50..4da3bcd8 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40802" +REVISION="40803" From 4c36c1de8b2a3254377fa616d112b7669b7d5997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 20 Feb 2024 16:05:25 -0300 Subject: [PATCH 38/46] ISM changes rollback --- roles/wazuh/wazuh-indexer/defaults/main.yml | 1 - roles/wazuh/wazuh-indexer/tasks/security_actions.yml | 8 -------- 2 files changed, 9 deletions(-) diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 8c959c50..9b68f219 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -28,7 +28,6 @@ domain_name: wazuh.com indexer_sec_plugin_conf_path: /etc/wazuh-indexer/opensearch-security indexer_sec_plugin_tools_path: /usr/share/wazuh-indexer/plugins/opensearch-security/tools -indexer_bin_path: /usr/share/wazuh-indexer/bin indexer_conf_path: /etc/wazuh-indexer indexer_index_path: /var/lib/wazuh-indexer/ diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml index 797e2dbd..93d1834e 100644 --- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml +++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml @@ -94,14 +94,6 @@ register: result until: result.rc == 0 - - name: Initialize ISM script - command: > - {{ indexer_bin_path }}/indexer-ism-init.sh - -p {{ indexer_admin_password }} - -i {{ target_address }} - become: yes - become_user: root - run_once: true - name: Create custom user From 9cd32e65e4e3c46fa7edb14d2b36424923dd3570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 23 Feb 2024 15:50:57 +0100 Subject: [PATCH 39/46] Bump revision to 40804 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 4da3bcd8..7abcd46a 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40803" +REVISION="40804" From cc6342235f41fd2551f64bd6417279053afea38b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 1 Mar 2024 10:11:44 -0300 Subject: [PATCH 40/46] Revision bump (4.8.0-beta3) --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 7abcd46a..789fe612 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40804" +REVISION="40805" From 99e83d2a877bbb57bac63646101cd84be6a80356 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 12 Mar 2024 11:01:41 +0100 Subject: [PATCH 41/46] Bumped version to 40806 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 789fe612..c38014b1 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40805" +REVISION="40806" From d98be9a0733f4223558d1383f59074ea943fd16a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 5 Apr 2024 12:09:39 +0200 Subject: [PATCH 42/46] Bumped revision to 40807 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index c38014b1..98b0ea1d 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40806" +REVISION="40807" From 022e899d90221ad6dfdfcf06f5d86d4633734194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 19 Apr 2024 09:56:27 +0200 Subject: [PATCH 43/46] Bumped revision to 40808 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 98b0ea1d..ed677dc1 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40807" +REVISION="40808" From dd3c2f81816d97439c867a6531b84794cde1d814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Fri, 3 May 2024 10:07:11 +0200 Subject: [PATCH 44/46] bump revision --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index ed677dc1..5d7ed291 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40808" +REVISION="40809" From 15c90501e8727dc1b299e1c0b66a8cce51913545 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 8 May 2024 09:37:09 -0300 Subject: [PATCH 45/46] Manager index-status tag update --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- .../templates/var-ossec-etc-ossec-server.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1e650233..528fba49 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -154,7 +154,7 @@ filebeat_ssl_dir: /etc/pki/filebeat wazuh_manager_vulnerability_detection: enabled: 'yes' - indexer_status: 'yes' + index_status: 'yes' feed_update_interval: '60m' wazuh_manager_indexer: diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d0b33170..5fbc02bf 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -260,7 +260,7 @@ {{ wazuh_manager_config.vulnerability_detection.enabled }} - {{ wazuh_manager_config.vulnerability_detection.indexer_status }} + {{ wazuh_manager_config.vulnerability_detection.index_status }} {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} From 8d98aa72f505080a42399c6cf2e0753bcc26ac2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 14 May 2024 10:39:29 +0200 Subject: [PATCH 46/46] add bump revision --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 5d7ed291..98e8fc8b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v4.8.0" -REVISION="40809" +REVISION="40810"