Merge pull request #335 from wazuh/feature-332-default-installation

Changes to make `ossec.conf` equivalent to the default version

CHANGELOG.md

@@ -53,11 +53,11 @@ All notable changes to this project will be documented in this file.
 - Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334)
 
 
-## [v3.10.2_7.3.2]
+## [v3.11.0_7.3.2]
 
 ### Added
 
-- Update to Wazuh v3.10.2
+- Update to Wazuh v3.11.0
 
 ### Changed
 

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -7,6 +7,7 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 7.5.1
 wazuh_version: 3.11.0
+
 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
 
 # API credentials

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -140,7 +140,7 @@
 - name: Select correct API protocol
   set_fact:
     elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}"
-  
+
 - name: Attempting to delete legacy Wazuh index if exists
   uri:
     url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -2,7 +2,7 @@
 wazuh_agent_version: 3.11.0-1
 
 wazuh_agent_sources_installation:
-  enabled: false
+  enabled: "false"
   branch: "v3.11.0"
   user_language: "y"
   user_no_stop: "y"
@@ -26,7 +26,7 @@ wazuh_agent_sources_installation:
 wazuh_managers:
   - address: 127.0.0.1
     port: 1514
-    protocol: tcp
+    protocol: udp
     api_port: 55000
     api_proto: 'http'
     api_user: null
@@ -74,8 +74,6 @@ wazuh_agent_config:
     scan_on_start: 'yes'
     auto_ignore: 'no'
     alert_new_files: 'yes'
-    remove_old_diff: 'yes'
-    restart_audit: 'yes'
     win_audit_interval: 300
     skip_nfs: 'yes'
     ignore:
@@ -93,6 +91,10 @@ wazuh_agent_config:
       - /etc/svc/volatile
       - /sys/kernel/security
       - /sys/kernel/debug
+      - /dev/core
+    ignore_linux_type:
+      - '^/proc'
+      - '.log$|.swp$'
     ignore_win:
       - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
     no_diff:
@@ -248,11 +250,11 @@ wazuh_agent_config:
   osquery:
     disable: 'yes'
     run_daemon: 'yes'
-    bin_path_win: 'C:\ProgramData\osquery\osqueryd'
+    bin_path_win: 'C:\Program Files\osquery\osqueryd'
     log_path: '/var/log/osquery/osqueryd.results.log'
-    log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log'
+    log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
     config_path: '/etc/osquery/osquery.conf'
-    config_path_win: 'C:\ProgramData\osquery\osquery.conf'
+    config_path_win: 'C:\Program Files\osquery\osquery.conf'
     add_labels: 'yes'
   syscollector:
     disable: 'no'
@@ -274,18 +276,14 @@ wazuh_agent_config:
     time: ''
   cis_cat:
     disable: 'yes'
-    install_java: 'yes'
+    install_java: 'no'
     timeout: 1800
     interval: '1d'
     scan_on_start: 'yes'
-    java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
+    java_path: 'wodles/java'
     java_path_win: '\\server\jre\bin\java.exe'
-    ciscat_path: '/var/ossec/wodles/ciscat'
+    ciscat_path: 'wodles/ciscat'
     ciscat_path_win: 'C:\cis-cat'
-    content:
-      - type: 'xccdf'
-        path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
-        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
   vuls:
     disable: 'yes'
     interval: '1d'
@@ -318,16 +316,16 @@ wazuh_agent_config:
     linux:
       - format: 'syslog'
         location: '/var/ossec/logs/active-responses.log'
-      - format: 'command'
-        command: df -P -x squashfs -x tmpfs -x devtmpfs
-        frequency: '360'
-      - format: 'full_command'
-        command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
-        alias: 'netstat listening ports'
-        frequency: '360'
       - format: 'full_command'
         command: 'last -n 20'
         frequency: '360'
+      - format: 'command'
+        command: df -P
+        frequency: '360'
+      - format: 'full_command'
+        command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+        alias: 'netstat listening ports'
+        frequency: '360'
     windows:
       - format: 'eventlog'
         location: 'Application'

roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -51,7 +51,6 @@
   <rootcheck>
     <disabled>no</disabled>
     {% if ansible_system == "Linux" %}
-    <check_unixaudit>yes</check_unixaudit>
     <check_files>yes</check_files>
     <check_trojans>yes</check_trojans>
     <check_dev>yes</check_dev>
@@ -65,11 +64,6 @@
 
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
-    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
-    {% if cis_distribution_filename is defined %}
-    <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
-    {% endif %}
     <skip_nfs>yes</skip_nfs>
     {% endif %}
     {% if ansible_os_family == "Windows" %}
@@ -118,6 +112,13 @@
     {% endfor %}
     {% endif %}
 
+    <!-- File types to ignore -->
+    {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
+    <ignore type="sregex">{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
     {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
     {% for ignore in wazuh_agent_config.syscheck.ignore_win %}
     <ignore type="sregex">{{ ignore }}</ignore>
@@ -132,13 +133,6 @@
     
     <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
     {% endif %}
-    <!-- Remove not monitored files -->
-    <remove_old_diff>{{ wazuh_agent_config.syscheck.remove_old_diff }}</remove_old_diff>
-
-    {% if ansible_system == "Linux"%}
-    <!-- Allow the system to restart Auditd after installing the plugin -->
-    <restart_audit>{{ wazuh_agent_config.syscheck.restart_audit }}</restart_audit>
-    {% endif %} 
 
     {% if ansible_os_family == "Windows" %}
     {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
@@ -234,13 +228,6 @@
     <java_path>{{ wazuh_agent_config.cis_cat.java_path }}</java_path>
     {% endif %}
     <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
-    {% if ansible_system == "Linux" %}
-    {% for benchmark in wazuh_agent_config.cis_cat.content %}
-    <content type="{{ benchmark.type }}" path="{{ benchmark.path }}">
-      <profile>{{ benchmark.profile }}</profile>
-    </content>
-    {% endfor %}
-    {% endif %}
   </wodle>
   {% endif %}
 

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -87,7 +87,7 @@ wazuh_manager_config:
   connection:
     - type: 'secure'
       port: '1514'
-      protocol: 'tcp'
+      protocol: 'udp'
       queue_size: 131072
   authd:
     enable: true
@@ -97,6 +97,8 @@ wazuh_manager_config:
     force_time: 0
     purge: 'no'
     use_password: 'no'
+    limit_maxagents: 'yes'
+    ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
     ssl_agent_ca: null
     ssl_verify_host: 'no'
     ssl_manager_cert: 'sslmanager.cert'
@@ -105,13 +107,14 @@ wazuh_manager_config:
   email_notification: 'no'
   mail_to:
     - 'admin@example.net'
-  mail_smtp_server: localhost
+  mail_smtp_server: smtp.example.wazuh.com
-  mail_from: wazuh-server@example.com
+  mail_from: ossecm@example.wazuh.com
   mail_maxperhour: 12
   mail_queue_size: 131072
+  email_log_source: 'alerts.log'
   extra_emails:
     - enable: false
-      mail_to: 'admin@example.net'
+      mail_to: 'recipient@example.wazuh.com'
       format: full
       level: 7
       event_location: null
@@ -152,6 +155,10 @@ wazuh_manager_config:
       - /etc/svc/volatile
       - /sys/kernel/security
       - /sys/kernel/debug
+      - /dev/core
+    ignore_linux_type:
+      - '^/proc'
+      - '.log$|.swp$'
     no_diff:
       - /etc/ssl/private.key
     directories:
@@ -164,8 +171,6 @@ wazuh_manager_config:
       timeframe: 'timeframe="3600"'
       value: 'no'
     skip_nfs: 'yes'
-    remove_old_diff: 'yes'
-    restart_audit: 'yes'
   rootcheck:
     frequency: 43200
   openscap:
@@ -181,10 +186,6 @@ wazuh_manager_config:
     scan_on_start: 'yes'
     java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
     ciscat_path: 'wodles/ciscat'
-    content:
-      - type: 'xccdf'
-        path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
-        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
   osquery:
     disable: 'yes'
     run_daemon: 'yes'
@@ -209,20 +210,36 @@ wazuh_manager_config:
     day: ''
     wday: ''
     time: ''
-  vul_detector:
+  vulnerability_detector:
-    disable: 'yes'
+    enabled: 'no'
     interval: '5m'
     ignore_time: '6h'
     run_on_start: 'yes'
-    ubuntu:
+    providers:
-      disable: 'yes'
+      - enabled: 'no'
-      update_interval: '1h'
+        os:
-    redhat:
+          - 'precise'
-      disable: 'yes'
+          - 'trusty'
-      update_interval: '1h'
+          - 'xenial'
-    debian:
+          - 'bionic'
-      disable: 'yes'
+        update_interval: '1h'
-      update_interval: '1h'
+        name: '"canonical"'
+      - enabled: 'no'
+        os:
+          - 'wheezy'
+          - 'stretch'
+          - 'jessie'
+          - 'buster'
+        update_interval: '1h'
+        name: '"debian"'
+      - enabled: 'no'
+        update_from_year: '2010'
+        update_interval: '1h'
+        name: '"redhat"'
+      - enabled: 'no'
+        update_from_year: '2010'
+        update_interval: '1h'
+        name: '"nvd"'
   vuls:
     disable: 'yes'
     interval: '1d'
@@ -233,15 +250,15 @@ wazuh_manager_config:
       - 'updatenvd'
       - 'nvd-year 2016'
       - 'autoupdate'
-  log_level: 1
+  log_level: 3
   email_level: 12
   localfiles:
     common:
       - format: 'command'
-        command: df -P -x squashfs -x tmpfs -x devtmpfs
+        command: df -P
         frequency: '360'
       - format: 'full_command'
-        command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
+        command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
         alias: 'netstat listening ports'
         frequency: '360'
       - format: 'full_command'
@@ -268,18 +285,15 @@ wazuh_manager_config:
         location: '/var/log/audit/audit.log'
   globals:
     - '127.0.0.1'
-    - '192.168.2.1'
+    - '^localhost.localdomain$'
+    - '127.0.0.53'
   commands:
     - name: 'disable-account'
       executable: 'disable-account.sh'
       expect: 'user'
       timeout_allowed: 'yes'
-    # - name: 'restart-ossec'
+    - name: 'restart-ossec'
-    #   executable: 'restart-ossec.sh'
+      executable: 'restart-ossec.sh'
-    #   expect: ''
-    #   timeout_allowed: 'no'
-    - name: 'win_restart-ossec'
-      executable: 'restart-ossec.cmd'
       expect: ''
       timeout_allowed: 'no'
     - name: 'firewall-drop'
@@ -298,6 +312,10 @@ wazuh_manager_config:
       executable: 'route-null.cmd'
       expect: 'srcip'
       timeout_allowed: 'yes'
+    - name: 'win_route-null-2012'
+      executable: 'route-null-2012.cmd'
+      expect: 'srcip'
+      timeout_allowed: 'yes'
     - name: 'netsh'
       executable: 'netsh.cmd'
       expect: 'srcip'
@@ -327,7 +345,6 @@ wazuh_agent_configs:
     syscheck:
       frequency: 43200
       scan_on_start: 'yes'
-      auto_ignore: 'no'
       alert_new_files: 'yes'
       ignore:
         - /etc/mtab

roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml

@@ -61,6 +61,7 @@
           state: directory
 
     # When downloading "v3.11.0" extracted folder name is 3.11.0. 
+
     # Explicitly creating the folder with proper naming and striping first level in .tar.gz file
 
       - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -18,7 +18,7 @@
     <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
     <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
     <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
-    <queue_size>{{ wazuh_manager_config.mail_queue_size }}</queue_size>
+    <email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source>
   </global>
 
   <alerts>
@@ -115,7 +115,6 @@
   <!-- Policy monitoring -->
   <rootcheck>
     <disabled>no</disabled>
-    <check_unixaudit>yes</check_unixaudit>
     <check_files>yes</check_files>
     <check_trojans>yes</check_trojans>
     <check_dev>yes</check_dev>
@@ -129,11 +128,6 @@
 
     <rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans>
-    <system_audit>/var/ossec/etc/shared/default/system_audit_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/default/system_audit_ssh.txt</system_audit>
-    {% if cis_distribution_filename is defined %}
-    <system_audit>/var/ossec/etc/shared/default/{{ cis_distribution_filename }}</system_audit>
-    {% endif %}
 
     <skip_nfs>yes</skip_nfs>
   </rootcheck>
@@ -212,11 +206,6 @@
     <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>
     {% endif %}
     <ciscat_path>{{ wazuh_manager_config.cis_cat.ciscat_path }}</ciscat_path>
-    {% for benchmark in wazuh_manager_config.cis_cat.content %}
-    <content type="{{ benchmark.type }}" path="{{ benchmark.path }}">
-      <profile>{{ benchmark.profile }}</profile>
-    </content>
-    {% endfor %}
   </wodle>
 
   <!-- Osquery integration -->
@@ -265,24 +254,40 @@
   {% endif %}
   </sca>
 
-  <wodle name="vulnerability-detector">
+  <vulnerability-detector>
-    <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
+  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
-    <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>
+    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
-    <ignore_time>{{ wazuh_manager_config.vul_detector.ignore_time }}</ignore_time>
+  {% endif %}
-    <run_on_start>{{ wazuh_manager_config.vul_detector.run_on_start }}</run_on_start>
+  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <feed name="ubuntu-18">
+    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
-      <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
+  {% endif %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
+  {% if wazuh_manager_config.vulnerability_detector.ignore_time is defined %}
-    </feed>
+    <ignore_time>{{ wazuh_manager_config.vulnerability_detector.ignore_time }}</ignore_time>
-    <feed name="redhat">
+  {% endif %}
-      <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
+  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
+    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
-    </feed>
+  {% endif %}
-    <feed name="debian-9">
+  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-      <disabled>{{ wazuh_manager_config.vul_detector.debian.disable }}</disabled>
+  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.debian.update_interval }}</update_interval>
+    <provider name={{ provider_.name }}>
-    </feed>
+      {% if provider_.enabled is defined %}
-  </wodle>
+      <enabled>{{ provider_.enabled }}</enabled>
+      {% endif %}
+      {% if provider_.os is defined %}
+      {% for os_ in provider_.os %}
+      <os>{{ os_ }}</os>
+      {% endfor %}
+      {% endif %}
+      {% if provider_.update_from_year is defined %}
+      <update_from_year>{{ provider_.update_from_year }}</update_from_year>
+      {% endif %}
+      {% if provider_.update_interval is defined %}
+      <update_interval>{{ provider_.update_interval }}</update_interval>
+      {% endif %}
+    </provider>
+  {% endfor %}
+  {% endif %}
+  </vulnerability-detector>
 
   <!-- File integrity monitoring -->
   <syscheck>
@@ -293,7 +298,7 @@
     <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
 
-    <!-- Don't ignore files that change more than 'frequency' times -->
+    <!-- Do not ignore files that change more than 'frequency' times -->
     {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %}
     <auto_ignore {{ wazuh_manager_config.syscheck.auto_ignore_frequency.frequency }} {{ wazuh_manager_config.syscheck.auto_ignore_frequency.timeframe }}>{{wazuh_manager_config.syscheck.auto_ignore_frequency.value }}</auto_ignore>
     {% endif %}
@@ -312,6 +317,14 @@
     {% endfor %}
     {% endif %}
 
+    <!-- File types to ignore -->
+    {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
+    {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
+    <ignore type="sregex">{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+
     <!-- Files no diff -->
     {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
@@ -319,16 +332,6 @@
     {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
     <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
     {% endif %}
-
-    <!-- Remove not monitored files -->
-    {% if wazuh_manager_config.syscheck.remove_old_diff is defined %}
-    <remove_old_diff>{{ wazuh_manager_config.syscheck.remove_old_diff }}</remove_old_diff>
-    {% endif %}
-
-    <!-- Allow the system to restart Auditd after installing the plugin -->
-    {% if wazuh_manager_config.syscheck.restart_audit is defined %}
-    <restart_audit>{{ wazuh_manager_config.syscheck.restart_audit }}</restart_audit>
-    {% endif %}
   </syscheck>
 
   <global>
@@ -390,6 +393,12 @@
     {% if wazuh_manager_config.authd.use_password is not none %}
     <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
     {% endif %}
+    {% if wazuh_manager_config.authd.limit_maxagents is not none %}
+    <limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ciphers is not none %}
+    <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
+    {% endif %}    
     {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
     <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
     {% endif %}

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2

@@ -4,7 +4,9 @@
 <agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
   {% if agent_config.syscheck is defined %}
   <syscheck>
+    {% if agent_config.syscheck.auto_ignore is defined %}
     <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
+    {% endif %}
     <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
     <frequency>{{ agent_config.syscheck.frequency }}</frequency>

wazuh-qa

@@ -0,0 +1 @@
+Subproject commit 2699bb7ba8026daae2bb73f19ac50c2010b4677c