Merge pull request #822 from wazuh/merge-436-master

Merge v4.3.6 into master
2022-07-25 13:20:31 +02:00 · 2022-07-25 13:20:31 +02:00 · 68718a0a55
commit 68718a0a55
parent 9319ff4f6b 794222dc82
24 changed files with 49 additions and 592 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,24 @@ All notable changes to this project will be documented in this file.

 - Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)

+## [v4.3.6]
+
+### Added
+
+- Update to [Wazuh v4.3.6](https://github.com/wazuh/wazuh/blob/v4.3.6/CHANGELOG.md#v436)
+
+## [v4.3.5]
+
+### Added
+
+- Update to [Wazuh v4.3.5](https://github.com/wazuh/wazuh/blob/v4.3.5/CHANGELOG.md#v435)
+
+## [v4.3.4]
+
+### Added
+
+- Update to [Wazuh v4.3.4](https://github.com/wazuh/wazuh/blob/v4.3.4/CHANGELOG.md#v434)
+
 ## [v4.3.3]

 ### Added
--- a/README.md
+++ b/README.md
@ -17,6 +17,9 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 |---------------|---------|--------|
 | v4.5.0        |         |        |
 | v4.4.0        |         |        |
+| v4.3.6        |         |        |
+| v4.3.5        |         |        |
+| v4.3.4        |         |        |
 | v4.3.3        |         |        |
 | v4.3.2        |         |        |
 | v4.3.1        |         |        |
--- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
@ -1,36 +0,0 @@
---
-
-########################################################
-# Helper variables
-private_ip: '{{ ansible_default_ipv4.address }}'
-
-managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
-elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
-kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars)  | list }}"
-
-manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
-elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
-kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
-
-########################################################
-# Versions
-elastic_stack_version: 7.10.2
-filebeat_version: 7.10.2
-
-# Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.5.0-1
-wazuh_agent_version: 4.5.0-1
-
-# Kibana role appends it automatically.
-wazuh_version: 4.5.0
-
-########################################################
-# General ELK stack variables
-
-# Xpack Security: autogenerate CA
-generate_CA: true
-filebeat_xpack_security: true
-kibana_xpack_security: true
-elasticsearch_xpack_security: true
-elasticsearch_xpack_security_user: elastic
-elasticsearch_xpack_security_password: elastic_pass
--- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
+++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
@ -1,64 +0,0 @@
-import os
-import pytest
-import testinfra.utils.ansible_runner
-
-testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
-
-
-def get_wazuh_version():
-    """This return the version of Wazuh."""
-    return "4.5.0"
-
-
-def test_wazuh_packages_are_installed(host):
-    """Test the main packages are installed."""
-    manager = host.package("wazuh-manager")
-    assert manager.is_installed
-    assert manager.version.startswith(get_wazuh_version())
-
-
-def test_wazuh_services_are_running(host):
-    """Test the services are enabled and running.
-
-    When assert commands are commented, this means that the service command has
-    a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
-    """
-    # This currently doesn't work with out current Docker base images
-    # manager = host.service("wazuh-manager")
-    # api = host.service("wazuh-api")
-    # assert manager.is_running
-    # assert api.is_running
-    output = host.check_output(
-        'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
-        )
-    assert 'ossec-authd' in output
-    assert 'wazuh-modulesd' in output
-    assert 'wazuh-db' in output
-    assert 'ossec-execd' in output
-    assert 'ossec-monitord' in output
-    assert 'ossec-remoted' in output
-    assert 'ossec-logcollector' in output
-    assert 'ossec-analysisd' in output
-    assert 'ossec-syscheckd' in output
-
-
-@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
-    ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
-    ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
-])
-def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
-    """Test Wazuh related files exist and have proper owners and mode."""
-    wazuh_file_host = host.file(wazuh_file)
-    assert wazuh_file_host.user == wazuh_owner
-    assert wazuh_file_host.group == wazuh_group
-    assert wazuh_file_host.mode == wazuh_mode
-
-
-def test_filebeat_is_installed(host):
-    """Test the elasticsearch package is installed."""
-    filebeat = host.package("filebeat")
-    assert filebeat.is_installed
-    assert filebeat.version.startswith('7.10.2')
--- a/molecule/distributed-wazuh-elk/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk/group_vars/all.yml
@ -1,23 +0,0 @@
---
-
-########################################################
-# Helper variables
-private_ip: '{{ ansible_default_ipv4.address }}'
-
-managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
-elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
-
-manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
-elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
-
-########################################################
-# Versions
-elastic_stack_version: 7.10.2
-filebeat_version: 7.10.2
-
-# Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.5.0-1
-wazuh_agent_version: 4.5.0-1
-
-# Kibana role appends it automatically.
-wazuh_version: 4.5.0
--- a/molecule/distributed-wazuh-odfe/group_vars/all.yml
+++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml
@ -1,47 +0,0 @@
---
-
-########################################################
-# Helper variables
-private_ip: '{{ ansible_default_ipv4.address }}'
-
-managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
-elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
-kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars)  | list }}"
-
-manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
-elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
-kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
-
-########################################################
-# General ELK stack variables
-
-# OpenDistro
-kibana_opendistro_security: true
-
-opendistro_kibana_user: kibanaserver
-opendistro_security_user: elastic
-
-opendistro_kibana_password: changeme
-opendistro_security_password: admin
-opendistro_admin_password: changeme
-
-# All nodes are called by IP name
-elasticsearch_node_name: '{{ ansible_hostname }}'
-kibana_node_name: '{{ ansible_hostname }}'
-filebeat_node_name: '{{ ansible_hostname }}'
-
-########################################################
-# Versions
-# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/
-
-elastic_stack_version: 7.10.2
-opendistro_version: 1.13.2
-filebeat_version: 7.10.2
-kibana_opendistro_version: 1.13.2-1
-
-# Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.5.0-1
-wazuh_agent_version: 4.5.0-1
-
-# Kibana role appends it automatically.
-wazuh_version: 4.5.0
--- a/molecule/distributed-wazuh-odfe/tests/test_default.py
+++ b/molecule/distributed-wazuh-odfe/tests/test_default.py
@ -1,64 +0,0 @@
-import os
-import pytest
-import testinfra.utils.ansible_runner
-
-testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
-
-
-def get_wazuh_version():
-    """This return the version of Wazuh."""
-    return "4.5.0"
-
-
-def test_wazuh_packages_are_installed(host):
-    """Test the main packages are installed."""
-    manager = host.package("wazuh-manager")
-    assert manager.is_installed
-    assert manager.version.startswith(get_wazuh_version())
-
-
-def test_wazuh_services_are_running(host):
-    """Test the services are enabled and running.
-
-    When assert commands are commented, this means that the service command has
-    a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
-    """
-    # This currently doesn't work with out current Docker base images
-    # manager = host.service("wazuh-manager")
-    # api = host.service("wazuh-api")
-    # assert manager.is_running
-    # assert api.is_running
-    output = host.check_output(
-        'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
-        )
-    assert 'ossec-authd' in output
-    assert 'wazuh-modulesd' in output
-    assert 'wazuh-db' in output
-    assert 'ossec-execd' in output
-    assert 'ossec-monitord' in output
-    assert 'ossec-remoted' in output
-    assert 'ossec-logcollector' in output
-    assert 'ossec-analysisd' in output
-    assert 'ossec-syscheckd' in output
-
-
-@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
-    ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
-    ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
-])
-def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
-    """Test Wazuh related files exist and have proper owners and mode."""
-    wazuh_file_host = host.file(wazuh_file)
-    assert wazuh_file_host.user == wazuh_owner
-    assert wazuh_file_host.group == wazuh_group
-    assert wazuh_file_host.mode == wazuh_mode
-
-
-def test_filebeat_is_installed(host):
-    """Test the elasticsearch package is installed."""
-    filebeat = host.package("filebeat")
-    assert filebeat.is_installed
-    assert filebeat.version.startswith('7.10.2')
--- a/molecule/distributed-wazuh/group_vars/all.yml
+++ b/molecule/distributed-wazuh/group_vars/all.yml
@ -34,6 +34,6 @@ indexer_version: 4.5.0
 filebeat_version: 7.10.2
 wazuh_version: 4.5.0

-# Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.5.0-1
-wazuh_agent_version: 4.5.0-1
+# Debian packages need the ${VERSION}
+wazuh_manager_version: 4.5.0
+wazuh_agent_version: 4.5.0
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -1,53 +0,0 @@
---
-kibana_node_name: node-1
-
-elasticsearch_http_port: "9200"
-elasticsearch_network_host: "127.0.0.1"
-kibana_server_host: "0.0.0.0"
-kibana_server_port: "5601"
-kibana_conf_path: /etc/kibana
-elastic_stack_version: 7.10.2
-wazuh_version: 4.5.0
-wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
-
-elasticrepo:
-  apt: 'https://artifacts.elastic.co/packages/7.x/apt'
-  yum: 'https://artifacts.elastic.co/packages/7.x/yum'
-  gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
-  key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
-
-# API credentials
-wazuh_api_credentials:
-  - id: "default"
-    url: "https://localhost"
-    port: 55000
-    username: "wazuh"
-    password: "wazuh"
-
-# Xpack Security
-kibana_xpack_security: false
-kibana_ssl_verification_mode: "full"
-
-elasticsearch_xpack_security_user: elastic
-elasticsearch_xpack_security_password: elastic_pass
-
-node_certs_destination: /etc/kibana/certs
-
-# CA Generation
-master_certs_path: "{{ playbook_dir }}/es_certs"
-generate_CA: true
-ca_cert_name: ""
-
-# Nodejs
-nodejs:
-  repo_dict:
-      debian: "deb"
-      redhat: "rpm"
-  repo_url_ext: "nodesource.com/setup_10.x"
-
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
-
-#Nodejs NODE_OPTIONS
-node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
--- a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml
@ -1,57 +0,0 @@
-
---
-
- name: Update cache
-  apt:
-    update_cache: yes
-
- name: Debian 9 (Stretch)
-  when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
-  block:
-  
-    - name: Install OpenDistro dependencies
-      apt:
-        name: [
-          'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
-        ]
-        state: present
-
-    - name: Add the repository key for Debian's Stretch Backports repository
-      ansible.builtin.apt_key:
-        keyserver: keyserver.ubuntu.com
-        id: 648ACFD622F3D138
-    
-    - name: Add openjdk repository
-      apt_repository:
-        repo: "{{ package_repos.apt.openjdk.baseurl }}"
-        state: present
-        update_cache: yes
-        filename: 'wazuh-openjdk'
-
- name: Install openjdk-11-jdk
-  apt:
-    name: openjdk-11-jdk
-    state: present
-  environment:
-    JAVA_HOME: /usr
-
- name: Add Opendistro repository
-  block:
-    - name: Add apt repository signing key
-      apt_key:
-        url: "{{ package_repos.apt.opendistro.gpg }}"
-        state: present
-
-    - name: Add Opendistro repository
-      apt_repository:
-        repo: "{{ package_repos.apt.opendistro.baseurl }}"
-        state: present
-        filename: 'wazuh-opendistro'
-        update_cache: yes
-
- name: Install OpenDistro
-  apt:
-    name: opendistroforelasticsearch={{ opendistro_version }}-1
-    state: present
-  register: install
-  tags: install 
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@ -1,60 +0,0 @@
---
-
-# Kibana configuration
-elasticsearch_http_port: 9200
-elastic_api_protocol: https
-kibana_conf_path: /etc/kibana
-kibana_node_name: node-1
-kibana_server_host: "0.0.0.0"
-kibana_server_port: "5601"
-kibana_server_name: "kibana"
-kibana_max_payload_bytes: 1048576
-elastic_stack_version: 7.10.2
-wazuh_version: 4.5.0
-wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
-
-# The OpenDistro package repository
-kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
-
-package_repos:
-  yum:
-    opendistro:
-      baseurl: 'https://packages.wazuh.com/4.x/yum/'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  apt:
-    opendistro:
-      baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
-      gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-
-# API credentials
-wazuh_api_credentials:
-  - id: "default"
-    url: "https://localhost"
-    port: 55000
-    username: "wazuh"
-    password: "wazuh"
-
-# opendistro Security
-kibana_opendistro_security: true
-kibana_newsfeed_enabled: "false"
-kibana_telemetry_optin: "false"
-kibana_telemetry_enabled: "false"
-
-opendistro_admin_password: changeme
-opendistro_kibana_user: kibanaserver
-opendistro_kibana_password: changeme
-local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
-
-# Nodejs
-nodejs:
-  repo_dict:
-      debian: "deb"
-      redhat: "rpm"
-  repo_url_ext: "nodesource.com/setup_10.x"
-
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
-
-#Nodejs NODE_OPTIONS
-node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
--- a/roles/opendistro/opendistro-kibana/tasks/main.yml
+++ b/roles/opendistro/opendistro-kibana/tasks/main.yml
@ -1,124 +0,0 @@
---
-
- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
-  fail:
-    msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
-  when:
-    - build_from_sources
-    - ansible_distribution == "Debian"
-    - ansible_distribution_major_version == "10"
-
- import_tasks: RedHat.yml
-  when: ansible_os_family == 'RedHat'
-
- import_tasks: Debian.yml
-  when: ansible_os_family == 'Debian'
-
- name: Remove Kibana configuration file
-  file:
-    # noqa 503
-    path: "{{ kibana_conf_path }}/kibana.yml"
-    state: absent
-  tags: install
-
- import_tasks: security_actions.yml
-
- name: Copy Configuration File
-  blockinfile:
-    block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}"
-    dest: "{{ kibana_conf_path }}/kibana.yml"
-    create: true
-    group: kibana
-    owner: kibana
-    mode: 0640
-    marker: "## {mark} Kibana general settings ##"
-  notify: restart kibana
-  tags:
-    - install
-    - configure
-
- name: Ensuring Kibana directory owner
-  file:
-    # noqa 208
-    path: "/usr/share/kibana"
-    state: directory
-    owner: kibana
-    group: kibana
-    recurse: yes
-
- name: Build and Install Wazuh Kibana Plugin from sources
-  import_tasks: build_wazuh_plugin.yml
-  when:
-    - build_from_sources is defined
-    - build_from_sources
-
- name: Install Wazuh Plugin (can take a while)
-  shell: >-
-    NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
-    {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
-  args:
-    executable: /bin/bash
-    creates: /usr/share/kibana/plugins/wazuh/package.json
-    chdir: /usr/share/kibana
-  become: yes
-  become_user: kibana
-  notify: restart kibana
-  tags:
-    - install
-    - skip_ansible_lint
-  when:
-    - not build_from_sources
-
- name: Kibana optimization (can take a while)
-  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
-  args:
-    executable: /bin/bash
-  become: yes
-  become_user: kibana
-  changed_when: false
-  tags:
-    - skip_ansible_lint
-
- name: Wait for Elasticsearch port
-  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
-
- name: Select correct API protocol
-  set_fact:
-    elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}"
-
- name: Attempting to delete legacy Wazuh index if exists
-  uri:
-    url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
-    method: DELETE
-    user: "admin"
-    password: "{{ opendistro_admin_password }}"
-    validate_certs: no
-    status_code: 200, 404
-
- name: Create wazuh plugin config directory
-  file:
-    path: /usr/share/kibana/data/wazuh/config/
-    state: directory
-    recurse: yes
-    owner: kibana
-    group: kibana
-    mode: 0751
-  changed_when: False
-
- name: Configure Wazuh Kibana Plugin
-  template:
-    src: wazuh.yml.j2
-    dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
-    owner: kibana
-    group: kibana
-    mode: 0751
-  changed_when: False
-
- name: Ensure Kibana started and enabled
-  service:
-    name: kibana
-    enabled: true
-    state: started
-
- import_tasks: RMRedHat.yml
-  when: ansible_os_family == 'RedHat'
--- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
+++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
@ -1,13 +0,0 @@
- block:
-
-  - name: Copy the certificates from local to the Kibana instance
-    copy:
-      src: "{{ local_certs_path }}/certs/{{ item }}"
-      dest: /usr/share/kibana
-      mode: 0644
-    with_items:
-      - "root-ca.pem"
-      - "{{ kibana_node_name }}_http.key"
-      - "{{ kibana_node_name }}_http.pem"
-  tags:
-  - security
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat/defaults/main.yml
@ -1,36 +0,0 @@
---
-filebeat_version: 7.10.2
-
-wazuh_template_branch: v4.5.0
-
-filebeat_create_config: true
-
-filebeat_node_name: node-1
-
-filebeat_output_elasticsearch_hosts:
-  - "localhost:9200"
-
-filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
-filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
-filebeat_module_package_path: /tmp/
-filebeat_module_destination: /usr/share/filebeat/module
-filebeat_module_folder: /usr/share/filebeat/module/wazuh
-
-# Xpack Security
-filebeat_xpack_security: false
-
-elasticsearch_xpack_security_user: elastic
-elasticsearch_xpack_security_password: elastic_pass
-
-node_certs_destination: /etc/filebeat/certs
-
-# CA Generation
-master_certs_path: "{{ playbook_dir }}/es_certs"
-generate_CA: true
-ca_cert_name: ""
-
-elasticrepo:
-  apt: 'https://artifacts.elastic.co/packages/7.x/apt'
-  yum: 'https://artifacts.elastic.co/packages/7.x/yum'
-  gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
-  key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 4.5.0-1
+wazuh_agent_version: 4.5.0

 # Custom packages installation

--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@ -27,7 +27,7 @@

 - name: Linux Debian | Install wazuh-agent
  apt:
-    name: "wazuh-agent={{ wazuh_agent_version }}"
+    name: "wazuh-agent={{ wazuh_agent_version }}-*"
    state: present
    cache_valid_time: 3600
  when:
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.5.0-1
+wazuh_manager_version: 4.5.0

 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@ -173,7 +173,6 @@ wazuh_manager_sca:
 wazuh_manager_vulnerability_detector:
  enabled: 'no'
  interval: '5m'
-  ignore_time: '6h'
  run_on_start: 'yes'
  providers:
    - enabled: 'no'
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@ -107,7 +107,7 @@
 - name: Debian/Ubuntu | Install wazuh-manager
  apt:
    name:
-      - "wazuh-manager={{ wazuh_manager_version }}"
+      - "wazuh-manager={{ wazuh_manager_version }}-*"
    state: present
  tags: init
  when:
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -265,9 +265,6 @@
  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
  {% endif %}
-  {% if wazuh_manager_config.vulnerability_detector.ignore_time is defined %}
-    <ignore_time>{{ wazuh_manager_config.vulnerability_detector.ignore_time }}</ignore_time>
-  {% endif %}
  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
  {% endif %}
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@ -3,7 +3,8 @@ wazuh_repo:
  yum: 'https://packages.wazuh.com/4.x/yum/'
  gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.5.0-1.msi
+wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_package_name: wazuh-agent-{{ wazuh_agent_version }}-1.msi

 certs_gen_tool_version: 4.5

--- a/roles/wazuh/vars/repo_dev.yml
+++ b/roles/wazuh/vars/repo_dev.yml
@ -3,7 +3,8 @@ wazuh_repo:
  yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
  gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
-wazuh_winagent_config_url: https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-4.5.0-1.msi
+wazuh_winagent_config_url: https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi
+wazuh_winagent_package_name: wazuh-agent-{{ wazuh_agent_version }}-1.msi

 certs_gen_tool_version: 4.5

--- a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml
+++ b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml
@ -13,6 +13,13 @@
      state: present
      update_cache: yes

+  - name: Install Wazuh dashboard dependencies
+    apt:
+      name: [
+        'libnss3-dev', 'fonts-liberation', 'libfontconfig1'
+      ]
+      state: present
+
  - name: Install Wazuh dashboard
    apt:
      name: "wazuh-dashboard={{ dashboard_version }}-*"
--- a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
+++ b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
@ -10,6 +10,14 @@
      gpgkey: "{{ wazuh_repo.gpg }}"
      gpgcheck: true

+  - name: Install Wazuh dashboard dependencies
+    yum:
+      name: [
+        'libnss3.so', 'xorg-x11-fonts-100dpi', 'xorg-x11-fonts-75dpi', 'xorg-x11-utils', 'xorg-x11-fonts-cyrillic', 'xorg-x11-fonts-Type1', 'xorg-x11-fonts-misc', 'fontconfig', 'freetype'
+      ]
+      state: present
+    ignore_errors: yes
+
  - name: Install Wazuh dashboard
    package:
      name: "wazuh-dashboard-{{ dashboard_version }}"
--- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
@ -30,8 +30,8 @@

  - name: Local action | Prepare the certificates generation template file
    template:
-      src: "templates/config.yml.j2"
-      dest: "{{ local_certs_path }}/config.yml"
+      src: "templates/wazuh-config.yml.j2"
+      dest: "{{ local_certs_path }}/wazuh-config.yml"
      mode: 0644
    register: tlsconfig_template