Merge pull request #1307 from wazuh/1305-merge-4.8.0-into-4.9.0

Merge 4.8.0 into 4.9.0

CHANGELOG.md

@@ -25,6 +25,12 @@ All notable changes to this project will be documented in this file.
 
 - Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
 
+## [v4.7.5]
+
+### Added
+
+- Update to [Wazuh v4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475)
+
 ## [v4.7.4]
 
 ### Added

README.md

@@ -20,6 +20,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 | v4.8.2        |         |        |
 | v4.8.1        |         |        |
 | v4.8.0        |         |        |
+| v4.7.5        |         |        |
 | v4.7.4        |         |        |
 | v4.7.3        |         |        |
 | v4.7.2        |         |        |

roles/wazuh/ansible-filebeat-oss/defaults/main.yml

@@ -22,7 +22,8 @@ filebeat_ssl_dir: /etc/pki/filebeat
 local_certs_path: "{{ playbook_dir }}/indexer/certificates"
 
 filebeatrepo:
-  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+  keyring_path: '/usr/share/keyrings/wazuh.gpg'
+  apt: "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main"
   yum: 'https://packages.wazuh.com/4.x/yum/'
   gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+  path: '/tmp/WAZUH-GPG-KEY'

roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml

@@ -9,11 +9,20 @@
   register: filebeat_ca_packages_install
   until: filebeat_ca_packages_install is succeeded
 
-- name: Debian/Ubuntu | Add Elasticsearch apt key.
+- name: Debian/Ubuntu | Download Filebeat apt key.
-  apt_key:
+  get_url:
     url: "{{ filebeatrepo.gpg }}"
-    id: "{{ filebeatrepo.key_id }}"
+    dest: "{{ filebeatrepo.path }}"
-    state: present
+
+- name: Import Filebeat GPG key
+  command: "gpg --no-default-keyring --keyring gnupg-ring:{{ filebeatrepo.keyring_path }} --import {{ filebeatrepo.path }}"
+  args:
+    creates: "{{ filebeatrepo.keyring_path }}"
+
+- name: Set permissions for Filebeat GPG key
+  file:
+    path: "{{ filebeatrepo.keyring_path }}"
+    mode: '0644'
 
 - name: Debian/Ubuntu | Add Filebeat-oss repository.
   apt_repository:

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -38,10 +38,26 @@
     - ansible_distribution_major_version | int == 14
     - not wazuh_custom_packages_installation_agent_enabled
 
-- name: Debian/Ubuntu | Installing Wazuh repository key
+- name: Debian/Ubuntu | Download Wazuh repository key
-  apt_key:
+  get_url:
     url: "{{ wazuh_agent_config.repo.gpg }}"
-    id: "{{ wazuh_agent_config.repo.key_id }}"
+    dest: "{{ wazuh_agent_config.repo.path }}"
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_custom_packages_installation_agent_enabled
+
+- name: Debian/Ubuntu | Import Wazuh GPG key
+  command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_agent_config.repo.keyring_path }} --import {{ wazuh_agent_config.repo.path }}"
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_custom_packages_installation_agent_enabled
+  args:
+    creates: "{{ wazuh_agent_config.repo.keyring_path }}"
+
+- name: Debian/Ubuntu | Set permissions for Wazuh GPG key
+  file:
+    path: "{{ wazuh_agent_config.repo.keyring_path }}"
+    mode: '0644'
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
     - not wazuh_custom_packages_installation_agent_enabled

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -154,7 +154,7 @@ filebeat_ssl_dir: /etc/pki/filebeat
 
 wazuh_manager_vulnerability_detection:
   enabled: 'yes'
-  indexer_status: 'yes'
+  index_status: 'yes'
   feed_update_interval: '60m'
 
 wazuh_manager_indexer:

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -26,10 +26,26 @@
     - ansible_distribution_major_version | int == 14
     - not wazuh_custom_packages_installation_manager_enabled
 
-- name: Debian/Ubuntu | Installing Wazuh repository key
+- name: Debian/Ubuntu | Download Wazuh repository key
-  apt_key:
+  get_url:
     url: "{{ wazuh_manager_config.repo.gpg }}"
-    id: "{{ wazuh_manager_config.repo.key_id }}"
+    dest: "{{ wazuh_manager_config.repo.path }}"
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_custom_packages_installation_manager_enabled
+
+- name: Debian/Ubuntu | Import Wazuh GPG key
+  command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}"
+  when:
+    - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+    - not wazuh_custom_packages_installation_manager_enabled
+  args:
+    creates: "{{ wazuh_manager_config.repo.keyring_path }}"
+
+- name: Debian/Ubuntu | Set permissions for Wazuh GPG key
+  file:
+    path: "{{ wazuh_manager_config.repo.keyring_path }}"
+    mode: '0644'
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
     - not wazuh_custom_packages_installation_manager_enabled

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -260,7 +260,7 @@
 
   <vulnerability-detection>
     <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
-    <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
+    <index-status>{{ wazuh_manager_config.vulnerability_detection.index_status }}</index-status>
     <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
   </vulnerability-detection>
 

roles/wazuh/vars/repo.yml

@@ -1,8 +1,9 @@
 wazuh_repo:
-  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
+  keyring_path: '/usr/share/keyrings/wazuh.gpg'
+  apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main'
   yum: 'https://packages.wazuh.com/4.x/yum/'
   gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+  path: '/tmp/WAZUH-GPG-KEY'
 wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"

roles/wazuh/vars/repo_pre-release.yml

@@ -1,8 +1,9 @@
 wazuh_repo:
-  apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
+  keyring_path: '/usr/share/keyrings/wazuh.gpg'
+  apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main'
   yum: 'https://packages-dev.wazuh.com/pre-release/yum/'
   gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+  path: '/tmp/WAZUH-GPG-KEY'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
@@ -10,7 +11,7 @@ filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat
 
 wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
 wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
-wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}"
+wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/pre-release/{{ wazuh_macos_intel_package_name }}"
 wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}"
 
 certs_gen_tool_version: 4.9

roles/wazuh/vars/repo_staging.yml

@@ -1,8 +1,9 @@
 wazuh_repo:
-  apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main'
+  keyring_path: '/usr/share/keyrings/wazuh.gpg'
+  apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main'
   yum: 'https://packages-dev.wazuh.com/staging/yum/'
   gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH'
-  key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
+  path: '/tmp/WAZUH-GPG-KEY'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"

roles/wazuh/wazuh-dashboard/tasks/Debian.yml

@@ -2,10 +2,20 @@
 - block:
 
   - include_vars: debian.yml
-  - name: Add apt repository signing key
+  - name: Download apt repository signing key
-    apt_key:
+    get_url:
       url: "{{ wazuh_repo.gpg }}"
-      state: present
+      dest: "{{ wazuh_repo.path }}"
+  
+  - name: Import Wazuh repository GPG key
+    command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}"
+    args:
+      creates: "{{ wazuh_repo.keyring_path }}"
+
+  - name: Set permissions for Wazuh repository GPG key
+    file:
+      path: "{{ wazuh_repo.keyring_path }}"
+      mode: '0644'
 
   - name: Debian systems | Add Wazuh dashboard repo
     apt_repository:

roles/wazuh/wazuh-indexer/tasks/Debian.yml

@@ -19,9 +19,19 @@
 - name: Add Wazuh indexer repository
   block:
     - name: Add apt repository signing key
-      apt_key:
+      get_url:
         url: "{{ wazuh_repo.gpg }}"
-        state: present
+        dest: "{{ wazuh_repo.path }}"
+  
+    - name: Import Wazuh repository GPG key
+      command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}"
+      args:
+        creates: "{{ wazuh_repo.keyring_path }}"
+
+    - name: Set permissions for Wazuh repository GPG key
+      file:
+        path: "{{ wazuh_repo.keyring_path }}"
+        mode: '0644'
 
     - name: Add Wazuh indexer repository
       apt_repository: