From 3da2b23a5b4f37e0e3eaef4cbb85fabc1b1c9026 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 19 Jul 2023 08:34:52 -0300 Subject: [PATCH 1/6] Bump to 4.5.2 --- CHANGELOG.md | 6 ++++++ README.md | 1 + VERSION | 4 ++-- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- roles/wazuh/check-packages/defaults/main.yml | 2 +- roles/wazuh/wazuh-dashboard/defaults/main.yml | 4 ++-- roles/wazuh/wazuh-dashboard/vars/debian.yml | 2 +- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- 9 files changed, 18 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 15d3ed48..6b9e37ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.5.2] + +### Added + +- Update to [Wazuh v4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452) + ## [v4.5.1] ### Added diff --git a/README.md b/README.md index 203cee7f..34f1502a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | Wazuh version | Elastic | ODFE | |---------------|---------|--------| +| v4.5.2 | | | | v4.5.1 | | | | v4.5.0 | | | | v4.4.5 | | | diff --git a/VERSION b/VERSION index 647e71ba..49508ae2 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.5.1" -REVISION="40501" +WAZUH-ANSIBLE_VERSION="v4.5.2" +REVISION="40502" diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 401b8d10..37f409e7 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_agent_version: 4.5.1 +wazuh_agent_version: 4.5.2 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.5.1" + branch: "v4.5.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 464de50d..88a9fb20 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_manager_version: 4.5.1 +wazuh_manager_version: 4.5.2 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.5.1" + branch: "v4.5.2" user_language: "en" user_no_stop: "y" user_install_type: "server" diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml index fc34ce8f..28f82584 100644 --- a/roles/wazuh/check-packages/defaults/main.yml +++ b/roles/wazuh/check-packages/defaults/main.yml @@ -1,2 +1,2 @@ --- -wazuh_version: 4.5.1 +wazuh_version: 4.5.2 diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index fdc65a9d..df82bcc6 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -8,12 +8,12 @@ dashboard_node_name: node-1 dashboard_server_host: "0.0.0.0" dashboard_server_port: "443" dashboard_server_name: "dashboard" -wazuh_version: 4.5.1 +wazuh_version: 4.5.2 indexer_cluster_nodes: - 127.0.0.1 # The Wazuh dashboard package repository -dashboard_version: "4.5.1" +dashboard_version: "4.5.2" # API credentials wazuh_api_credentials: diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml index 36dc8a74..c4e7fd12 100644 --- a/roles/wazuh/wazuh-dashboard/vars/debian.yml +++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml @@ -1,2 +1,2 @@ --- -dashboard_version: 4.5.1 +dashboard_version: 4.5.2 diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 64445b9b..2a82d055 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -indexer_version: 4.5.1 +indexer_version: 4.5.2 single_node: false indexer_node_name: node-1 From 63cd551ad9aaba1553ea2442fc6764abfe959886 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Tue, 1 Aug 2023 12:41:09 -0300 Subject: [PATCH 2/6] Added retry in Debian/Ubuntu installs --- roles/wazuh/ansible-filebeat-oss/tasks/main.yml | 3 +++ roles/wazuh/ansible-wazuh-manager/tasks/main.yml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml index f86de14b..f39f6e73 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml @@ -23,6 +23,9 @@ tags: - install - init + until: "install is not failed" + retries: 10 + delay: 10 when: ansible_os_family == 'Debian' - name: Checking if Filebeat Module folder file exists diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 57ee132d..3e3e9a08 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -8,6 +8,10 @@ - tar - curl state: present + register: package_status + until: "package_status is not failed" + retries: 10 + delay: 10 - include_vars: ../../vars/repo_vars.yml From bb8a0f315204b19074266fbe5683bbd0c74b79cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Wed, 9 Aug 2023 15:18:17 +0200 Subject: [PATCH 3/6] Changed check_packages order --- .github/playbooks/aio-wazuh.yml | 17 +++++++++-------- .github/playbooks/single-wazuh.yml | 11 +++++------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml index 099f5876..d9f7e0d4 100644 --- a/.github/playbooks/aio-wazuh.yml +++ b/.github/playbooks/aio-wazuh.yml @@ -3,6 +3,12 @@ become: true become_user: root roles: + # 1. Check packages + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true + # 2. Generate certificates - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true @@ -30,24 +36,19 @@ become: true become_user: root roles: - # 1. Check packages - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true - # 2. Wazuh indexer + # 1. Wazuh indexer - role: ../../roles/wazuh/wazuh-indexer vars: indexer_node_name: "wazuh-es01" single_node: true - # 3. Managers + # 2. Managers - role: ../../roles/wazuh/ansible-wazuh-manager - role: ../../roles/wazuh/ansible-filebeat-oss vars: filebeat_node_name: "wazuh-mgr01" filebeat_output_indexer_hosts: - "localhost:9200" - # 4. Wazuh dashboard + # 3. Wazuh dashboard - role: ../../roles/wazuh/wazuh-dashboard vars: dashboard_node_name: "wazuh-dash01" diff --git a/.github/playbooks/single-wazuh.yml b/.github/playbooks/single-wazuh.yml index 5f55a22b..164b19a9 100644 --- a/.github/playbooks/single-wazuh.yml +++ b/.github/playbooks/single-wazuh.yml @@ -2,6 +2,10 @@ - name: ConvergeCerts hosts: localhost roles: + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true - role: ../../roles/wazuh/wazuh-indexer perform_installation: false vars: @@ -15,12 +19,7 @@ - name: ConvergeInstall hosts: localhost roles: - # 1. Check packages - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true - # 2. Managers + # Managers - role: ../../roles/wazuh/ansible-wazuh-manager vars: - role: ../../roles/wazuh/ansible-filebeat-oss From f32a85aaaa97b9b5d2667e13282d0e39e5918c94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 10 Aug 2023 10:50:08 +0200 Subject: [PATCH 4/6] Added missing providers --- .../ansible-wazuh-manager/defaults/main.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 88a9fb20..4ead9992 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -195,6 +195,30 @@ wazuh_manager_vulnerability_detector: update_from_year: '2010' update_interval: '1h' name: '"redhat"' + - enabled: 'no' + os: + - 'amazon-linux' + - 'amazon-linux-2' + update_interval: '1h' + name: '"alas"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"arch"' + - enabled: 'no' + os: + - '11-server' + - '11-desktop' + - '12-server' + - '12-desktop' + - '15-server' + - '15-desktop' + update_interval: '1h' + name: '"suse"' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: '"msu"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' From 238eb05b3c7368bddd505a21f9773902776a36bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 10 Aug 2023 13:48:33 +0200 Subject: [PATCH 5/6] Edited VD config and jinja2 template --- .../ansible-wazuh-manager/defaults/main.yml | 22 +++++++++++-------- .../var-ossec-etc-ossec-server.conf.j2 | 3 +++ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 4ead9992..3251a6ce 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -174,6 +174,7 @@ wazuh_manager_sca: wazuh_manager_vulnerability_detector: enabled: 'no' interval: '5m' + min_full_scan_interval: '6h' run_on_start: 'yes' providers: - enabled: 'no' @@ -181,18 +182,23 @@ wazuh_manager_vulnerability_detector: - 'trusty' - 'xenial' - 'bionic' + - 'focal' + - 'jammy' update_interval: '1h' name: '"canonical"' - enabled: 'no' os: - - 'wheezy' - - 'stretch' - - 'jessie' - 'buster' + - 'bullseye' update_interval: '1h' name: '"debian"' - enabled: 'no' - update_from_year: '2010' + os: + - '5' + - '6' + - '7' + - '8' + - '9' update_interval: '1h' name: '"redhat"' - enabled: 'no' @@ -201,10 +207,6 @@ wazuh_manager_vulnerability_detector: - 'amazon-linux-2' update_interval: '1h' name: '"alas"' - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: '"arch"' - enabled: 'no' os: - '11-server' @@ -216,7 +218,9 @@ wazuh_manager_vulnerability_detector: update_interval: '1h' name: '"suse"' - enabled: 'no' - update_from_year: '2010' + update_interval: '1h' + name: '"arch"' + - enabled: 'no' update_interval: '1h' name: '"msu"' - enabled: 'no' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index cf87a44c..658fcf43 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -265,6 +265,9 @@ {% if wazuh_manager_config.vulnerability_detector.interval is defined %} {{ wazuh_manager_config.vulnerability_detector.interval }} {% endif %} + {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %} + {{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }} + {% endif %} {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} From d58be72ee1cff76f6cc8acd0ab922c385972692a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 11 Aug 2023 13:12:24 +0200 Subject: [PATCH 6/6] Removed NVD `update_year` parameter --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3251a6ce..cd6e3bce 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -224,7 +224,6 @@ wazuh_manager_vulnerability_detector: update_interval: '1h' name: '"msu"' - enabled: 'no' - update_from_year: '2010' update_interval: '1h' name: '"nvd"'