Merge branch '4.5.2' into merge-4.5.1-into-4.5.2

.github/playbooks/aio-wazuh.yml

@@ -3,6 +3,12 @@
   become: true
   become_user: root
   roles:
+    # 1. Check packages
+    - role: ../../roles/wazuh/check-packages
+      become: no
+      delegate_to: localhost
+      run_once: true
+    # 2. Generate certificates
     - role: ../../roles/wazuh/wazuh-indexer
       vars:
         generate_certs: true
@@ -30,24 +36,19 @@
   become: true
   become_user: root
   roles:
-    # 1. Check packages
+    # 1. Wazuh indexer
-    - role: ../../roles/wazuh/check-packages
-      become: no
-      delegate_to: localhost
-      run_once: true
-    # 2. Wazuh indexer
     - role: ../../roles/wazuh/wazuh-indexer
       vars:
         indexer_node_name: "wazuh-es01"
         single_node: true
-    # 3. Managers
+    # 2. Managers
     - role: ../../roles/wazuh/ansible-wazuh-manager
     - role: ../../roles/wazuh/ansible-filebeat-oss
       vars:
         filebeat_node_name: "wazuh-mgr01"
         filebeat_output_indexer_hosts:
         - "localhost:9200"
-    # 4. Wazuh dashboard
+    # 3. Wazuh dashboard
     - role: ../../roles/wazuh/wazuh-dashboard
       vars:
         dashboard_node_name: "wazuh-dash01"

.github/playbooks/single-wazuh.yml

@@ -2,6 +2,10 @@
 - name: ConvergeCerts
   hosts: localhost
   roles:
+    - role: ../../roles/wazuh/check-packages
+      become: no
+      delegate_to: localhost
+      run_once: true
     - role: ../../roles/wazuh/wazuh-indexer
       perform_installation: false
   vars:
@@ -15,12 +19,7 @@
 - name: ConvergeInstall
   hosts: localhost
   roles:
-    # 1. Check packages
+    # Managers
-    - role: ../../roles/wazuh/check-packages
-      become: no
-      delegate_to: localhost
-      run_once: true
-    # 2. Managers
     - role: ../../roles/wazuh/ansible-wazuh-manager
       vars:
     - role: ../../roles/wazuh/ansible-filebeat-oss

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v4.5.2]
+
+### Added
+
+- Update to [Wazuh v4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452)
+
 ## [v4.5.1]
 
 ### Added

README.md

@@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
+| v4.5.2        |         |        |
 | v4.5.1        |         |        |
 | v4.5.0        |         |        |
 | v4.4.5        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.5.1"
+WAZUH-ANSIBLE_VERSION="v4.5.2"
-REVISION="40503"
+REVISION="40504"

roles/wazuh/ansible-filebeat-oss/tasks/main.yml

@@ -23,6 +23,9 @@
   tags:
   - install
   - init
+  until: "install is not failed"  
+  retries: 10
+  delay: 10
   when: ansible_os_family == 'Debian'
 
 - name: Checking if Filebeat Module folder file exists

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 
-wazuh_agent_version: 4.5.1
+wazuh_agent_version: 4.5.2
 
 # Custom packages installation
 
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v4.5.1"
+  branch: "v4.5.2"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 
-wazuh_manager_version: 4.5.1
+wazuh_manager_version: 4.5.2
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v4.5.1"
+  branch: "v4.5.2"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"
@@ -174,6 +174,7 @@ wazuh_manager_sca:
 wazuh_manager_vulnerability_detector:
   enabled: 'no'
   interval: '5m'
+  min_full_scan_interval: '6h'
   run_on_start: 'yes'
   providers:
     - enabled: 'no'
@@ -181,19 +182,47 @@ wazuh_manager_vulnerability_detector:
         - 'trusty'
         - 'xenial'
         - 'bionic'
+        - 'focal'
+        - 'jammy'
       update_interval: '1h'
       name: '"canonical"'
     - enabled: 'no'
       os:
-        - 'wheezy'
-        - 'stretch'
-        - 'jessie'
         - 'buster'
+        - 'bullseye'
       update_interval: '1h'
       name: '"debian"'
     - enabled: 'no'
+      os:
+        - '5'
+        - '6'
+        - '7'
+        - '8'
+        - '9'
       update_interval: '1h'
       name: '"redhat"'
+    - enabled: 'no'
+      os:
+        - 'amazon-linux'
+        - 'amazon-linux-2'
+      update_interval: '1h'
+      name: '"alas"'
+    - enabled: 'no'
+      os:
+        - '11-server'
+        - '11-desktop'
+        - '12-server'
+        - '12-desktop'
+        - '15-server'
+        - '15-desktop'
+      update_interval: '1h'
+      name: '"suse"'
+    - enabled: 'no'
+      update_interval: '1h'
+      name: '"arch"'
+    - enabled: 'no'
+      update_interval: '1h'
+      name: '"msu"'
     - enabled: 'no'
       update_interval: '1h'
       name: '"nvd"'

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -8,6 +8,10 @@
       - tar
       - curl
     state: present
+  register: package_status
+  until: "package_status is not failed"  
+  retries: 10
+  delay: 10
 
 - include_vars: ../../vars/repo_vars.yml
 

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -265,6 +265,9 @@
   {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
     <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
   {% endif %}
+  {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %}
+    <min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval>
+  {% endif %}
   {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
     <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
   {% endif %}

roles/wazuh/check-packages/defaults/main.yml

@@ -1,2 +1,2 @@
 ---
-wazuh_version: 4.5.1
+wazuh_version: 4.5.2

roles/wazuh/wazuh-dashboard/defaults/main.yml

@@ -8,12 +8,12 @@ dashboard_node_name: node-1
 dashboard_server_host: "0.0.0.0"
 dashboard_server_port: "443"
 dashboard_server_name: "dashboard"
-wazuh_version: 4.5.1
+wazuh_version: 4.5.2
 indexer_cluster_nodes:
   - 127.0.0.1
 
 # The Wazuh dashboard package repository
-dashboard_version: "4.5.1"
+dashboard_version: "4.5.2"
 
 # API credentials
 wazuh_api_credentials:

roles/wazuh/wazuh-dashboard/vars/debian.yml

@@ -1,2 +1,2 @@
 ---
-dashboard_version: 4.5.1
+dashboard_version: 4.5.2

roles/wazuh/wazuh-indexer/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Cluster Settings
-indexer_version: 4.5.1
+indexer_version: 4.5.2
 
 single_node: false
 indexer_node_name: node-1