diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5c354794..ac66aff6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
# Change Log
All notable changes to this project will be documented in this file.
+## [v4.8.0]
+
+### Added
+
+- Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
+
## [v4.7.5]
### Added
diff --git a/README.md b/README.md
index 5c56c896..a44ab627 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| Wazuh version | Elastic | ODFE |
|---------------|---------|--------|
+| v4.8.0 | | |
| v4.7.5 | | |
| v4.7.4 | | |
| v4.7.3 | | |
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..54e59de1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+# Wazuh Open Source Project Security Policy
+
+Version: 2023-06-12
+
+## Introduction
+This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
+
+## Scope
+This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
+
+## Reporting Security Vulnerabilities
+If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
+
+Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
+
+## Vulnerability Disclosure Policy
+Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
+
+- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+- Validation: We will validate the issue and work on reproducing it in our environment.
+- Remediation: We will work on a fix and thoroughly test it
+- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+
+This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
+
+## Automatic Scanning
+We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
+
+## Credit
+We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
+
+We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
+
+## Compliance with this Policy
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+
+Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
+
+We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
+
+## Changes to this Security Policy
+This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
+
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).
diff --git a/VERSION b/VERSION
index 193eff78..98e8fc8b 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.7.5"
-REVISION="40719"
+WAZUH-ANSIBLE_VERSION="v4.8.0"
+REVISION="40810"
diff --git a/playbooks/wazuh-agent.yml b/playbooks/wazuh-agent.yml
index 22fcfa77..16ff48ae 100644
--- a/playbooks/wazuh-agent.yml
+++ b/playbooks/wazuh-agent.yml
@@ -10,7 +10,7 @@
port: 1514
protocol: tcp
api_port: 55000
- api_proto: 'http'
- api_user: ansible
+ api_proto: 'https'
+ api_user: wazuh
max_retries: 5
retry_interval: 5
\ No newline at end of file
diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
index 778b4f48..2a911a4e 100644
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@@ -45,9 +45,5 @@ nodejs:
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
-
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml
index 165a0891..1099b158 100644
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@@ -52,9 +52,6 @@ nodejs:
redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x"
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
#Nodejs NODE_OPTIONS
node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
index 14524685..5d11857c 100644
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@@ -1,14 +1,14 @@
---
filebeat_version: 7.10.2
-wazuh_template_branch: v4.7.5
+wazuh_template_branch: v4.8.0
filebeat_node_name: node-1
filebeat_output_indexer_hosts:
- - "localhost:9200"
+ - "localhost"
-filebeat_module_package_name: wazuh-filebeat-0.3.tar.gz
+filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz
filebeat_module_package_path: /tmp/
filebeat_module_destination: /usr/share/filebeat/module
filebeat_module_folder: /usr/share/filebeat/module/wazuh
diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md
index baf7e57e..10255e54 100644
--- a/roles/wazuh/ansible-wazuh-agent/README.md
+++ b/roles/wazuh/ansible-wazuh-agent/README.md
@@ -12,6 +12,8 @@ This role is compatible with:
* Fedora
* Debian
* Ubuntu
+ * Windows
+ * macOS
Role Variables
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index dd5b21df..33ad8474 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -1,5 +1,5 @@
---
-wazuh_agent_version: 4.7.5
+wazuh_agent_version: 4.8.0
# Custom packages installation
@@ -7,30 +7,6 @@ wazuh_custom_packages_installation_agent_enabled: false
wazuh_custom_packages_installation_agent_deb_url: ""
wazuh_custom_packages_installation_agent_rpm_url: ""
-# Sources installation
-
-wazuh_agent_sources_installation:
- enabled: false
- branch: "v4.7.5"
- user_language: "y"
- user_no_stop: "y"
- user_install_type: "agent"
- user_dir: "/var/ossec"
- user_delete_dir: "y"
- user_enable_active_response: "y"
- user_enable_syscheck: "y"
- user_enable_rootcheck: "y"
- user_enable_openscap: "n"
- user_enable_sca: "y"
- user_enable_authd: "y"
- user_generate_authd_cert: "n"
- user_update: "y"
- user_binaryinstall: null
- user_agent_server_ip: "YOUR_MANAGER_IP"
- user_agent_server_name: null
- user_agent_config_profile: null
- user_ca_store: "{{ wazuh_dir }}/wpk_root.pem"
-
wazuh_agent_yum_lock_timeout: 30
# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials.
@@ -40,6 +16,7 @@ authd_pass: ''
wazuh_api_reachable_from_agent: yes
wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
+wazuh_profile_macos: 'darwin, darwin21, darwin21.1'
wazuh_auto_restart: 'yes'
wazuh_notify_time: '10'
@@ -54,6 +31,11 @@ wazuh_winagent_config:
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_sha512: True
+# macOS deployment
+wazuh_macos_config:
+ download_dir: /tmp/
+ install_dir: /Library/Ossec/
+
wazuh_dir: "/var/ossec"
# This is deprecated, see: wazuh_agent_address
@@ -100,6 +82,7 @@ wazuh_agent_enrollment:
agent_certificate_path: ''
agent_key_path: ''
authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass"
+ authorization_pass_path_macos: "/etc/authd.pass"
auto_method: 'no'
delay_after_enrollment: 20
use_source_ip: 'no'
@@ -225,6 +208,11 @@ wazuh_agent_syscheck:
checks: ''
- dirs: /bin,/sbin,/boot
checks: ''
+ macos_directories:
+ - dirs: /etc,/usr/bin,/usr/sbin
+ checks: ''
+ - dirs: /bin,/sbin
+ checks: ''
win_directories:
- dirs: '%WINDIR%'
checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"'
@@ -327,6 +315,17 @@ wazuh_agent_localfiles:
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
alias: 'netstat listening ports'
frequency: '360'
+ macos:
+ - format: 'full_command'
+ command: netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u
+ alias: 'netstat listening ports'
+ frequency: '360'
+ - format: 'macos'
+ location: 'macos'
+ query:
+ type: 'trace,log,activity'
+ level: 'info'
+ value: (process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")
windows:
- format: 'eventlog'
location: 'Application'
@@ -350,6 +349,7 @@ wazuh_agent_active_response:
ar_disabled: 'no'
ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem"
ca_store_win: 'wpk_root.pem'
+ ca_store_macos: 'etc/wpk_root.pem'
ca_verification: 'yes'
## Logging
diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
index 84f3ff45..f4770eb3 100644
--- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
@@ -4,3 +4,6 @@
- name: Windows | Restart Wazuh Agent
win_service: name=WazuhSvc start_mode=auto state=restarted
+
+- name: macOS | Restart Wazuh Agent
+ command: /Library/Ossec/bin/wazuh-control restart
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index ac49a71c..372d895e 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -36,7 +36,6 @@
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key
@@ -45,7 +44,6 @@
id: "{{ wazuh_agent_config.repo.key_id }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Add Wazuh repositories
@@ -55,7 +53,6 @@
state: present
update_cache: true
when:
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for debian
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 99913e7b..64ac3400 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -5,10 +5,6 @@
- include_tasks: "Debian.yml"
when: ansible_os_family == "Debian"
-- include_tasks: "installation_from_sources.yml"
- when:
- - wazuh_agent_sources_installation.enabled
-
- include_tasks: "installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_agent_enabled
@@ -20,7 +16,6 @@
lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
when:
- ansible_os_family|lower == "redhat"
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
tags:
- init
@@ -32,7 +27,6 @@
cache_valid_time: 3600
when:
- ansible_os_family|lower != "redhat"
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- not ansible_check_mode
tags:
@@ -271,9 +265,7 @@
- include_tasks: "RMRedHat.yml"
when:
- ansible_os_family == "RedHat"
- - not wazuh_agent_sources_installation.enabled
- include_tasks: "RMDebian.yml"
when:
- ansible_os_family == "Debian"
- - not wazuh_agent_sources_installation.enabled
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
index 17d97c96..5c053542 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@@ -10,7 +10,6 @@
when:
- (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5)
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
register: repo_v5_installed
@@ -24,7 +23,6 @@
changed_when: false
when:
- repo_v5_installed is skipped
- - not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
deleted file mode 100644
index fbfecd5b..00000000
--- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
+++ /dev/null
@@ -1,100 +0,0 @@
----
- - name: Install dependencies to build Wazuh packages
- package:
- name:
- - make
- - gcc
- - automake
- - autoconf
- - libtool
- - tar
- state: present
-
- - name: Removing old files
- file:
- path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
- state: absent
-
- - name: Removing old folders
- file:
- path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
- state: absent
-
- - name: Installing policycoreutils-python (RedHat families)
- package:
- name:
- - policycoreutils-python
- when:
- - ansible_os_family|lower == "redhat"
-
- - name: Installing policycoreutils-python-utils (Debian families)
- package:
- name:
- - libc6-dev
- - curl
- - policycoreutils
- when:
- - ansible_os_family|lower == "debian"
-
- - name: Download required packages from github.com/wazuh/wazuh
- get_url:
- url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
- dest: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
- delegate_to: "{{ inventory_hostname }}"
- changed_when: false
-
- - name: Create folder to extract Wazuh branch
- file:
- path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
- mode: 0755
- state: directory
- changed_when: false
-
- - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
- command: >-
- tar -xzvf /tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz
- --strip 1
- --directory /tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}
- register: wazuh_untar
- changed_when: false
- args:
- warn: false
-
- - name: Clean remaining files from others builds
- command: "make -C src {{ item }}"
- args:
- chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/src/"
- with_items:
- - "clean"
- - "clean-deps"
- register: clean_result
- changed_when: clean_result.rc == 0
- failed_when: false
-
- - name: Render the "preloaded-vars.conf" file
- template:
- src: "templates/preloaded_vars_agent.conf.j2"
- dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
- owner: root
- group: root
- mode: 0644
- changed_when: false
-
- - name: Executing "install.sh" script to build and install the Wazuh Agent
- shell: ./install.sh > /tmp/build_agent_log.txt
- register: installation_result
- changed_when: installation_result == 0
- args:
- chdir: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
-
- - name: Cleanup downloaded files
- file:
- path: "/tmp/{{ wazuh_agent_sources_installation.branch }}.tar.gz"
- state: absent
- changed_when: false
-
- - name: Cleanup created folders
- file:
- path: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}"
- state: absent
- changed_when: false
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml
new file mode 100644
index 00000000..9c1f6ce7
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml
@@ -0,0 +1,231 @@
+---
+- name: macOS | Check architecture
+ command: "/usr/bin/uname -m"
+ register: uname_result
+
+- name: macOS | Set architecture variable
+ set_fact:
+ macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"
+
+- name: macOS | Set package name and URL based on architecture
+ set_fact:
+ wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
+ wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"
+
+- name: macOS | Check if Wazuh installer is already downloaded
+ stat:
+ path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
+ register: wazuh_package_downloaded
+
+- name: macOS | Download Wazuh Agent package
+ get_url:
+ url: "{{ wazuh_macos_package_url }}"
+ dest: "{{ wazuh_macos_config.download_dir }}"
+ register: download_result
+ when:
+ - not wazuh_package_downloaded.stat.exists
+
+- name: macOS | Check if Wazuh Agent is already installed
+ stat:
+ path: "{{ wazuh_macos_config.install_dir }}"
+ register: wazuh_installed
+
+- name: macOS | Install Agent if not already installed
+ command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
+ register: install_result
+
+- name: macOS | Check if client.keys exists
+ stat:
+ path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys"
+ register: client_keys_file
+ tags:
+ - config
+
+- name: macOS | Agent registration via authd
+ block:
+ - name: macOS | Register agent (via authd)
+ shell: >
+ {{ wazuh_macos_config.install_dir }}/bin/agent-auth
+ {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
+ -A {{ wazuh_agent_authd.agent_name }}
+ {% endif %}
+ -m {{ wazuh_agent_authd.registration_address }}
+ -p {{ wazuh_agent_authd.port }}
+ {% if wazuh_agent_nat %} -I "any" {% endif %}
+ {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
+ {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
+ {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
+ -G "{{ wazuh_agent_authd.groups | join(',') }}"
+ {% endif %}
+ register: agent_auth_output
+ notify: macOS | Restart Wazuh Agent
+ vars:
+ agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
+ when:
+ - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
+ - wazuh_agent_authd.registration_address is not none
+
+ - name: macOS | Verify agent registration
+ shell: >
+ sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
+ when:
+ - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
+ - wazuh_agent_authd.registration_address is not none
+ when:
+ - wazuh_agent_authd.enable | bool
+ - wazuh_agent_config.enrollment.enabled != 'yes'
+ tags:
+ - config
+ - authd
+
+- name: macOS | Agent registration via rest-API
+ block:
+
+ - name: macOS | Establish target Wazuh Manager for registration task
+ set_fact:
+ target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
+ vars:
+ manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
+ manager_fallback: "{{ wazuh_managers | list }}"
+
+ - name: macOS | Obtain JWT Token
+ uri:
+ url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
+ method: POST
+ url_username: '{{ target_manager.api_user }}'
+ url_password: '{{ api_pass }}'
+ status_code: 200
+ return_content: yes
+ force_basic_auth: yes
+ validate_certs: '{{ target_manager.validate_certs | default(false) }}'
+ no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
+ delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
+ changed_when: api_jwt_result.json.error == 0
+ register: api_jwt_result
+ become: no
+ tags:
+ - config
+ - api
+
+ - name: macOS | Create the agent key via rest-API
+ uri:
+ url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
+ method: POST
+ body_format: json
+ body:
+ name: '{{ agent_name }}'
+ headers:
+ Authorization: 'Bearer {{ jwt_token }}'
+ status_code: 200
+ return_content: yes
+ validate_certs: '{{ target_manager.validate_certs | default(false) }}'
+ become: no
+ no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
+ delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
+ changed_when: api_agent_post.json.error == 0
+ register: api_agent_post
+ vars:
+ agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+ jwt_token: '{{ api_jwt_result.json.data.token }}'
+ tags:
+ - config
+ - api
+
+ - name: macOS | Validate registered agent key matches manager record
+ uri:
+ url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
+ method: GET
+ headers:
+ Authorization: 'Bearer {{ jwt_token }}'
+ status_code: 200
+ return_content: yes
+ validate_certs: '{{ target_manager.validate_certs | default(false) }}'
+ become: no
+ no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
+ delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
+ register: api_agent_validation
+ vars:
+ agent_id: '{{ api_agent_post.json.data.id }}'
+ agent_key: '{{ api_agent_post.json.data.key }}'
+ jwt_token: '{{ api_jwt_result.json.data.token }}'
+ failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
+ when:
+ - wazuh_agent_api_validate | bool
+ - api_agent_post.json.error == 0
+ tags:
+ - config
+ - api
+
+ - name: macOS | Import Key (via rest-API)
+ command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents"
+ environment:
+ OSSEC_ACTION: i
+ OSSEC_AGENT_NAME: '{{ agent_name }}'
+ OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
+ OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
+ OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
+ OSSEC_ACTION_CONFIRMED: y
+ register: manage_agents_output
+ vars:
+ agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
+ notify: macOS | Restart Wazuh Agent
+ when:
+ - not ( wazuh_agent_authd.enable | bool )
+ - wazuh_agent_config.enrollment.enabled != 'yes'
+ - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
+ tags:
+ - config
+ - api
+
+- name: macOS | Agent registration via auto-enrollment
+ debug:
+ msg: Agent registration will be performed through enrollment option in templated ossec.conf
+ when: wazuh_agent_config.enrollment.enabled == 'yes'
+
+- name: macOS | Ensure group "wazuh" exists
+ ansible.builtin.group:
+ name: wazuh
+ state: present
+
+- name: macOS | Installing agent configuration (ossec.conf)
+ template:
+ src: var-ossec-etc-ossec-agent.conf.j2
+ dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf"
+ owner: root
+ group: wazuh
+ mode: 0644
+ notify: macOS | Restart Wazuh Agent
+ tags:
+ - init
+ - config
+
+- name: macOS | Installing local_internal_options.conf
+ template:
+ src: var-ossec-etc-local-internal-options.conf.j2
+ dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf"
+ owner: root
+ group: wazuh
+ mode: 0640
+ notify: macOS | Restart Wazuh Agent
+ tags:
+ - init
+ - config
+
+- name: Create auto-enrollment password file
+ template:
+ src: authd_pass.j2
+ dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
+ owner: wazuh
+ group: wazuh
+ mode: 0640
+ when:
+ - wazuh_agent_config.enrollment.enabled == 'yes'
+ - wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
+ - authd_pass | length > 0
+ tags:
+ - config
+
+- name: macOS | Delete downloaded Wazuh agent installer file
+ file:
+ path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
+ state: absent
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
index d12446b1..26c27817 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
@@ -23,3 +23,6 @@
- include_tasks: "Linux.yml"
when: ansible_system == "Linux"
+
+- include_tasks: "macOS.yml"
+ when: ansible_system == "Darwin"
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2
deleted file mode 100644
index 0887b367..00000000
--- a/roles/wazuh/ansible-wazuh-agent/templates/preloaded_vars_agent.conf.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-{% for key, value in wazuh_agent_sources_installation.items() %}
-{% if "user_" in key %}
-{% if value is defined and value is not none %}
-{{ key|upper }}="{{ value }}"
-{% endif %}
-{% endif %}
-{% endfor %}
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 8eef3d1d..b1a28249 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -30,6 +30,9 @@
{{ wazuh_profile_ubuntu }}
{% endif %}
{% endif %}
+ {% if ansible_system == "Darwin" %}
+ {{ wazuh_profile_macos }}
+ {% endif %}
{% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
{{ wazuh_notify_time }}
{{ wazuh_time_reconnect }}
@@ -64,8 +67,10 @@
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
{{ wazuh_agent_config.enrollment.agent_key_path }}
{% endif %}
- {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %}
+ {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %}
{{ wazuh_agent_config.enrollment.authorization_pass_path }}
+ {% else %}
+ {{ wazuh_agent_config.enrollment.authorization_pass_path_macos }}
{% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
{{ wazuh_agent_config.enrollment.auto_method }}
@@ -91,7 +96,7 @@
{% if wazuh_agent_config.rootcheck is defined %}
no
- {% if ansible_system == "Linux" %}
+ {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
yes
yes
yes
@@ -103,8 +108,13 @@
{{ wazuh_agent_config.rootcheck.frequency }}
+ {% if ansible_system == "Darwin" %}
+ etc/shared/rootkit_files.txt
+ etc/shared/rootkit_trojans.txt
+ {% else %}
{{ wazuh_dir }}/etc/shared/rootkit_files.txt
{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt
+ {% endif %}
yes
{% endif %}
{% if ansible_os_family == "Windows" %}
@@ -112,6 +122,7 @@
./shared/win_malware_rcl.txt
{% endif %}
+
{% endif %}
@@ -179,6 +190,7 @@
{% endif %}
+ {% if ansible_system != "Darwin" %}
{{ wazuh_agent_config.cis_cat.disable }}
{{ wazuh_agent_config.cis_cat.timeout }}
@@ -193,6 +205,7 @@
{% endif %}
{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}
+ {% endif %}
@@ -249,13 +262,17 @@
no
{{ wazuh_agent_config.syscheck.frequency }}
- {% if ansible_system == "Linux" %}
+ {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
{{ wazuh_agent_config.syscheck.scan_on_start }}
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
{{ directory.dirs }}
{% endfor %}
+ {% elif ansible_system == "Darwin" %}
+ {% for directory in wazuh_agent_config.syscheck.macos_directories %}
+ {{ directory.dirs }}
+ {% endfor %}
{% endif %}
{% endif %}
@@ -267,7 +284,7 @@
{% endif %}
- {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
+ {% if wazuh_agent_config.syscheck.ignore is defined and (ansible_system == "Linux" or ansible_system == "Darwin") %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
{{ ignore }}
{% endfor %}
@@ -286,7 +303,7 @@
{% endfor %}
{% endif %}
- {% if ansible_system == "Linux" %}
+ {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
{{ no_diff }}
@@ -363,6 +380,27 @@
{% endfor %}
{% endif %}
+ {% if ansible_system == "Darwin" %}
+ {% for localfile in wazuh_agent_config.localfiles.macos %}
+
+
+ {{ localfile.format }}
+ {% if localfile.format == 'command' or localfile.format == 'full_command' %}
+ {{ localfile.command }}
+ {{ localfile.frequency }}
+ {% if localfile.alias is defined %}
+ {{ localfile.alias }}
+ {% endif %}
+ {% else %}
+ {{ localfile.location }}
+ {% if localfile.format == 'macos' %}
+ {{ localfile.query.value }}
+ {% endif %}
+ {% endif %}
+
+ {% endfor %}
+ {% endif %}
+
{% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %}
@@ -439,7 +477,15 @@
{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}
- {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}
+
+ {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}
+ {% else %}
+ {% if ansible_system == "Darwin" %}{{ wazuh_agent_config.active_response.ca_store_macos }}
+ {% else %}
+ {{ wazuh_agent_config.active_response.ca_store }}
+ {% endif %}
+ {% endif %}
+
{{ wazuh_agent_config.active_response.ca_verification }}
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 1ba23d93..528fba49 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -1,5 +1,5 @@
---
-wazuh_manager_version: 4.7.5
+wazuh_manager_version: 4.8.0
wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present
@@ -9,32 +9,6 @@ wazuh_custom_packages_installation_manager_enabled: false
wazuh_custom_packages_installation_manager_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/"
-# Sources installation
-wazuh_manager_sources_installation:
- enabled: false
- branch: "v4.7.5"
- user_language: "en"
- user_no_stop: "y"
- user_install_type: "server"
- user_dir: "/var/ossec"
- user_delete_dir: null
- user_enable_active_response: null
- user_enable_syscheck: "y"
- user_enable_rootcheck: "y"
- user_enable_openscap: "n"
- user_enable_authd: "y"
- user_generate_authd_cert: null
- user_update: "y"
- user_binaryinstall: null
- user_enable_email: "n"
- user_auto_start: "y"
- user_email_address: null
- user_email_smpt: null
- user_enable_syslog: "n"
- user_white_list: "n"
- user_ca_store: null
- threads: "2"
-
wazuh_dir: "/var/ossec"
##########################################
@@ -170,69 +144,22 @@ wazuh_manager_sca:
time: ''
## Vulnerability Detector
-wazuh_manager_vulnerability_detector:
- enabled: 'no'
- interval: '5m'
- min_full_scan_interval: '6h'
- run_on_start: 'yes'
- providers:
- - enabled: 'no'
- os:
- - 'trusty'
- - 'xenial'
- - 'bionic'
- - 'focal'
- - 'jammy'
- update_interval: '1h'
- name: '"canonical"'
- - enabled: 'no'
- os:
- - 'buster'
- - 'bullseye'
- - 'bookworm'
- update_interval: '1h'
- name: '"debian"'
- - enabled: 'no'
- os:
- - '5'
- - '6'
- - '7'
- - '8'
- - '9'
- update_interval: '1h'
- name: '"redhat"'
- - enabled: 'no'
- os:
- - '8'
- - '9'
- update_interval: '1h'
- name: '"almalinux"'
- - enabled: 'no'
- os:
- - 'amazon-linux'
- - 'amazon-linux-2'
- - 'amazon-linux-2023'
- update_interval: '1h'
- name: '"alas"'
- - enabled: 'no'
- os:
- - '11-server'
- - '11-desktop'
- - '12-server'
- - '12-desktop'
- - '15-server'
- - '15-desktop'
- update_interval: '1h'
- name: '"suse"'
- - enabled: 'no'
- update_interval: '1h'
- name: '"arch"'
- - enabled: 'no'
- update_interval: '1h'
- name: '"msu"'
- - enabled: 'no'
- update_interval: '1h'
- name: '"nvd"'
+filebeat_node_name: node-1
+filebeat_output_indexer_hosts:
+ - "localhost"
+filebeat_output_indexer_port: 9200
+indexer_security_user: admin
+indexer_security_password: changeme
+filebeat_ssl_dir: /etc/pki/filebeat
+
+wazuh_manager_vulnerability_detection:
+ enabled: 'yes'
+ index_status: 'yes'
+ feed_update_interval: '60m'
+
+wazuh_manager_indexer:
+ enabled: 'yes'
+ hosts: "{{ filebeat_output_indexer_hosts }}"
## Syscheck
wazuh_manager_syscheck:
@@ -474,7 +401,8 @@ wazuh_manager_config_defaults:
osquery: '{{ wazuh_manager_osquery }}'
syscollector: '{{ wazuh_manager_syscollector }}'
sca: '{{ wazuh_manager_sca }}'
- vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}'
+ vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
+ indexer: '{{ wazuh_manager_indexer }}'
log_level: '{{ wazuh_manager_log_level }}'
email_level: '{{ wazuh_manager_email_level }}'
localfiles: '{{ wazuh_manager_localfiles }}'
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index 1079f8d2..87931b8a 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -24,7 +24,6 @@
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Installing Wazuh repository key
@@ -33,7 +32,6 @@
id: "{{ wazuh_manager_config.repo.key_id }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Add Wazuh repositories
@@ -44,7 +42,6 @@
update_cache: true
changed_when: false
when:
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
@@ -98,12 +95,6 @@
tags:
- config
-- name: Install dependencies to build from sources
- apt:
- name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'libssl-dev', 'g++']
- state: present
- when: wazuh_manager_sources_installation.enabled
-
- name: Debian/Ubuntu | Install wazuh-manager
apt:
name:
@@ -111,13 +102,8 @@
state: present
tags: init
when:
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
-- include_tasks: "installation_from_sources.yml"
- when:
- - wazuh_manager_sources_installation.enabled
-
- include_tasks: "installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_manager_enabled
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index b873b021..d652c26f 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -10,7 +10,6 @@
when:
- (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- (ansible_distribution_major_version|int <= 5)
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed
@@ -24,7 +23,6 @@
changed_when: false
when:
- repo_v5_manager_installed is skipped
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
- name: RedHat/CentOS/Fedora | Install openscap
@@ -93,12 +91,6 @@
when:
- ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
-- name: Install dependencies to build from sources
- yum:
- name: ['make', 'gcc', 'automake', 'autoconf', 'libtool', 'tar', 'openssl-devel', 'gcc-c++']
- state: present
- when: wazuh_manager_sources_installation.enabled
-
- name: CentOS/RedHat/Amazon | Install wazuh-manager
package:
name: "wazuh-manager-{{ wazuh_manager_version }}"
@@ -107,15 +99,10 @@
until: wazuh_manager_main_packages_installed is succeeded
when:
- ansible_os_family|lower == "redhat"
- - not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
tags:
- init
-- include_tasks: "../tasks/installation_from_sources.yml"
- when:
- - wazuh_manager_sources_installation.enabled
-
- include_tasks: "../tasks/installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_manager_enabled
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
deleted file mode 100644
index 74818bc5..00000000
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ /dev/null
@@ -1,125 +0,0 @@
----
-# Wazuh Manager
- - name: Check if Wazuh Manager is already installed
- stat:
- path: "{{ wazuh_dir }}/bin/wazuh-control"
- register: wazuh_control_path
-
- - name: Installing Wazuh Manager from sources
- block:
- - name: Install dependencies to build Wazuh packages
- package:
- name:
- - make
- - gcc
- - automake
- - autoconf
- - libtool
- - tar
- state: present
-
- - name: Install CMake
- include_tasks: install_cmake.yml
-
- - name: Removing old files
- file:
- path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
- state: absent
-
- - name: Removing old folders
- file:
- path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
- state: absent
-
- - name: Installing policycoreutils-python (RedHat families)
- package:
- name:
- - policycoreutils-python
- when:
- - ansible_os_family|lower == "redhat"
-
- - name: Installing policycoreutils-python-utils (Debian families)
- package:
- name:
- - libc6-dev
- - curl
- - policycoreutils
- when:
- - ansible_os_family|lower == "debian"
-
- - name: Remove old repository folder
- file:
- path: /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
- state: absent
-
- - name: Download required packages from github.com/wazuh/wazuh
- get_url:
- url: "https://github.com/wazuh/wazuh/archive/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
- dest: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
- delegate_to: "{{ inventory_hostname }}"
-
- - name: Create folder to extract Wazuh branch
- file:
- path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
- owner: root
- group: root
- mode: 0644
- state: directory
-
- # When downloading "v3.11.0" extracted folder name is 3.11.0.
-
- # Explicitly creating the folder with proper naming and striping first level in .tar.gz file
-
- - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
- command: >-
- tar -xzvf /tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz
- --strip 1
- --directory /tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}
- register: wazuh_untar
- changed_when: wazuh_untar.rc ==0
- args:
- warn: false
-
- - name: Clean remaining files from others builds
- command: "make -C src {{ item }}"
- args:
- chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/src/"
- with_items:
- - "clean"
- - "clean-deps"
- register: clean_result
- changed_when: clean_result.rc == 0
- failed_when: false
-
- - name: Render the "preloaded-vars.conf" file
- template:
- src: "templates/preloaded_vars_manager.conf.j2"
- dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf"
- owner: root
- group: root
- mode: 0644
-
- - name: Executing "install.sh" script to build and install the Wazuh Manager
- shell: ./install.sh > /tmp/build_wazuh_manager_log.txt
- register: installation_result
- changed_when: installation_result == 0
- args:
- chdir: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
- environment:
- PATH: /usr/local/bin:{{ ansible_env.PATH }}
-
- - name: Cleanup downloaded files
- file:
- path: "/tmp/{{ wazuh_manager_sources_installation.branch }}.tar.gz"
- state: absent
-
- - name: Cleanup created folders
- file:
- path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
- state: absent
-
- when:
- - not wazuh_control_path.stat.exists
- - wazuh_manager_sources_installation.enabled
- tags:
- - manager
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 3e3e9a08..ba1c5080 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -37,6 +37,22 @@
- include_tasks: "Debian.yml"
when: ansible_os_family == "Debian"
+- name: Generate the wazuh-keystore (username)
+ shell: >
+ /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }}
+ notify: restart wazuh-manager
+ tags:
+ - init
+ - config
+
+- name: Generate the wazuh-keystore (password)
+ shell: >
+ /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }}
+ notify: restart wazuh-manager
+ tags:
+ - init
+ - config
+
- name: Install expect
package:
name: expect
@@ -336,4 +352,3 @@
- name: Run uninstall tasks
include_tasks: uninstall.yml
- when: not wazuh_manager_sources_installation.enabled
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2
deleted file mode 100644
index 3dacef92..00000000
--- a/roles/wazuh/ansible-wazuh-manager/templates/preloaded_vars_manager.conf.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-{% for key, value in wazuh_manager_sources_installation.items() %}
-{% if "user_" in key %}
-{% if value is defined and value is not none %}
-{{ key|upper }}="{{ value }}"
-{% endif %}
-{% endif %}
-{% endfor %}
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index c83dd4fd..5fbc02bf 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -258,37 +258,28 @@
{% endif %}
-
- {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
- {{ wazuh_manager_config.vulnerability_detector.enabled }}
- {% endif %}
- {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
- {{ wazuh_manager_config.vulnerability_detector.interval }}
- {% endif %}
- {% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %}
- {{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}
- {% endif %}
- {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
- {{ wazuh_manager_config.vulnerability_detector.run_on_start }}
- {% endif %}
- {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
- {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-
- {% if provider_.enabled is defined %}
- {{ provider_.enabled }}
- {% endif %}
- {% if provider_.os is defined %}
- {% for os_ in provider_.os %}
- {{ os_ }}
- {% endfor %}
- {% endif %}
- {% if provider_.update_interval is defined %}
- {{ provider_.update_interval }}
- {% endif %}
-
- {% endfor %}
- {% endif %}
-
+
+ {{ wazuh_manager_config.vulnerability_detection.enabled }}
+ {{ wazuh_manager_config.vulnerability_detection.index_status }}
+ {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}
+
+
+
+ {% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}
+
+ {% for item in wazuh_manager_config.indexer.hosts %}
+ https://{{ item }}:{{ filebeat_output_indexer_port }}
+ {% endfor %}
+
+
+
+
+ {{ filebeat_ssl_dir }}/root-ca.pem
+
+ {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem
+ {{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem
+
+
diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml
index 93f59225..7a915138 100644
--- a/roles/wazuh/check-packages/defaults/main.yml
+++ b/roles/wazuh/check-packages/defaults/main.yml
@@ -1,2 +1,2 @@
---
-wazuh_version: 4.7.5
+wazuh_version: 4.8.0
diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml
index 4da3bf7b..09837997 100644
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@@ -8,7 +8,12 @@ wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
-certs_gen_tool_version: 4.7
+wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
+wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
+wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
+wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"
+
+certs_gen_tool_version: 4.8
# Url of certificates generator tool
-certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
\ No newline at end of file
+certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml
index 8d54624e..d4c62524 100644
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
@@ -8,7 +8,12 @@ wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat
-certs_gen_tool_version: 4.7
+wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
+wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
+wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}"
+wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}"
+
+certs_gen_tool_version: 4.8
# Url of certificates generator tool
-certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
\ No newline at end of file
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml
index 24b8b7b4..6fe182e0 100644
--- a/roles/wazuh/vars/repo_staging.yml
+++ b/roles/wazuh/vars/repo_staging.yml
@@ -5,8 +5,16 @@ wazuh_repo:
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
+check_sha512: False
+filebeat_module_package_url: https://packages-dev.wazuh.com/staging/filebeat
-certs_gen_tool_version: 4.7
+wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
+wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
+wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}"
+wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}"
+
+certs_gen_tool_version: 4.8
# Url of certificates generator tool
-certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
\ No newline at end of file
+certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml
index 5a893691..c21f5bba 100644
--- a/roles/wazuh/wazuh-dashboard/defaults/main.yml
+++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml
@@ -8,12 +8,12 @@ dashboard_node_name: node-1
dashboard_server_host: "0.0.0.0"
dashboard_server_port: "443"
dashboard_server_name: "dashboard"
-wazuh_version: 4.7.5
+wazuh_version: 4.8.0
indexer_cluster_nodes:
- 127.0.0.1
# The Wazuh dashboard package repository
-dashboard_version: "4.7.5"
+dashboard_version: "4.8.0"
# API credentials
wazuh_api_credentials:
diff --git a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
index 39900d43..5c9f496f 100644
--- a/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
+++ b/roles/wazuh/wazuh-dashboard/tasks/RedHat.yml
@@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh dashboard repo
yum_repository:
- file: wazuh
name: wazuh_repo
description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}"
diff --git a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2 b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2
index 75ee61f8..100d9f2b 100644
--- a/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2
+++ b/roles/wazuh/wazuh-dashboard/templates/opensearch_dashboards.yml.j2
@@ -12,4 +12,4 @@ server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/{{ dashboard_node_name }}.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wazuh
+uiSettings.overrides.defaultRoute: /app/wz-home
diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml
index d8fc2721..ad178fec 100644
--- a/roles/wazuh/wazuh-dashboard/vars/debian.yml
+++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml
@@ -1,2 +1,2 @@
---
-dashboard_version: 4.7.5
+dashboard_version: 4.8.0
diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml
index dcd59b31..9b68f219 100644
--- a/roles/wazuh/wazuh-indexer/defaults/main.yml
+++ b/roles/wazuh/wazuh-indexer/defaults/main.yml
@@ -1,6 +1,6 @@
---
# Cluster Settings
-indexer_version: 4.7.5
+indexer_version: 4.8.0
single_node: false
indexer_node_name: node-1
diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
index 53a67ab6..d1d0a060 100644
--- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
@@ -3,7 +3,6 @@
- name: RedHat/CentOS/Fedora | Add Wazuh indexer repo
yum_repository:
- file: wazuh
name: wazuh_repo
description: Wazuh yum repository
baseurl: "{{ wazuh_repo.yum }}"
diff --git a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
index 26b83fd7..93d1834e 100644
--- a/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/security_actions.yml
@@ -52,7 +52,7 @@
{{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ indexer_admin_password }}'
register: indexer_admin_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}'
-
+
- name: Set the Admin user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
@@ -60,7 +60,7 @@
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}"
-
+
# this can also be achieved with password_hash, but it requires dependencies on the controller
- name: Hash the kibanaserver role/user pasword
shell: |
@@ -68,7 +68,7 @@
{{ indexer_sec_plugin_tools_path }}/hash.sh -p '{{ dashboard_password }}'
register: indexer_kibanaserver_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}'
-
+
- name: Set the kibanaserver user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
@@ -76,7 +76,7 @@
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}"
-
+
- name: Initialize the Opensearch security index in Wazuh indexer
command: >
sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}
@@ -93,8 +93,8 @@
delay: 5
register: result
until: result.rc == 0
- run_once: true
+ run_once: true
- name: Create custom user
uri: