From da2442ca0685f2e2286943f31dbc69263c59cf4c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 17:03:50 +0100 Subject: [PATCH 01/23] Adapt agent installation to the default --- .../ansible-wazuh-agent/defaults/main.yml | 32 +++++++++---------- .../var-ossec-etc-ossec-agent.conf.j2 | 27 ++++------------ 2 files changed, 22 insertions(+), 37 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 64935264..dc447edd 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -74,8 +74,6 @@ wazuh_agent_config: scan_on_start: 'yes' auto_ignore: 'no' alert_new_files: 'yes' - remove_old_diff: 'yes' - restart_audit: 'yes' win_audit_interval: 300 skip_nfs: 'yes' ignore: @@ -93,6 +91,10 @@ wazuh_agent_config: - /etc/svc/volatile - /sys/kernel/security - /sys/kernel/debug + - /dev/core + ignore_linux_type: + - '^/proc' + - '.log$|.swp$' ignore_win: - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' no_diff: @@ -273,19 +275,15 @@ wazuh_agent_config: wday: '' time: '' cis_cat: - disable: 'yes' - install_java: 'yes' + disable: 'no' + install_java: 'no' timeout: 1800 interval: '1d' scan_on_start: 'yes' - java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' + java_path: 'wodles/java' java_path_win: '\\server\jre\bin\java.exe' - ciscat_path: '/var/ossec/wodles/ciscat' + ciscat_path: 'wodles/ciscat' ciscat_path_win: 'C:\cis-cat' - content: - - type: 'xccdf' - path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' - profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' vuls: disable: 'yes' interval: '1d' @@ -318,16 +316,16 @@ wazuh_agent_config: linux: - format: 'syslog' location: '/var/ossec/logs/active-responses.log' - - format: 'command' - command: df -P -x squashfs -x tmpfs -x devtmpfs - frequency: '360' - - format: 'full_command' - command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t - alias: 'netstat listening ports' - frequency: '360' - format: 'full_command' command: 'last -n 20' frequency: '360' + - format: 'command' + command: df -P + frequency: '360' + - format: 'full_command' + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + alias: 'netstat listening ports' + frequency: '360' windows: - format: 'eventlog' location: 'Application' diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 61c28012..ae5e47da 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -51,7 +51,6 @@ no {% if ansible_system == "Linux" %} - yes yes yes yes @@ -65,11 +64,6 @@ /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt - /var/ossec/etc/shared/system_audit_rcl.txt - /var/ossec/etc/shared/system_audit_ssh.txt - {% if cis_distribution_filename is defined %} - /var/ossec/etc/shared/{{ cis_distribution_filename }} - {% endif %} yes {% endif %} {% if ansible_os_family == "Windows" %} @@ -118,6 +112,13 @@ {% endfor %} {% endif %} + + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} + {{ ignore }} + {% endfor %} + {% endif %} + {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %} {% for ignore in wazuh_agent_config.syscheck.ignore_win %} {{ ignore }} @@ -132,13 +133,6 @@ {{ wazuh_agent_config.syscheck.skip_nfs }} {% endif %} - - {{ wazuh_agent_config.syscheck.remove_old_diff }} - - {% if ansible_system == "Linux"%} - - {{ wazuh_agent_config.syscheck.restart_audit }} - {% endif %} {% if ansible_os_family == "Windows" %} {% for registry_key in wazuh_agent_config.syscheck.windows_registry %} @@ -234,13 +228,6 @@ {{ wazuh_agent_config.cis_cat.java_path }} {% endif %} {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %} - {% if ansible_system == "Linux" %} - {% for benchmark in wazuh_agent_config.cis_cat.content %} - - {{ benchmark.profile }} - - {% endfor %} - {% endif %} {% endif %} From 29b4a9aacd549f6464f40a757825cc722be57cac Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 17:20:24 +0100 Subject: [PATCH 02/23] Change server protocol '' tcp -> udp '' --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index dc447edd..11e481f2 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -26,7 +26,7 @@ wazuh_agent_sources_installation: wazuh_managers: - address: 127.0.0.1 port: 1514 - protocol: tcp + protocol: udp api_port: 55000 api_proto: 'http' api_user: null From 03e409fc52d0679fec6b79ff1083b4d5788bb742 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 5 Dec 2019 18:44:18 +0100 Subject: [PATCH 03/23] Disable cis-cat --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 11e481f2..af9ad4c8 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -275,7 +275,7 @@ wazuh_agent_config: wday: '' time: '' cis_cat: - disable: 'no' + disable: 'yes' install_java: 'no' timeout: 1800 interval: '1d' From 2ddd8b9e72e403f7b0d99282e379644579a95092 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 16 Dec 2019 21:55:54 +0100 Subject: [PATCH 04/23] Add conditional check for syscheck.auto_ignore --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- .../templates/var-ossec-etc-shared-agent.conf.j2 | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index ae5e47da..6629da08 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -113,7 +113,7 @@ {% endif %} - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} {{ ignore }} {% endfor %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 4ae5a145..77e64fbf 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -4,7 +4,9 @@ {% if agent_config.syscheck is defined %} + {% if agent_config.syscheck.auto_ignore is defined %} {{ agent_config.syscheck.auto_ignore }} + {% endif %} {{ agent_config.syscheck.alert_new_files }} {{ agent_config.syscheck.frequency }} From ce013d1dde312c9b0e9a73393402542ee1545186 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Mon, 16 Dec 2019 21:57:10 +0100 Subject: [PATCH 05/23] Adapt ossec.conf template and variables to v3.11 - manager --- .../ansible-wazuh-manager/defaults/main.yml | 85 +++++++++------- .../var-ossec-etc-ossec-server.conf.j2 | 96 +++++++++++-------- 2 files changed, 108 insertions(+), 73 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0a5eaf07..3551c3ab 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -87,7 +87,7 @@ wazuh_manager_config: connection: - type: 'secure' port: '1514' - protocol: 'tcp' + protocol: 'udp' queue_size: 131072 authd: enable: true @@ -97,6 +97,8 @@ wazuh_manager_config: force_time: 0 purge: 'no' use_password: 'no' + limit_maxagents: 'yes' + ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' ssl_agent_ca: null ssl_verify_host: 'no' ssl_manager_cert: 'sslmanager.cert' @@ -105,13 +107,14 @@ wazuh_manager_config: email_notification: 'no' mail_to: - 'admin@example.net' - mail_smtp_server: localhost - mail_from: wazuh-server@example.com + mail_smtp_server: smtp.example.wazuh.com + mail_from: ossecm@example.wazuh.com mail_maxperhour: 12 mail_queue_size: 131072 + email_log_source: 'alerts.log' extra_emails: - enable: false - mail_to: 'admin@example.net' + mail_to: 'recipient@example.wazuh.com' format: full level: 7 event_location: null @@ -152,6 +155,10 @@ wazuh_manager_config: - /etc/svc/volatile - /sys/kernel/security - /sys/kernel/debug + - /dev/core + ignore_linux_type: + - '^/proc' + - '.log$|.swp$' no_diff: - /etc/ssl/private.key directories: @@ -164,8 +171,6 @@ wazuh_manager_config: timeframe: 'timeframe="3600"' value: 'no' skip_nfs: 'yes' - remove_old_diff: 'yes' - restart_audit: 'yes' rootcheck: frequency: 43200 openscap: @@ -181,10 +186,6 @@ wazuh_manager_config: scan_on_start: 'yes' java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' ciscat_path: 'wodles/ciscat' - content: - - type: 'xccdf' - path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' - profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' osquery: disable: 'yes' run_daemon: 'yes' @@ -209,20 +210,40 @@ wazuh_manager_config: day: '' wday: '' time: '' - vul_detector: - disable: 'yes' + vulnerability_detector: + enabled: 'no' interval: '5m' ignore_time: '6h' run_on_start: 'yes' - ubuntu: - disable: 'yes' - update_interval: '1h' - redhat: - disable: 'yes' - update_interval: '1h' - debian: - disable: 'yes' - update_interval: '1h' + providers: + canonical: + - name: 'canonical' + enabled: 'no' + os: + - precise + - trusty + - xenial + - bionic + update_interval: '1h' + debian: + - name: 'debian' + enabled: 'no' + os: + - wheezy + - stretch + - jessie + - buster + update_interval: '1h' + redhat: + - name: 'redhat' + enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + nvd: + - name: 'nvd' + enabled: 'no' + update_from_year: '2010' + update_interval: '1h' vuls: disable: 'yes' interval: '1d' @@ -233,15 +254,15 @@ wazuh_manager_config: - 'updatenvd' - 'nvd-year 2016' - 'autoupdate' - log_level: 1 + log_level: 3 email_level: 12 localfiles: common: - format: 'command' - command: df -P -x squashfs -x tmpfs -x devtmpfs + command: df -P frequency: '360' - format: 'full_command' - command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t + command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d alias: 'netstat listening ports' frequency: '360' - format: 'full_command' @@ -268,18 +289,15 @@ wazuh_manager_config: location: '/var/log/audit/audit.log' globals: - '127.0.0.1' - - '192.168.2.1' + - '^localhost.localdomain$' + - '127.0.0.53' commands: - name: 'disable-account' executable: 'disable-account.sh' expect: 'user' timeout_allowed: 'yes' - # - name: 'restart-ossec' - # executable: 'restart-ossec.sh' - # expect: '' - # timeout_allowed: 'no' - - name: 'win_restart-ossec' - executable: 'restart-ossec.cmd' + - name: 'restart-ossec' + executable: 'restart-ossec.sh' expect: '' timeout_allowed: 'no' - name: 'firewall-drop' @@ -298,6 +316,10 @@ wazuh_manager_config: executable: 'route-null.cmd' expect: 'srcip' timeout_allowed: 'yes' + - name: 'win_route-null-2012' + executable: 'route-null-2012.cmd' + expect: 'srcip' + timeout_allowed: 'yes' - name: 'netsh' executable: 'netsh.cmd' expect: 'srcip' @@ -327,7 +349,6 @@ wazuh_agent_configs: syscheck: frequency: 43200 scan_on_start: 'yes' - auto_ignore: 'no' alert_new_files: 'yes' ignore: - /etc/mtab diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 733cae18..603ce858 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -18,7 +18,7 @@ {{ wazuh_manager_config.mail_smtp_server }} {{ wazuh_manager_config.mail_from }} {{ wazuh_manager_config.mail_maxperhour }} - {{ wazuh_manager_config.mail_queue_size }} + {{ wazuh_manager_config.email_log_source }} @@ -115,7 +115,6 @@ no - yes yes yes yes @@ -129,11 +128,6 @@ /var/ossec/etc/shared/default/rootkit_files.txt /var/ossec/etc/shared/default/rootkit_trojans.txt - /var/ossec/etc/shared/default/system_audit_rcl.txt - /var/ossec/etc/shared/default/system_audit_ssh.txt - {% if cis_distribution_filename is defined %} - /var/ossec/etc/shared/default/{{ cis_distribution_filename }} - {% endif %} yes @@ -202,11 +196,6 @@ {{ wazuh_manager_config.cis_cat.java_path }} {% endif %} {{ wazuh_manager_config.cis_cat.ciscat_path }} - {% for benchmark in wazuh_manager_config.cis_cat.content %} - - {{ benchmark.profile }} - - {% endfor %} @@ -255,24 +244,45 @@ {% endif %} - - {{ wazuh_manager_config.vul_detector.disable }} - {{ wazuh_manager_config.vul_detector.interval }} - {{ wazuh_manager_config.vul_detector.ignore_time }} - {{ wazuh_manager_config.vul_detector.run_on_start }} - - {{ wazuh_manager_config.vul_detector.ubuntu.disable }} - {{ wazuh_manager_config.vul_detector.ubuntu.update_interval }} - - - {{ wazuh_manager_config.vul_detector.redhat.disable }} - {{ wazuh_manager_config.vul_detector.redhat.update_interval }} - - - {{ wazuh_manager_config.vul_detector.debian.disable }} - {{ wazuh_manager_config.vul_detector.debian.update_interval }} - - + + {% if wazuh_manager_config.vulnerability_detector.enabled is defined %} + {{ wazuh_manager_config.vulnerability_detector.enabled }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.interval is defined %} + {{ wazuh_manager_config.vulnerability_detector.interval }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.ignore_time is defined %} + {{ wazuh_manager_config.vulnerability_detector.ignore_time }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} + {{ wazuh_manager_config.vulnerability_detector.run_on_start }} + {% endif %} + {% if wazuh_manager_config.vulnerability_detector.providers is defined %} + {% for provider in wazuh_manager_config.vulnerability_detector.providers %} + + + {% if provider.enabled is defined %} + {{ provider.enabled }} + {% endif %} + + {% if provider.os is defined %} + {% for os_ in provider.os %} + {{ os_ }} + {% endfor %} + {% endif %} + + {% if provider.update_from_year is defined %} + {{ provider.update_from_year }} + {% endif %} + + {% if provider.update_interval is defined %} + {{ provider.update_interval }} + {% endif %} + + + {% endfor %} + {% endif %} + @@ -283,7 +293,7 @@ {{ wazuh_manager_config.syscheck.frequency }} {{ wazuh_manager_config.syscheck.scan_on_start }} - + {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %} {{wazuh_manager_config.syscheck.auto_ignore_frequency.value }} {% endif %} @@ -302,6 +312,14 @@ {% endfor %} {% endif %} + + {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %} + {{ ignore }} + {% endfor %} + {% endif %} + + {% for no_diff in wazuh_manager_config.syscheck.no_diff %} {{ no_diff }} @@ -309,16 +327,6 @@ {% if wazuh_manager_config.syscheck.skip_nfs is defined %} {{ wazuh_manager_config.syscheck.skip_nfs }} {% endif %} - - - {% if wazuh_manager_config.syscheck.remove_old_diff is defined %} - {{ wazuh_manager_config.syscheck.remove_old_diff }} - {% endif %} - - - {% if wazuh_manager_config.syscheck.restart_audit is defined %} - {{ wazuh_manager_config.syscheck.restart_audit }} - {% endif %} @@ -380,6 +388,12 @@ {% if wazuh_manager_config.authd.use_password is not none %} {{wazuh_manager_config.authd.use_password}} {% endif %} + {% if wazuh_manager_config.authd.limit_maxagents is not none %} + {{wazuh_manager_config.authd.limit_maxagents}} + {% endif %} + {% if wazuh_manager_config.authd.ciphers is not none %} + {{wazuh_manager_config.authd.ciphers}} + {% endif %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %} /var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}} {% endif %} From 760057583c0b6c27266ceecf1659dc6b0572ca6a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 14:15:16 +0100 Subject: [PATCH 06/23] Bump version to wazuh 3.11.0 --- CHANGELOG.md | 4 ++-- VERSION | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c04df488..8ed1e39c 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,11 +17,11 @@ All notable changes to this project will be documented in this file. - Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) - Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) -## [v3.10.2_7.3.2] +## [v3.11.0_7.3.2] ### Added -- Update to Wazuh v3.10.2 +- Update to Wazuh v3.11.0 ### Changed diff --git a/VERSION b/VERSION index f4d1cb92..31264c4e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.10.2" +WAZUH-ANSIBLE_VERSION="v3.11.0" REVISION="31020" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 0a05d853..62af2781 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.4.2 -wazuh_version: 3.10.2 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index af9ad4c8..ff574fe8 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.10.2-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: "false" - branch: "v3.10.2" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.10.2' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 3551c3ab..e46a095c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.10.2-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: true - branch: "v3.10.2" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: true - branch: "v3.10.2" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b92e4edc..fe78cdbb 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.10.2" extracted folder name is 3.10.2. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From dc96d210e5de5201f44a5f093ba3aa47515cd423 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 17 Dec 2019 11:50:28 +0100 Subject: [PATCH 07/23] Fix conditional check for null variables cherry pick: 7df74182f4e4e086082c42712f9e4b69dbd34a35 --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9265ce92..5664a428 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -59,17 +59,23 @@ - name: Linux | Register agent (via authd) shell: > /var/ossec/bin/agent-auth - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} + -A {{ wazuh_agent_authd.agent_name }} + {% endif %} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %}-I "any" {% endif %} - {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is not none %} + {% if wazuh_agent_nat %} -I "any" {% endif %} + {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" + {% endif %} + {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %} + {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} register: agent_auth_output notify: restart wazuh-agent vars: From e7e3a39df7185e02d2db48110b8b71d04aae898e Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:14:07 +0100 Subject: [PATCH 08/23] Adapt agent (windows) to 3.11 --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ff574fe8..2ade229c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: - enabled: "false" + enabled: "true" branch: "v3.11.0" user_language: "y" user_no_stop: "y" @@ -250,11 +250,11 @@ wazuh_agent_config: osquery: disable: 'yes' run_daemon: 'yes' - bin_path_win: 'C:\ProgramData\osquery\osqueryd' + bin_path_win: 'C:\Program Files\osquery\osqueryd' log_path: '/var/log/osquery/osqueryd.results.log' - log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log' + log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' config_path: '/etc/osquery/osquery.conf' - config_path_win: 'C:\ProgramData\osquery\osquery.conf' + config_path_win: 'C:\Program Files\osquery\osquery.conf' add_labels: 'yes' syscollector: disable: 'no' From d64d26d5a558825e76be9d258026525f014d2cb6 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:48:09 +0100 Subject: [PATCH 09/23] Fix variable name in --- .../var-ossec-etc-ossec-server.conf.j2 | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 603ce858..251a8d5a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -258,27 +258,25 @@ {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} {% if wazuh_manager_config.vulnerability_detector.providers is defined %} - {% for provider in wazuh_manager_config.vulnerability_detector.providers %} - + {% for provider_ in wazuh_manager_config.vulnerability_detector.providers_ %} + + {% if provider_.enabled is defined %} + {{ provider_.enabled }} + {% endif %} - {% if provider.enabled is defined %} - {{ provider.enabled }} - {% endif %} + {% if provider_.os is defined %} + {% for os_ in provider_.os %} + {{ os_ }} + {% endfor %} + {% endif %} - {% if provider.os is defined %} - {% for os_ in provider.os %} - {{ os_ }} - {% endfor %} - {% endif %} - - {% if provider.update_from_year is defined %} - {{ provider.update_from_year }} - {% endif %} - - {% if provider.update_interval is defined %} - {{ provider.update_interval }} - {% endif %} + {% if provider_.update_from_year is defined %} + {{ provider_.update_from_year }} + {% endif %} + {% if provider_.update_interval is defined %} + {{ provider_.update_interval }} + {% endif %} {% endfor %} {% endif %} From 9a42faebdf3eb0b14e76e0888e2e2beb080ee2f5 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 18 Dec 2019 17:48:58 +0100 Subject: [PATCH 10/23] Rename and Reorder vars. --- .../ansible-wazuh-manager/defaults/main.yml | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e46a095c..cc956434 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -215,35 +215,35 @@ wazuh_manager_config: interval: '5m' ignore_time: '6h' run_on_start: 'yes' - providers: - canonical: - - name: 'canonical' - enabled: 'no' - os: - - precise - - trusty - - xenial - - bionic - update_interval: '1h' - debian: - - name: 'debian' - enabled: 'no' - os: - - wheezy - - stretch - - jessie - - buster - update_interval: '1h' - redhat: - - name: 'redhat' - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - nvd: - - name: 'nvd' - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' + providers_: + - canonical: + - enabled: 'no' + os: + - 'precise' + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: '1h' + name: 'canonical' + - debian: + - enabled: 'no' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: '1h' + name: 'debian' + - redhat: + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'redhat' + - nvd: + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'nvd' vuls: disable: 'yes' interval: '1d' From 39e514d51505602385391280c2d651d5b09bb858 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 11:02:27 +0100 Subject: [PATCH 11/23] Fix vulnerability-detector variables structure --- .../ansible-wazuh-manager/defaults/main.yml | 54 +++++++++---------- .../var-ossec-etc-ossec-server.conf.j2 | 2 +- 2 files changed, 26 insertions(+), 30 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index cc956434..f43958bb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -215,35 +215,31 @@ wazuh_manager_config: interval: '5m' ignore_time: '6h' run_on_start: 'yes' - providers_: - - canonical: - - enabled: 'no' - os: - - 'precise' - - 'trusty' - - 'xenial' - - 'bionic' - update_interval: '1h' - name: 'canonical' - - debian: - - enabled: 'no' - os: - - 'wheezy' - - 'stretch' - - 'jessie' - - 'buster' - update_interval: '1h' - name: 'debian' - - redhat: - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: 'redhat' - - nvd: - - enabled: 'no' - update_from_year: '2010' - update_interval: '1h' - name: 'nvd' + providers: + - enabled: 'no' + os: + - 'precise' + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: '1h' + name: 'canonical' + - enabled: 'no' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: '1h' + name: 'debian' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'redhat' + - enabled: 'no' + update_from_year: '2010' + update_interval: '1h' + name: 'nvd' vuls: disable: 'yes' interval: '1d' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 251a8d5a..a6daf8b6 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -258,7 +258,7 @@ {{ wazuh_manager_config.vulnerability_detector.run_on_start }} {% endif %} {% if wazuh_manager_config.vulnerability_detector.providers is defined %} - {% for provider_ in wazuh_manager_config.vulnerability_detector.providers_ %} + {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %} {% if provider_.enabled is defined %} {{ provider_.enabled }} From fe1fc854a428044c40a263a99fdf5e5792002960 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 11:17:09 +0100 Subject: [PATCH 12/23] Quote vulnerabilit-detector providers names --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index f43958bb..73834fc2 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -223,7 +223,7 @@ wazuh_manager_config: - 'xenial' - 'bionic' update_interval: '1h' - name: 'canonical' + name: '"canonical"' - enabled: 'no' os: - 'wheezy' @@ -231,15 +231,15 @@ wazuh_manager_config: - 'jessie' - 'buster' update_interval: '1h' - name: 'debian' + name: '"debian"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' - name: 'redhat' + name: '"redhat"' - enabled: 'no' update_from_year: '2010' update_interval: '1h' - name: 'nvd' + name: '"nvd"' vuls: disable: 'yes' interval: '1d' From efc5ad1b07e19e12a80955cadd5ce4ae492dcce2 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 19 Dec 2019 13:28:18 +0100 Subject: [PATCH 13/23] Remove empty lines from template --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index a6daf8b6..81b7d31b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -263,17 +263,14 @@ {% if provider_.enabled is defined %} {{ provider_.enabled }} {% endif %} - {% if provider_.os is defined %} {% for os_ in provider_.os %} {{ os_ }} {% endfor %} {% endif %} - {% if provider_.update_from_year is defined %} {{ provider_.update_from_year }} {% endif %} - {% if provider_.update_interval is defined %} {{ provider_.update_interval }} {% endif %} From e5643b33ccc42609d33b5f06f4003ae119f63f88 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 13:57:47 +0100 Subject: [PATCH 14/23] Bump version - Wazuh = 3.11.1_7.5.1 --- VERSION | 2 +- roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 4 ++-- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/VERSION b/VERSION index 31264c4e..fccb7443 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.0" +WAZUH-ANSIBLE_VERSION="v3.11.1" REVISION="31020" diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 7eb645c2..a1bef6b2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -4,7 +4,7 @@ elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_reachable_host: 127.0.0.1 elasticsearch_jvm_xms: null -elastic_stack_version: 7.4.2 +elastic_stack_version: 7.5.1 elasticsearch_lower_disk_requirements: false # Cluster Settings diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 62af2781..8ec8f78a 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -5,8 +5,8 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 7.4.2 -wazuh_version: 3.11.0 +elastic_stack_version: 7.5.1 +wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # Xpack Security diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index c5914664..1b1c1bd8 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.4.2 +filebeat_version: 7.5.1 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2ade229c..daa8df50 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.0-1 +wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: enabled: "true" - branch: "v3.11.0" + branch: "v3.11.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.0' + version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 73834fc2..1bf5d2f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.0-1 +wazuh_manager_version: 3.11.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: true - branch: "v3.11.0" + branch: "v3.11.1" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: true - branch: "v3.11.0" + branch: "v3.11.1" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index fe78cdbb..b8bf5625 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.1" extracted folder name is 3.11.1. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip From d3f73a5e5816b0e474e76c04eec152ad1fe66e09 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 14:03:44 +0100 Subject: [PATCH 15/23] Set source installation mode to false --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index daa8df50..b6a1452c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -2,7 +2,7 @@ wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: - enabled: "true" + enabled: "false" branch: "v3.11.1" user_language: "y" user_no_stop: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1bf5d2f4..6c4a27c8 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -5,7 +5,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: - enabled: true + enabled: false branch: "v3.11.1" user_language: "en" user_no_stop: "y" From 812fb81b812aab284455242f7dd6f1c88496641a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 12:02:14 +0100 Subject: [PATCH 16/23] Bump to version 3.11.1_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/VERSION b/VERSION index 53ae3f4b..3961d05c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.0" -REVISION="31100" +WAZUH-ANSIBLE_VERSION="v3.11.1" +REVISION="31110" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 4e32c838..486448d2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.0 +wazuh_version: 3.11.1 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index dc045dd6..ba697a4b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.0-1 +wazuh_agent_version: 3.11.1-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.0' + version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 @@ -343,4 +343,4 @@ wazuh_agent_config: list: - key: Env value: Production -wazuh_agent_nat: false \ No newline at end of file +wazuh_agent_nat: false diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index bd039d68..6b884123 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.0-1 +wazuh_manager_version: 3.11.1-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.0" + branch: "v3.11.1" update: "y" remove: "y" directory: null From cf37169f1d4657b955be91523ad639ddec748352 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:39:49 +0100 Subject: [PATCH 17/23] Update Windows package MD5 hash --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index ba697a4b..4786dadb 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -53,7 +53,7 @@ wazuh_winagent_config: version: '3.11.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 71650780904cbfc2e45eae4298adb7a3 + md5: 1e39c2ad032259cb9682c1eac3ac646a wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' From 0d23ca8b01420122861c780c70f2538211ec6f8b Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 16:45:53 +0100 Subject: [PATCH 18/23] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73f7ea43..8509f0fd 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.1_7.5.1] + +### Added + +- Update to Wazuh v3.11.1 + + ## [v3.11.0_7.5.1] ### Added From 1348f1acc2a0ef8d85c5b86e2312efce8f246316 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 17:47:39 +0100 Subject: [PATCH 19/23] Remove whitespace --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d21dea91..4926e19d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -140,7 +140,7 @@ - name: Select correct API protocol set_fact: elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" - + - name: Attempting to delete legacy Wazuh index if exists uri: url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" From 09fd2ac4fe98df1e8c9f3c817a52d238b9dde68a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Tue, 7 Jan 2020 18:09:49 +0100 Subject: [PATCH 20/23] Update revision to 31110 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index fad76f5c..3961d05c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31100" +REVISION="31110" From 0428fb3180570fd6b89673a39d5c421732aba8a0 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 7 Jan 2020 17:47:39 +0100 Subject: [PATCH 21/23] Remove whitespace --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index d21dea91..4926e19d 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -140,7 +140,7 @@ - name: Select correct API protocol set_fact: elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" - + - name: Attempting to delete legacy Wazuh index if exists uri: url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" From 16495e9b91881eb3744c677c638beed0147f1be8 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 8 Jan 2020 17:16:38 +0100 Subject: [PATCH 22/23] Restore Wazuh version 3.11.0_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- .../tasks/installation_from_sources.yml | 2 +- wazuh-qa | 1 + 6 files changed, 11 insertions(+), 10 deletions(-) create mode 160000 wazuh-qa diff --git a/VERSION b/VERSION index 3961d05c..53ae3f4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31110" +WAZUH-ANSIBLE_VERSION="v3.11.0" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 32039d6b..b82f4ce2 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.1 +wazuh_version: 3.11.0 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index b6a1452c..d748f80e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.1-1 +wazuh_agent_version: 3.11.0-1 wazuh_agent_sources_installation: enabled: "false" - branch: "v3.11.1" + branch: "v3.11.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -50,7 +50,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.1' + version: '3.11.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 71650780904cbfc2e45eae4298adb7a3 diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 21faa35c..d075b3cb 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.1-1 +wazuh_manager_version: 3.11.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.0" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.0" update: "y" remove: "y" directory: null diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index 68aeac34..10203cb9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.1" extracted folder name is 3.11.1. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file diff --git a/wazuh-qa b/wazuh-qa new file mode 160000 index 00000000..2699bb7b --- /dev/null +++ b/wazuh-qa @@ -0,0 +1 @@ +Subproject commit 2699bb7ba8026daae2bb73f19ac50c2010b4677c From 3954c0d317c6055d6ce45349c4a689902214dd8a Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Wed, 8 Jan 2020 17:39:03 +0100 Subject: [PATCH 23/23] Remove wazuh-qa submodule --- wazuh-qa | 1 - 1 file changed, 1 deletion(-) delete mode 160000 wazuh-qa diff --git a/wazuh-qa b/wazuh-qa deleted file mode 160000 index 2699bb7b..00000000 --- a/wazuh-qa +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2699bb7ba8026daae2bb73f19ac50c2010b4677c