Merge pull request #343 from wazuh/wazuh-release-v3.11.1_7.5.1

Wazuh release v3.11.1 7.5.1
2020-01-09 10:08:16 +01:00 · 2020-01-09 10:08:16 +01:00 · 8f8c32cf59
commit 8f8c32cf59
parent b050291a23 3954c0d317
10 changed files with 148 additions and 127 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,13 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 ## [v3.11.1_7.5.1]
 ### Added
 - Update to Wazuh v3.11.1
 ## [v3.11.0_7.5.1]
 ### Added
@ -53,11 +60,11 @@ All notable changes to this project will be documented in this file.
 - Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334)
-## [v3.10.2_7.3.2]
+## [v3.11.0_7.3.2]
 ### Added
- Update to Wazuh v3.10.2
+- Update to Wazuh v3.11.0
 ### Changed
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v3.11.0"
+WAZUH-ANSIBLE_VERSION="v3.11.1"
-REVISION="31100"
+REVISION="31110"
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 7.5.1
-wazuh_version: 3.11.0
+wazuh_version: 3.11.1
 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
 # API credentials
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@ -140,7 +140,7 @@
 - name: Select correct API protocol
  set_fact:
    elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}"
-  
+
 - name: Attempting to delete legacy Wazuh index if exists
  uri:
    url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -1,9 +1,9 @@
 ---
-wazuh_agent_version: 3.11.0-1
+wazuh_agent_version: 3.11.1-1
 wazuh_agent_sources_installation:
  enabled: false
-  branch: "v3.11.0"
+  branch: "v3.11.1"
  user_language: "y"
  user_no_stop: "y"
  user_install_type: "agent"
@ -26,7 +26,7 @@ wazuh_agent_sources_installation:
 wazuh_managers:
  - address: 127.0.0.1
    port: 1514
-    protocol: tcp
+    protocol: udp
    api_port: 55000
    api_proto: 'http'
    api_user: null
@ -50,10 +50,10 @@ wazuh_winagent_config:
  auth_path: C:\Program Files\ossec-agent\agent-auth.exe
  # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
  auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  version: '3.11.0'
+  version: '3.11.1'
  revision: '1'
  repo: https://packages.wazuh.com/3.x/windows/
-  md5: 817b52aabea7a9e936effa022c5eba43
+  md5: 1e39c2ad032259cb9682c1eac3ac646a
 wazuh_agent_config:
  repo:
    apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
@ -74,8 +74,6 @@ wazuh_agent_config:
    scan_on_start: 'yes'
    auto_ignore: 'no'
    alert_new_files: 'yes'
    remove_old_diff: 'yes'
    restart_audit: 'yes'
    win_audit_interval: 300
    skip_nfs: 'yes'
    ignore:
@ -93,6 +91,10 @@ wazuh_agent_config:
      - /etc/svc/volatile
      - /sys/kernel/security
      - /sys/kernel/debug
      - /dev/core
    ignore_linux_type:
      - '^/proc'
      - '.log$|.swp$'
    ignore_win:
      - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
    no_diff:
@ -248,11 +250,11 @@ wazuh_agent_config:
  osquery:
    disable: 'yes'
    run_daemon: 'yes'
-    bin_path_win: 'C:\ProgramData\osquery\osqueryd'
+    bin_path_win: 'C:\Program Files\osquery\osqueryd'
    log_path: '/var/log/osquery/osqueryd.results.log'
-    log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log'
+    log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
    config_path: '/etc/osquery/osquery.conf'
-    config_path_win: 'C:\ProgramData\osquery\osquery.conf'
+    config_path_win: 'C:\Program Files\osquery\osquery.conf'
    add_labels: 'yes'
  syscollector:
    disable: 'no'
@ -274,18 +276,14 @@ wazuh_agent_config:
    time: ''
  cis_cat:
    disable: 'yes'
-    install_java: 'yes'
+    install_java: 'no'
    timeout: 1800
    interval: '1d'
    scan_on_start: 'yes'
-    java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
+    java_path: 'wodles/java'
    java_path_win: '\\server\jre\bin\java.exe'
-    ciscat_path: '/var/ossec/wodles/ciscat'
+    ciscat_path: 'wodles/ciscat'
    ciscat_path_win: 'C:\cis-cat'
    content:
      - type: 'xccdf'
        path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
  vuls:
    disable: 'yes'
    interval: '1d'
@ -318,16 +316,16 @@ wazuh_agent_config:
    linux:
      - format: 'syslog'
        location: '/var/ossec/logs/active-responses.log'
      - format: 'command'
        command: df -P -x squashfs -x tmpfs -x devtmpfs
        frequency: '360'
      - format: 'full_command'
        command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
        alias: 'netstat listening ports'
        frequency: '360'
      - format: 'full_command'
        command: 'last -n 20'
        frequency: '360'
      - format: 'command'
        command: df -P
        frequency: '360'
      - format: 'full_command'
        command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
        alias: 'netstat listening ports'
        frequency: '360'
    windows:
      - format: 'eventlog'
        location: 'Application'
@ -343,4 +341,4 @@ wazuh_agent_config:
    list:
      - key: Env
        value: Production
-wazuh_agent_nat: false
+wazuh_agent_nat: false
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@ -51,7 +51,6 @@
  <rootcheck>
    <disabled>no</disabled>
    {% if ansible_system == "Linux" %}
    <check_unixaudit>yes</check_unixaudit>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
@ -65,11 +64,6 @@
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
    {% if cis_distribution_filename is defined %}
    <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
    {% endif %}
    <skip_nfs>yes</skip_nfs>
    {% endif %}
    {% if ansible_os_family == "Windows" %}
@ -118,6 +112,13 @@
    {% endfor %}
    {% endif %}
    <!-- File types to ignore -->
    {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
    {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
    <ignore type="sregex">{{ ignore }}</ignore>
    {% endfor %}
    {% endif %}
    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
    {% for ignore in wazuh_agent_config.syscheck.ignore_win %}
    <ignore type="sregex">{{ ignore }}</ignore>
@ -132,13 +133,6 @@
    <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
    {% endif %}
    <!-- Remove not monitored files -->
    <remove_old_diff>{{ wazuh_agent_config.syscheck.remove_old_diff }}</remove_old_diff>
    {% if ansible_system == "Linux"%}
    <!-- Allow the system to restart Auditd after installing the plugin -->
    <restart_audit>{{ wazuh_agent_config.syscheck.restart_audit }}</restart_audit>
    {% endif %} 
    {% if ansible_os_family == "Windows" %}
    {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
@ -234,13 +228,6 @@
    <java_path>{{ wazuh_agent_config.cis_cat.java_path }}</java_path>
    {% endif %}
    <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
    {% if ansible_system == "Linux" %}
    {% for benchmark in wazuh_agent_config.cis_cat.content %}
    <content type="{{ benchmark.type }}" path="{{ benchmark.path }}">
      <profile>{{ benchmark.profile }}</profile>
    </content>
    {% endfor %}
    {% endif %}
  </wodle>
  {% endif %}
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -1,12 +1,12 @@
 ---
-wazuh_manager_version: 3.11.0-1
+wazuh_manager_version: 3.11.1-1
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
 wazuh_manager_sources_installation:
  enabled: false
-  branch: "v3.11.0"
+  branch: "v3.11.1"
  user_language: "en"
  user_no_stop: "y"
  user_install_type: "server"
@ -31,7 +31,7 @@ wazuh_manager_sources_installation:
 wazuh_api_sources_installation:
  enabled: false
-  branch: "v3.11.0"
+  branch: "v3.11.1"
  update: "y"
  remove: "y"
  directory: null
@ -87,7 +87,7 @@ wazuh_manager_config:
  connection:
    - type: 'secure'
      port: '1514'
-      protocol: 'tcp'
+      protocol: 'udp'
      queue_size: 131072
  authd:
    enable: true
@ -97,6 +97,8 @@ wazuh_manager_config:
    force_time: 0
    purge: 'no'
    use_password: 'no'
    limit_maxagents: 'yes'
    ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
    ssl_agent_ca: null
    ssl_verify_host: 'no'
    ssl_manager_cert: 'sslmanager.cert'
@ -105,13 +107,14 @@ wazuh_manager_config:
  email_notification: 'no'
  mail_to:
    - 'admin@example.net'
-  mail_smtp_server: localhost
+  mail_smtp_server: smtp.example.wazuh.com
-  mail_from: wazuh-server@example.com
+  mail_from: ossecm@example.wazuh.com
  mail_maxperhour: 12
  mail_queue_size: 131072
  email_log_source: 'alerts.log'
  extra_emails:
    - enable: false
-      mail_to: 'admin@example.net'
+      mail_to: 'recipient@example.wazuh.com'
      format: full
      level: 7
      event_location: null
@ -152,6 +155,10 @@ wazuh_manager_config:
      - /etc/svc/volatile
      - /sys/kernel/security
      - /sys/kernel/debug
      - /dev/core
    ignore_linux_type:
      - '^/proc'
      - '.log$|.swp$'
    no_diff:
      - /etc/ssl/private.key
    directories:
@ -164,8 +171,6 @@ wazuh_manager_config:
      timeframe: 'timeframe="3600"'
      value: 'no'
    skip_nfs: 'yes'
    remove_old_diff: 'yes'
    restart_audit: 'yes'
  rootcheck:
    frequency: 43200
  openscap:
@ -181,10 +186,6 @@ wazuh_manager_config:
    scan_on_start: 'yes'
    java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
    ciscat_path: 'wodles/ciscat'
    content:
      - type: 'xccdf'
        path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
  osquery:
    disable: 'yes'
    run_daemon: 'yes'
@ -209,20 +210,36 @@ wazuh_manager_config:
    day: ''
    wday: ''
    time: ''
-  vul_detector:
+  vulnerability_detector:
-    disable: 'yes'
+    enabled: 'no'
    interval: '5m'
    ignore_time: '6h'
    run_on_start: 'yes'
-    ubuntu:
+    providers:
-      disable: 'yes'
+      - enabled: 'no'
-      update_interval: '1h'
+        os:
-    redhat:
+          - 'precise'
-      disable: 'yes'
+          - 'trusty'
-      update_interval: '1h'
+          - 'xenial'
-    debian:
+          - 'bionic'
-      disable: 'yes'
+        update_interval: '1h'
-      update_interval: '1h'
+        name: '"canonical"'
      - enabled: 'no'
        os:
          - 'wheezy'
          - 'stretch'
          - 'jessie'
          - 'buster'
        update_interval: '1h'
        name: '"debian"'
      - enabled: 'no'
        update_from_year: '2010'
        update_interval: '1h'
        name: '"redhat"'
      - enabled: 'no'
        update_from_year: '2010'
        update_interval: '1h'
        name: '"nvd"'
  vuls:
    disable: 'yes'
    interval: '1d'
@ -233,15 +250,15 @@ wazuh_manager_config:
      - 'updatenvd'
      - 'nvd-year 2016'
      - 'autoupdate'
-  log_level: 1
+  log_level: 3
  email_level: 12
  localfiles:
    common:
      - format: 'command'
-        command: df -P -x squashfs -x tmpfs -x devtmpfs
+        command: df -P
        frequency: '360'
      - format: 'full_command'
-        command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
+        command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
        alias: 'netstat listening ports'
        frequency: '360'
      - format: 'full_command'
@ -268,18 +285,15 @@ wazuh_manager_config:
        location: '/var/log/audit/audit.log'
  globals:
    - '127.0.0.1'
-    - '192.168.2.1'
+    - '^localhost.localdomain$'
    - '127.0.0.53'
  commands:
    - name: 'disable-account'
      executable: 'disable-account.sh'
      expect: 'user'
      timeout_allowed: 'yes'
-    # - name: 'restart-ossec'
+    - name: 'restart-ossec'
-    #   executable: 'restart-ossec.sh'
+      executable: 'restart-ossec.sh'
    #   expect: ''
    #   timeout_allowed: 'no'
    - name: 'win_restart-ossec'
      executable: 'restart-ossec.cmd'
      expect: ''
      timeout_allowed: 'no'
    - name: 'firewall-drop'
@ -298,6 +312,10 @@ wazuh_manager_config:
      executable: 'route-null.cmd'
      expect: 'srcip'
      timeout_allowed: 'yes'
    - name: 'win_route-null-2012'
      executable: 'route-null-2012.cmd'
      expect: 'srcip'
      timeout_allowed: 'yes'
    - name: 'netsh'
      executable: 'netsh.cmd'
      expect: 'srcip'
@ -327,7 +345,6 @@ wazuh_agent_configs:
    syscheck:
      frequency: 43200
      scan_on_start: 'yes'
      auto_ignore: 'no'
      alert_new_files: 'yes'
      ignore:
        - /etc/mtab
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
@ -61,6 +61,7 @@
          state: directory
    # When downloading "v3.11.0" extracted folder name is 3.11.0. 
    # Explicitly creating the folder with proper naming and striping first level in .tar.gz file
      - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -18,7 +18,7 @@
    <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
    <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
    <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
-    <queue_size>{{ wazuh_manager_config.mail_queue_size }}</queue_size>
+    <email_log_source>{{ wazuh_manager_config.email_log_source }}</email_log_source>
  </global>
  <alerts>
@ -115,7 +115,6 @@
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_unixaudit>yes</check_unixaudit>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
@ -129,11 +128,6 @@
    <rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>/var/ossec/etc/shared/default/system_audit_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/default/system_audit_ssh.txt</system_audit>
    {% if cis_distribution_filename is defined %}
    <system_audit>/var/ossec/etc/shared/default/{{ cis_distribution_filename }}</system_audit>
    {% endif %}
    <skip_nfs>yes</skip_nfs>
  </rootcheck>
@ -212,11 +206,6 @@
    <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>
    {% endif %}
    <ciscat_path>{{ wazuh_manager_config.cis_cat.ciscat_path }}</ciscat_path>
    {% for benchmark in wazuh_manager_config.cis_cat.content %}
    <content type="{{ benchmark.type }}" path="{{ benchmark.path }}">
      <profile>{{ benchmark.profile }}</profile>
    </content>
    {% endfor %}
  </wodle>
  <!-- Osquery integration -->
@ -265,24 +254,40 @@
  {% endif %}
  </sca>
-  <wodle name="vulnerability-detector">
+  <vulnerability-detector>
-    <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
+  {% if wazuh_manager_config.vulnerability_detector.enabled is defined %}
-    <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>
+    <enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled>
-    <ignore_time>{{ wazuh_manager_config.vul_detector.ignore_time }}</ignore_time>
+  {% endif %}
-    <run_on_start>{{ wazuh_manager_config.vul_detector.run_on_start }}</run_on_start>
+  {% if wazuh_manager_config.vulnerability_detector.interval is defined %}
-    <feed name="ubuntu-18">
+    <interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
-      <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
+  {% endif %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
+  {% if wazuh_manager_config.vulnerability_detector.ignore_time is defined %}
-    </feed>
+    <ignore_time>{{ wazuh_manager_config.vulnerability_detector.ignore_time }}</ignore_time>
-    <feed name="redhat">
+  {% endif %}
-      <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
+  {% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
+    <run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
-    </feed>
+  {% endif %}
-    <feed name="debian-9">
+  {% if wazuh_manager_config.vulnerability_detector.providers is defined %}
-      <disabled>{{ wazuh_manager_config.vul_detector.debian.disable }}</disabled>
+  {% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
-      <update_interval>{{ wazuh_manager_config.vul_detector.debian.update_interval }}</update_interval>
+    <provider name={{ provider_.name }}>
-    </feed>
+      {% if provider_.enabled is defined %}
-  </wodle>
+      <enabled>{{ provider_.enabled }}</enabled>
      {% endif %}
      {% if provider_.os is defined %}
      {% for os_ in provider_.os %}
      <os>{{ os_ }}</os>
      {% endfor %}
      {% endif %}
      {% if provider_.update_from_year is defined %}
      <update_from_year>{{ provider_.update_from_year }}</update_from_year>
      {% endif %}
      {% if provider_.update_interval is defined %}
      <update_interval>{{ provider_.update_interval }}</update_interval>
      {% endif %}
    </provider>
  {% endfor %}
  {% endif %}
  </vulnerability-detector>
  <!-- File integrity monitoring -->
  <syscheck>
@ -293,7 +298,7 @@
    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
-    <!-- Don't ignore files that change more than 'frequency' times -->
+    <!-- Do not ignore files that change more than 'frequency' times -->
    {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %}
    <auto_ignore {{ wazuh_manager_config.syscheck.auto_ignore_frequency.frequency }} {{ wazuh_manager_config.syscheck.auto_ignore_frequency.timeframe }}>{{wazuh_manager_config.syscheck.auto_ignore_frequency.value }}</auto_ignore>
    {% endif %}
@ -312,6 +317,14 @@
    {% endfor %}
    {% endif %}
    <!-- File types to ignore -->
    {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
    {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
    <ignore type="sregex">{{ ignore }}</ignore>
    {% endfor %}
    {% endif %}
    <!-- Files no diff -->
    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
    <nodiff>{{ no_diff }}</nodiff>
@ -319,16 +332,6 @@
    {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
    <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
    {% endif %}
    <!-- Remove not monitored files -->
    {% if wazuh_manager_config.syscheck.remove_old_diff is defined %}
    <remove_old_diff>{{ wazuh_manager_config.syscheck.remove_old_diff }}</remove_old_diff>
    {% endif %}
    <!-- Allow the system to restart Auditd after installing the plugin -->
    {% if wazuh_manager_config.syscheck.restart_audit is defined %}
    <restart_audit>{{ wazuh_manager_config.syscheck.restart_audit }}</restart_audit>
    {% endif %}
  </syscheck>
  <global>
@ -390,6 +393,12 @@
    {% if wazuh_manager_config.authd.use_password is not none %}
    <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
    {% endif %}
    {% if wazuh_manager_config.authd.limit_maxagents is not none %}
    <limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
    {% endif %}
    {% if wazuh_manager_config.authd.ciphers is not none %}
    <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
    {% endif %}    
    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
    <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
    {% endif %}
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@ -4,7 +4,9 @@
 <agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
  {% if agent_config.syscheck is defined %}
  <syscheck>
    {% if agent_config.syscheck.auto_ignore is defined %}
    <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
    {% endif %}
    <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
    <!-- Frequency that syscheck is executed -- default every 20 hours -->
    <frequency>{{ agent_config.syscheck.frequency }}</frequency>
`@ -1,2 +1,2 @@`
	`WAZUH-ANSIBLE_VERSION="v3.11.0"`	`WAZUH-ANSIBLE_VERSION="v3.11.1"`
	`REVISION="31100"`	`REVISION="31110"`