From 96390a2d465976ea7679f30512fd51d83f01d814 Mon Sep 17 00:00:00 2001 From: manuasir Date: Wed, 19 Dec 2018 10:22:40 +0100 Subject: [PATCH 01/17] Installing apt packages concurrently, related #109 --- .../ansible-elasticsearch/tasks/Debian.yml | 8 +++---- .../ansible-kibana/tasks/Debian.yml | 8 +++---- .../ansible-logstash/tasks/Debian.yml | 8 +++---- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 9 ++++---- .../ansible-wazuh-agent/tasks/Debian.yml | 22 ++++++++----------- .../ansible-wazuh-manager/tasks/Debian.yml | 8 +++---- 6 files changed, 25 insertions(+), 38 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index ae4e717f..2cfcc77b 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -1,12 +1,10 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates - when: elasticsearch_install_java block: diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 9cb809d2..733b222c 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -1,12 +1,10 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates - name: Debian/Ubuntu | Add Elasticsearch GPG key apt_key: diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 628fd8e4..9d0cd4b5 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -1,12 +1,10 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates - when: logstash_install_java block: diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 45494c26..32fab13e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -1,12 +1,11 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates + - name: Debian/Ubuntu | Add Elasticsearch apt key. apt_key: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..b11b846a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,12 +1,10 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates - name: Debian/Ubuntu | Installing repository key apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH @@ -49,15 +47,13 @@ - name: Debian/Ubuntu | Install OpenScap apt: - name: "{{ item }}" state: present - cache_valid_time: 3600 - when: wazuh_agent_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc - tags: - - init + when: wazuh_agent_config.openscap.disable == 'no' + pkg: + - libopenscap8 + - xsltproc + tags: + - init - name: Debian/Ubuntu | Get OpenScap installed version shell: "dpkg-query --showformat='${Version}' --show libopenscap8" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..9905b238 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,12 +1,10 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - name: "{{ item }}" + pkg: + - apt-transport-https + - ca-certificates state: present - cache_valid_time: 3600 - with_items: - - apt-transport-https - - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH From 72b0f672d63380ef58605772602ac783258cc202 Mon Sep 17 00:00:00 2001 From: Perry Kollmorgen Date: Mon, 21 Jan 2019 09:10:45 +1000 Subject: [PATCH 02/17] Fix warning from cluster interval option in defaults #145 The interval option in the cluster section in the defaults has been depreciated and no longer requires to be set. https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/cluster.html#interval --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b9817a3a..d7af37ea 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -29,7 +29,6 @@ wazuh_manager_config: node_name: 'manager_01' node_type: 'master' key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa' - interval: '2m' port: '1516' bind_addr: '0.0.0.0' nodes: From 1b51b2dc11112e4b082eaf34020f99c4376dcd3f Mon Sep 17 00:00:00 2001 From: Perry Kollmorgen Date: Mon, 21 Jan 2019 09:12:35 +1000 Subject: [PATCH 03/17] Fix warning from vul_detector config for Redhat Feed Name #145 The value for the Redhat Feed Name in the ossec.conf template no longer requires a version. i.e the value should be "redhat" rather "redhat-7" or similar. https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-vuln-detector.html#feed https://github.com/wazuh/wazuh/pull/2137 --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 71201e92..f3c43dcc 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -235,7 +235,7 @@ {{ wazuh_manager_config.vul_detector.ubuntu.disable }} {{ wazuh_manager_config.vul_detector.ubuntu.update_interval }} - + {{ wazuh_manager_config.vul_detector.redhat.disable }} {{ wazuh_manager_config.vul_detector.redhat.update_interval }} From f26ba7fd243e919086d565796d6b92e7d0ef9443 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Tue, 22 Jan 2019 16:46:04 +0100 Subject: [PATCH 04/17] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index db70ddde..803c45fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.9.0] + ## [v3.8.0] ### Added From aaef9cd1fac8e3c4f53402e29e1d61e880aa4422 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Tue, 22 Jan 2019 16:46:39 +0100 Subject: [PATCH 05/17] Update VERSION --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index b70c5861..53f0359c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3804" +WAZUH-ANSIBLE_VERSION="v3.9.0" +REVISION="3900" From b3f4046a837c8dbe74d96b6e2e83c41238548554 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Wed, 30 Jan 2019 16:55:35 +0100 Subject: [PATCH 06/17] Bump version 3.8.2 --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 7d501c8d..63d5e48d 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.8.1" -REVISION="3800" +WAZUH-ANSIBLE_VERSION="v3.8.2" +REVISION="3801" From 2030751eac9aa747daf6326fdca43cd295a63c46 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Wed, 30 Jan 2019 17:02:33 +0100 Subject: [PATCH 07/17] Update to Wazuh version v3.8.2 --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 149a162c..d8d60107 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 -wazuh_version: 3.8.1 +wazuh_version: 3.8.2 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e08b891d..150daeba 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.8.1' + version: '3.8.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477 From 272d1c623a1482b92c7d73112463a4fb61cc8186 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Wed, 30 Jan 2019 17:07:10 +0100 Subject: [PATCH 08/17] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54ee6666..6621de13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.8.2] + +### Changed + +- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150)) + ## [v3.8.1] ### Changed From 9ecfd7aeacba289b0146dd1878b3e1eb1ad129d7 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Thu, 31 Jan 2019 10:21:04 +0100 Subject: [PATCH 09/17] Bump version 3.8.3 --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 63d5e48d..a85b3d76 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.8.2" -REVISION="3801" +WAZUH-ANSIBLE_VERSION="v3.8.3" +REVISION="3802" From 81058daf1b3baa517203417a2283eadf59831cf9 Mon Sep 17 00:00:00 2001 From: Pawel Krawczyk Date: Mon, 18 Feb 2019 12:59:48 +0000 Subject: [PATCH 10/17] Replace netstat with ss The `ss` program is now the official replacement for `netstat` which is deprecated in most Linux distributions. Also replace the messy sed rules which do not work on all versions with a clean command-line that just displays the key information that does **not** change on every command run (e.g. PID) resulting in false positives. --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e08b891d..8ef9764e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -284,7 +284,7 @@ wazuh_agent_config: command: 'df -P' frequency: '360' - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t alias: 'netstat listening ports' frequency: '360' - format: 'full_command' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index b9817a3a..96e6346d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -186,7 +186,7 @@ wazuh_manager_config: command: 'df -P' frequency: '360' - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t alias: 'netstat listening ports' frequency: '360' - format: 'full_command' From bcd327280ed6a19f29ee03cb3507be1749676bee Mon Sep 17 00:00:00 2001 From: Pawel Krawczyk Date: Mon, 18 Feb 2019 13:01:42 +0000 Subject: [PATCH 11/17] Do not report virtual filesystems in df Tell `df` not to report on virtual filesystems such as `squashfs` (used by `snapd` and always at 100%), `tmpfs` (memory-only) and `devtmpfs` (used by `udev`) --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8ef9764e..32c8bdcc 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -281,7 +281,7 @@ wazuh_agent_config: - format: 'syslog' location: '/var/ossec/logs/active-responses.log' - format: 'command' - command: 'df -P' + command: df -P -x squashfs -x tmpfs -x devtmpfs frequency: '360' - format: 'full_command' command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 96e6346d..71796d9d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -183,7 +183,7 @@ wazuh_manager_config: localfiles: common: - format: 'command' - command: 'df -P' + command: df -P -x squashfs -x tmpfs -x devtmpfs frequency: '360' - format: 'full_command' command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t From f96ab0a317e3c8bac60d50c83465c61527fe2775 Mon Sep 17 00:00:00 2001 From: Pawel Krawczyk Date: Wed, 20 Feb 2019 13:31:24 +0000 Subject: [PATCH 12/17] Add flag to accept remote commands from manager Without this flag the agent will not accept any system check commands (`command` and `full_command`) configured in the Wazuh Manager settings to cascade down to agents. --- .../templates/var-ossec-etc-local-internal-options.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 index 6e3c86a8..81979e59 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 @@ -10,3 +10,7 @@ # This is the template of Ansible for the file local_internal_options.conf # In this file you could include the configuration settings for your agents + +# Logcollector - If it should accept remote commands from the manager +logcollector.remote_commands=1 + From 7381dc8b2bcaa7f8481e35813c5a8586d399b03e Mon Sep 17 00:00:00 2001 From: Pawel Krawczyk Date: Fri, 22 Mar 2019 00:03:42 +0000 Subject: [PATCH 13/17] Fix wazuh_manager_config.email_notification There's no need for a complicated if..then condition here since the value is expected to be yes/no only --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 71201e92..7fa9dad4 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -11,11 +11,7 @@ {{ wazuh_manager_config.alerts_log }} {{ wazuh_manager_config.logall }} {{ wazuh_manager_config.logall_json }} - {% if wazuh_manager_config.email_notification | lower == "yes" %} - yes - {% else %} - no - {% endif %} + {{ wazuh_manager_config.email_notification }} {% for to in wazuh_manager_config.mail_to %} {{ to }} {% endfor %} From a9344cf18180d91da8b3c86e5843f34ddd6e088a Mon Sep 17 00:00:00 2001 From: l Date: Mon, 1 Apr 2019 12:23:48 +0200 Subject: [PATCH 14/17] Using list instead of iterating over one to install packages --- .../elastic-stack/ansible-elasticsearch/tasks/Debian.yml | 4 +--- roles/elastic-stack/ansible-logstash/tasks/Debian.yml | 4 +--- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 4 +--- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 8 ++------ roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 +--- 5 files changed, 6 insertions(+), 18 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml index 2cfcc77b..162ed42f 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present - when: elasticsearch_install_java diff --git a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml index 9d0cd4b5..1fc5a1f8 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present - when: logstash_install_java diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index 32fab13e..226f145e 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index b11b846a..5fef8bad 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present - name: Debian/Ubuntu | Installing repository key @@ -47,11 +45,9 @@ - name: Debian/Ubuntu | Install OpenScap apt: + name: ['libopenscap8', 'xsltproc'] state: present when: wazuh_agent_config.openscap.disable == 'no' - pkg: - - libopenscap8 - - xsltproc tags: - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 9905b238..94849f96 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present - name: Debian/Ubuntu | Installing Wazuh repository key From 7e284b8dd498b7d97b5d07f86999a3e2b44c2787 Mon Sep 17 00:00:00 2001 From: l Date: Mon, 1 Apr 2019 12:59:39 +0200 Subject: [PATCH 15/17] Using apt list at kibana --- roles/elastic-stack/ansible-kibana/tasks/Debian.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml index 733b222c..a7db7dee 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml @@ -1,9 +1,7 @@ --- - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates apt: - pkg: - - apt-transport-https - - ca-certificates + name: ['apt-transport-https', 'ca-certificates'] state: present - name: Debian/Ubuntu | Add Elasticsearch GPG key From 29301b0044b4b7d7d1f158f90c0fa53925827c38 Mon Sep 17 00:00:00 2001 From: l Date: Wed, 3 Apr 2019 12:20:59 +0200 Subject: [PATCH 16/17] Adding alias to agent config file template --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index 6327441a..bfcf86e4 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -291,6 +291,9 @@ {% if localfile.format == 'command' or localfile.format == 'full_command' %} {{ localfile.command }} {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} {{ localfile.location }} {% endif %} @@ -305,6 +308,9 @@ {% if localfile.format == 'command' or localfile.format == 'full_command' %} {{ localfile.command }} {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} {{ localfile.location }} {% endif %} @@ -319,6 +325,9 @@ {% if localfile.format == 'command' or localfile.format == 'full_command' %} {{ localfile.command }} {{ localfile.frequency }} + {% if localfile.alias is defined %} + {{ localfile.alias }} + {% endif %} {% else %} {{ localfile.location }} {% endif %} From ce4665ef3e11fa1a10de33ec6c6a0cda88232232 Mon Sep 17 00:00:00 2001 From: l Date: Thu, 4 Apr 2019 10:22:33 +0200 Subject: [PATCH 17/17] Fixing default active response --- .../ansible-wazuh-manager/defaults/main.yml | 11 -------- .../var-ossec-etc-ossec-server.conf.j2 | 28 ++++++++++--------- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index e55f4848..80b39c06 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -255,17 +255,6 @@ wazuh_manager_config: decoders_path: 'custom_ruleset/decoders/' rule_exclude: - '0215-policy_rules.xml' - active_responses: - - command: 'restart-ossec' - location: 'local' - rules_id: '100002' - - command: 'win_restart-ossec' - location: 'local' - rules_id: '100003' - - command: 'host-deny' - location: 'local' - level: 6 - timeout: 600 syslog_outputs: - server: null port: null diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 595279c1..873588cc 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -395,19 +395,21 @@