Merge branch '3.9' into active_response

CHANGELOG.md

@@ -1,11 +1,22 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+
+## [v3.9.0]
+
+
+## [v3.8.2]
+
+### Changed 
+
+- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150))
+
 ## [v3.8.1]
 
 ### Changed
 - Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148))
 
+
 ## [v3.8.0]
 
 ### Added

VERSION

@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v3.8.1"
+WAZUH-ANSIBLE_VERSION="v3.8.3"
-REVISION="3800"
+REVISION="3802"

roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml

@@ -1,12 +1,8 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - when: elasticsearch_install_java
   block:

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 6.5.4
-wazuh_version: 3.8.1
+wazuh_version: 3.8.2
 

roles/elastic-stack/ansible-kibana/tasks/Debian.yml

@@ -1,12 +1,8 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - name: Debian/Ubuntu | Add Elasticsearch GPG key
   apt_key:

roles/elastic-stack/ansible-logstash/tasks/Debian.yml

@@ -1,12 +1,8 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - when: logstash_install_java
   block:

roles/wazuh/ansible-filebeat/tasks/Debian.yml

@@ -1,12 +1,9 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
+
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - name: Debian/Ubuntu | Add Elasticsearch apt key.
   apt_key:

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -23,7 +23,7 @@ wazuh_winagent_config:
   install_dir_x86: 'C:\Program Files (x86)\ossec-agent\'
   auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  version: '3.8.1'
+  version: '3.8.2'
   revision: '1'
   repo: https://packages.wazuh.com/3.x/windows/
   md5: 43936e7bc7eb51bd186f47dac4a6f477
@@ -281,10 +281,10 @@ wazuh_agent_config:
       - format: 'syslog'
         location: '/var/ossec/logs/active-responses.log'
       - format: 'command'
-        command: 'df -P'
+        command: df -P -x squashfs -x tmpfs -x devtmpfs
         frequency: '360'
       - format: 'full_command'
-        command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d         
+        command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
         alias: 'netstat listening ports'      
         frequency: '360'
       - format: 'full_command'

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -1,12 +1,8 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - name: Debian/Ubuntu | Installing repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
@@ -49,13 +45,9 @@
 
 - name: Debian/Ubuntu | Install OpenScap
   apt:
-    name: "{{ item }}"
+    name: ['libopenscap8', 'xsltproc']
     state: present
-    cache_valid_time: 3600
     when: wazuh_agent_config.openscap.disable == 'no'
-  with_items:
-    - libopenscap8
-    - xsltproc
     tags:
         - init
 

roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2

@@ -10,3 +10,7 @@
 
 # This is the template of Ansible for the file local_internal_options.conf
 # In this file you could include the configuration settings for your agents
+
+# Logcollector - If it should accept remote commands from the manager
+logcollector.remote_commands=1
+

roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -291,6 +291,9 @@
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
         <command>{{ localfile.command }}</command>
         <frequency>{{ localfile.frequency }}</frequency>
+        {% if localfile.alias is defined %}
+          <alias>{{ localfile.alias }}</alias>
+        {% endif %}
     {% else %}
         <location>{{ localfile.location }}</location>
     {% endif %}
@@ -305,6 +308,9 @@
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
         <command>{{ localfile.command }}</command>
         <frequency>{{ localfile.frequency }}</frequency>
+        {% if localfile.alias is defined %}
+          <alias>{{ localfile.alias }}</alias>
+        {% endif %}
     {% else %}
         <location>{{ localfile.location }}</location>
     {% endif %}
@@ -319,6 +325,9 @@
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
         <command>{{ localfile.command }}</command>
         <frequency>{{ localfile.frequency }}</frequency>
+        {% if localfile.alias is defined %}
+          <alias>{{ localfile.alias }}</alias>
+        {% endif %}
     {% else %}
         <location>{{ localfile.location }}</location>
     {% endif %}

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -29,7 +29,6 @@ wazuh_manager_config:
     node_name: 'manager_01'
     node_type: 'master'
     key: 'ugdtAnd7Pi9myP7CVts4qZaZQEQcRYZa'
-    interval: '2m'
     port: '1516'
     bind_addr: '0.0.0.0'
     nodes:
@@ -183,10 +182,10 @@ wazuh_manager_config:
   localfiles:
     common:
        - format: 'command'
-         command: 'df -P'
+         command: df -P -x squashfs -x tmpfs -x devtmpfs
          frequency: '360'
        - format: 'full_command'
-         command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+         command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
          alias: 'netstat listening ports'
          frequency: '360'
        - format: 'full_command'
@@ -256,17 +255,6 @@ wazuh_manager_config:
       decoders_path: 'custom_ruleset/decoders/'
   rule_exclude:
     - '0215-policy_rules.xml'
-  active_responses:
-    - command: 'restart-ossec'
-      location: 'local'
-      rules_id: '100002'
-    - command: 'win_restart-ossec'
-      location: 'local'
-      rules_id: '100003'
-    - command: 'host-deny'
-      location: 'local'
-      level: 6
-      timeout: 600
   syslog_outputs:
     - server: null
       port: null

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -1,12 +1,8 @@
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
-    name: "{{ item }}"
+    name: ['apt-transport-https', 'ca-certificates']
     state: present
-    cache_valid_time: 3600
-  with_items:
-    - apt-transport-https
-    - ca-certificates
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -11,11 +11,7 @@
     <alerts_log>{{ wazuh_manager_config.alerts_log }}</alerts_log>
     <logall>{{ wazuh_manager_config.logall }}</logall>
     <logall_json>{{ wazuh_manager_config.logall_json }}</logall_json>
-    {% if wazuh_manager_config.email_notification | lower == "yes" %}
+    <email_notification>{{ wazuh_manager_config.email_notification }}</email_notification>
-    <email_notification>yes</email_notification>
-    {% else %}
-    <email_notification>no</email_notification>
-    {% endif %}
     {% for to in wazuh_manager_config.mail_to %}
     <email_to>{{ to }}</email_to>
     {% endfor %}
@@ -235,7 +231,7 @@
       <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
       <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
     </feed>
-    <feed name="redhat-7">
+    <feed name="redhat">
       <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
       <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
     </feed>
@@ -392,6 +388,8 @@
 {% endif %}
 
 
+
+{% if wazuh_manager_config.active_responses is defined %}
   {% for response in wazuh_manager_config.active_responses %}
     <active-response>
       <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
@@ -405,6 +403,7 @@
       {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
     </active-response>
   {% endfor %}
+{% endif %}
 
   <!-- Files to monitor (localfiles) -->
 {% for localfile in wazuh_manager_config.localfiles.common %}