From 82547c0c86438bc87157e17105a96cbe4179da54 Mon Sep 17 00:00:00 2001 From: Alberto R Date: Mon, 8 Mar 2021 17:14:56 +0100 Subject: [PATCH 01/34] 4.1.2 Bump --- CHANGELOG.md | 6 ++++++ README.md | 2 +- molecule/default/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk-xpack/group_vars/all.yml | 6 +++--- .../distributed-wazuh-elk-xpack/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-elk/tests/test_default.py | 2 +- molecule/distributed-wazuh-odfe/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-odfe/tests/test_default.py | 2 +- pyproject.toml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 16 files changed, 31 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9693e624..5aadbc68 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.1.2] + +### Added + +- Update to [Wazuh v4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v411) + ## [v4.1.1] ### Added diff --git a/README.md b/README.md index 66a3cbb9..6039c486 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.1.1 | 7.10.0 | 1.12.0 | +| v4.1.2 | 7.10.0 | 1.12.0 | ## Documentation diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index e2553f2b..1494b9dc 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.1" + return "4.1.2" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index 0ddad67f..b959b161 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -18,11 +18,11 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.1-1 -wazuh_agent_version: 4.1.1-1 +wazuh_manager_version: 4.1.2-1 +wazuh_agent_version: 4.1.2-1 # Kibana role appends it automatically. -wazuh_version: 4.1.1 +wazuh_version: 4.1.2 ######################################################## diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index df94fa34..077520a8 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.1" + return "4.1.2" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index eee90788..b1844a34 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -16,8 +16,8 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.1-1 -wazuh_agent_version: 4.1.1-1 +wazuh_manager_version: 4.1.2-1 +wazuh_agent_version: 4.1.2-1 # Kibana role appends it automatically. -wazuh_version: 4.1.1 +wazuh_version: 4.1.2 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index df94fa34..077520a8 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.1" + return "4.1.2" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index 521f8994..823db86b 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -40,8 +40,8 @@ filebeat_version: 7.10.0 kibana_opendistro_version: 1.12.0-1 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.1.1-1 -wazuh_agent_version: 4.1.1-1 +wazuh_manager_version: 4.1.2-1 +wazuh_agent_version: 4.1.2-1 # Kibana role appends it automatically. -wazuh_version: 4.1.1 +wazuh_version: 4.1.2 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index e2553f2b..1494b9dc 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.1.1" + return "4.1.2" def test_wazuh_packages_are_installed(host): diff --git a/pyproject.toml b/pyproject.toml index fc3313b6..fb9d0d3b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.1.1" +version = "4.1.2" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index be7a8820..783bda2b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.10.2 -wazuh_version: 4.1.1 +wazuh_version: 4.1.2 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index a04db4e1..a68d7c9a 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -10,7 +10,7 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.10.0 -wazuh_version: 4.1.1 +wazuh_version: 4.1.2 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 1c061daf..37ffe303 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.0 -wazuh_template_branch: v4.1.1 +wazuh_template_branch: v4.1.2 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 1e584269..94d28368 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.1.1 +wazuh_template_branch: v4.1.2 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 2d7b8423..f6d696c5 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.1.1-1 +wazuh_agent_version: 4.1.2-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.1.1" + branch: "v4.1.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -55,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.1-1.msi -wazuh_winagent_package_name: wazuh-agent-4.1.1-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.2-1.msi +wazuh_winagent_package_name: wazuh-agent-4.1.2-1.msi wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 30652aa6..44e8f9f4 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.1.1-1 +wazuh_manager_version: 4.1.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.1.1" + branch: "v4.1.2" user_language: "en" user_no_stop: "y" user_install_type: "server" From 4f2f698bca1c8fac577575f90f4d36fbf66d0166 Mon Sep 17 00:00:00 2001 From: Alberto R Date: Mon, 8 Mar 2021 19:02:09 +0100 Subject: [PATCH 02/34] Updated disconnection time in template --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 44e8f9f4..b4f4c12c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -71,8 +71,8 @@ wazuh_manager_globals: - '^localhost.localdomain$' - '127.0.0.53' -wazuh_manager_agent_disconnection_time: '20s' -wazuh_manager_agents_disconnection_alert_time: '100s' +wazuh_manager_agent_disconnection_time: '10m' +wazuh_manager_agents_disconnection_alert_time: '0' ## Alerts wazuh_manager_log_level: 3 From ef94835bab73115cfdabe5eb109919344a0a1904 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Rodr=C3=ADguez?= Date: Tue, 9 Mar 2021 18:43:44 +0100 Subject: [PATCH 03/34] Update CHANGELOG.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Víctor Moreno Jiménez --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5aadbc68..bd120b74 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to [Wazuh v4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v411) +- Update to [Wazuh v4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412) ## [v4.1.1] From 0741be36a6389b33ed9dab74b8ecca470bafdd74 Mon Sep 17 00:00:00 2001 From: d-malko Date: Mon, 29 Mar 2021 10:15:47 +0300 Subject: [PATCH 04/34] Use localhost for elasticsearch and filebeat on single node setup. --- playbooks/wazuh-odfe-single.yml | 11 ++++++++--- .../opendistro-elasticsearch/tasks/main.yml | 4 ++-- .../tasks/security_actions.yml | 4 ++-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index ce98cfaf..569876d6 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -12,10 +12,15 @@ single_node: true minimum_master_nodes: 1 elasticsearch_node_master: true - elasticsearch_network_host: + elasticsearch_network_host: 127.0.0.1 filebeat_node_name: node-1 - filebeat_output_elasticsearch_hosts: + filebeat_output_elasticsearch_hosts: 127.0.0.1 instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. - ip: \ No newline at end of file + ip: 127.0.0.1 + elasticsearch_security_password: " Date: Wed, 31 Mar 2021 13:08:28 +0300 Subject: [PATCH 05/34] Remove password variables --- playbooks/wazuh-odfe-single.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/playbooks/wazuh-odfe-single.yml b/playbooks/wazuh-odfe-single.yml index 569876d6..33f3a586 100644 --- a/playbooks/wazuh-odfe-single.yml +++ b/playbooks/wazuh-odfe-single.yml @@ -19,8 +19,3 @@ node1: name: node-1 # Important: must be equal to elasticsearch_node_name. ip: 127.0.0.1 - elasticsearch_security_password: " Date: Wed, 14 Apr 2021 08:04:11 +0200 Subject: [PATCH 06/34] Bump to v4.3.0 --- CHANGELOG.md | 6 ++++++ README.md | 2 ++ molecule/default/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk-xpack/group_vars/all.yml | 6 +++--- .../distributed-wazuh-elk-xpack/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-elk/tests/test_default.py | 2 +- molecule/distributed-wazuh-odfe/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-odfe/tests/test_default.py | 2 +- pyproject.toml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 16 files changed, 32 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0456219e..30f45299 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.3.0] + +### Added + +- Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430) + ## [v4.2.0] ### Added diff --git a/README.md b/README.md index 76a308ce..395b15a7 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,8 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| +| v4.3.0 | 7.10.0 | 1.12.0 | +|---------------|---------|--------| | v4.2.0 | 7.10.0 | 1.12.0 | |---------------|---------|--------| | v4.1.4 | 7.10.0 | 1.12.0 | diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 07b66ff0..b972568a 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.2.0" + return "4.3.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index 8c5b9a7a..a9d29f28 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -18,11 +18,11 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.2.0-1 -wazuh_agent_version: 4.2.0-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.2.0 +wazuh_version: 4.3.0 ######################################################## diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index f84cbb7a..1213c959 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.2.0" + return "4.3.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index bfb56ca5..3124a9c9 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -16,8 +16,8 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.2.0-1 -wazuh_agent_version: 4.2.0-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.2.0 +wazuh_version: 4.3.0 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index f84cbb7a..1213c959 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.2.0" + return "4.3.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index c58872e5..afd3c9b3 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -40,8 +40,8 @@ filebeat_version: 7.10.0 kibana_opendistro_version: 1.12.0-1 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.2.0-1 -wazuh_agent_version: 4.2.0-1 +wazuh_manager_version: 4.3.0-1 +wazuh_agent_version: 4.3.0-1 # Kibana role appends it automatically. -wazuh_version: 4.2.0 +wazuh_version: 4.3.0 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index 07b66ff0..b972568a 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.2.0" + return "4.3.0" def test_wazuh_packages_are_installed(host): diff --git a/pyproject.toml b/pyproject.toml index ec1c35e3..550e0acf 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.2.0" +version = "4.3.0" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 916b4aa2..b6e50c08 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.10.2 -wazuh_version: 4.2.0 +wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index dffa0fc1..71d1fcd1 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -10,7 +10,7 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.10.0 -wazuh_version: 4.2.0 +wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index b452e481..1df647d0 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.0 -wazuh_template_branch: v4.2.0 +wazuh_template_branch: v4.3.0 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index ca375b6f..5dcd2834 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.2.0 +wazuh_template_branch: v4.3.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 8fc9007b..a311d36f 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.2.0-1 +wazuh_agent_version: 4.3.0-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.2.0" + branch: "v4.3.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -55,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.2.0-1.msi -wazuh_winagent_package_name: wazuh-agent-4.2.0-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi +wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index c6c4e956..16a88ef6 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.2.0-1 +wazuh_manager_version: 4.3.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.2.0" + branch: "v4.3.0" user_language: "en" user_no_stop: "y" user_install_type: "server" From f1f137a9d284a5ad056d92c1e55dbd47a805498d Mon Sep 17 00:00:00 2001 From: Victor Moreno Jimenez Date: Tue, 16 Mar 2021 18:50:34 +0100 Subject: [PATCH 07/34] Working in #546. Rename users and group according to Wazuh standard --- molecule/default/tests/test_default.py | 4 +-- .../tests/test_default.py | 4 +-- .../tests/test_default.py | 4 +-- .../tests/test_default.py | 4 +-- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 8 ++--- .../ansible-wazuh-manager/defaults/main.yml | 2 +- .../ansible-wazuh-manager/tasks/main.yml | 30 +++++++++---------- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index b972568a..e142551b 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index 1213c959..75940cf0 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index 1213c959..75940cf0 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index b972568a..e142551b 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host): @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [ ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640), ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640), - ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640), - ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660), + ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640), + ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660), ]) def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode): """Test Wazuh related files exist and have proper owners and mode.""" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index ee628416..9f4127dd 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -223,7 +223,7 @@ src: var-ossec-etc-ossec-agent.conf.j2 dest: "{{ wazuh_dir }}/etc/ossec.conf" owner: root - group: ossec + group: wazuh mode: 0644 notify: restart wazuh-agent tags: @@ -235,7 +235,7 @@ src: var-ossec-etc-local-internal-options.conf.j2 dest: "{{ wazuh_dir }}/etc/local_internal_options.conf" owner: root - group: ossec + group: wazuh mode: 0640 notify: restart wazuh-agent tags: @@ -246,8 +246,8 @@ template: src: authd_pass.j2 dest: "{{ wazuh_dir }}/etc/authd.pass" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 when: - wazuh_agent_config.enrollment.enabled == 'yes' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 16a88ef6..8167fc86 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -61,7 +61,7 @@ wazuh_manager_mailto: - 'admin@example.net' wazuh_manager_email_smtp_server: smtp.example.wazuh.com -wazuh_manager_email_from: ossecm@example.wazuh.com +wazuh_manager_email_from: wazuh@example.wazuh.com wazuh_manager_email_maxperhour: 12 wazuh_manager_email_queue_size: 131072 wazuh_manager_email_log_source: 'alerts.log' diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 61409a40..b7640a5c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -81,8 +81,8 @@ - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest="{{ wazuh_dir }}/etc/rules/local_rules.xml" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -93,8 +93,8 @@ - name: Adding local rules files copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" dest="{{ wazuh_dir }}/etc/rules/" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -105,8 +105,8 @@ - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest="{{ wazuh_dir }}/etc/decoders/local_decoder.xml" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -117,8 +117,8 @@ - name: Adding local decoders files copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" dest="{{ wazuh_dir }}/etc/decoders/" - owner=ossec - group=ossec + owner=wazuh + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -130,8 +130,8 @@ template: src: var-ossec-etc-shared-agent.conf.j2 dest: "{{ wazuh_dir }}/etc/shared/default/agent.conf" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 validate: "{{ wazuh_dir }}/bin/verify-agent-conf -f %s" notify: restart wazuh-manager @@ -145,7 +145,7 @@ template: src=var-ossec-etc-local-internal-options.conf.j2 dest="{{ wazuh_dir }}/etc/local_internal_options.conf" owner=root - group=ossec + group=wazuh mode=0640 notify: restart wazuh-manager tags: @@ -228,7 +228,7 @@ src: var-ossec-etc-ossec-server.conf.j2 dest: "{{ wazuh_dir }}/etc/ossec.conf" owner: root - group: ossec + group: wazuh mode: 0644 notify: restart wazuh-manager tags: @@ -239,8 +239,8 @@ template: src: authd_pass.j2 dest: "{{ wazuh_dir }}/etc/authd.pass" - owner: ossec - group: ossec + owner: wazuh + group: wazuh mode: 0640 no_log: true notify: restart wazuh-manager @@ -257,7 +257,7 @@ src: create_user.py dest: "{{ wazuh_dir }}/framework/scripts/create_user.py" owner: root - group: ossec + group: wazuh mode: 0644 - name: Execute create_user script From 7eff9179a2da2187e2d3df0263d05bb708a6fe8c Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Mon, 19 Apr 2021 09:42:09 +0200 Subject: [PATCH 08/34] #570. Rename Windows agent from OssecSvc to WazuhSvc --- roles/wazuh/ansible-wazuh-agent/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml index 1858906b..84f3ff45 100644 --- a/roles/wazuh/ansible-wazuh-agent/handlers/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml @@ -3,4 +3,4 @@ service: name=wazuh-agent state=restarted enabled=yes - name: Windows | Restart Wazuh Agent - win_service: name=OssecSvc start_mode=auto state=restarted + win_service: name=WazuhSvc start_mode=auto state=restarted From 74e96ba8a9f4029f29fd3a01788b64f389cb2ae8 Mon Sep 17 00:00:00 2001 From: VictorMorenoJimenez Date: Tue, 20 Apr 2021 15:59:12 +0200 Subject: [PATCH 09/34] #497. Change firewall-drop.sh according to new active-response changes. Now script is a C binary instead --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 8167fc86..4830f1b5 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -259,7 +259,7 @@ wazuh_manager_commands: executable: 'restart-ossec.sh' expect: '' - name: 'firewall-drop' - executable: 'firewall-drop.sh' + executable: 'firewall-drop' expect: 'srcip' timeout_allowed: 'yes' - name: 'host-deny' From 0094d56919c39ec63e50c948253318059ece063c Mon Sep 17 00:00:00 2001 From: dfolcha Date: Mon, 24 May 2021 15:46:59 +0200 Subject: [PATCH 10/34] Change OD version to 1.13.2 --- README.md | 6 ++++-- molecule/default/tests/test_default.py | 2 +- molecule/distributed-wazuh-odfe/group_vars/all.yml | 8 ++++---- molecule/distributed-wazuh-odfe/tests/test_default.py | 2 +- .../opendistro/opendistro-elasticsearch/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 4 ++-- roles/opendistro/opendistro-kibana/vars/debian.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 8277167b..c49caf83 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,11 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.3.0 | 7.10.0 | 1.12.0 | +| v4.3.0 | 7.10.2 | 1.13.2 | |---------------|---------|--------| -| v4.2.0 | 7.10.0 | 1.12.0 | +| v4.2.0 | 7.10.2 | 1.13.2 | +|---------------|---------|--------| +| v4.1.5 | 7.10.2 | 1.13.2 | |---------------|---------|--------| | v4.1.4 | 7.10.0 | 1.12.0 | |---------------|---------|--------| diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 8526d8e0..545ced7c 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -62,4 +62,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.10.0') + assert filebeat.version.startswith('7.10.2') diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index afd3c9b3..b6ce95f3 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -34,10 +34,10 @@ filebeat_node_name: '{{ ansible_hostname }}' # Versions # See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ -elastic_stack_version: 7.10.0 -opendistro_version: 1.12.0 -filebeat_version: 7.10.0 -kibana_opendistro_version: 1.12.0-1 +elastic_stack_version: 7.10.2 +opendistro_version: 1.13.2 +filebeat_version: 7.10.2 +kibana_opendistro_version: 1.13.2-1 # Debian packages need the ${VERSION}-1 wazuh_manager_version: 4.3.0-1 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index e142551b..75940cf0 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -61,4 +61,4 @@ def test_filebeat_is_installed(host): """Test the elasticsearch package is installed.""" filebeat = host.package("filebeat") assert filebeat.is_installed - assert filebeat.version.startswith('7.10.0') + assert filebeat.version.startswith('7.10.2') diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 232f3a20..2a6b7043 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -opendistro_version: 1.12.0 +opendistro_version: 1.13.2 single_node: false elasticsearch_node_name: node-1 diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 71d1fcd1..782c4ec9 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -9,12 +9,12 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 -elastic_stack_version: 7.10.0 +elastic_stack_version: 2 wazuh_version: 4.3.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository -kibana_opendistro_version: 1.12.0-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts +kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts package_repos: yum: diff --git a/roles/opendistro/opendistro-kibana/vars/debian.yml b/roles/opendistro/opendistro-kibana/vars/debian.yml index 14c7aa99..9edcdddc 100644 --- a/roles/opendistro/opendistro-kibana/vars/debian.yml +++ b/roles/opendistro/opendistro-kibana/vars/debian.yml @@ -1,3 +1,3 @@ --- -kibana_opendistro_version: 1.12.0 \ No newline at end of file +kibana_opendistro_version: 1.13.2 \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 1df647d0..dd469d1e 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,5 +1,5 @@ --- -filebeat_version: 7.10.0 +filebeat_version: 7.10.2 wazuh_template_branch: v4.3.0 From a8b9ae1b77fc83993a4daabe5971b0471cc26d54 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Mon, 24 May 2021 16:25:20 +0200 Subject: [PATCH 11/34] Fix compatibility matrix --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index c49caf83..6fecd34f 100644 --- a/README.md +++ b/README.md @@ -15,19 +15,12 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| | v4.3.0 | 7.10.2 | 1.13.2 | -|---------------|---------|--------| | v4.2.0 | 7.10.2 | 1.13.2 | -|---------------|---------|--------| | v4.1.5 | 7.10.2 | 1.13.2 | -|---------------|---------|--------| | v4.1.4 | 7.10.0 | 1.12.0 | -|---------------|---------|--------| | v4.1.3 | 7.10.0 | 1.12.0 | -|---------------|---------|--------| | v4.1.2 | 7.10.0 | 1.12.0 | -|---------------|---------|--------| | v4.1.1 | 7.10.0 | 1.12.0 | -|---------------|---------|--------| ## Documentation From 15c061f1b41abed2c2f89b0a208e8fd87f331620 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Tue, 25 May 2021 12:55:35 +0200 Subject: [PATCH 12/34] Add branch info to README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6fecd34f..bce5e14a 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,8 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. ## Branches -* `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable. +* `master` branch contains the latest code, be aware of possible bugs on this branch. +* `stable` branch on correspond to the last Wazuh stable version. ## Compatibility Matrix From 5215a429ae6f07df1e0e6be43fc26ddfefdade94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Fern=C3=A1ndez?= Date: Wed, 23 Jun 2021 11:10:25 +0200 Subject: [PATCH 13/34] Fix multi-tenant and performance analyzer --- roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 4 +++- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 3 +++ .../opendistro-kibana/templates/opendistro_kibana.yml.j2 | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 62f6e9eb..2de3d3e9 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -116,4 +116,6 @@ elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt" {% elif generate_CA == false %} elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/{{ca_cert_name}}"] {% endif %} -{% endif %} \ No newline at end of file +{% endif %} + +server.defaultRoute: /app/wazuh \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index e451cdaa..0470e477 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -11,6 +11,9 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' + - name: Remove Performance analyzer plugin + command: "/usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro-performance-analyzer" + - name: Remove elasticsearch configuration file file: path: "{{ opendistro_conf_path }}/elasticsearch.yml" diff --git a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 index bc166988..e624f2a3 100644 --- a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 +++ b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 @@ -25,7 +25,7 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h {% endif %} elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opendistro_security.multitenancy.enabled: false # FIXME: should be enabled starting with Wazuh App v3.13 +opendistro_security.multitenancy.enabled: true opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] opendistro_security.readonly_mode.roles: ["kibana_read_only"] @@ -33,4 +33,4 @@ newsfeed.enabled: {{ kibana_newsfeed_enabled }} telemetry.optIn: {{ kibana_telemetry_optin }} telemetry.enabled: {{ kibana_telemetry_enabled }} - +server.defaultRoute: /app/wazuh?security_tenant=global \ No newline at end of file From 79fbb2a4570916c248ff5a8693b063f81d78c84f Mon Sep 17 00:00:00 2001 From: hagassaan Date: Thu, 15 Jul 2021 14:29:46 +0700 Subject: [PATCH 14/34] adding acl to debian/ubuntu installation --- roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml | 3 ++- roles/wazuh/ansible-filebeat/tasks/Debian.yml | 3 ++- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 3 ++- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml index 33c94cf6..718d584b 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml @@ -1,9 +1,10 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates +- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates + - acl state: present register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml index a87bb2bf..36b66ac5 100644 --- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml @@ -1,9 +1,10 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates +- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates + - acl state: present register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 9c12fdbf..9d218fcb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,9 +1,10 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates +- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates + - acl state: present register: wazuh_agent_ca_package_install until: wazuh_agent_ca_package_install is succeeded diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index db734fe1..717add8c 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -1,10 +1,11 @@ --- -- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates +- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl apt: name: - apt-transport-https - ca-certificates - gnupg + - acl state: present cache_valid_time: 3600 install_recommends: false From f424be98e1532fd1886488152780ba40c1b4cd82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Fern=C3=A1ndez?= Date: Fri, 6 Aug 2021 13:29:46 +0200 Subject: [PATCH 15/34] Changed APT repository removal variable --- roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml index 76ed22e2..9999a7d3 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml @@ -1,6 +1,6 @@ --- - name: Remove Wazuh repository (and clean up left-over metadata) apt_repository: - repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main + repo: "{{ wazuh_agent_config.repo.apt }}" state: absent changed_when: false From dfb1a8e9f9b16b633fd3cfe3c9ca4ea70bd45be5 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 1 Oct 2021 12:41:20 -0300 Subject: [PATCH 16/34] fix url in changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9122084..b6d88b5f 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,13 +10,13 @@ All notable changes to this project will be documented in this file. ### Added -- Update to [Wazuh v4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v420) +- Update to [Wazuh v4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422) ## [v4.2.1] ### Added -- Update to [Wazuh v4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v420) +- Update to [Wazuh v4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421) ## [v4.2.0] From aeca71a6d38ac436c85824577896206fbc246f05 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 1 Oct 2021 17:16:43 -0300 Subject: [PATCH 17/34] fix VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index b5f0aa38..c2f345b0 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.2.2" +WAZUH-ANSIBLE_VERSION="v4.3" REVISION="40215" From 9ae766581d674a4be841150513538dfe910d029f Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 1 Oct 2021 17:21:24 -0300 Subject: [PATCH 18/34] fix VERSION --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index c2f345b0..f1b97f99 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.3" -REVISION="40215" +WAZUH-ANSIBLE_VERSION="v4.3.0" +REVISION="40301" From b0864ea377a4d13e71bba079e06bd9c14b5f943e Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 12 Oct 2021 18:42:06 -0300 Subject: [PATCH 19/34] Check elasticsearch-plugin performance-analyzer is install --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index bea869a9..56c44d25 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -11,9 +11,18 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' + - name: Check elasticsearch-plugin performance-analyzer is install + become: true + command: ./elasticsearch-plugin list | grep 'opendistro-performance-analyzer' + register: elasticsearch_performance + args: + chdir: /usr/share/elasticsearch/bin/ + - name: Remove performance analyzer plugin from elasticsearch become: true command: ./elasticsearch-plugin remove opendistro-performance-analyzer + when: elasticsearch_performance == 'opendistro-performance-analyzer' + ignore_errors: true args: chdir: /usr/share/elasticsearch/bin/ From 3f29fa40ccb92798c3e6db447c34077788a4c8ef Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 12 Oct 2021 19:27:02 -0300 Subject: [PATCH 20/34] openjdk for Debian 9 --- roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml index 41011ddc..a964ad8d 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml @@ -14,6 +14,7 @@ repo: "{{ package_repos.apt.openjdk.baseurl }}" state: present update_cache: yes + when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9") - name: Install openjdk-11-jdk apt: From bc63b757b4dee133b8e8a18df60fbc18f63f8962 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Wed, 13 Oct 2021 10:10:20 -0300 Subject: [PATCH 21/34] Remove git conflict markers --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 06f2833d..300c7c93 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,8 +1,4 @@ --- -<<<<<<< HEAD -======= -wazuh_agent_version: 4.2.3-1 ->>>>>>> 4.2 wazuh_agent_version: 4.3.0-1 @@ -16,11 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false -<<<<<<< HEAD branch: "v4.3.0" -======= - branch: "v4.2.3" ->>>>>>> 4.2 user_language: "y" user_no_stop: "y" user_install_type: "agent" From a12908b66701214973833bee0c9e12a0c1ec13b9 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Wed, 13 Oct 2021 15:08:06 -0300 Subject: [PATCH 22/34] fix task name --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 56c44d25..7d7a6573 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -11,7 +11,7 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - - name: Check elasticsearch-plugin performance-analyzer is install + - name: Check if performance-analyzer is installed become: true command: ./elasticsearch-plugin list | grep 'opendistro-performance-analyzer' register: elasticsearch_performance From ccc3aaca0e9930c8357e11a7d5f3aee7a32f78d9 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Thu, 14 Oct 2021 12:24:19 -0300 Subject: [PATCH 23/34] routine optimization --- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 7d7a6573..98dd74ef 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -11,17 +11,9 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' - - name: Check if performance-analyzer is installed - become: true - command: ./elasticsearch-plugin list | grep 'opendistro-performance-analyzer' - register: elasticsearch_performance - args: - chdir: /usr/share/elasticsearch/bin/ - - name: Remove performance analyzer plugin from elasticsearch become: true command: ./elasticsearch-plugin remove opendistro-performance-analyzer - when: elasticsearch_performance == 'opendistro-performance-analyzer' ignore_errors: true args: chdir: /usr/share/elasticsearch/bin/ From f4ee80f10f4e9f50cb206f59d57550c71b7df5bf Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Thu, 21 Oct 2021 10:36:00 -0300 Subject: [PATCH 24/34] resolve merge conflicts --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 4b7f02b0..300c7c93 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,8 +1,4 @@ --- -<<<<<<< HEAD -======= -wazuh_agent_version: 4.2.4-1 ->>>>>>> 4.2 wazuh_agent_version: 4.3.0-1 @@ -16,11 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false -<<<<<<< HEAD branch: "v4.3.0" -======= - branch: "v4.2.4" ->>>>>>> 4.2 user_language: "y" user_no_stop: "y" user_install_type: "agent" From 9534838714894a1c744db8e52357299f90f9ce06 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Wed, 17 Nov 2021 15:22:16 -0300 Subject: [PATCH 25/34] authd-update-in-ossec-conf --- .../ansible-wazuh-manager/defaults/main.yml | 7 +++-- .../var-ossec-etc-ossec-server.conf.j2 | 28 +++++++++++++++---- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 4a2442d4..4c7a95fd 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -351,8 +351,11 @@ wazuh_manager_authd: enable: true port: 1515 use_source_ip: 'no' - force_insert: 'yes' - force_time: 0 + force: + enabled: yes + key_mismatch: yes + disconnected_time: '1h' + after_registration_time: '1h' purge: 'yes' use_password: 'no' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 3242e88b..0c4eee1b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -623,12 +623,28 @@ {% if wazuh_manager_config.authd.use_source_ip is not none %} {{wazuh_manager_config.authd.use_source_ip}} {% endif %} - {% if wazuh_manager_config.authd.force_insert is not none %} - {{wazuh_manager_config.authd.force_insert}} - {% endif %} - {% if wazuh_manager_config.authd.force_time is not none %} - {{wazuh_manager_config.authd.force_time}} - {% endif %} + + {% if wazuh_manager_config.authd.force.enabled is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + yes + {% endif %} + {% if wazuh_manager_config.authd.force.key_mismatch is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + yes + {% endif %} + {% if wazuh_manager_config.authd.force.disconnected_time is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1h + {% endif %} + {% if wazuh_manager_config.authd.force.after_registration_time is not none %} + {{wazuh_manager_config.authd.port}} + {% else %} + 1h + {% endif %} + {% if wazuh_manager_config.authd.purge is not none %} {{wazuh_manager_config.authd.purge}} {% endif %} From 2649a061c571b6c9711eed384b4770a723d139d0 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Wed, 17 Nov 2021 15:34:43 -0300 Subject: [PATCH 26/34] fix parameter value in Authd config --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 4c7a95fd..1da3b48b 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -352,8 +352,8 @@ wazuh_manager_authd: port: 1515 use_source_ip: 'no' force: - enabled: yes - key_mismatch: yes + enabled: 'yes' + key_mismatch: 'yes' disconnected_time: '1h' after_registration_time: '1h' purge: 'yes' From f6b05e25da7b9a626e09506a64ac9366b6461d5b Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Thu, 18 Nov 2021 18:27:04 -0300 Subject: [PATCH 27/34] fix var-ossec-etc-ossec-server.conf.j2, authd module and sub module force --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 0c4eee1b..c5c1a788 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -369,7 +369,9 @@ {{ command.name }} {{ command.executable }} - {{ command.expect }} + {% if command.expect is defined %} + {{ command.expect }} + {% endif %} {% if command.timeout_allowed is defined %} {{ command.timeout_allowed }} {% endif %} @@ -625,22 +627,22 @@ {% endif %} {% if wazuh_manager_config.authd.force.enabled is not none %} - {{wazuh_manager_config.authd.port}} + {{wazuh_manager_config.authd.force.enabled}} {% else %} yes {% endif %} {% if wazuh_manager_config.authd.force.key_mismatch is not none %} - {{wazuh_manager_config.authd.port}} + {{wazuh_manager_config.authd.force.key_mismatch}} {% else %} yes {% endif %} {% if wazuh_manager_config.authd.force.disconnected_time is not none %} - {{wazuh_manager_config.authd.port}} + {{wazuh_manager_config.authd.force.disconnected_time}} {% else %} - 1h + 1h {% endif %} {% if wazuh_manager_config.authd.force.after_registration_time is not none %} - {{wazuh_manager_config.authd.port}} + {{wazuh_manager_config.authd.force.after_registration_time}} {% else %} 1h {% endif %} From 84291baa97d838f877b3893d38a7f09b36a4288f Mon Sep 17 00:00:00 2001 From: Alberto R Date: Wed, 24 Nov 2021 17:10:24 +0100 Subject: [PATCH 28/34] Bumped to 4.4.0 --- CHANGELOG.md | 5 +++++ README.md | 1 + VERSION | 4 ++-- molecule/default/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk-xpack/group_vars/all.yml | 6 +++--- .../distributed-wazuh-elk-xpack/tests/test_default.py | 2 +- molecule/distributed-wazuh-elk/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-elk/tests/test_default.py | 2 +- molecule/distributed-wazuh-odfe/group_vars/all.yml | 6 +++--- molecule/distributed-wazuh-odfe/tests/test_default.py | 2 +- pyproject.toml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 17 files changed, 32 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fd76f66..6e0b1207 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.4.0] + +### Added + +- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440) ## [v4.3.0] ### Added diff --git a/README.md b/README.md index 9e0d589d..dd3beac5 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| +| v4.4.0 | 7.10.2 | 1.13.2 | | v4.3.0 | 7.10.2 | 1.13.2 | | v4.2.5 | 7.10.2 | 1.13.2 | | v4.2.4 | 7.10.2 | 1.13.2 | diff --git a/VERSION b/VERSION index f1b97f99..50f0ba7f 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v4.3.0" -REVISION="40301" +WAZUH-ANSIBLE_VERSION="v4.4.0" +REVISION="40400" diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 545ced7c..2769e498 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.0" + return "4.4.0" diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index 3730410d..dd856b90 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -18,11 +18,11 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.0-1 -wazuh_agent_version: 4.3.0-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 # Kibana role appends it automatically. -wazuh_version: 4.3.0 +wazuh_version: 4.4.0 ######################################################## # General ELK stack variables diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py index 75940cf0..d70bd1ea 100644 --- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py +++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.0" + return "4.4.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index 3124a9c9..6fdbc224 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -16,8 +16,8 @@ elastic_stack_version: 7.10.2 filebeat_version: 7.10.2 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.0-1 -wazuh_agent_version: 4.3.0-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 # Kibana role appends it automatically. -wazuh_version: 4.3.0 +wazuh_version: 4.4.0 diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py index 75940cf0..d70bd1ea 100644 --- a/molecule/distributed-wazuh-elk/tests/test_default.py +++ b/molecule/distributed-wazuh-elk/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.0" + return "4.4.0" def test_wazuh_packages_are_installed(host): diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index b6ce95f3..36080bf0 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -40,8 +40,8 @@ filebeat_version: 7.10.2 kibana_opendistro_version: 1.13.2-1 # Debian packages need the ${VERSION}-1 -wazuh_manager_version: 4.3.0-1 -wazuh_agent_version: 4.3.0-1 +wazuh_manager_version: 4.4.0-1 +wazuh_agent_version: 4.4.0-1 # Kibana role appends it automatically. -wazuh_version: 4.3.0 +wazuh_version: 4.4.0 diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py index 75940cf0..d70bd1ea 100644 --- a/molecule/distributed-wazuh-odfe/tests/test_default.py +++ b/molecule/distributed-wazuh-odfe/tests/test_default.py @@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def get_wazuh_version(): """This return the version of Wazuh.""" - return "4.3.0" + return "4.4.0" def test_wazuh_packages_are_installed(host): diff --git a/pyproject.toml b/pyproject.toml index 550e0acf..325020ed 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.3.0" +version = "4.4.0" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index b6e50c08..9edcf5d4 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.10.2 -wazuh_version: 4.3.0 +wazuh_version: 4.4.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 6441ad3d..ce5eb14b 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -10,7 +10,7 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.10.2 -wazuh_version: 4.3.0 +wazuh_version: 4.4.0 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index dd469d1e..3cee711e 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: v4.4.0 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 68d949b5..f47603ac 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.3.0 +wazuh_template_branch: v4.4.0 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 300c7c93..2393b38e 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_agent_version: 4.3.0-1 +wazuh_agent_version: 4.4.0-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.3.0" + branch: "v4.4.0" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -55,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: 8ffa75d13280f1aa6ffca54f4273df4d -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.3.0-1.msi -wazuh_winagent_package_name: wazuh-agent-4.3.0-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.4.0-1.msi +wazuh_winagent_package_name: wazuh-agent-4.4.0-1.msi wazuh_dir: "/var/ossec" diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 1da3b48b..0085d40e 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,6 +1,6 @@ --- -wazuh_manager_version: 4.3.0-1 +wazuh_manager_version: 4.4.0-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -13,7 +13,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.3.0" + branch: "v4.4.0" user_language: "en" user_no_stop: "y" user_install_type: "server" From f031f0fbfb301d7269738aee06d2b5bd93275730 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 2 Dec 2021 10:09:43 -0300 Subject: [PATCH 29/34] Expect tag deleted --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index c5c1a788..8b08f46b 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -369,9 +369,6 @@ {{ command.name }} {{ command.executable }} - {% if command.expect is defined %} - {{ command.expect }} - {% endif %} {% if command.timeout_allowed is defined %} {{ command.timeout_allowed }} {% endif %} From 5b82bd37f73e9638d221ebb816f32bdd61accc75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 2 Dec 2021 15:19:06 -0300 Subject: [PATCH 30/34] Fixes to include 4.2 changes --- roles/opendistro/opendistro-kibana/tasks/main.yml | 1 - roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml index 8a169664..acfd1f90 100755 --- a/roles/opendistro/opendistro-kibana/tasks/main.yml +++ b/roles/opendistro/opendistro-kibana/tasks/main.yml @@ -19,7 +19,6 @@ # noqa 503 path: "{{ kibana_conf_path }}/kibana.yml" state: absent - when: install.changed tags: install - import_tasks: security_actions.yml diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0085d40e..be39ec65 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -72,8 +72,8 @@ wazuh_manager_globals: - '^localhost.localdomain$' - '127.0.0.53' -wazuh_manager_agent_disconnection_time: '10m' -wazuh_manager_agents_disconnection_alert_time: '0' +wazuh_manager_agent_disconnection_time: '20s' +wazuh_manager_agents_disconnection_alert_time: '100s' ## Alerts wazuh_manager_log_level: 3 From 8aab436b722a4c152d75e1c46290182bfd234c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 2 Dec 2021 15:28:06 -0300 Subject: [PATCH 31/34] Fixes to include 4.2 changes --- roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml | 1 - roles/opendistro/opendistro-kibana/tasks/security_actions.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml index 45c68022..5b490844 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml @@ -4,7 +4,6 @@ - name: Update cache apt: update_cache: yes - when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9") - name: Debian 9 (Stretch) when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9") diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml index d7a20408..ee21f1c1 100644 --- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml +++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml @@ -11,4 +11,3 @@ - "{{ kibana_node_name }}_http.pem" tags: - security - when: install.changed From baff8be56377af9a495e8e7d883cd4c1eaf9f47c Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 30 Dec 2021 16:20:25 -0300 Subject: [PATCH 32/34] Fix sca template issue for day, wday and time parameters to Master --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 8b08f46b..7fafc465 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -248,13 +248,13 @@ yes {% endif %} {% if wazuh_manager_config.sca.day | length > 0 %} - yes + {{ wazuh_manager_config.sca.day }} {% endif %} {% if wazuh_manager_config.sca.wday | length > 0 %} - yes + {{ wazuh_manager_config.sca.wday }} {% endif %} {% if wazuh_manager_config.sca.time | length > 0 %} - + {% endif %} From d89e0a600243be4ed6d8b1ebd76be9c3dbe516e6 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Mon, 17 Jan 2022 09:24:42 -0300 Subject: [PATCH 33/34] Fix agent sca template --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index b7d492b5..4a9c8b72 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -233,13 +233,13 @@ yes {% endif %} {% if wazuh_agent_config.sca.day | length > 0 %} - yes + {{ wazuh_agent_config.sca.day }} {% endif %} {% if wazuh_agent_config.sca.wday | length > 0 %} - yes + {{ wazuh_agent_config.sca.wday }} {% endif %} {% if wazuh_agent_config.sca.time | length > 0 %} - + {% endif %} From f4a41586bd763cd352e6e9158eb5a06f083af565 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= <33964202+teddytpc1@users.noreply.github.com> Date: Tue, 22 Mar 2022 16:33:50 -0300 Subject: [PATCH 34/34] Create dependabot.yml --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..6da6d014 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" + target-branch: "4.3"