Merge branch 'master' into 4.2-merge-master

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
+    target-branch: "4.3"

CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v4.4.0]
+
+### Added
+
+- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
+- 
+## [v4.3.0]
+
+### Added
+
+- Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
+
 ## [v4.2.6]
 
 ### Added
@@ -55,6 +67,12 @@ All notable changes to this project will be documented in this file.
 
 - Update to [Wazuh v4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
 
+## [v4.1.2]
+
+### Added
+
+- Update to [Wazuh v4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412)
+
 ## [v4.1.1]
 
 ### Added

README.md

@@ -8,12 +8,15 @@
 These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 
 ## Branches
-* `master` branch corresponds to the latest Wazuh Ansible changes. It might be unstable.
+* `master` branch contains the latest code, be aware of possible bugs on this branch.
+* `stable` branch on correspond to the last Wazuh stable version.
 
 ## Compatibility Matrix
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
+| v4.4.0        |         |        |
+| v4.3.0        |         |        |
 | v4.2.6        | 7.10.2  | 1.13.2 |
 | v4.2.5        | 7.10.2  | 1.13.2 |
 | v4.2.4        | 7.10.2  | 1.13.2 |
@@ -24,6 +27,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 | v4.1.5        | 7.10.2  | 1.13.2 |
 | v4.1.4        | 7.10.0  | 1.12.0 |
 | v4.1.3        | 7.10.0  | 1.12.0 |
+| v4.1.2        | 7.10.0  | 1.12.0 |
 | v4.1.1        | 7.10.0  | 1.12.0 |
 
 ## Documentation

VERSION

@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.2.6"
-REVISION="40221"
+WAZUH-ANSIBLE_VERSION="v4.4.0"
+REVISION="40400"

molecule/default/tests/test_default.py

@@ -8,7 +8,8 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.2.4"
+    return "4.4.0"
+
 
 
 def test_wazuh_packages_are_installed(host):
@@ -46,8 +47,8 @@ def test_wazuh_services_are_running(host):
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
+    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
 ])
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     """Test Wazuh related files exist and have proper owners and mode."""

molecule/distributed-wazuh-elk-xpack/group_vars/all.yml

@@ -18,12 +18,11 @@ elastic_stack_version: 7.10.2
 filebeat_version: 7.10.2
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.2.4-1
-wazuh_agent_version: 4.2.4-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.2.4
-
+wazuh_version: 4.4.0
 
 ########################################################
 # General ELK stack variables

molecule/distributed-wazuh-elk-xpack/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.2.4"
+    return "4.4.0"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host):
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
+    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
 ])
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     """Test Wazuh related files exist and have proper owners and mode."""

molecule/distributed-wazuh-elk/group_vars/all.yml

@@ -16,8 +16,8 @@ elastic_stack_version: 7.10.2
 filebeat_version: 7.10.2
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.2.4-1
-wazuh_agent_version: 4.2.4-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.2.4
+wazuh_version: 4.4.0

molecule/distributed-wazuh-elk/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.2.4"
+    return "4.4.0"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host):
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
+    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
 ])
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     """Test Wazuh related files exist and have proper owners and mode."""

molecule/distributed-wazuh-odfe/group_vars/all.yml

@@ -40,8 +40,8 @@ filebeat_version: 7.10.2
 kibana_opendistro_version: 1.13.2-1
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.2.4-1
-wazuh_agent_version: 4.2.4-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.2.4
+wazuh_version: 4.4.0

molecule/distributed-wazuh-odfe/tests/test_default.py

@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.2.4"
+    return "4.4.0"
 
 
 def test_wazuh_packages_are_installed(host):
@@ -46,8 +46,8 @@ def test_wazuh_services_are_running(host):
 @pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
     ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
     ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
-    ("/var/ossec/etc/rules/local_rules.xml", "ossec", "ossec", 0o640),
-    ("/var/ossec/etc/lists/audit-keys", "ossec", "ossec", 0o660),
+    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
 ])
 def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
     """Test Wazuh related files exist and have proper owners and mode."""

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "wazuh-ansible"
-version = "4.2.6"
+version = "4.4.0"
 description = ""
 authors = ["neonmei <neonmei@pm.me>"]
 

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_conf_path: /etc/kibana
 elastic_stack_version: 7.10.2
-wazuh_version: 4.2.6
+wazuh_version: 4.4.0
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 elasticrepo:

roles/opendistro/opendistro-elasticsearch/tasks/main.yml

@@ -14,6 +14,7 @@
     - name: Remove performance analyzer plugin from elasticsearch
       become: true
       command: ./elasticsearch-plugin remove opendistro-performance-analyzer
+      ignore_errors: true
       args:
         chdir: /usr/share/elasticsearch/bin/
       register: remove_elasticsearch_performance_analyzer

roles/opendistro/opendistro-kibana/defaults/main.yml

@@ -10,7 +10,7 @@ kibana_server_port: "5601"
 kibana_server_name: "kibana"
 kibana_max_payload_bytes: 1048576
 elastic_stack_version: 7.10.2
-wazuh_version: 4.2.6
+wazuh_version: 4.4.0
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 # The OpenDistro package repository

roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2

@@ -34,5 +34,3 @@ telemetry.optIn: {{ kibana_telemetry_optin }}
 telemetry.enabled: {{ kibana_telemetry_enabled }}
 
 server.defaultRoute: /app/wazuh?security_tenant=global
-
-

roles/wazuh/ansible-filebeat-oss/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.10.2
 
-wazuh_template_branch: v4.2.6
+wazuh_template_branch: v4.4.0
 
 filebeat_output_elasticsearch_hosts:
   - "localhost:9200"

roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml

@@ -1,9 +1,10 @@
 ---
-- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
   apt:
     name:
       - apt-transport-https
       - ca-certificates
+      - acl
     state: present
   register: filebeat_ca_packages_install
   until: filebeat_ca_packages_install is succeeded

roles/wazuh/ansible-filebeat/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.10.2
 
-wazuh_template_branch: v4.2.6
+wazuh_template_branch: v4.4.0
 
 filebeat_create_config: true
 

roles/wazuh/ansible-filebeat/tasks/Debian.yml

@@ -1,9 +1,10 @@
 ---
-- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
   apt:
     name:
       - apt-transport-https
       - ca-certificates
+      - acl
     state: present
   register: filebeat_ca_packages_install
   until: filebeat_ca_packages_install is succeeded

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -1,6 +1,5 @@
 ---
-wazuh_agent_version: 4.2.6-1
-
+wazuh_agent_version: 4.4.0-1
 
 # Custom packages installation
 
@@ -12,7 +11,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v4.2.6"
+  branch: "v4.4.0"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"
@@ -54,9 +53,9 @@ wazuh_winagent_config:
   # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
   check_md5: True
-  md5: 14eccab85be5be193f277e2c73532a5d
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.2.6-1.msi
-wazuh_winagent_package_name: wazuh-agent-4.2.6-1.msi
+  md5: 8ffa75d13280f1aa6ffca54f4273df4d
+wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.4.0-1.msi
+wazuh_winagent_package_name: wazuh-agent-4.4.0-1.msi
 
 wazuh_dir: "/var/ossec"
 

roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml

@@ -1,9 +1,10 @@
 ---
-- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
   apt:
     name:
       - apt-transport-https
       - ca-certificates
+      - acl
     state: present
   register: wazuh_agent_ca_package_install
   until: wazuh_agent_ca_package_install is succeeded

roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml

@@ -223,7 +223,7 @@
     src: var-ossec-etc-ossec-agent.conf.j2
     dest: "{{ wazuh_dir }}/etc/ossec.conf"
     owner: root
-    group: ossec
+    group: wazuh
     mode: 0644
   notify: restart wazuh-agent
   tags:
@@ -235,7 +235,7 @@
     src: var-ossec-etc-local-internal-options.conf.j2
     dest: "{{ wazuh_dir }}/etc/local_internal_options.conf"
     owner: root
-    group: ossec
+    group: wazuh
     mode: 0640
   notify: restart wazuh-agent
   tags:
@@ -246,8 +246,8 @@
   template:
     src: authd_pass.j2
     dest: "{{ wazuh_dir }}/etc/authd.pass"
-    owner: ossec
-    group: ossec
+    owner: wazuh
+    group: wazuh
     mode: 0640
   when:
     - wazuh_agent_config.enrollment.enabled == 'yes'

roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml

@@ -1,6 +1,6 @@
 ---
 - name: Remove Wazuh repository (and clean up left-over metadata)
   apt_repository:
-    repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
+    repo: "{{ wazuh_agent_config.repo.apt }}"
     state: absent
   changed_when: false

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.2.6-1
+wazuh_manager_version: 4.4.0-1
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v4.2.6"
+  branch: "v4.4.0"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"
@@ -61,7 +61,7 @@ wazuh_manager_mailto:
   - 'admin@example.net'
 
 wazuh_manager_email_smtp_server: smtp.example.wazuh.com
-wazuh_manager_email_from: ossecm@example.wazuh.com
+wazuh_manager_email_from: wazuh@example.wazuh.com
 wazuh_manager_email_maxperhour: 12
 wazuh_manager_email_queue_size: 131072
 wazuh_manager_email_log_source: 'alerts.log'
@@ -258,6 +258,7 @@ wazuh_manager_commands:
     executable: 'restart-wazuh'
   - name: 'firewall-drop'
     executable: 'firewall-drop'
+    expect: 'srcip'
     timeout_allowed: 'yes'
   - name: 'host-deny'
     executable: 'host-deny'
@@ -349,8 +350,11 @@ wazuh_manager_authd:
   enable: true
   port: 1515
   use_source_ip: 'no'
-  force_insert: 'yes'
-  force_time: 0
+  force:
+    enabled: 'yes'
+    key_mismatch: 'yes'
+    disconnected_time: '1h'
+    after_registration_time: '1h'
   purge: 'yes'
   use_password: 'no'
   ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'

roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml

@@ -1,10 +1,11 @@
 ---
-- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
   apt:
     name:
       - apt-transport-https
       - ca-certificates
       - gnupg
+      - acl
     state: present
     cache_valid_time: 3600
     install_recommends: false

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -81,8 +81,8 @@
 - name: Installing the local_rules.xml (default local_rules.xml)
   template: src=var-ossec-rules-local_rules.xml.j2
             dest="{{ wazuh_dir }}/etc/rules/local_rules.xml"
-            owner=ossec
-            group=ossec
+            owner=wazuh
+            group=wazuh
             mode=0640
   notify: restart wazuh-manager
   tags:
@@ -93,8 +93,8 @@
 - name: Adding local rules files
   copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
         dest="{{ wazuh_dir }}/etc/rules/"
-        owner=ossec
-        group=ossec
+        owner=wazuh
+        group=wazuh
         mode=0640
   notify: restart wazuh-manager
   tags:
@@ -105,8 +105,8 @@
 - name: Installing the local_decoder.xml
   template: src=var-ossec-rules-local_decoder.xml.j2
             dest="{{ wazuh_dir }}/etc/decoders/local_decoder.xml"
-            owner=ossec
-            group=ossec
+            owner=wazuh
+            group=wazuh
             mode=0640
   notify: restart wazuh-manager
   tags:
@@ -117,8 +117,8 @@
 - name: Adding local decoders files
   copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
         dest="{{ wazuh_dir }}/etc/decoders/"
-        owner=ossec
-        group=ossec
+        owner=wazuh
+        group=wazuh
         mode=0640
   notify: restart wazuh-manager
   tags:
@@ -130,8 +130,8 @@
   template:
     src: var-ossec-etc-shared-agent.conf.j2
     dest: "{{ wazuh_dir }}/etc/shared/default/agent.conf"
-    owner: ossec
-    group: ossec
+    owner: wazuh
+    group: wazuh
     mode: 0640
     validate: "{{ wazuh_dir }}/bin/verify-agent-conf -f %s"
   notify: restart wazuh-manager
@@ -145,7 +145,7 @@
   template: src=var-ossec-etc-local-internal-options.conf.j2
             dest="{{ wazuh_dir }}/etc/local_internal_options.conf"
             owner=root
-            group=ossec
+            group=wazuh
             mode=0640
   notify: restart wazuh-manager
   tags:
@@ -228,7 +228,7 @@
     src: var-ossec-etc-ossec-server.conf.j2
     dest: "{{ wazuh_dir }}/etc/ossec.conf"
     owner: root
-    group: ossec
+    group: wazuh
     mode: 0644
   notify: restart wazuh-manager
   tags:
@@ -239,8 +239,8 @@
   template:
     src: authd_pass.j2
     dest: "{{ wazuh_dir }}/etc/authd.pass"
-    owner: ossec
-    group: ossec
+    owner: wazuh
+    group: wazuh
     mode: 0640
   no_log: true
   notify: restart wazuh-manager
@@ -257,7 +257,7 @@
         src: create_user.py
         dest: "{{ wazuh_dir }}/framework/scripts/create_user.py"
         owner: root
-        group: ossec
+        group: wazuh
         mode: 0644
 
     - name: Execute create_user script

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -622,12 +622,28 @@
     {% if wazuh_manager_config.authd.use_source_ip is not none %}
     <use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
     {% endif %}
-    {% if wazuh_manager_config.authd.force_insert is not none %}
-    <force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
+    <force>
+      {% if wazuh_manager_config.authd.force.enabled is not none %}
+      <enabled>{{wazuh_manager_config.authd.force.enabled}}</enabled>
+      {% else %}
+      <enabledport>yes</enabled>
       {% endif %}
-    {% if wazuh_manager_config.authd.force_time is not none %}
-    <force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
+      {% if wazuh_manager_config.authd.force.key_mismatch is not none %}
+      <key_mismatch>{{wazuh_manager_config.authd.force.key_mismatch}}</key_mismatch>
+      {% else %}
+      <key_mismatch>yes</key_mismatch>
       {% endif %}
+      {% if wazuh_manager_config.authd.force.disconnected_time is not none %}
+      <disconnected_time enabled="yes">{{wazuh_manager_config.authd.force.disconnected_time}}</disconnected_time>
+      {% else %}
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      {% endif %}
+      {% if wazuh_manager_config.authd.force.after_registration_time is not none %}
+      <after_registration_time>{{wazuh_manager_config.authd.force.after_registration_time}}</after_registration_time>
+      {% else %}
+      <after_registration_time>1h</after_registration_time>
+      {% endif %}
+    </force>
     {% if wazuh_manager_config.authd.purge is not none %}
     <purge>{{wazuh_manager_config.authd.purge}}</purge>
     {% endif %}