From 92ebe86ef6004511edfec6fe77ab8e17c44f4e94 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 14:24:14 -0300 Subject: [PATCH 01/29] roles/wazuh-agent: move api_pass and authd_pass from role vars to defaults, lowering precedence required to override them --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++++ roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml | 3 --- roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml | 4 ---- 3 files changed, 4 insertions(+), 7 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml delete mode 100644 roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 38ff1151..9cf19515 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -32,6 +32,10 @@ wazuh_agent_sources_installation: user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" +# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. +# api_pass: 'changeme' +authd_pass: '' + wazuh_managers: - address: 127.0.0.1 port: 1514 diff --git a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml deleted file mode 100644 index ad6e1164..00000000 --- a/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. -# api_pass: 'changeme' diff --git a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml deleted file mode 100644 index c1f4da4f..00000000 --- a/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials. -# authd_pass: 'foobar' -authd_pass: '' \ No newline at end of file From bab8279f7316f9835f43522d818799438db960f5 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 14:29:01 -0300 Subject: [PATCH 02/29] roles/wazuh-agent: remove include_vars tasks --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 11 ----------- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 5 ----- 2 files changed, 16 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 54b370f8..1da97502 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,9 +1,4 @@ --- -- name: Retrieving authd Credentials - include_vars: authd_pass.yml - tags: - - config - - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" @@ -54,9 +49,6 @@ - name: Linux | Agent registration via authd block: - - name: Retrieving authd Credentials - include_vars: authd_pass.yml - - name: Copy CA root certificate to verify authd copy: src: "{{ wazuh_agent_authd.ssl_agent_ca }}" @@ -124,9 +116,6 @@ - name: Linux | Agent registration via rest-API block: - - name: Retrieving rest-API Credentials - include_vars: api_pass.yml - - name: Linux | Create the agent key via rest-API uri: url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index c778933c..145dc6d5 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -54,11 +54,6 @@ tags: - config -- name: Retrieving authd Credentials - include_vars: authd_pass.yml - tags: - - config - - name: Windows | Register agent win_shell: > {{ wazuh_agent_win_auth_path }} From 0bbdf231f2f31f12a0e1f38bbb6816bf317a0983 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 14:34:57 -0300 Subject: [PATCH 03/29] roles/wazuh-agent: remove "is defined" conditionals, as authd_pass is now part of roles default, now check is only against length --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 1da97502..b1bf5b95 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -78,7 +78,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" {% endif %} @@ -215,7 +215,7 @@ when: - wazuh_agent_config.enrollment.enabled == 'yes' - wazuh_agent_config.enrollment.authorization_pass_path | length > 0 - - ( authd_pass is defined) and ( authd_pass|length > 0) + - authd_pass | length > 0 tags: - config diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 145dc6d5..66d962cc 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,7 +60,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} + {% if authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent when: From 1dfd613f0d7ba62b3f618cf33502363cfe96b153 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 14:35:23 -0300 Subject: [PATCH 04/29] roles/wazuh-agent: uncomment api_pass --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9cf19515..1e4b8529 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,7 +33,7 @@ wazuh_agent_sources_installation: user_ca_store: "/var/ossec/wpk_root.pem" # We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. -# api_pass: 'changeme' +api_pass: 'changeme' authd_pass: '' wazuh_managers: From 8b266583744f91e8927da19b79503fb61af008a8 Mon Sep 17 00:00:00 2001 From: neonmei Date: Thu, 12 Nov 2020 14:39:17 -0300 Subject: [PATCH 05/29] roles/wazuh-agent: expand task declaration for clarity --- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index b1bf5b95..87b03433 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -40,7 +40,8 @@ - init - name: Linux | Check if client.keys exists - stat: path=/var/ossec/etc/client.keys + stat: + path: /var/ossec/etc/client.keys register: check_keys when: wazuh_agent_config.enrollment.enabled == 'yes' tags: @@ -184,22 +185,24 @@ - api - name: Linux | Installing agent configuration (ossec.conf) - template: src=var-ossec-etc-ossec-agent.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 + template: + src: var-ossec-etc-ossec-agent.conf.j2 + dest: /var/ossec/etc/ossec.conf + owner: root + group: ossec + mode: 0644 notify: restart wazuh-agent tags: - init - config - name: Linux | Installing local_internal_options.conf - template: src=var-ossec-etc-local-internal-options.conf.j2 - dest=/var/ossec/etc/local_internal_options.conf - owner=root - group=ossec - mode=0640 + template: + src: var-ossec-etc-local-internal-options.conf.j2 + dest: /var/ossec/etc/local_internal_options.conf + owner: root + group: ossec + mode: 0640 notify: restart wazuh-agent tags: - init From ed7b24ff96da34431b969d01e165fb87835ab4cc Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 12:36:50 +0100 Subject: [PATCH 06/29] roles/wazuh-agent: set enrollment to enabled by default --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 21ccb4f7..be48deb6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -89,7 +89,7 @@ wazuh_managers: ## Enrollment wazuh_agent_enrollment: - enabled: '' + enabled: 'yes' manager_address: '' port: 1515 agent_name: 'testname' From ff78ce7d76ffaaf8b06529624ef6d61bce56f4d6 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:08:25 +0100 Subject: [PATCH 07/29] roles/wazuh-agent: Fix authd registration verify task. Use authd pass only if size > 0 --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 +++--- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 54b370f8..ce92b033 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -47,7 +47,7 @@ - name: Linux | Check if client.keys exists stat: path=/var/ossec/etc/client.keys register: check_keys - when: wazuh_agent_config.enrollment.enabled == 'yes' + when: wazuh_agent_config.enrollment.enabled == 'no' tags: - config @@ -86,7 +86,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" {% endif %} @@ -109,7 +109,7 @@ - wazuh_agent_authd.registration_address is not none - name: Linux | Verify agent registration - shell: echo {{ agent_auth_output }} | grep "Valid key created" + shell: echo {{ agent_auth_output }} | grep "Valid key received" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - wazuh_agent_authd.registration_address is not none diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index c778933c..3a7756ca 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -65,7 +65,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} + {% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent when: From 5f91c3d4c0da5bec26011ff35907537f6b4c2bbb Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:48:49 +0100 Subject: [PATCH 08/29] roles/wazuh-agent: remove agent auth configuration for centos7 agent --- .../host_vars/wazuh_agent_centos7.yml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml deleted file mode 100644 index b4b37153..00000000 --- a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -wazuh_agent_authd: - registration_address: '{{ manager_addresses | random }}' - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' \ No newline at end of file From c7882bf53241226193401ace5f536c04680da8b7 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:54:29 +0100 Subject: [PATCH 09/29] Revert "roles/wazuh-agent: remove agent auth configuration for centos7 agent" This reverts commit 5f91c3d4c0da5bec26011ff35907537f6b4c2bbb. --- .../host_vars/wazuh_agent_centos7.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml new file mode 100644 index 00000000..b4b37153 --- /dev/null +++ b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml @@ -0,0 +1,7 @@ +--- +wazuh_agent_authd: + registration_address: '{{ manager_addresses | random }}' + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' \ No newline at end of file From 7dc67986d4ef560ff4dff759649450b12ca538cc Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 20 Nov 2020 12:29:08 -0300 Subject: [PATCH 10/29] roles/wazuh-agent: change package module to yum, as platform is already checked on when --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 54b370f8..fe29769a 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -19,7 +19,7 @@ - wazuh_custom_packages_installation_agent_enabled - name: Linux CentOS/RedHat | Install wazuh-agent - package: + yum: name: wazuh-agent-{{ wazuh_agent_version }} state: present async: 90 From 7fc29b720f5689b2e4840b0f6f34a4453c94b343 Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 20 Nov 2020 12:37:20 -0300 Subject: [PATCH 11/29] roles/wazuh-agent: remove async from install task and introduce a lock timeout configurable by wazuh_agent_yum_lock_timeout --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 ++ roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 21ccb4f7..ee28cb25 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -32,6 +32,8 @@ wazuh_agent_sources_installation: user_agent_config_profile: null user_ca_store: "/var/ossec/wpk_root.pem" +wazuh_agent_yum_lock_timeout: 30 + wazuh_api_reachable_from_agent: false wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index fe29769a..4ceaec64 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -22,8 +22,7 @@ yum: name: wazuh-agent-{{ wazuh_agent_version }} state: present - async: 90 - poll: 30 + lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}' when: - ansible_os_family|lower == "redhat" - not wazuh_agent_sources_installation.enabled From b4d2b564b78629c47483811f5f81ecdaa938046d Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 20 Nov 2020 13:40:17 -0300 Subject: [PATCH 12/29] roles/wazuh-agent: update api credentials to wazuh:wazuh --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 1e4b8529..6e1949e5 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -33,7 +33,7 @@ wazuh_agent_sources_installation: user_ca_store: "/var/ossec/wpk_root.pem" # We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. -api_pass: 'changeme' +api_pass: wazuh authd_pass: '' wazuh_managers: @@ -42,7 +42,7 @@ wazuh_managers: protocol: tcp api_port: 55000 api_proto: 'http' - api_user: null + api_user: wazuh max_retries: 5 retry_interval: 5 wazuh_api_reachable_from_agent: false From 1dfe0fdb6772f95bf5287360e1fd61227c1b69d0 Mon Sep 17 00:00:00 2001 From: neonmei Date: Fri, 20 Nov 2020 16:16:54 -0300 Subject: [PATCH 13/29] roles/wazuh-agent: fix duplicate variable --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index f8eefb98..e59d4653 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -38,15 +38,6 @@ wazuh_agent_yum_lock_timeout: 30 api_pass: wazuh authd_pass: '' -wazuh_managers: - - address: 127.0.0.1 - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: 'http' - api_user: wazuh - max_retries: 5 - retry_interval: 5 wazuh_api_reachable_from_agent: false wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' @@ -98,7 +89,7 @@ wazuh_managers: protocol: tcp api_port: 55000 api_proto: 'http' - api_user: null + api_user: wazuh max_retries: 5 retry_interval: 5 From 332ee7ae8bd4858d6761146e84b722bdb979cbda Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:24:43 -0300 Subject: [PATCH 14/29] roles/agent: add task for determining which wazuh_managers to use through `register: yes` instead of just grabbing the first one on the list, otherwise fallback to first in the list --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index e59d4653..31c1ba85 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -92,6 +92,7 @@ wazuh_managers: api_user: wazuh max_retries: 5 retry_interval: 5 + register: yes ## Enrollment wazuh_agent_enrollment: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 034a3122..642e26a8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -116,6 +116,13 @@ - name: Linux | Agent registration via rest-API block: + - name: Establish target Wazuh Manager for registration task + set_fact: + target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}' + vars: + manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}" + manager_fallback: "{{ wazuh_managers | list }}" + - name: Linux | Create the agent key via rest-API uri: url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" From 5f6973d8d25711cff12703d372558b115cf494a6 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:25:31 -0300 Subject: [PATCH 15/29] roles/agent: add task for fetching jwt token --- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 642e26a8..69cae549 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -123,6 +123,25 @@ manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}" manager_fallback: "{{ wazuh_managers | list }}" + - name: Linux | Obtain JWT Token + uri: + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' + method: GET + url_username: '{{ target_manager.api_user }}' + url_password: '{{ api_pass }}' + status_code: 200 + return_content: yes + force_basic_auth: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: '{{ ansible_host if wazuh_api_reachable_from_agent else "localhost" }}' + changed_when: api_jwt_result.json.error == 0 + register: api_jwt_result + become: no + tags: + - config + - api + - name: Linux | Create the agent key via rest-API uri: url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" From 535add6f4cde78b64939ea49d049e74988417f64 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:26:39 -0300 Subject: [PATCH 16/29] roles/agent: add nolog variable for registration tasks with credentials output --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 31c1ba85..c06ed72b 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -80,6 +80,7 @@ wazuh_agent_nat: false ### Wazuh ########################################## +wazuh_agent_nolog_sensible: yes wazuh_agent_config_overlay: yes ## Client From d4092bf6864457c2de63e661f3e3f254b47e3264 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:28:37 -0300 Subject: [PATCH 17/29] roles/agent: update agent registry task with token, nolog and remove when, as it is checked on every task, shuld be applied to block --- .../ansible-wazuh-agent/defaults/main.yml | 5 ++- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 35 ++++++++++--------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index c06ed72b..9d7d261a 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -83,7 +83,10 @@ wazuh_agent_nat: false wazuh_agent_nolog_sensible: yes wazuh_agent_config_overlay: yes -## Client +# This is a middle ground between breaking existing uses of wazuh_agent_nat +# and allow working with agents having several network interfaces +wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}' + wazuh_managers: - address: 127.0.0.1 port: 1514 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 69cae549..e165024c 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -144,23 +144,26 @@ - name: Linux | Create the agent key via rest-API uri: - url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/" - validate_certs: false + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents' method: POST - body: '{"name":"{{ agent_name }}"}' body_format: json - status_code: 200 + body: + name: '{{ agent_name }}' + ip: '{{ wazuh_agent_address }}' + force_time: 1 headers: - Content-Type: "application/json" - user: "{{ wazuh_managers.0.api_user }}" - password: "{{ api_pass }}" - register: newagent_api - delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}" + Authorization: 'Bearer {{ jwt_token }}' + status_code: 200 + return_content: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' become: no - changed_when: newagent_api.json.error == 0 - when: - - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_managers.0.address is not none + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}" + changed_when: api_agent_post.json.error == 0 + register: api_agent_post + vars: + agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' + jwt_token: '{{ api_jwt_result.json.data.token }}' tags: - config - api @@ -201,10 +204,10 @@ - wazuh_agent_authd.registration_address is not none - newagent_api.json.error == 0 notify: restart wazuh-agent - when: - - not wazuh_agent_authd.enable - - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' + - not ( wazuh_agent_authd.enable | bool ) + - wazuh_agent_config.enrollment.enabled != 'yes' + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 tags: - config - api From a4c4b6cd327c630ff2b4ac99ce018431a703db51 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:29:34 -0300 Subject: [PATCH 18/29] roles/agent: refresh agent validation in rest registration method --- .../wazuh/ansible-wazuh-agent/tasks/Linux.yml | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index e165024c..17cb9fa6 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -168,23 +168,27 @@ - config - api - - name: Linux | Retrieve new agent data via rest-API + - name: Linux | Validate registered agent key matches manager record uri: - url: >- - "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address - }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" - validate_certs: false + url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key' method: GET - return_content: true - user: "{{ wazuh_managers.0.api_user }}" - password: "{{ api_pass }}" - when: - - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_agent_authd.registration_address is not none - - newagent_api.json.error == 0 - register: newagentdata_api - delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}" + headers: + Authorization: 'Bearer {{ jwt_token }}' + status_code: 200 + return_content: yes + validate_certs: '{{ target_manager.validate_certs | default(false) }}' become: no + no_log: '{{ wazuh_agent_nolog_sensible | bool }}' + delegate_to: "{{ 'localhost' if not wazuh_api_reachable_from_agent else inventory_hostname }}" + register: api_agent_validation + vars: + agent_id: '{{ api_agent_post.json.data.id }}' + agent_key: '{{ api_agent_post.json.data.key }}' + jwt_token: '{{ api_jwt_result.json.data.token }}' + failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key + when: + - wazuh_agent_api_validate | bool + - api_agent_post.json.error == 0 tags: - config - api From a28837a74da00c98d3d0f8570db774079e53228c Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:32:01 -0300 Subject: [PATCH 19/29] roles/agent: in rest registration method, update manage_agents task --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 17cb9fa6..9c2eb825 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -193,20 +193,18 @@ - config - api - - name: Linux | Register agent (via rest-API) + - name: Linux | Import Key (via rest-API) command: /var/ossec/bin/manage_agents environment: OSSEC_ACTION: i - OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}' - OSSEC_AGENT_IP: '{% if wazuh_agent_nat %}any{% else %}{{ newagentdata_api.json.data.ip }}{% endif %}' - OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}' - OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}' + OSSEC_AGENT_NAME: '{{ agent_name }}' + OSSEC_AGENT_IP: '{{ wazuh_agent_address }}' + OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}' + OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}' OSSEC_ACTION_CONFIRMED: y register: manage_agents_output - when: - - not check_keys.stat.exists or check_keys.stat.size == 0 - - wazuh_agent_authd.registration_address is not none - - newagent_api.json.error == 0 + vars: + agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' notify: restart wazuh-agent when: - not ( wazuh_agent_authd.enable | bool ) From 1df3ef86993ec125c51b1d15fb20078f92867beb Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:38:07 -0300 Subject: [PATCH 20/29] roles/agent: for registration rename check_keys->client_keys_file for more clarity, update conditionals length checks to explicit "yes" check --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 9c2eb825..8b8d9314 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -41,8 +41,7 @@ - name: Linux | Check if client.keys exists stat: path: /var/ossec/etc/client.keys - register: check_keys - when: wazuh_agent_config.enrollment.enabled == 'yes' + register: client_keys_file tags: - config @@ -97,18 +96,18 @@ vars: agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" when: - - not check_keys.stat.exists or check_keys.stat.size == 0 + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - wazuh_agent_authd.registration_address is not none - name: Linux | Verify agent registration - shell: echo {{ agent_auth_output }} | grep "Valid key created" + shell: echo {{ agent_auth_output }} | grep "Valid key received" when: - - not check_keys.stat.exists or check_keys.stat.size == 0 + - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - wazuh_agent_authd.registration_address is not none when: - - wazuh_agent_authd.enable - - not wazuh_agent_config.enrollment.enabled | length > 0 or wazuh_agent_config.enrollment.enabled == 'no' + - wazuh_agent_authd.enable | bool + - wazuh_agent_config.enrollment.enabled != 'yes' tags: - config - authd From 7e445c7f55078f4c6011bcc7981a37d54157d823 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:39:27 -0300 Subject: [PATCH 21/29] roles/agent: add wazuh_agent_api_validate to optionally skip agent registry validation task --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9d7d261a..328449fe 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -115,6 +115,12 @@ wazuh_agent_enrollment: delay_after_enrollment: 20 use_source_ip: 'no' +## Authentication Method: REST API + +# For more information see: +# * https://documentation.wazuh.com/4.0/user-manual/registering/restful-api-registration.html +wazuh_agent_api_validate: yes + ## Client buffer wazuh_agent_client_buffer: disable: 'no' From 35c9df9c7ec2a5fe0555bffb5144da0dea4f375b Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:41:17 -0300 Subject: [PATCH 22/29] roles/agent: add comments on role defaults and group registration related tasks --- .../ansible-wazuh-agent/defaults/main.yml | 37 +++++++++++++------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 328449fe..a3777031 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -43,16 +43,6 @@ wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_auto_restart: 'yes' -wazuh_agent_authd: - registration_address: 127.0.0.1 - enable: false - port: 1515 - agent_name: null - groups: [] - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' wazuh_notify_time: '10' wazuh_time_reconnect: '60' wazuh_crypto_method: 'aes' @@ -74,6 +64,7 @@ wazuh_agent_repo: gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' +# This is deprecated, see: wazuh_agent_address wazuh_agent_nat: false ########################################## @@ -87,18 +78,24 @@ wazuh_agent_config_overlay: yes # and allow working with agents having several network interfaces wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}' +# List of managers. The first one with register variable declared *and* set to true +# is the one used to register the agent. Otherwise, the first one in the list will be used. wazuh_managers: - address: 127.0.0.1 port: 1514 protocol: tcp api_port: 55000 - api_proto: 'http' + api_proto: https api_user: wazuh max_retries: 5 retry_interval: 5 register: yes -## Enrollment +## Authentication Method: Enrollment section (4.x) + +# For more information see: +# * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment + wazuh_agent_enrollment: enabled: '' manager_address: '' @@ -115,6 +112,22 @@ wazuh_agent_enrollment: delay_after_enrollment: 20 use_source_ip: 'no' +## Authentication Method: invoking agent-auth + +# For more information see: +# * https://documentation.wazuh.com/4.0/user-manual/registering/password-authorization-registration.html + +wazuh_agent_authd: + registration_address: 127.0.0.1 + enable: false + port: 1515 + agent_name: null + groups: [] + ssl_agent_ca: null + ssl_agent_cert: null + ssl_agent_key: null + ssl_auto_negotiate: 'no' + ## Authentication Method: REST API # For more information see: From 5170c206e037cfe6f2418885b5272741f9261bea Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:41:45 -0300 Subject: [PATCH 23/29] roles/agent: use auto-enrollment by default --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index a3777031..8a75900c 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -97,7 +97,7 @@ wazuh_managers: # * https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#enrollment wazuh_agent_enrollment: - enabled: '' + enabled: 'yes' manager_address: '' port: 1515 agent_name: 'testname' From f7ed5f1f7f9b6b49c8d245f0e46a28d89bc1c274 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 11:43:59 -0300 Subject: [PATCH 24/29] roles/agent: update ossec.conf template to check against explicit yes instead of length --- .../templates/var-ossec-etc-ossec-agent.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 index bb71ca45..22f94856 100644 --- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 @@ -37,7 +37,7 @@ {{ wazuh_auto_restart }} {{ wazuh_crypto_method }} - {% if wazuh_agent_config.enrollment.enabled | length > 0 %} + {% if wazuh_agent_config.enrollment.enabled == 'yes' %} {{ wazuh_agent_config.enrollment.enabled }} {% if wazuh_agent_config.enrollment.manager_address | length > 0 %} From 58167dbd1f012183b753cf2a119a3ff512ef9edc Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 12:18:56 -0300 Subject: [PATCH 25/29] roles/wazuh-agent: add message explaining when auto-enrollment registration path is fired or not --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 8b8d9314..2cf5eacb 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -213,6 +213,11 @@ - config - api +- name: Linux | Agent registration via auto-enrollment + debug: + msg: Agent registration will be performed through enrollment option in templated ossec.conf + when: wazuh_agent_config.enrollment.enabled == 'yes' + - name: Linux | Installing agent configuration (ossec.conf) template: src: var-ossec-etc-ossec-agent.conf.j2 From ec831975bb9119781c2e5d237e84c4b489a57541 Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 23 Nov 2020 17:44:59 +0100 Subject: [PATCH 26/29] roles/wazuh-agent: remove default agent_name --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 10301cfc..4f587c86 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -98,7 +98,7 @@ wazuh_agent_enrollment: enabled: 'yes' manager_address: '' port: 1515 - agent_name: 'testname' + agent_name: '' groups: '' agent_address: '' ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH From 333816831a65a340c41f493e4e0ffdd18e3c70f5 Mon Sep 17 00:00:00 2001 From: neonmei Date: Mon, 23 Nov 2020 17:17:04 -0300 Subject: [PATCH 27/29] release: bump Wazuh version to 4.0.2 --- CHANGELOG.md | 10 +++++++++- README.md | 2 +- pyproject.toml | 2 +- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +- roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++---- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++-- 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5032bf99..a7f7759e 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ # Change Log All notable changes to this project will be documented in this file. +## [v4.0.2] + +- Update to Wazuh v4.0.2 + +### Added + +### Fixed + ## [v4.0.1] ### Added @@ -13,7 +21,7 @@ All notable changes to this project will be documented in this file. - Roles/elastic-stack: update jvm.options template per upstream updates ([@neonmei](https://github.com/neonmei)) [PR#501](https://github.com/wazuh/wazuh-ansible/pull/501) - Improve linting history ([@neonmei](https://github.com/neonmei)) - - Fix lint opendistro kibana [PR#497](https://github.com/wazuh/wazuh-ansible/pull/497) + - Fix lint opendistro kibana [PR#497](https://github.com/wazuh/wazuh-ansible/pull/497) - Feature lint roles configurations [PR#496](https://github.com/wazuh/wazuh-ansible/pull/496) - Feature lint role wazuh agent [PR#495](https://github.com/wazuh/wazuh-ansible/pull/495) - Feature lint role filebeat oss [PR#494](https://github.com/wazuh/wazuh-ansible/pull/494) diff --git a/README.md b/README.md index 42cae4e4..9895be44 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack. | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.0.1 | 7.9.3 | 1.11.0 | +| v4.0.2 | 7.9.3 | 1.11.0 | ## Documentation diff --git a/pyproject.toml b/pyproject.toml index 8db66cca..8b4b0a71 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "wazuh-ansible" -version = "4.0.1" +version = "4.0.2" description = "" authors = ["neonmei "] diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e61495a0..ad473430 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" kibana_conf_path: /etc/kibana elastic_stack_version: 7.9.3 -wazuh_version: 4.0.1 +wazuh_version: 4.0.2 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana elasticrepo: diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml index 4fe1c819..612822d0 100644 --- a/roles/opendistro/opendistro-kibana/defaults/main.yml +++ b/roles/opendistro/opendistro-kibana/defaults/main.yml @@ -10,7 +10,7 @@ kibana_server_port: "5601" kibana_server_name: "kibana" kibana_max_payload_bytes: 1048576 elastic_stack_version: 7.9.1 -wazuh_version: 4.0.1 +wazuh_version: 4.0.2 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana # The OpenDistro package repository diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index be1eae13..0b977cdd 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.9.1 -wazuh_template_branch: v4.0.1 +wazuh_template_branch: v4.0.2 filebeat_output_elasticsearch_hosts: - "localhost:9200" diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index 401983ff..1ef9493f 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.9.3 -wazuh_template_branch: v4.0.1 +wazuh_template_branch: v4.0.2 filebeat_create_config: true diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index d4684ab4..6e31e857 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.0.1-1 +wazuh_agent_version: 4.0.2-1 # Custom packages installation @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "" wazuh_agent_sources_installation: enabled: false - branch: "v4.0.1" + branch: "v4.0.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -55,8 +55,8 @@ wazuh_winagent_config: auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe check_md5: True md5: f2444d89dab2c4c31bbdef454c95eb28 -wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.1-1.msi -wazuh_winagent_package_name: wazuh-agent-4.0.1-1.msi +wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.2.msi +wazuh_winagent_package_name: wazuh-agent-4.0.2.msi wazuh_agent_repo: apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main' diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 9d496170..85e63ecd 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.0.1-1 +wazuh_manager_version: 4.0.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present @@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon # Sources installation wazuh_manager_sources_installation: enabled: false - branch: "v4.0.1" + branch: "v4.0.2" user_language: "en" user_no_stop: "y" user_install_type: "server" From 8f5144587887a7fc1872e15d36ad8ec174adbdc3 Mon Sep 17 00:00:00 2001 From: neonmei Date: Wed, 25 Nov 2020 10:33:41 -0300 Subject: [PATCH 28/29] release: make molecule tests component versions explicit and point them to release v4.0.2 --- .../group_vars/all.yml | 16 ++++++++++--- .../distributed-wazuh-elk/group_vars/all.yml | 10 ++++++++ .../distributed-wazuh-odfe/group_vars/all.yml | 24 +++++++++++++------ 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml index 715e921c..45028909 100644 --- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml @@ -12,6 +12,19 @@ manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }} elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" +######################################################## +# Versions +elastic_stack_version: 7.9.3 +filebeat_version: 7.9.3 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.0.2-1 +wazuh_agent_version: 4.0.2-1 + +# Kibana role appends it automatically. +wazuh_version: 4.0.2 + + ######################################################## # General ELK stack variables @@ -22,6 +35,3 @@ kibana_xpack_security: true elasticsearch_xpack_security: true elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass - -elastic_stack_version: 7.9.3 -filebeat_version: 7.9.3 \ No newline at end of file diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml index c5d04fe9..48ae39eb 100644 --- a/molecule/distributed-wazuh-elk/group_vars/all.yml +++ b/molecule/distributed-wazuh-elk/group_vars/all.yml @@ -10,4 +10,14 @@ elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars) | list }}" manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}" elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}" +######################################################## +# Versions elastic_stack_version: 7.9.3 +filebeat_version: 7.9.3 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.0.2-1 +wazuh_agent_version: 4.0.2-1 + +# Kibana role appends it automatically. +wazuh_version: 4.0.2 \ No newline at end of file diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml index 998bbbb5..393ec495 100644 --- a/molecule/distributed-wazuh-odfe/group_vars/all.yml +++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml @@ -15,12 +15,6 @@ kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}" ######################################################## # General ELK stack variables -# Cluster Settings -#es_version: "7.9.1" -#es_major_version: "7.x" -#opendistro_version: 1.10.1 -filebeat_version: 7.9.1 - # OpenDistro kibana_opendistro_security: true @@ -34,4 +28,20 @@ opendistro_admin_password: changeme # All nodes are called by IP name elasticsearch_node_name: '{{ ansible_hostname }}' kibana_node_name: '{{ ansible_hostname }}' -filebeat_node_name: '{{ ansible_hostname }}' \ No newline at end of file +filebeat_node_name: '{{ ansible_hostname }}' + +######################################################## +# Versions +# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/ + +elastic_stack_version: 7.9.1 +opendistro_version: 1.11.0 +filebeat_version: 7.9.1 +kibana_opendistro_version: -1.11.0-1 + +# Debian packages need the ${VERSION}-1 +wazuh_manager_version: 4.0.2-1 +wazuh_agent_version: 4.0.2-1 + +# Kibana role appends it automatically. +wazuh_version: 4.0.2 \ No newline at end of file From 2501ee6624d8a921b3fe4fd6b3c822ac66e40783 Mon Sep 17 00:00:00 2001 From: neonmei Date: Wed, 25 Nov 2020 11:02:18 -0300 Subject: [PATCH 29/29] release: update CHANGELOG.md for v4.0.2 --- CHANGELOG.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7f7759e..91000121 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,12 +3,22 @@ All notable changes to this project will be documented in this file. ## [v4.0.2] -- Update to Wazuh v4.0.2 - ### Added +- Update to Wazuh v4.0.2 + +### Changed + +- New role variables have been introduced (e.g: `wazuh_agent_api_validate`), see documentation or PRs listed here for details. +- Some variables have been deprecated (e.g: `wazuh_agent_nat`) in favour of other ones, see documentation or PRs listed here for details. + ### Fixed +- Fix agent enrollment default value. Fix authd registration. [PR#505](https://github.com/wazuh/wazuh-ansible/issues/505) +- Remove async clause causing agent install timeout on resource-constrained Centos installations [PR#507](https://github.com/wazuh/wazuh-ansible/issues/507) +- Fix REST registration method for agents [PR#509](https://github.com/wazuh/wazuh-ansible/issues/509) +- `authd_pass` and `api_pass` [precedence](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) too high, lower to role defaults [PR#488](https://github.com/wazuh/wazuh-ansible/issues/488) + ## [v4.0.1] ### Added