diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ed1e39c..c3405f0b 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,55 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.xx.x_x.x.x] +## [v3.11.0_7.5.1] ### Added -- Wazuh Agent registration task now explicitly notify restart [@jm404](https://github.com/jm404) [#302](https://github.com/wazuh/wazuh-ansible/pull/302) +- Update to Wazuh v3.11.0 + +- Wazuh Agent registration task now explicitly notify restart ([@jm404](https://github.com/jm404)) [PR#302](https://github.com/wazuh/wazuh-ansible/pull/302) + +- Support both IP and DNS when creating elastic cluster ([@xr09](https://github.com/xr09)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/252) + +- Added config tag to the Wazuh Agent's enable task ([@xr09](https://github.com/xr09)) [PR#261](https://github.com/wazuh/wazuh-ansible/pull/261) + +- Implement task to configure Elasticsearch user on every cluster node ([@xr09](https://github.com/xr09)) [PR#270](https://github.com/wazuh/wazuh-ansible/pull/270) + +- Added SCA to Wazuh Agent and Manager installation ([@jm404](https://github.com/jm404)) [PR#260](https://github.com/wazuh/wazuh-ansible/pull/260) + +- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) + +- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) + ### Changed -- Make Wazuh repositories installation flexible [@jm404](https://github.com/jm404) [#288](https://github.com/wazuh/wazuh-ansible/pull/288) -- Wazuh App URL is now flexible [@jm404](https://github.com/jm404) [#304](https://github.com/wazuh/wazuh-ansible/pull/304) +- Updated Filebeat and Elasticsearch templates ([@manuasir](https://github.com/manuasir)) [PR#285](https://github.com/wazuh/wazuh-ansible/pull/285) + +- Make ossec.conf file more readable by removing trailing whitespaces ([@jm404](https://github.com/jm404)) [PR#286](https://github.com/wazuh/wazuh-ansible/pull/286) + +- Wazuh repositories can now be configured to different sources URLs ([@jm404](https://github.com/jm404)) [PR#288](https://github.com/wazuh/wazuh-ansible/pull/288) + +- Wazuh App URL is now flexible ([@jm404](https://github.com/jm404)) [PR#304](https://github.com/wazuh/wazuh-ansible/pull/304) + +- Agent installation task now does not hardcodes the "-1" sufix ([@jm404](https://github.com/jm404)) [PR#310](https://github.com/wazuh/wazuh-ansible/pull/310) + +- Enhanced task importation in Wazuh Manager role and removed deprecated warnings ([@xr09](https://github.com/xr09)) [PR#320](https://github.com/wazuh/wazuh-ansible/pull/320) + +- Wazuh API installation task have been upgraded ([@rshad](https://github.com/rshad)) [PR#330](https://github.com/wazuh/wazuh-ansible/pull/330) + +- It's now possible to install Wazuh Manager and Agent from sources ([@jm404](https://github.com/jm404)) [PR#329](https://github.com/wazuh/wazuh-ansible/pull/329) + ### Fixed -- Wazuh Agent registration using agent name has been fixed [@jm404](https://github.com/jm404) [#298](https://github.com/wazuh/wazuh-ansible/pull/298) -- Fix Wazuh repository and installation conditionals [@jm404](https://github.com/jm404) [#299](https://github.com/wazuh/wazuh-ansible/pull/299) +- Ansible upgrade from 6.x to 7.x ([@jm404](https://github.com/jm404)) [PR#252](https://github.com/wazuh/wazuh-ansible/pull/251) + +- Wazuh Agent registration using agent name has been fixed ([@jm404](https://github.com/jm404)) [PR#298](https://github.com/wazuh/wazuh-ansible/pull/298) +- Fix Wazuh repository and installation conditionals ([@jm404](https://github.com/jm404)) [PR#299](https://github.com/wazuh/wazuh-ansible/pull/299) + +- Fixed Wazuh Agent registration using an Agent's name ([@jm404](https://github.com/jm404)) [PR#334](https://github.com/wazuh/wazuh-ansible/pull/334) + ## [v3.11.0_7.3.2] diff --git a/VERSION b/VERSION index fccb7443..fad76f5c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31020" +REVISION="31100" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 8ec8f78a..32039d6b 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -7,8 +7,17 @@ kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 wazuh_version: 3.11.1 + wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp +# API credentials +wazuh_api_credentials: + - id: "default" + url: "http://localhost" + port: 55000 + user: "foo" + password: "bar" + # Xpack Security kibana_xpack_security: false @@ -32,5 +41,5 @@ nodejs: repo_url_ext: "nodesource.com/setup_8.x" # Build from sources -build_from_sources: true -wazuh_plugin_branch: 3.10-7.4 \ No newline at end of file +build_from_sources: false +wazuh_plugin_branch: 3.11-7.5 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index dd0e423f..d21dea91 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -134,6 +134,30 @@ when: - not build_from_sources +- name: Wait for Elasticsearch port + wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} + +- name: Select correct API protocol + set_fact: + elastic_api_protocol: "{% if kibana_xpack_security %}https{% else %}http{% endif %}" + +- name: Attempting to delete legacy Wazuh index if exists + uri: + url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh" + method: DELETE + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200, 404 + +- name: Configure Wazuh Kibana Plugin + template: + src: wazuh.yml.j2 + dest: /usr/share/kibana/plugins/wazuh/wazuh.yml + owner: kibana + group: root + mode: 0644 + - name: Reload systemd configuration systemd: daemon_reload: true diff --git a/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 new file mode 100644 index 00000000..1cbc9e2d --- /dev/null +++ b/roles/elastic-stack/ansible-kibana/templates/wazuh.yml.j2 @@ -0,0 +1,134 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2019 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-3.x-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# ------------------------------ Advanced indices ------------------------------ +# +# Configure .wazuh indices shards and replicas. +#wazuh.shards : 1 +#wazuh.replicas : 0 +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-3.x-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +# +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# user: +# password: + +hosts: +{% for api in wazuh_api_credentials %} + - {{ api['id'] }}: + url: {{ api['url'] }} + port: {{ api['port'] }} + user: {{ api['user'] }} + password: {{ api['password'] }} +{% endfor %} diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 2de09a8e..ee0aced7 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -60,7 +60,7 @@ {{ wazuh_agent_win_auth_path }} -m {{ wazuh_managers.0.address }} -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} + {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 6c4a27c8..21faa35c 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -30,7 +30,7 @@ wazuh_manager_sources_installation: threads: "2" wazuh_api_sources_installation: - enabled: true + enabled: false branch: "v3.11.1" update: "y" remove: "y" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index b8bf5625..68aeac34 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -61,6 +61,7 @@ state: directory # When downloading "v3.11.1" extracted folder name is 3.11.1. + # Explicitly creating the folder with proper naming and striping first level in .tar.gz file - name: Extract downloaded Wazuh branch from Github # Using shell instead of unarchive due to that module not working properlyh with --strip diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 81b7d31b..99201c29 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -154,23 +154,33 @@ {% endif %} {% elif ansible_distribution == 'CentOS' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% elif ansible_distribution == 'RedHat' %} - {% if ansible_distribution_major_version == '7' %} + {% if ansible_distribution_major_version == '8' %} + {# Policy not available #} + {% elif ansible_distribution_major_version == '7' %} + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + {% elif ansible_distribution_major_version == '6' %} - {% endif %} xccdf_org.ssgproject.content_profile_pci-dss xccdf_org.ssgproject.content_profile_common + {% endif %} {% if ansible_distribution_major_version == '7' %} {% elif ansible_distribution_major_version == '6' %}