afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #237 from wazuh/3.10_7.3.2-release

Browse Source 
Wazuh Release 3.10 7.3.2
This commit is contained in:
Manuel J. Bernal 2019-09-18 13:32:07 +02:00 committed by GitHub
commit c7c15f614c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 2250 additions and 2412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGELOG.md
View File

@ -1,6 +1,26 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v3.10.0_7.3.2]
### Added
- Update to Wazuh v3.10.0
### Changed
- Updated Kibana [@jm404](https://github.com/jm404) [#237](https://github.com/wazuh/wazuh-ansible/pull/237)
- Updated agent.conf template [@moodymob](https://github.com/moodymob) [#222](https://github.com/wazuh/wazuh-ansible/pull/222)
- Improved molecule tests [@rshad](https://github.com/rshad) [#223](https://github.com/wazuh/wazuh-ansible/pull/223/files)
- Moved "run_cluster_mode.sh" script to molecule folder [@jm404](https://github.com/jm404) [#a9d2c52](https://github.com/wazuh/wazuh-ansible/commit/a9d2c5201047c273c2c4fead5a54e576111da455)
### Fixed
- Fixed typo in the `agent.conf` template [@joey1a2b3c](https://github.com/joey1a2b3c) [#227](https://github.com/wazuh/wazuh-ansible/pull/227)
- Updated conditionals in tasks to fix Amazon Linux installation [@jm404](https://github.com/jm404) [#229](https://github.com/wazuh/wazuh-ansible/pull/229)
- Fixed Kibana installation in Amazon Linux [@jm404](https://github.com/jm404) [#232](https://github.com/wazuh/wazuh-ansible/pull/232)
- Fixed Windows Agent installation and configuration [@jm404](https://github.com/jm404) [#234](https://github.com/wazuh/wazuh-ansible/pull/234)
## [v3.9.5_7.2.1] ## [v3.9.5_7.2.1]
### Added ### Added

4
VERSION
View File

@ -1,2 +1,2 @@
WAZUH-ANSIBLE_VERSION="v3.9.5" WAZUH-ANSIBLE_VERSION="v3.10.0"
REVISION="3950" REVISION="31000"

4
molecule/default/tests/test_default.py
View File

@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.9.5" return "3.10.0"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -86,4 +86,4 @@ def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed.""" """Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.2.1') assert filebeat.version.startswith('7.3.2')

2
molecule/elasticsearch/tests/test_default.py
View File

@ -10,7 +10,7 @@ def test_elasticsearch_is_installed(host):
"""Test if the elasticsearch package is installed.""" """Test if the elasticsearch package is installed."""
elasticsearch = host.package("elasticsearch") elasticsearch = host.package("elasticsearch")
assert elasticsearch.is_installed assert elasticsearch.is_installed
assert elasticsearch.version.startswith('7.2.1') assert elasticsearch.version.startswith('7.3.2')
def test_elasticsearch_is_running(host): def test_elasticsearch_is_running(host):

2
molecule/kibana/tests/test_default.py
View File

@ -14,7 +14,7 @@ def test_port_kibana_is_open(host):
def test_find_correct_elasticsearch_version(host): def test_find_correct_elasticsearch_version(host):
"""Test if we find the kibana/elasticsearch version in package.json""" """Test if we find the kibana/elasticsearch version in package.json"""
kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json") kibana = host.file("/usr/share/kibana/plugins/wazuh/package.json")
assert kibana.contains("7.2.1") assert kibana.contains("7.3.2")
def test_wazuh_plugin_installed(host): def test_wazuh_plugin_installed(host):

0
run_cluster_mode.sh → molecule/run_cluster_mode.sh
View File

2
molecule/wazuh-agent/tests/test_agents.py
View File

@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.9.5" return "3.10.0"
def test_ossec_package_installed(Package): def test_ossec_package_installed(Package):

4
molecule/worker/tests/test_default.py
View File

@ -9,7 +9,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def get_wazuh_version(): def get_wazuh_version():
"""This return the version of Wazuh.""" """This return the version of Wazuh."""
return "3.9.5" return "3.10.0"
def test_wazuh_packages_are_installed(host): def test_wazuh_packages_are_installed(host):
@ -82,4 +82,4 @@ def test_filebeat_is_installed(host):
"""Test if the elasticsearch package is installed.""" """Test if the elasticsearch package is installed."""
filebeat = host.package("filebeat") filebeat = host.package("filebeat")
assert filebeat.is_installed assert filebeat.is_installed
assert filebeat.version.startswith('7.2.1') assert filebeat.version.startswith('7.3.2')

2
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -4,7 +4,7 @@ elasticsearch_node_name: node-1
elasticsearch_http_port: 9200 elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1 elasticsearch_network_host: 127.0.0.1
elasticsearch_jvm_xms: null elasticsearch_jvm_xms: null
elastic_stack_version: 7.2.1 elastic_stack_version: 7.3.2
single_node: true single_node: true
elasticsearch_bootstrap_node: false elasticsearch_bootstrap_node: false
elasticsearch_master_candidate: false elasticsearch_master_candidate: false

621
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2
View File

@ -1,621 +0,0 @@
{
"order": 0,
"template": "wazuh-alerts-3.x-*",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"wazuh": {
"dynamic_templates": [
{
"string_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword",
"doc_values": "true"
}
}
}
],
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "text"
},
"agent": {
"properties": {
"ip": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"manager": {
"properties": {
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"cluster": {
"properties": {
"name": {
"type": "keyword",
"doc_values": "true"
}
}
},
"AlertsFile": {
"type": "keyword",
"doc_values": "true"
},
"full_log": {
"type": "text"
},
"previous_log": {
"type": "text"
},
"GeoLocation": {
"properties": {
"area_code": {
"type": "long"
},
"city_name": {
"type": "keyword",
"doc_values": "true"
},
"continent_code": {
"type": "text"
},
"coordinates": {
"type": "double"
},
"country_code2": {
"type": "text"
},
"country_code3": {
"type": "text"
},
"country_name": {
"type": "keyword",
"doc_values": "true"
},
"dma_code": {
"type": "long"
},
"ip": {
"type": "keyword",
"doc_values": "true"
},
"latitude": {
"type": "double"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "double"
},
"postal_code": {
"type": "keyword"
},
"real_region_name": {
"type": "keyword",
"doc_values": "true"
},
"region_name": {
"type": "keyword",
"doc_values": "true"
},
"timezone": {
"type": "text"
}
}
},
"host": {
"type": "keyword",
"doc_values": "true"
},
"syscheck": {
"properties": {
"path": {
"type": "keyword",
"doc_values": "true"
},
"sha1_before": {
"type": "keyword",
"doc_values": "true"
},
"sha1_after": {
"type": "keyword",
"doc_values": "true"
},
"uid_before": {
"type": "keyword",
"doc_values": "true"
},
"uid_after": {
"type": "keyword",
"doc_values": "true"
},
"gid_before": {
"type": "keyword",
"doc_values": "true"
},
"gid_after": {
"type": "keyword",
"doc_values": "true"
},
"perm_before": {
"type": "keyword",
"doc_values": "true"
},
"perm_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_after": {
"type": "keyword",
"doc_values": "true"
},
"md5_before": {
"type": "keyword",
"doc_values": "true"
},
"gname_after": {
"type": "keyword",
"doc_values": "true"
},
"gname_before": {
"type": "keyword",
"doc_values": "true"
},
"inode_after": {
"type": "keyword",
"doc_values": "true"
},
"inode_before": {
"type": "keyword",
"doc_values": "true"
},
"mtime_after": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"mtime_before": {
"type": "date",
"format": "dateOptionalTime",
"doc_values": "true"
},
"uname_after": {
"type": "keyword",
"doc_values": "true"
},
"uname_before": {
"type": "keyword",
"doc_values": "true"
},
"size_before": {
"type": "long",
"doc_values": "true"
},
"size_after": {
"type": "long",
"doc_values": "true"
},
"diff": {
"type": "keyword",
"doc_values": "true"
},
"event": {
"type": "keyword",
"doc_values": "true"
}
}
},
"location": {
"type": "keyword",
"doc_values": "true"
},
"message": {
"type": "text"
},
"offset": {
"type": "keyword"
},
"rule": {
"properties": {
"description": {
"type": "keyword",
"doc_values": "true"
},
"groups": {
"type": "keyword",
"doc_values": "true"
},
"level": {
"type": "long",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"cve": {
"type": "keyword",
"doc_values": "true"
},
"info": {
"type": "keyword",
"doc_values": "true"
},
"frequency": {
"type": "long",
"doc_values": "true"
},
"firedtimes": {
"type": "long",
"doc_values": "true"
},
"cis": {
"type": "keyword",
"doc_values": "true"
},
"pci_dss": {
"type": "keyword",
"doc_values": "true"
},
"gdpr": {
"type": "keyword",
"doc_values": "true"
},
"gpg13": {
"type": "keyword",
"doc_values": "true"
}
}
},
"decoder": {
"properties": {
"parent": {
"type": "keyword",
"doc_values": "true"
},
"name": {
"type": "keyword",
"doc_values": "true"
},
"ftscomment": {
"type": "keyword",
"doc_values": "true"
},
"fts": {
"type": "long",
"doc_values": "true"
},
"accumulate": {
"type": "long",
"doc_values": "true"
}
}
},
"data": {
"properties": {
"protocol": {
"type": "keyword",
"doc_values": "true"
},
"action": {
"type": "keyword",
"doc_values": "true"
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"dstip": {
"type": "keyword",
"doc_values": "true"
},
"srcport": {
"type": "keyword",
"doc_values": "true"
},
"dstport": {
"type": "keyword",
"doc_values": "true"
},
"srcuser": {
"type": "keyword",
"doc_values": "true"
},
"dstuser": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"status": {
"type": "keyword",
"doc_values": "true"
},
"data": {
"type": "keyword",
"doc_values": "true"
},
"system_name": {
"type": "keyword",
"doc_values": "true"
},
"url": {
"type": "keyword",
"doc_values": "true"
},
"oscap": {
"properties": {
"check.title": {
"type": "keyword",
"doc_values": "true"
},
"check.id": {
"type": "keyword",
"doc_values": "true"
},
"check.result": {
"type": "keyword",
"doc_values": "true"
},
"check.severity": {
"type": "keyword",
"doc_values": "true"
},
"check.description": {
"type": "text"
},
"check.rationale": {
"type": "text"
},
"check.references": {
"type": "text"
},
"check.identifiers": {
"type": "text"
},
"check.oval.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.content": {
"type": "keyword",
"doc_values": "true"
},
"scan.benchmark.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.title": {
"type": "keyword",
"doc_values": "true"
},
"scan.profile.id": {
"type": "keyword",
"doc_values": "true"
},
"scan.score": {
"type": "double",
"doc_values": "true"
},
"scan.return_code": {
"type": "long",
"doc_values": "true"
}
}
},
"audit": {
"properties": {
"type": {
"type": "keyword",
"doc_values": "true"
},
"id": {
"type": "keyword",
"doc_values": "true"
},
"syscall": {
"type": "keyword",
"doc_values": "true"
},
"exit": {
"type": "keyword",
"doc_values": "true"
},
"ppid": {
"type": "keyword",
"doc_values": "true"
},
"pid": {
"type": "keyword",
"doc_values": "true"
},
"auid": {
"type": "keyword",
"doc_values": "true"
},
"uid": {
"type": "keyword",
"doc_values": "true"
},
"gid": {
"type": "keyword",
"doc_values": "true"
},
"euid": {
"type": "keyword",
"doc_values": "true"
},
"suid": {
"type": "keyword",
"doc_values": "true"
},
"fsuid": {
"type": "keyword",
"doc_values": "true"
},
"egid": {
"type": "keyword",
"doc_values": "true"
},
"sgid": {
"type": "keyword",
"doc_values": "true"
},
"fsgid": {
"type": "keyword",
"doc_values": "true"
},
"tty": {
"type": "keyword",
"doc_values": "true"
},
"session": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"exe": {
"type": "keyword",
"doc_values": "true"
},
"key": {
"type": "keyword",
"doc_values": "true"
},
"cwd": {
"type": "keyword",
"doc_values": "true"
},
"directory.name": {
"type": "keyword",
"doc_values": "true"
},
"directory.inode": {
"type": "keyword",
"doc_values": "true"
},
"directory.mode": {
"type": "keyword",
"doc_values": "true"
},
"file.name": {
"type": "keyword",
"doc_values": "true"
},
"file.inode": {
"type": "keyword",
"doc_values": "true"
},
"file.mode": {
"type": "keyword",
"doc_values": "true"
},
"acct": {
"type": "keyword",
"doc_values": "true"
},
"dev": {
"type": "keyword",
"doc_values": "true"
},
"enforcing": {
"type": "keyword",
"doc_values": "true"
},
"list": {
"type": "keyword",
"doc_values": "true"
},
"old-auid": {
"type": "keyword",
"doc_values": "true"
},
"old-ses": {
"type": "keyword",
"doc_values": "true"
},
"old_enforcing": {
"type": "keyword",
"doc_values": "true"
},
"old_prom": {
"type": "keyword",
"doc_values": "true"
},
"op": {
"type": "keyword",
"doc_values": "true"
},
"prom": {
"type": "keyword",
"doc_values": "true"
},
"res": {
"type": "keyword",
"doc_values": "true"
},
"srcip": {
"type": "keyword",
"doc_values": "true"
},
"subj": {
"type": "keyword",
"doc_values": "true"
},
"success": {
"type": "keyword",
"doc_values": "true"
}
}
}
}
},
"program_name": {
"type": "keyword",
"doc_values": "true"
},
"command": {
"type": "keyword",
"doc_values": "true"
},
"type": {
"type": "text"
},
"title": {
"type": "keyword",
"doc_values": "true"
}
}
}
}
}

1986
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2
View File

File diff suppressed because it is too large Load Diff

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -5,8 +5,8 @@ elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1" elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 7.2.1 elastic_stack_version: 7.3.2
wazuh_version: 3.9.5 wazuh_version: 3.10.0
# Xpack Security # Xpack Security
kibana_xpack_security: false kibana_xpack_security: false

16
roles/elastic-stack/ansible-kibana/tasks/main.yml
View File

@ -6,10 +6,11 @@
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- name: Reload systemd - name: Reload systemd
systemd: daemon_reload=true systemd:
daemon_reload: true
ignore_errors: true ignore_errors: true
when: when:
- not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") - not (ansible_distribution == "Amazon" and ansible_distribution_version == "(Karoo)")
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
- not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
- not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<')) - not (ansible_os_family == "RedHat" and ansible_distribution_version is version('7', '<'))
@ -84,6 +85,7 @@
when: when:
- check_certs_permissions is defined - check_certs_permissions is defined
- kibana_xpack_security - kibana_xpack_security
notify: restart kibana
tags: xpack-security tags: xpack-security
- name: Kibana configuration - name: Kibana configuration
@ -93,6 +95,7 @@
owner: root owner: root
group: root group: root
mode: 0664 mode: 0664
notify: restart kibana
tags: configure tags: configure
- name: Checking Wazuh-APP version - name: Checking Wazuh-APP version
@ -125,6 +128,7 @@
creates: /usr/share/kibana/plugins/wazuh/package.json creates: /usr/share/kibana/plugins/wazuh/package.json
become: yes become: yes
become_user: kibana become_user: kibana
notify: restart kibana
tags: tags:
- install - install
- skip_ansible_lint - skip_ansible_lint
@ -133,12 +137,6 @@
systemd: systemd:
daemon_reload: true daemon_reload: true
- name: Restart Kibana
service:
name: kibana
enabled: true
state: restarted
- name: Ensure Kibana is started and enabled - name: Ensure Kibana is started and enabled
service: service:
name: kibana name: kibana
@ -146,7 +144,7 @@
state: started state: started
- import_tasks: RMRedHat.yml - import_tasks: RMRedHat.yml
when: ansible_os_family == 'RedHat', 'Amazon' when: ansible_os_family == 'RedHat'
- import_tasks: RMDebian.yml - import_tasks: RMDebian.yml
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'

2
roles/wazuh/ansible-filebeat/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
filebeat_version: 7.2.1 filebeat_version: 7.3.2
filebeat_create_config: true filebeat_create_config: true

1985
roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
View File

File diff suppressed because it is too large Load Diff

4
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_agent_version: 3.9.5 wazuh_agent_version: 3.10.0
wazuh_managers: wazuh_managers:
- address: 127.0.0.1 - address: 127.0.0.1
port: 1514 port: 1514
@ -26,7 +26,7 @@ wazuh_winagent_config:
auth_path: C:\Program Files\ossec-agent\agent-auth.exe auth_path: C:\Program Files\ossec-agent\agent-auth.exe
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
version: '3.9.5' version: '3.10.0'
revision: '1' revision: '1'
repo: https://packages.wazuh.com/3.x/windows/ repo: https://packages.wazuh.com/3.x/windows/
md5: ee5b24216db472d291da4e14f0b3bc63 md5: ee5b24216db472d291da4e14f0b3bc63

2
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_api_version: 3.9.5 wazuh_manager_api_version: 3.10.0
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: latest wazuh_manager_package_state: latest