From 0440e5dce91965871fb326107a3692a2e8fca967 Mon Sep 17 00:00:00 2001
From: singuliere <singuliere@autistici.org>
Date: Fri, 11 Dec 2020 13:26:20 +0100
Subject: [PATCH 01/22] randomly generated passwords must obey some constraints

The password constraints of security.py require at least one digit,
one lower case, one upper case and one special character.

https://github.com/wazuh/wazuh/blob/master/framework/wazuh/security.py#L22

Fixes: https://github.com/wazuh/wazuh-ansible/issues/518
---
 .../wazuh/ansible-wazuh-manager/files/create_user.py  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/files/create_user.py b/roles/wazuh/ansible-wazuh-manager/files/create_user.py
index aeabde44..6bb966fa 100644
--- a/roles/wazuh/ansible-wazuh-manager/files/create_user.py
+++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py
@@ -69,13 +69,20 @@ if __name__ == "__main__":
     # set a random password for all other users
     for name, id in initial_users.items():
         if name != username:
+            specials = "@$!%*?&-_"
             random_pass = "".join(
+                [
+                    random.choice(string.ascii_uppercase),
+                    random.choice(string.ascii_lowercase),
+                    random.choice(string.digits),
+                    random.choice(specials),
+                ] +
                 random.choices(
                     string.ascii_uppercase
                     + string.ascii_lowercase
                     + string.digits
-                    + "@$!%*?&-_",
-                    k=16,
+                    + specials,
+                    k=14,
                 )
             )
             update_user(

From df46716a9b9a7cc25a4a64e007c1c28191ad0b2e Mon Sep 17 00:00:00 2001
From: Peter Dragos <15849936+dragospe@users.noreply.github.com>
Date: Mon, 14 Dec 2020 18:05:36 -0500
Subject: [PATCH 02/22] add localfile labels to agent ossec.conf template

This change enables generating a stanza such as

```
<localfile>
  <location>/var/log/myapp/log.json</location>
  <log_format>json</log_format>
  <label key="@source">myapp</label>
  <label key="agent.type">webserver</label>
</localfile>
```

from the `wazuh_agent_config` snippet:

```
                - format: json
                  location: /var/log/myapp/log.json
                  label:
                    - key: "@source"
                      value: "myapp"
                    - key: "agent.type"
                      value: "webserver"
```
---
 .../var-ossec-etc-ossec-agent.conf.j2         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 22f94856..9cd8d1f2 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -353,6 +353,11 @@
     {% endif %}
   {% else %}
     <location>{{ localfile.location }}</location>
+    {% if localfile.format == 'json' %}
+    {% for label in localfile.label %}
+    <label key="{{ label.key }}">{{ label.value }}</label>
+    {% endfor %}
+    {% endif %}
     {% endif %}
   </localfile>
   {% endfor %}
@@ -371,6 +376,11 @@
       {% endif %}
   {% else %}
       <location>{{ localfile.location }}</location>
+      {% if localfile.format == 'json' %}
+      {% for label in localfile.label %}
+      <label key="{{ label.key }}">{{ label.value }}</label>
+      {% endfor %}
+      {% endif %}
   {% endif %}
   </localfile>
   {% endfor %}
@@ -389,6 +399,11 @@
       {% endif %}
     {% else %}
       <location>{{ localfile.location }}</location>
+      {% if localfile.format == 'json' %}
+      {% for label in localfile.label %}
+      <label key="{{ label.key }}">{{ label.value }}</label>
+      {% endfor %}
+      {% endif %}
   {% endif %}
   </localfile>
   {% endfor %}
@@ -404,6 +419,11 @@
       <query>{{ localfile.query}}</query>
   {% else %}
       <location>{{ localfile.location }}</location>
+      {% if localfile.format == 'json' %}
+      {% for label in localfile.label %}
+      <label key="{{ label.key }}">{{ label.value }}</label>
+      {% endfor %}
+      {% endif %}
   {% endif %}
   </localfile>
   {% endfor %}

From a395841104efadf447776ec0d442533504f644bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Krawczyk?=
 <616047+kravietz@users.noreply.github.com>
Date: Thu, 17 Dec 2020 20:58:59 +0000
Subject: [PATCH 03/22] Fix invalid Jinja2 syntax

---
 .../templates/var-ossec-etc-shared-agent.conf.j2            | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 85b82ff2..d23479dd 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -66,8 +66,8 @@
        {% endif %}
        {% endif %}
        {% if localfile.format == 'json' and localfile.labels is defined %}
-       {% for key, value in localfile.labels.items() %}
-       <label key="{{ key }}">{{ value }}</label>
+       {% for item in localfile.labels %}
+       <label key="{{ item.key }}">{{ item.value }}</label>
        {% endfor %}
        {% endif %}
        {% if localfile.target is defined %}
@@ -93,7 +93,7 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>{{ agent_config.rootcheck.frequency }}</frequency>
 
-    {% if agent_config.rootcheck.cis_distribution_filename is not none %}
+    {% if agent_config.rootcheck.cis_distribution_filename is defined %}
     <system_audit>/var/ossec/etc/shared/default/{{ agent_config.rootcheck.cis_distribution_filename }}</system_audit>
     {% endif %}
     <skip_nfs>yes</skip_nfs>

From 59b829dae9d674d8ae5257934f6f0a8243043be9 Mon Sep 17 00:00:00 2001
From: zenidd <jpsaezgutierrez@gmail.com>
Date: Wed, 23 Dec 2020 15:25:16 +0100
Subject: [PATCH 04/22] roles/opendistro-kibana: use admininstead of
 kibanaserver as opendistro kibana user

---
 roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml
index e7fa2689..9ed6fedb 100644
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@@ -41,7 +41,7 @@ kibana_telemetry_optin: "false"
 kibana_telemetry_enabled: "false"
 
 opendistro_admin_password: changeme
-opendistro_kibana_user: kibanaserver
+opendistro_kibana_user: admin
 opendistro_kibana_password: changeme
 local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
 

From 56311f7a22fd1ee7dc2d10d895a2144eb0381871 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Thu, 7 Jan 2021 10:16:25 -0300
Subject: [PATCH 05/22] roles/opendistro-elasticsearch: replace
 od/kibana/filebeat node_name variables to role default
 elasticsearch_node_name to avoid confusion and potential bugs

---
 .../tasks/security_actions.yml                | 33 ++++---------------
 1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml
index d0543e88..e09bdf96 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml
@@ -8,27 +8,6 @@
     - "{{ opendistro_conf_path }}/esnode.pem"
     - "{{ opendistro_conf_path }}/esnode-key.pem"
 
-
-- name: Configure node name
-  block:
-    - name: Setting node name (Elasticsearch)
-      set_fact:
-        od_node_name: "{{ elasticsearch_node_name }}"
-      when:
-        elasticsearch_node_name is defined and kibana_node_name is not defined
-
-    - name: Setting node name (Kibana)
-      set_fact:
-        od_node_name: "{{ kibana_node_name }}"
-      when:
-        kibana_node_name is defined
-
-    - name: Setting node name (Filebeat)
-      set_fact:
-        od_node_name: "{{ kibana_node_name }}"
-      when:
-        filebeat_node_name is defined
-
 - name: Configure IP (Private address)
   set_fact:
     target_address: "{{ hostvars[inventory_hostname]['private_ip'] }}"
@@ -50,11 +29,11 @@
   with_items:
     - root-ca.pem
     - root-ca.key
-    - "{{ od_node_name }}.key"
-    - "{{ od_node_name }}.pem"
-    - "{{ od_node_name }}_http.key"
-    - "{{ od_node_name }}_http.pem"
-    - "{{ od_node_name }}_elasticsearch_config_snippet.yml"
+    - "{{ elasticsearch_node_name }}.key"
+    - "{{ elasticsearch_node_name }}.pem"
+    - "{{ elasticsearch_node_name }}_http.key"
+    - "{{ elasticsearch_node_name }}_http.pem"
+    - "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml"
     - admin.key
     - admin.pem
 
@@ -65,7 +44,7 @@
     insertafter: EOF
     marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
   vars:
-    snippet_path: '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml'
+    snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml'
 
 - name: Prepare the OpenDistro security configuration file
   replace:

From f1cb1f7b208ba5db4ee58ae5c89deded29f5729b Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Thu, 7 Jan 2021 15:15:38 -0300
Subject: [PATCH 06/22] roles/opendistro: add missing variable
 elasticsearch_node_master in role defaults

---
 roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
index a4ffeeab..8ea4f64f 100644
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@@ -5,8 +5,11 @@ opendistro_version: 1.11.0
 single_node: false
 elasticsearch_node_name: node-1
 opendistro_cluster_name: wazuh
+
+elasticsearch_node_master: true
 elasticsearch_node_data: true
 elasticsearch_node_ingest: true
+
 elasticsearch_lower_disk_requirements: false
 elasticsearch_cluster_nodes:
   - 127.0.0.1

From 3594d21b6b2beb3568b37f938875938730df60f1 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:35:22 -0300
Subject: [PATCH 07/22] roles/elasticsearch-kibana: update versions for v4.0.4
 release

---
 roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
index 8671d52b..01fb49c0 100644
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_conf_path: /etc/kibana
 elastic_stack_version: 7.9.3
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 elasticrepo:

From 6b3804a6a2847ad0f618430a169fb6f28d8a31eb Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:35:39 -0300
Subject: [PATCH 08/22] roles/opendistro-kibana: update versions for v4.0.4
 release

---
 roles/opendistro/opendistro-kibana/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml
index 9ed6fedb..223cdfb6 100644
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@@ -10,7 +10,7 @@ kibana_server_port: "5601"
 kibana_server_name: "kibana"
 kibana_max_payload_bytes: 1048576
 elastic_stack_version: 7.9.1
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 
 # The OpenDistro package repository

From 9ffe0526d67a8f55d3054aef927be777d26a5e8f Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:36:03 -0300
Subject: [PATCH 09/22] roles/filebeat: update versions for v4.0.4 release

---
 roles/wazuh/ansible-filebeat/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
index ba4ade1f..7d7e73e0 100644
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.9.3
 
-wazuh_template_branch: v4.0.3
+wazuh_template_branch: v4.0.4
 
 filebeat_create_config: true
 

From 2e6a7668d3f171528427372ddb7feecf3febcbfe Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:36:12 -0300
Subject: [PATCH 10/22] roles/filebeat-oss: update versions for v4.0.4 release

---
 roles/wazuh/ansible-filebeat-oss/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
index 9552d58e..94f0ced1 100644
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.9.1
 
-wazuh_template_branch: v4.0.3
+wazuh_template_branch: v4.0.4
 
 filebeat_output_elasticsearch_hosts:
   - "localhost:9200"

From 0351d0121ee9d018cfb23847234a927550f21eb4 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:36:25 -0300
Subject: [PATCH 11/22] roles/wazuh-agent: update versions for v4.0.4 release

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index bcf134f1..76fe42eb 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 4.0.3-1
+wazuh_agent_version: 4.0.4-1
 
 
 # Custom packages installation
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v4.0.3"
+  branch: "v4.0.4"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"
@@ -55,8 +55,8 @@ wazuh_winagent_config:
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
   check_md5: True
   md5: ac2a7f83cab1f8e217083965de7b0c84
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.3-1.msi
-wazuh_winagent_package_name: wazuh-agent-4.0.3-1.msi
+wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi
+wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi
 
 wazuh_agent_repo:
   apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'

From 13465cf06ddf152e1f4bfdad5c7d5100de765136 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:36:36 -0300
Subject: [PATCH 12/22] roles/wazuh-manager: update versions for v4.0.4 release

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index a0fcf491..48790cd2 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v4.0.3"
+  branch: "v4.0.4"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"

From 9caa6a0fcd31a547a64087c73e402ec21a351f51 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:38:13 -0300
Subject: [PATCH 13/22] molecule: update versions for v4.0.4 release

---
 molecule/default/tests/test_default.py                     | 2 +-
 molecule/distributed-wazuh-elk-xpack/group_vars/all.yml    | 6 +++---
 molecule/distributed-wazuh-elk-xpack/tests/test_default.py | 2 +-
 molecule/distributed-wazuh-elk/group_vars/all.yml          | 6 +++---
 molecule/distributed-wazuh-elk/tests/test_default.py       | 2 +-
 molecule/distributed-wazuh-odfe/group_vars/all.yml         | 6 +++---
 molecule/distributed-wazuh-odfe/tests/test_default.py      | 2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index 762c593e..9685df3b 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 
 
 def test_wazuh_packages_are_installed(host):
diff --git a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
index 48fd2503..9a7f803c 100644
--- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
@@ -18,11 +18,11 @@ elastic_stack_version: 7.9.3
 filebeat_version: 7.9.3
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
-wazuh_agent_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
+wazuh_agent_version: 4.0.4-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 
 
 ########################################################
diff --git a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
index e9192994..4c045977 100644
--- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
+++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 
 
 def test_wazuh_packages_are_installed(host):
diff --git a/molecule/distributed-wazuh-elk/group_vars/all.yml b/molecule/distributed-wazuh-elk/group_vars/all.yml
index 39272811..c436a187 100644
--- a/molecule/distributed-wazuh-elk/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk/group_vars/all.yml
@@ -16,8 +16,8 @@ elastic_stack_version: 7.9.3
 filebeat_version: 7.9.3
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
-wazuh_agent_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
+wazuh_agent_version: 4.0.4-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
\ No newline at end of file
+wazuh_version: 4.0.4
\ No newline at end of file
diff --git a/molecule/distributed-wazuh-elk/tests/test_default.py b/molecule/distributed-wazuh-elk/tests/test_default.py
index e9192994..4c045977 100644
--- a/molecule/distributed-wazuh-elk/tests/test_default.py
+++ b/molecule/distributed-wazuh-elk/tests/test_default.py
@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 
 
 def test_wazuh_packages_are_installed(host):
diff --git a/molecule/distributed-wazuh-odfe/group_vars/all.yml b/molecule/distributed-wazuh-odfe/group_vars/all.yml
index 18249c2b..800554c3 100644
--- a/molecule/distributed-wazuh-odfe/group_vars/all.yml
+++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml
@@ -40,8 +40,8 @@ filebeat_version: 7.9.1
 kibana_opendistro_version: -1.11.0-1
 
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
-wazuh_agent_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
+wazuh_agent_version: 4.0.4-1
 
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
\ No newline at end of file
+wazuh_version: 4.0.4
\ No newline at end of file
diff --git a/molecule/distributed-wazuh-odfe/tests/test_default.py b/molecule/distributed-wazuh-odfe/tests/test_default.py
index 762c593e..9685df3b 100644
--- a/molecule/distributed-wazuh-odfe/tests/test_default.py
+++ b/molecule/distributed-wazuh-odfe/tests/test_default.py
@@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 
 
 def test_wazuh_packages_are_installed(host):

From 9b1347f79d4555a7c1b633907181637898b5ace1 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:38:53 -0300
Subject: [PATCH 14/22] release: update readme version for v4.0.4 release

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7610e01..796dd04e 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
-| v4.0.3        | 7.9.3   | 1.11.0 |
+| v4.0.4        | 7.9.3   | 1.11.0 |
 
 ## Documentation
 

From ef9f9830bd11ee294cc466c92a06e945412914e2 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:41:57 -0300
Subject: [PATCH 15/22] release: update poetry version for v4.0.4 release

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 8b4b0a71..97491f5f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "wazuh-ansible"
-version = "4.0.2"
+version = "4.0.4"
 description = ""
 authors = ["neonmei <neonmei@pm.me>"]
 

From 539d87d3db80830467a7555b33a512ce4e526144 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 10:41:14 -0300
Subject: [PATCH 16/22] release: update copyright notice

---
 LICENSE                                             | 2 +-
 README.md                                           | 2 +-
 roles/elastic-stack/ansible-elasticsearch/README.md | 4 ++--
 roles/elastic-stack/ansible-kibana/README.md        | 2 +-
 roles/wazuh/ansible-filebeat-oss/README.md          | 2 +-
 roles/wazuh/ansible-filebeat/README.md              | 2 +-
 roles/wazuh/ansible-wazuh-agent/README.md           | 2 +-
 roles/wazuh/ansible-wazuh-manager/README.md         | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/LICENSE b/LICENSE
index 40f5e6c3..51ab7d2f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,5 @@
 
- Portions Copyright (C) 2020 Wazuh, Inc.
+ Portions Copyright (C) 2021 Wazuh, Inc.
  Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
 
  This program is a free software; you can redistribute it and/or modify
diff --git a/README.md b/README.md
index 796dd04e..6c19bd11 100644
--- a/README.md
+++ b/README.md
@@ -357,7 +357,7 @@ https://github.com/dj-wasabi/ansible-ossec-server
 ## License and copyright
 
 WAZUH
-Copyright (C) 2016-2020 Wazuh Inc.  (License GPLv2)
+Copyright (C) 2016-2021 Wazuh Inc.  (License GPLv2)
 
 ## Web references
 
diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md
index f37d3cec..4d5636ad 100644
--- a/roles/elastic-stack/ansible-elasticsearch/README.md
+++ b/roles/elastic-stack/ansible-elasticsearch/README.md
@@ -12,7 +12,7 @@ This role will work on:
  * Fedora
  * Debian
  * Ubuntu
- 
+
 For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master.
 
 Role Variables
@@ -134,7 +134,7 @@ It is possible to define users directly on the playbook, these must be defined o
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from geerlingguy
 
diff --git a/roles/elastic-stack/ansible-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md
index 28978761..7d824333 100644
--- a/roles/elastic-stack/ansible-kibana/README.md
+++ b/roles/elastic-stack/ansible-kibana/README.md
@@ -37,7 +37,7 @@ Example Playbook
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from geerlingguy
 
diff --git a/roles/wazuh/ansible-filebeat-oss/README.md b/roles/wazuh/ansible-filebeat-oss/README.md
index 02311817..81fc8dcc 100644
--- a/roles/wazuh/ansible-filebeat-oss/README.md
+++ b/roles/wazuh/ansible-filebeat-oss/README.md
@@ -27,7 +27,7 @@ Available variables are listed below, along with default values (see `defaults/m
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from geerlingguy
 
diff --git a/roles/wazuh/ansible-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md
index 3bbc2b32..fe0c0d55 100644
--- a/roles/wazuh/ansible-filebeat/README.md
+++ b/roles/wazuh/ansible-filebeat/README.md
@@ -27,7 +27,7 @@ Available variables are listed below, along with default values (see `defaults/m
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from geerlingguy
 
diff --git a/roles/wazuh/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md
index b0dc7cd0..14291b34 100644
--- a/roles/wazuh/ansible-wazuh-agent/README.md
+++ b/roles/wazuh/ansible-wazuh-agent/README.md
@@ -47,7 +47,7 @@ The following is an example of how this role can be used:
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from dj-wasabi
 
diff --git a/roles/wazuh/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md
index ac52363d..ef99c1ff 100644
--- a/roles/wazuh/ansible-wazuh-manager/README.md
+++ b/roles/wazuh/ansible-wazuh-manager/README.md
@@ -218,7 +218,7 @@ Including an example of how to use your role (for instance, with variables passe
 License and copyright
 ---------------------
 
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 
 ### Based on previous work from dj-wasabi
 

From 148e0478e9d0ceaf7919a024e2b5b5128663d390 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Mon, 11 Jan 2021 11:15:47 -0300
Subject: [PATCH 17/22] release: update CHANGELOG for v4.0.4

---
 CHANGELOG.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73d72e71..9d3479e8 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,26 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v4.0.4]
+
+### Added
+
+- Update to Wazuh v4.0.4
+
+- Add localfile labels to agent ossec.conf template ([@dragospe](https://github.com/dragospe)) [PR#521](https://github.com/wazuh/wazuh-ansible/pull/521)
+
+### Changed
+
+- Please notice that default Kibana user in role defaults changed from `kibanaserver` to `admin`. See listed PRs below for details.
+
+### Fixed
+
+- `create_user.py` generates invalid passwords. ([@singuliere](https://github.com/singuliere)) [PR#519](https://github.com/wazuh/wazuh-ansible/pull/519)
+- Fix invalid Jinja2 syntax in shared agent ([@kravietz](https://github.com/kravietz)) [PR#528](https://github.com/wazuh/wazuh-ansible/pull/528)
+- Replace default user for `opendistro-kibana` role ([@zenidd](https://github.com/zenidd)) [PR#529](https://github.com/wazuh/wazuh-ansible/pull/529)
+-  Remove legacy declarations of `od_node_name` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei), [@dragospe](https://github.com/dragospe))  [PR#530](https://github.com/wazuh/wazuh-ansible/pull/530)
+-   add missing variable `elasticsearch_node_master` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#534](https://github.com/wazuh/wazuh-ansible/pull/534)
+
 ## [v4.0.3]
 
 ### Added

From 084cc8f36da884128fbf3411f52b6a47bcd99c60 Mon Sep 17 00:00:00 2001
From: neonmei <neonmei@pm.me>
Date: Tue, 12 Jan 2021 16:03:02 -0300
Subject: [PATCH 18/22] roles/opendistro-elasticsearch: add missing role
 defaults elasticsearch_network_host

---
 roles/opendistro/opendistro-elasticsearch/defaults/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
index 8ea4f64f..cfcbc863 100644
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@@ -5,6 +5,7 @@ opendistro_version: 1.11.0
 single_node: false
 elasticsearch_node_name: node-1
 opendistro_cluster_name: wazuh
+elasticsearch_network_host: '0.0.0.0'
 
 elasticsearch_node_master: true
 elasticsearch_node_data: true

From f7c84a357d04896b904b298a15a291636323b11b Mon Sep 17 00:00:00 2001
From: zenidd <jpsaezgutierrez@gmail.com>
Date: Fri, 15 Jan 2021 10:24:18 +0100
Subject: [PATCH 19/22] release: update CHANGELOG for v4.0.4

---
 CHANGELOG.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9d3479e8..91eaf303 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,11 +15,13 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
-- `create_user.py` generates invalid passwords. ([@singuliere](https://github.com/singuliere)) [PR#519](https://github.com/wazuh/wazuh-ansible/pull/519)
-- Fix invalid Jinja2 syntax in shared agent ([@kravietz](https://github.com/kravietz)) [PR#528](https://github.com/wazuh/wazuh-ansible/pull/528)
+- `create_user.py` generates invalid passwords ([@singuliere](https://github.com/singuliere)) [PR#519](https://github.com/wazuh/wazuh-ansible/pull/519)
+- Fix invalid Jinja2 syntax in centralized configuration template ([@kravietz](https://github.com/kravietz)) [PR#528](https://github.com/wazuh/wazuh-ansible/pull/528)
 - Replace default user for `opendistro-kibana` role ([@zenidd](https://github.com/zenidd)) [PR#529](https://github.com/wazuh/wazuh-ansible/pull/529)
--  Remove legacy declarations of `od_node_name` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei), [@dragospe](https://github.com/dragospe))  [PR#530](https://github.com/wazuh/wazuh-ansible/pull/530)
--   add missing variable `elasticsearch_node_master` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#534](https://github.com/wazuh/wazuh-ansible/pull/534)
+- Remove legacy declarations of `od_node_name` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei), [@dragospe](https://github.com/dragospe))  [PR#530](https://github.com/wazuh/wazuh-ansible/pull/530)
+- Add missing variable `elasticsearch_node_master` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#534](https://github.com/wazuh/wazuh-ansible/pull/534)
+- Add missing variable `elasticsearch_network_host` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#540](https://github.com/wazuh/wazuh-ansible/pull/540)
+
 
 ## [v4.0.3]
 

From 9d83afc8f0a399118bcce110500e9734a7c13b51 Mon Sep 17 00:00:00 2001
From: zenidd <jpsaezgutierrez@gmail.com>
Date: Fri, 15 Jan 2021 11:10:46 +0100
Subject: [PATCH 20/22] roles/wazuh-manager/templates/api.yaml: add new vars
 supporting new Wazuh API settings. Update related templates

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml |  6 +++++-
 .../ansible-wazuh-manager/templates/api.yaml.j2     | 13 +++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 48790cd2..4004328c 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -395,6 +395,7 @@ wazuh_manager_api:
   https_cert: "api/configuration/ssl/server.crt"
   https_use_ca: False
   https_ca: "api/configuration/ssl/ca.crt"
+  https_ssl_cipher: "TLSv1.2"
   logging_level: "info"
   logging_path: "logs/api.log"
   cors: no
@@ -410,7 +411,10 @@ wazuh_manager_api:
   use_only_authd: no
   drop_privileges: yes
   experimental_features: no
-
+  remote_commands_localfile: yes
+  remote_commands_localfile_exceptions: []
+  remote_commands_wodle: yes
+  remote_commands_wodle_exceptions: []
 # wazuh_api_users:
 #   - username: custom-user
 #     password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars)
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
index 638c4750..4308216b 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
@@ -14,7 +14,7 @@
   cert: "{{ wazuh_manager_config.api.https_cert }}"
   use_ca: {{ wazuh_manager_config.api.https_use_ca }}
   ca: "{{ wazuh_manager_config.api.https_ca }}"
-
+  ssl_cipher: "{{ wazuh_manager_config.api.https_ssl_cipher }}"
 # Logging configuration
 # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
  logs:
@@ -41,4 +41,13 @@
 # Drop privileges (Run as ossec user)
  drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
 # Enable features under development
- experimental_features: {{ wazuh_manager_config.api.experimental_features }}
\ No newline at end of file
+ experimental_features: {{ wazuh_manager_config.api.experimental_features }}
+
+# Enable remote commands
+remote_commands:
+  localfile:
+    enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
+    exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
+  wodle_command:
+    enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
+    exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}

From 29331df00e8d08f74745ef3d1e809a6079e2a541 Mon Sep 17 00:00:00 2001
From: zenidd <jpsaezgutierrez@gmail.com>
Date: Fri, 15 Jan 2021 11:19:29 +0100
Subject: [PATCH 21/22] roles/wazuh-manager/templates/api.yaml: fix missing
 whitespace before variables

---
 .../ansible-wazuh-manager/templates/api.yaml.j2    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
index 4308216b..f5a239d8 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
@@ -44,10 +44,10 @@
  experimental_features: {{ wazuh_manager_config.api.experimental_features }}
 
 # Enable remote commands
-remote_commands:
-  localfile:
-    enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
-    exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
-  wodle_command:
-    enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
-    exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}
+ remote_commands:
+   localfile:
+     enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
+     exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
+   wodle_command:
+     enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
+     exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}

From f479408d4646b93422bc4863997fe64b6a9172cf Mon Sep 17 00:00:00 2001
From: zenidd <jpsaezgutierrez@gmail.com>
Date: Fri, 15 Jan 2021 11:49:09 +0100
Subject: [PATCH 22/22] release: update CHANGELOG for v4.0.4

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91eaf303..f01e7e6e 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,9 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
-- Update to Wazuh v4.0.4
+- Update to [Wazuh v4.0.4](https://github.com/wazuh/wazuh/blob/v4.0.4/CHANGELOG.md#v404)
+
+- Support for new Wazuh API config options.
 
 - Add localfile labels to agent ossec.conf template ([@dragospe](https://github.com/dragospe)) [PR#521](https://github.com/wazuh/wazuh-ansible/pull/521)