Merge pull request #537 from wazuh/release-4.0.4

Release 4.0.4
2021-01-15 14:18:45 +01:00 · 2021-01-15 14:18:45 +01:00 · dd99e03668
commit dd99e03668
parent c57bba81ee f479408d46
29 changed files with 117 additions and 70 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,30 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 ## [v4.0.4]
 ### Added
 - Update to [Wazuh v4.0.4](https://github.com/wazuh/wazuh/blob/v4.0.4/CHANGELOG.md#v404)
 - Support for new Wazuh API config options.
 - Add localfile labels to agent ossec.conf template ([@dragospe](https://github.com/dragospe)) [PR#521](https://github.com/wazuh/wazuh-ansible/pull/521)
 ### Changed
 - Please notice that default Kibana user in role defaults changed from `kibanaserver` to `admin`. See listed PRs below for details.
 ### Fixed
 - `create_user.py` generates invalid passwords ([@singuliere](https://github.com/singuliere)) [PR#519](https://github.com/wazuh/wazuh-ansible/pull/519)
 - Fix invalid Jinja2 syntax in centralized configuration template ([@kravietz](https://github.com/kravietz)) [PR#528](https://github.com/wazuh/wazuh-ansible/pull/528)
 - Replace default user for `opendistro-kibana` role ([@zenidd](https://github.com/zenidd)) [PR#529](https://github.com/wazuh/wazuh-ansible/pull/529)
 - Remove legacy declarations of `od_node_name` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei), [@dragospe](https://github.com/dragospe))  [PR#530](https://github.com/wazuh/wazuh-ansible/pull/530)
 - Add missing variable `elasticsearch_node_master` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#534](https://github.com/wazuh/wazuh-ansible/pull/534)
 - Add missing variable `elasticsearch_network_host` in `opendistro-elasticsearch` ([@neonmei](https://github.com/neonmei)) [PR#540](https://github.com/wazuh/wazuh-ansible/pull/540)
 ## [v4.0.3]
 ### Added
--- a/2
+++ b/2
@ -1,5 +1,5 @@
- Portions Copyright (C) 2020 Wazuh, Inc.
+ Portions Copyright (C) 2021 Wazuh, Inc.
 Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
 This program is a free software; you can redistribute it and/or modify
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
-| v4.0.3        | 7.9.3   | 1.11.0 |
+| v4.0.4        | 7.9.3   | 1.11.0 |
 ## Documentation
@ -357,7 +357,7 @@ https://github.com/dj-wasabi/ansible-ossec-server
 ## License and copyright
 WAZUH
-Copyright (C) 2016-2020 Wazuh Inc.  (License GPLv2)
+Copyright (C) 2016-2021 Wazuh Inc.  (License GPLv2)
 ## Web references
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def get_wazuh_version():
    """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 def test_wazuh_packages_are_installed(host):
--- a/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk-xpack/group_vars/all.yml
@ -18,11 +18,11 @@ elastic_stack_version: 7.9.3
 filebeat_version: 7.9.3
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
-wazuh_agent_version: 4.0.3-1
+wazuh_agent_version: 4.0.4-1
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 ########################################################
--- a/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
+++ b/molecule/distributed-wazuh-elk-xpack/tests/test_default.py
@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def get_wazuh_version():
    """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 def test_wazuh_packages_are_installed(host):
--- a/molecule/distributed-wazuh-elk/group_vars/all.yml
+++ b/molecule/distributed-wazuh-elk/group_vars/all.yml
@ -16,8 +16,8 @@ elastic_stack_version: 7.9.3
 filebeat_version: 7.9.3
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
-wazuh_agent_version: 4.0.3-1
+wazuh_agent_version: 4.0.4-1
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
--- a/molecule/distributed-wazuh-elk/tests/test_default.py
+++ b/molecule/distributed-wazuh-elk/tests/test_default.py
@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def get_wazuh_version():
    """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 def test_wazuh_packages_are_installed(host):
--- a/molecule/distributed-wazuh-odfe/group_vars/all.yml
+++ b/molecule/distributed-wazuh-odfe/group_vars/all.yml
@ -40,8 +40,8 @@ filebeat_version: 7.9.1
 kibana_opendistro_version: -1.11.0-1
 # Debian packages need the ${VERSION}-1
-wazuh_manager_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
-wazuh_agent_version: 4.0.3-1
+wazuh_agent_version: 4.0.4-1
 # Kibana role appends it automatically.
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
--- a/molecule/distributed-wazuh-odfe/tests/test_default.py
+++ b/molecule/distributed-wazuh-odfe/tests/test_default.py
@ -8,7 +8,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def get_wazuh_version():
    """This return the version of Wazuh."""
-    return "4.0.1"
+    return "4.0.4"
 def test_wazuh_packages_are_installed(host):
--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,6 +1,6 @@
 [tool.poetry]
 name = "wazuh-ansible"
-version = "4.0.2"
+version = "4.0.4"
 description = ""
 authors = ["neonmei <neonmei@pm.me>"]
--- a/roles/elastic-stack/ansible-elasticsearch/README.md
+++ b/roles/elastic-stack/ansible-elasticsearch/README.md
@ -12,7 +12,7 @@ This role will work on:
 * Fedora
 * Debian
 * Ubuntu
- 
+
 For the elasticsearch role with XPack security the `unzip` command must be available on the Ansible master.
 Role Variables
@ -134,7 +134,7 @@ It is possible to define users directly on the playbook, these must be defined o
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from geerlingguy
--- a/roles/elastic-stack/ansible-kibana/README.md
+++ b/roles/elastic-stack/ansible-kibana/README.md
@ -37,7 +37,7 @@ Example Playbook
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from geerlingguy
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -7,7 +7,7 @@ kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 kibana_conf_path: /etc/kibana
 elastic_stack_version: 7.9.3
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 elasticrepo:
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@ -5,8 +5,12 @@ opendistro_version: 1.11.0
 single_node: false
 elasticsearch_node_name: node-1
 opendistro_cluster_name: wazuh
 elasticsearch_network_host: '0.0.0.0'
 elasticsearch_node_master: true
 elasticsearch_node_data: true
 elasticsearch_node_ingest: true
 elasticsearch_lower_disk_requirements: false
 elasticsearch_cluster_nodes:
  - 127.0.0.1
--- a/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/security_actions.yml
@ -8,27 +8,6 @@
    - "{{ opendistro_conf_path }}/esnode.pem"
    - "{{ opendistro_conf_path }}/esnode-key.pem"
 - name: Configure node name
  block:
    - name: Setting node name (Elasticsearch)
      set_fact:
        od_node_name: "{{ elasticsearch_node_name }}"
      when:
        elasticsearch_node_name is defined and kibana_node_name is not defined
    - name: Setting node name (Kibana)
      set_fact:
        od_node_name: "{{ kibana_node_name }}"
      when:
        kibana_node_name is defined
    - name: Setting node name (Filebeat)
      set_fact:
        od_node_name: "{{ kibana_node_name }}"
      when:
        filebeat_node_name is defined
 - name: Configure IP (Private address)
  set_fact:
    target_address: "{{ hostvars[inventory_hostname]['private_ip'] }}"
@ -50,11 +29,11 @@
  with_items:
    - root-ca.pem
    - root-ca.key
-    - "{{ od_node_name }}.key"
+    - "{{ elasticsearch_node_name }}.key"
-    - "{{ od_node_name }}.pem"
+    - "{{ elasticsearch_node_name }}.pem"
-    - "{{ od_node_name }}_http.key"
+    - "{{ elasticsearch_node_name }}_http.key"
-    - "{{ od_node_name }}_http.pem"
+    - "{{ elasticsearch_node_name }}_http.pem"
-    - "{{ od_node_name }}_elasticsearch_config_snippet.yml"
+    - "{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml"
    - admin.key
    - admin.pem
@ -65,7 +44,7 @@
    insertafter: EOF
    marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
  vars:
-    snippet_path: '{{ local_certs_path }}/certs/{{ od_node_name }}_elasticsearch_config_snippet.yml'
+    snippet_path: '{{ local_certs_path }}/certs/{{ elasticsearch_node_name }}_elasticsearch_config_snippet.yml'
 - name: Prepare the OpenDistro security configuration file
  replace:
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ b/roles/opendistro/opendistro-kibana/defaults/main.yml
@ -10,7 +10,7 @@ kibana_server_port: "5601"
 kibana_server_name: "kibana"
 kibana_max_payload_bytes: 1048576
 elastic_stack_version: 7.9.1
-wazuh_version: 4.0.3
+wazuh_version: 4.0.4
 wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
 # The OpenDistro package repository
@ -41,7 +41,7 @@ kibana_telemetry_optin: "false"
 kibana_telemetry_enabled: "false"
 opendistro_admin_password: changeme
-opendistro_kibana_user: kibanaserver
+opendistro_kibana_user: admin
 opendistro_kibana_password: changeme
 local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
--- a/roles/wazuh/ansible-filebeat-oss/README.md
+++ b/roles/wazuh/ansible-filebeat-oss/README.md
@ -27,7 +27,7 @@ Available variables are listed below, along with default values (see `defaults/m
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from geerlingguy
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.9.1
-wazuh_template_branch: v4.0.3
+wazuh_template_branch: v4.0.4
 filebeat_output_elasticsearch_hosts:
  - "localhost:9200"
--- a/roles/wazuh/ansible-filebeat/README.md
+++ b/roles/wazuh/ansible-filebeat/README.md
@ -27,7 +27,7 @@ Available variables are listed below, along with default values (see `defaults/m
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from geerlingguy
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat/defaults/main.yml
@ -1,7 +1,7 @@
 ---
 filebeat_version: 7.9.3
-wazuh_template_branch: v4.0.3
+wazuh_template_branch: v4.0.4
 filebeat_create_config: true
--- a/roles/wazuh/ansible-wazuh-agent/README.md
+++ b/roles/wazuh/ansible-wazuh-agent/README.md
@ -47,7 +47,7 @@ The following is an example of how this role can be used:
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from dj-wasabi
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 4.0.3-1
+wazuh_agent_version: 4.0.4-1
 # Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 wazuh_agent_sources_installation:
  enabled: false
-  branch: "v4.0.3"
+  branch: "v4.0.4"
  user_language: "y"
  user_no_stop: "y"
  user_install_type: "agent"
@ -55,8 +55,8 @@ wazuh_winagent_config:
  auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
  check_md5: True
  md5: ac2a7f83cab1f8e217083965de7b0c84
-wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.3-1.msi
+wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi
-wazuh_winagent_package_name: wazuh-agent-4.0.3-1.msi
+wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi
 wazuh_agent_repo:
  apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@ -353,6 +353,11 @@
    {% endif %}
  {% else %}
    <location>{{ localfile.location }}</location>
    {% if localfile.format == 'json' %}
    {% for label in localfile.label %}
    <label key="{{ label.key }}">{{ label.value }}</label>
    {% endfor %}
    {% endif %}
    {% endif %}
  </localfile>
  {% endfor %}
@ -371,6 +376,11 @@
      {% endif %}
  {% else %}
      <location>{{ localfile.location }}</location>
      {% if localfile.format == 'json' %}
      {% for label in localfile.label %}
      <label key="{{ label.key }}">{{ label.value }}</label>
      {% endfor %}
      {% endif %}
  {% endif %}
  </localfile>
  {% endfor %}
@ -389,6 +399,11 @@
      {% endif %}
    {% else %}
      <location>{{ localfile.location }}</location>
      {% if localfile.format == 'json' %}
      {% for label in localfile.label %}
      <label key="{{ label.key }}">{{ label.value }}</label>
      {% endfor %}
      {% endif %}
  {% endif %}
  </localfile>
  {% endfor %}
@ -404,6 +419,11 @@
      <query>{{ localfile.query}}</query>
  {% else %}
      <location>{{ localfile.location }}</location>
      {% if localfile.format == 'json' %}
      {% for label in localfile.label %}
      <label key="{{ label.key }}">{{ label.value }}</label>
      {% endfor %}
      {% endif %}
  {% endif %}
  </localfile>
  {% endfor %}
--- a/roles/wazuh/ansible-wazuh-manager/README.md
+++ b/roles/wazuh/ansible-wazuh-manager/README.md
@ -218,7 +218,7 @@ Including an example of how to use your role (for instance, with variables passe
 License and copyright
 ---------------------
-WAZUH Copyright (C) 2020 Wazuh Inc. (License GPLv3)
+WAZUH Copyright (C) 2021 Wazuh Inc. (License GPLv3)
 ### Based on previous work from dj-wasabi
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 4.0.3-1
+wazuh_manager_version: 4.0.4-1
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
 # Sources installation
 wazuh_manager_sources_installation:
  enabled: false
-  branch: "v4.0.3"
+  branch: "v4.0.4"
  user_language: "en"
  user_no_stop: "y"
  user_install_type: "server"
@ -395,6 +395,7 @@ wazuh_manager_api:
  https_cert: "api/configuration/ssl/server.crt"
  https_use_ca: False
  https_ca: "api/configuration/ssl/ca.crt"
  https_ssl_cipher: "TLSv1.2"
  logging_level: "info"
  logging_path: "logs/api.log"
  cors: no
@ -410,7 +411,10 @@ wazuh_manager_api:
  use_only_authd: no
  drop_privileges: yes
  experimental_features: no
-
+  remote_commands_localfile: yes
  remote_commands_localfile_exceptions: []
  remote_commands_wodle: yes
  remote_commands_wodle_exceptions: []
 # wazuh_api_users:
 #   - username: custom-user
 #     password: .S3cur3Pa55w0rd*- # Must comply with requirements (8+ length, uppercase, lowercase, specials chars)
--- a/roles/wazuh/ansible-wazuh-manager/files/create_user.py
+++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py
@ -69,13 +69,20 @@ if __name__ == "__main__":
    # set a random password for all other users
    for name, id in initial_users.items():
        if name != username:
            specials = "@$!%*?&-_"
            random_pass = "".join(
                [
                    random.choice(string.ascii_uppercase),
                    random.choice(string.ascii_lowercase),
                    random.choice(string.digits),
                    random.choice(specials),
                ] +
                random.choices(
                    string.ascii_uppercase
                    + string.ascii_lowercase
                    + string.digits
-                    + "@$!%*?&-_",
+                    + specials,
-                    k=16,
+                    k=14,
                )
            )
            update_user(
--- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
@ -14,7 +14,7 @@
  cert: "{{ wazuh_manager_config.api.https_cert }}"
  use_ca: {{ wazuh_manager_config.api.https_use_ca }}
  ca: "{{ wazuh_manager_config.api.https_ca }}"
-
+  ssl_cipher: "{{ wazuh_manager_config.api.https_ssl_cipher }}"
 # Logging configuration
 # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
 logs:
@ -41,4 +41,13 @@
 # Drop privileges (Run as ossec user)
 drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
 # Enable features under development
- experimental_features: {{ wazuh_manager_config.api.experimental_features }}
+ experimental_features: {{ wazuh_manager_config.api.experimental_features }}
 # Enable remote commands
 remote_commands:
   localfile:
     enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
     exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
   wodle_command:
     enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
     exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@ -66,8 +66,8 @@
       {% endif %}
       {% endif %}
       {% if localfile.format == 'json' and localfile.labels is defined %}
-       {% for key, value in localfile.labels.items() %}
+       {% for item in localfile.labels %}
-       <label key="{{ key }}">{{ value }}</label>
+       <label key="{{ item.key }}">{{ item.value }}</label>
       {% endfor %}
       {% endif %}
       {% if localfile.target is defined %}
@ -93,7 +93,7 @@
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>{{ agent_config.rootcheck.frequency }}</frequency>
-    {% if agent_config.rootcheck.cis_distribution_filename is not none %}
+    {% if agent_config.rootcheck.cis_distribution_filename is defined %}
    <system_audit>/var/ossec/etc/shared/default/{{ agent_config.rootcheck.cis_distribution_filename }}</system_audit>
    {% endif %}
    <skip_nfs>yes</skip_nfs>