Merge pull request #415 from wazuh/wazuh-release-v3.12.3_7.6.2

Wazuh release v3.12.3 7.6.2

CHANGELOG.md

@@ -1,6 +1,19 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+
+## [v3.12.3_7.6.2]
+
+### Added
+
+- Update to Wazuh v3.12.2
+- AWS S3 block to template ([@limitup](https://github.com/limitup)) [PR#404](https://github.com/wazuh/wazuh-ansible/pull/413)
+
+### Changed
+
+- Update Kibana optimize task parameters and command ([@jm404](https://github.com/jm404)) [PR#404](https://github.com/wazuh/wazuh-ansible/pull/412)
+- Update Kibana optimize folder and owner ([@jm404](https://github.com/jm404)) [PR#404](https://github.com/wazuh/wazuh-ansible/pull/410)
+
 ## [v3.12.2_7.6.2]
 
 ### Added

roles/elastic-stack/ansible-kibana/defaults/main.yml

@@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
 elastic_stack_version: 7.6.2
-wazuh_version: 3.12.2
+wazuh_version: 3.12.3
 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
 
 elasticrepo:
@@ -50,4 +50,4 @@ build_from_sources: false
 wazuh_plugin_branch: 3.12-7.6
 
 #Nodejs NODE_OPTIONS
-node_options: --max-old-space-size=2048
+node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536

roles/elastic-stack/ansible-kibana/tasks/main.yml

@@ -136,7 +136,7 @@
     - not build_from_sources
 
 - name: Kibana optimization (can take a while)
-  shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize
+  shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli --optimize
   args:
     executable: /bin/bash
   become: yes

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-wazuh_agent_version: 3.12.2-1
+wazuh_agent_version: 3.12.3-1
 
 
 # Custom packages installation
@@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
 
 wazuh_agent_sources_installation:
   enabled: false
-  branch: "v3.12.2"
+  branch: "v3.12.3"
   user_language: "y"
   user_no_stop: "y"
   user_install_type: "agent"
@@ -63,9 +63,9 @@ wazuh_winagent_config:
   # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
   check_md5: True
-  md5: dc64c8bee53df0430e9e03e578ba334d
+  md5: 4ae4e930d3ae9d572b07cd9e7207d783
-wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.2-1.msi
+wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.3-1.msi
-wazuh_winagent_package_name: wazuh-agent-3.12.2-1.msi
+wazuh_winagent_package_name: wazuh-agent-3.12.3-1.msi
 wazuh_agent_config:
   repo:
     apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
@@ -86,7 +86,6 @@ wazuh_agent_config:
     frequency: 43200
     scan_on_start: 'yes'
     auto_ignore: 'no'
-    alert_new_files: 'yes'
     win_audit_interval: 60
     skip_nfs: 'yes'
     skip_dev: 'yes'

roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml

@@ -27,30 +27,14 @@
     - not wazuh_agent_sources_installation.enabled
     - not wazuh_custom_packages_installation_agent_enabled
 
-- name: RedHat/CentOS/Fedora | download Oracle Java RPM
+- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8
-  get_url:
+  yum: name=java-1.8.0-openjdk state=present
-    url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm
-    dest: /tmp/jre-8-linux-x64.rpm
-    headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
-  register: oracle_java_task_rpm_download
-  until: oracle_java_task_rpm_download is succeeded
   when:
     - wazuh_agent_config.cis_cat.disable == 'no'
     - wazuh_agent_config.cis_cat.install_java == 'yes'
   tags:
     - init
 
-- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
-  package: name=/tmp/jre-8-linux-x64.rpm state=present
-  register: wazuh_agent_java_package_install
-  until: wazuh_agent_java_package_install is succeeded
-  when:
-    - wazuh_agent_config.cis_cat.disable == 'no'
-    - wazuh_agent_config.cis_cat.install_java == 'yes'
-    - oracle_java_task_rpm_download is defined
-  tags:
-    - init
-
 - name: Set Distribution CIS filename for RHEL5
   set_fact:
     cis_distribution_filename: cis_rhel5_linux_rcl.txt

roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -201,7 +201,6 @@
   {% if wazuh_agent_config.syscheck is defined %}
   <syscheck>
     <disabled>no</disabled>
-  <!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
     <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
     {% if ansible_system == "Linux" %}
     <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-wazuh_manager_version: 3.12.2-1
+wazuh_manager_version: 3.12.3-1
 
 wazuh_manager_fqdn: "wazuh-server"
 wazuh_manager_package_state: present
@@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.
 # Sources installation
 wazuh_manager_sources_installation:
   enabled: false
-  branch: "v3.12.2"
+  branch: "v3.12.3"
   user_language: "en"
   user_no_stop: "y"
   user_install_type: "server"
@@ -40,7 +40,7 @@ wazuh_manager_sources_installation:
 
 wazuh_api_sources_installation:
   enabled: false
-  branch: "v3.12.2"
+  branch: "v3.12.3"
   update: "y"
   remove: "y"
   directory: null
@@ -152,7 +152,6 @@ wazuh_manager_config:
     frequency: 43200
     scan_on_start: 'yes'
     auto_ignore: 'no'
-    alert_new_files: 'yes'
     ignore:
       - /etc/mtab
       - /etc/hosts.deny
@@ -354,6 +353,29 @@ wazuh_manager_config:
     - server: null
       port: null
       format: null
+  integrations:
+    #slack
+    - name: null
+      hook_url: '<hook_url>'
+      alert_level: 10
+      alert_format: 'json'
+      rule_id: null
+    #pagerduty
+    - name: null
+      api_key: '<api_key>'
+      alert_level: 12
+  monitor_aws:
+    disabled: 'yes'
+    interval: '10m'
+    run_on_start: 'yes'
+    skip_on_error: 'yes'
+    s3:
+      - name: null
+        bucket_type: null
+        path: null
+        only_logs_after: null
+        access_key: null
+        secret_key: null
   labels:
     enable: false
     list:
@@ -366,7 +388,6 @@ wazuh_manager_config:
   #   syscheck:
   #     frequency: 43200
   #     scan_on_start: 'yes'
-  #     alert_new_files: 'yes'
   #     ignore:
   #       - /etc/mtab
   #       - /etc/mnttab
@@ -397,7 +418,6 @@ wazuh_manager_config:
   #     frequency: 43200
   #     scan_on_start: 'yes'
   #     auto_ignore: 'no'
-  #     alert_new_files: 'yes'
   #     windows_registry:
   #       - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
   #         arch: 'both'

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -294,7 +294,6 @@
   <!-- File integrity monitoring -->
   <syscheck>
     <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
-    <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
     <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
 
@@ -544,6 +543,55 @@
 {% endfor %}
 {% endif %}
 
+{% if wazuh_manager_config.integrations is defined %}
+{% for integration in wazuh_manager_config.integrations %}
+{% if integration.name is not none %}
+  <!-- Integration with {{ integration.name }} -->
+  <integration>
+    <name>{{ integration.name }}</name>
+    {% if integration.hook_url is defined %}
+    <hook_url>{{ integration.hook_url }}</hook_url>
+    {% endif %}
+    {% if integration.api_key is defined %}
+    <api_key>{{ integration.api_key }}</api_key>
+    {% endif %}
+    {% if integration.alert_format is defined %}
+    <alert_format>{{ integration.alert_format }}</alert_format>
+    {% endif %}
+    {% if integration.alert_level is defined %}
+    <level>{{ integration.alert_level }}</level>
+    {% endif %}
+    {% if integration.rule_id is defined %}
+    <rule_id>{{ integration.rule_id }}</rule_id>
+    {% endif %}
+  </integration>
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if monitor_aws is defined and monitor_aws.disabled == "no" %}
+  <!-- S3 -->
+  <wodle name="aws-s3">
+    <disabled>{{ monitor_aws.disabled }}</disabled>
+    <interval>{{ monitor_aws.interval }}</interval>
+    <run_on_start>{{ monitor_aws.run_on_start }}</run_on_start>
+    <skip_on_error>{{ monitor_aws.skip_on_error }}</skip_on_error>
+    {% for bucket in monitor_aws.s3 %}
+    <bucket type="{{ bucket.bucket_type }}">
+      <name>{{ bucket.name }}</name>
+      {% if bucket.path is defined %}
+      <path>{{ bucket.path }}</path>
+      {% endif %}
+      {% if bucket.only_logs_after is defined %}
+      <only_logs_after>{{ bucket.only_logs_after }}</only_logs_after>
+      {% endif %}
+      <access_key>{{ bucket.access_key }}</access_key>
+      <secret_key>{{ bucket.secret_key }}</secret_key>
+    </bucket>
+    {% endfor %}
+  </wodle>
+{% endif %}
+
 {% if wazuh_manager_config.labels.enable == true %}
   <labels>
   {% for label in wazuh_manager_config.labels.list %}

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2

@@ -7,7 +7,6 @@
     {% if agent_config.syscheck.auto_ignore is defined %}
     <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
     {% endif %}
-    <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
     <frequency>{{ agent_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ agent_config.syscheck.scan_on_start }}</scan_on_start>
 

wazuh-qa

@@ -0,0 +1 @@
+Subproject commit a20574168fedf0c3a69116866fc0d1a61062c21c