From 99f5403d5005adf7c7c075c457b396b26102cbf0 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Thu, 9 Jan 2020 11:10:30 +0100 Subject: [PATCH 1/5] Update templates for Python 3 compatibility --- .../templates/var-ossec-etc-ossec-server.conf.j2 | 6 +++--- .../templates/var-ossec-etc-shared-agent.conf.j2 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 99201c29..a3dcbb46 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -502,7 +502,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} @@ -540,7 +540,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} @@ -579,7 +579,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 index 77e64fbf..dd1c8d9a 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 @@ -68,7 +68,7 @@ {% endif %} {% endif %} {% if localfile.format == 'json' and localfile.labels is defined %} - {% for key, value in localfile.labels.iteritems() %} + {% for key, value in localfile.labels.items() %} {% endfor %} {% endif %} From d79a14de054a757a19944f31c703075fd0e3701d Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:30:53 +0100 Subject: [PATCH 2/5] Bump version to 3.11.2_7.5.1 --- VERSION | 4 ++-- roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 6 +++--- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/VERSION b/VERSION index 3961d05c..6d825ed6 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.11.1" -REVISION="31110" +WAZUH-ANSIBLE_VERSION="v3.11.2" +REVISION="31120" diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 486448d2..9b6ec2f3 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.5.1 -wazuh_version: 3.11.1 +wazuh_version: 3.11.2 wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp # API credentials diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 9db5406d..35992118 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,9 +1,9 @@ --- -wazuh_agent_version: 3.11.1-1 +wazuh_agent_version: 3.11.2-1 wazuh_agent_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" user_language: "y" user_no_stop: "y" user_install_type: "agent" @@ -51,7 +51,7 @@ wazuh_winagent_config: auth_path: C:\Program Files\ossec-agent\agent-auth.exe # Adding quotes to auth_path_x86 since win_shell outputs error otherwise auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.11.1' + version: '3.11.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 1e39c2ad032259cb9682c1eac3ac646a diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 638fa90b..1a7b841e 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,12 +1,12 @@ --- -wazuh_manager_version: 3.11.1-1 +wazuh_manager_version: 3.11.2-1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present wazuh_manager_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" user_language: "en" user_no_stop: "y" user_install_type: "server" @@ -31,7 +31,7 @@ wazuh_manager_sources_installation: wazuh_api_sources_installation: enabled: false - branch: "v3.11.1" + branch: "v3.11.2" update: "y" remove: "y" directory: null From 125af8cff3680a62b21200a170fcf136c64526e5 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:31:08 +0100 Subject: [PATCH 3/5] Update wazuh-elasticsearch.json template --- .../templates/elasticsearch.yml.j2 | 140 +++++++++++++++++- 1 file changed, 132 insertions(+), 8 deletions(-) diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 index 444cef06..88d50c3f 100644 --- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 @@ -162,6 +162,7 @@ "data.dstip", "data.dstport", "data.dstuser", + "data.extra_data", "data.hardware.serial", "data.id", "data.integration", @@ -291,10 +292,37 @@ "data.vulnerability.advisories", "data.vulnerability.bugzilla_reference", "data.vulnerability.cve", + "data.vulnerability.cvss.cvss2.base_score", + "data.vulnerability.cvss.cvss2.exploitability_score", + "data.vulnerability.cvss.cvss2.impact_score", + "data.vulnerability.cvss.cvss2.vector.access_complexity", + "data.vulnerability.cvss.cvss2.vector.attack_vector", + "data.vulnerability.cvss.cvss2.vector.authentication", + "data.vulnerability.cvss.cvss2.vector.availability", + "data.vulnerability.cvss.cvss2.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss2.vector.integrity_impact", + "data.vulnerability.cvss.cvss2.vector.privileges_required", + "data.vulnerability.cvss.cvss2.vector.scope", + "data.vulnerability.cvss.cvss2.vector.user_interaction", + "data.vulnerability.cvss.cvss3.base_score", + "data.vulnerability.cvss.cvss3.exploitability_score", + "data.vulnerability.cvss.cvss3.impact_score", + "data.vulnerability.cvss.cvss3.vector.access_complexity", + "data.vulnerability.cvss.cvss3.vector.attack_vector", + "data.vulnerability.cvss.cvss3.vector.authentication", + "data.vulnerability.cvss.cvss3.vector.availability", + "data.vulnerability.cvss.cvss3.vector.confidentiality_impact", + "data.vulnerability.cvss.cvss3.vector.integrity_impact", + "data.vulnerability.cvss.cvss3.vector.privileges_required", + "data.vulnerability.cvss.cvss3.vector.scope", + "data.vulnerability.cvss.cvss3.vector.user_interaction", "data.vulnerability.cwe_reference", + "data.vulnerability.package.architecture", "data.vulnerability.package.condition", + "data.vulnerability.package.generated_cpe", "data.vulnerability.package.name", "data.vulnerability.package.version", + "data.vulnerability.rationale", "data.vulnerability.reference", "data.vulnerability.severity", "data.vulnerability.state", @@ -372,6 +400,8 @@ "rule.id", "rule.info", "rule.pci_dss", + "rule.hipaa", + "rule.nist_800_53", "syscheck.audit.effective_user.id", "syscheck.audit.effective_user.name", "syscheck.audit.group.id", @@ -943,6 +973,9 @@ "data": { "type": "keyword" }, + "extra_data": { + "type": "keyword" + }, "system_name": { "type": "keyword" }, @@ -1531,14 +1564,93 @@ }, "cvss": { "properties": { - "cvss3_score": { - "type": "keyword" + "cvss2": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } }, - "cvss_score": { - "type": "keyword" - }, - "cvss_scoring_vector": { - "type": "keyword" + "cvss3": { + "properties": { + "base_score": { + "type": "keyword" + }, + "exploitability_score": { + "type": "keyword" + }, + "impact_score": { + "type": "keyword" + }, + "vector": { + "properties": { + "access_complexity": { + "type": "keyword" + }, + "attack_vector": { + "type": "keyword" + }, + "authentication": { + "type": "keyword" + }, + "availability": { + "type": "keyword" + }, + "confidentiality_impact": { + "type": "keyword" + }, + "integrity_impact": { + "type": "keyword" + }, + "privileges_required": { + "type": "keyword" + }, + "scope": { + "type": "keyword" + }, + "user_interaction": { + "type": "keyword" + } + } + } + } } } }, @@ -1547,9 +1659,15 @@ }, "package": { "properties": { + "architecture": { + "type": "keyword" + }, "condition": { "type": "keyword" }, + "generated_cpe": { + "type": "keyword" + }, "name": { "type": "keyword" }, @@ -1561,6 +1679,12 @@ "published": { "type": "date" }, + "updated": { + "type": "date" + }, + "rationale": { + "type": "keyword" + }, "reference": { "type": "keyword" }, @@ -1673,4 +1797,4 @@ } }, "version": 1 -} \ No newline at end of file +} From 7f86bbe76529daa3e8687cd6f7305821b5ddac3a Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 13:33:54 +0100 Subject: [PATCH 4/5] Update CHANGELOG.md --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09f505e9..cd521303 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.11.2_7.5.1] + +### Added + +- Update to Wazuh v3.11.2 + +### Changed + +- Update templates for Python 3 compatibility ([@xr09](https://github.com/xr09)) [PR#344](https://github.com/wazuh/wazuh-ansible/pull/344) + ## [v3.11.1_7.5.1] ### Added From 94095c88c9439e344998b545d9e6014244e4a327 Mon Sep 17 00:00:00 2001 From: Jose M Date: Wed, 22 Jan 2020 15:14:56 +0100 Subject: [PATCH 5/5] Bump MD5 hash for Windows Agent --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 35992118..22db8c9d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -54,7 +54,7 @@ wazuh_winagent_config: version: '3.11.2' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ - md5: 1e39c2ad032259cb9682c1eac3ac646a + md5: 9b6e57054353e31f449ce61bf3695271 wazuh_agent_config: repo: apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'