diff --git a/CHANGELOG.md b/CHANGELOG.md index 1df47741..615f0229 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,12 @@ All notable changes to this project will be documented in this file. - Update to [Wazuh v4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480) +## [v4.7.5] + +### Added + +- Update to [Wazuh v4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475) + ## [v4.7.4] ### Added diff --git a/README.md b/README.md index e02ea312..577a4036 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb | v4.8.2 | | | | v4.8.1 | | | | v4.8.0 | | | +| v4.7.5 | | | | v4.7.4 | | | | v4.7.3 | | | | v4.7.2 | | | diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index aeefa605..a8015c35 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -22,7 +22,8 @@ filebeat_ssl_dir: /etc/pki/filebeat local_certs_path: "{{ playbook_dir }}/indexer/certificates" filebeatrepo: - apt: 'deb https://packages.wazuh.com/5.x/apt/ stable main' + keyring_path: '/usr/share/keyrings/wazuh.gpg' + apt: "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/5.x/apt/ stable main" yum: 'https://packages.wazuh.com/5.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' \ No newline at end of file + path: '/tmp/WAZUH-GPG-KEY' \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml index 638dbcff..7107b057 100644 --- a/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml +++ b/roles/wazuh/ansible-filebeat-oss/tasks/Debian.yml @@ -9,11 +9,20 @@ register: filebeat_ca_packages_install until: filebeat_ca_packages_install is succeeded -- name: Debian/Ubuntu | Add Elasticsearch apt key. - apt_key: +- name: Debian/Ubuntu | Download Filebeat apt key. + get_url: url: "{{ filebeatrepo.gpg }}" - id: "{{ filebeatrepo.key_id }}" - state: present + dest: "{{ filebeatrepo.path }}" + +- name: Import Filebeat GPG key + command: "gpg --no-default-keyring --keyring gnupg-ring:{{ filebeatrepo.keyring_path }} --import {{ filebeatrepo.path }}" + args: + creates: "{{ filebeatrepo.keyring_path }}" + +- name: Set permissions for Filebeat GPG key + file: + path: "{{ filebeatrepo.keyring_path }}" + mode: '0644' - name: Debian/Ubuntu | Add Filebeat-oss repository. apt_repository: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 372d895e..4d232711 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -38,10 +38,26 @@ - ansible_distribution_major_version | int == 14 - not wazuh_custom_packages_installation_agent_enabled -- name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: +- name: Debian/Ubuntu | Download Wazuh repository key + get_url: url: "{{ wazuh_agent_config.repo.gpg }}" - id: "{{ wazuh_agent_config.repo.key_id }}" + dest: "{{ wazuh_agent_config.repo.path }}" + when: + - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_custom_packages_installation_agent_enabled + +- name: Debian/Ubuntu | Import Wazuh GPG key + command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_agent_config.repo.keyring_path }} --import {{ wazuh_agent_config.repo.path }}" + when: + - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_custom_packages_installation_agent_enabled + args: + creates: "{{ wazuh_agent_config.repo.keyring_path }}" + +- name: Debian/Ubuntu | Set permissions for Wazuh GPG key + file: + path: "{{ wazuh_agent_config.repo.keyring_path }}" + mode: '0644' when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_agent_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 0c546b01..68b8e4ba 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -154,7 +154,7 @@ filebeat_ssl_dir: /etc/pki/filebeat wazuh_manager_vulnerability_detection: enabled: 'yes' - indexer_status: 'yes' + index_status: 'yes' feed_update_interval: '60m' wazuh_manager_indexer: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 87931b8a..347d5203 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -26,10 +26,26 @@ - ansible_distribution_major_version | int == 14 - not wazuh_custom_packages_installation_manager_enabled -- name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: +- name: Debian/Ubuntu | Download Wazuh repository key + get_url: url: "{{ wazuh_manager_config.repo.gpg }}" - id: "{{ wazuh_manager_config.repo.key_id }}" + dest: "{{ wazuh_manager_config.repo.path }}" + when: + - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_custom_packages_installation_manager_enabled + +- name: Debian/Ubuntu | Import Wazuh GPG key + command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}" + when: + - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) + - not wazuh_custom_packages_installation_manager_enabled + args: + creates: "{{ wazuh_manager_config.repo.keyring_path }}" + +- name: Debian/Ubuntu | Set permissions for Wazuh GPG key + file: + path: "{{ wazuh_manager_config.repo.keyring_path }}" + mode: '0644' when: - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - not wazuh_custom_packages_installation_manager_enabled diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index d0b33170..5fbc02bf 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -260,7 +260,7 @@ {{ wazuh_manager_config.vulnerability_detection.enabled }} - {{ wazuh_manager_config.vulnerability_detection.indexer_status }} + {{ wazuh_manager_config.vulnerability_detection.index_status }} {{ wazuh_manager_config.vulnerability_detection.feed_update_interval }} diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml index defc8c1a..f1ca4244 100644 --- a/roles/wazuh/vars/repo.yml +++ b/roles/wazuh/vars/repo.yml @@ -1,8 +1,9 @@ wazuh_repo: - apt: 'deb https://packages.wazuh.com/5.x/apt/ stable main' + keyring_path: '/usr/share/keyrings/wazuh.gpg' + apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/5.x/apt/ stable main' yum: 'https://packages.wazuh.com/5.x/yum/' gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + path: '/tmp/WAZUH-GPG-KEY' wazuh_winagent_config_url: "https://packages.wazuh.com/5.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_sha512_url: "https://packages.wazuh.com/5.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 1d87ee76..051b1117 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -1,8 +1,9 @@ wazuh_repo: - apt: 'deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main' + keyring_path: '/usr/share/keyrings/wazuh.gpg' + apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main' yum: 'https://packages-dev.wazuh.com/pre-release/yum/' gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + path: '/tmp/WAZUH-GPG-KEY' wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" @@ -10,7 +11,7 @@ filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" -wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}" +wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/pre-release/{{ wazuh_macos_intel_package_name }}" wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}" certs_gen_tool_version: 5.0 diff --git a/roles/wazuh/vars/repo_staging.yml b/roles/wazuh/vars/repo_staging.yml index 21008579..6efd565f 100644 --- a/roles/wazuh/vars/repo_staging.yml +++ b/roles/wazuh/vars/repo_staging.yml @@ -1,8 +1,9 @@ wazuh_repo: - apt: 'deb https://packages-dev.wazuh.com/staging/apt/ unstable main' + keyring_path: '/usr/share/keyrings/wazuh.gpg' + apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main' yum: 'https://packages-dev.wazuh.com/staging/yum/' gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' - key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145' + path: '/tmp/WAZUH-GPG-KEY' wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" diff --git a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml index 7525a10c..3f1f0c9d 100644 --- a/roles/wazuh/wazuh-dashboard/tasks/Debian.yml +++ b/roles/wazuh/wazuh-dashboard/tasks/Debian.yml @@ -2,10 +2,20 @@ - block: - include_vars: debian.yml - - name: Add apt repository signing key - apt_key: + - name: Download apt repository signing key + get_url: url: "{{ wazuh_repo.gpg }}" - state: present + dest: "{{ wazuh_repo.path }}" + + - name: Import Wazuh repository GPG key + command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}" + args: + creates: "{{ wazuh_repo.keyring_path }}" + + - name: Set permissions for Wazuh repository GPG key + file: + path: "{{ wazuh_repo.keyring_path }}" + mode: '0644' - name: Debian systems | Add Wazuh dashboard repo apt_repository: diff --git a/roles/wazuh/wazuh-indexer/tasks/Debian.yml b/roles/wazuh/wazuh-indexer/tasks/Debian.yml index 2c2b370b..a0c7329f 100644 --- a/roles/wazuh/wazuh-indexer/tasks/Debian.yml +++ b/roles/wazuh/wazuh-indexer/tasks/Debian.yml @@ -19,9 +19,19 @@ - name: Add Wazuh indexer repository block: - name: Add apt repository signing key - apt_key: + get_url: url: "{{ wazuh_repo.gpg }}" - state: present + dest: "{{ wazuh_repo.path }}" + + - name: Import Wazuh repository GPG key + command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import {{ wazuh_repo.path }}" + args: + creates: "{{ wazuh_repo.keyring_path }}" + + - name: Set permissions for Wazuh repository GPG key + file: + path: "{{ wazuh_repo.keyring_path }}" + mode: '0644' - name: Add Wazuh indexer repository apt_repository: