From 9aedbb0d54039c1dbab58d82a5693acf1361c874 Mon Sep 17 00:00:00 2001 From: Jesus Linares Date: Mon, 14 Jan 2019 03:31:54 -0500 Subject: [PATCH 01/18] Bump version: v3.8.0 - 3800 --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index b17912ec..bc0a1b1c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.7.2" -REVISION="3719" +WAZUH-ANSIBLE_VERSION="v3.8.0" +REVISION="3800" From ec556ca2a2d607070f5b8ebde2fe22a7f5432cf8 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:41:43 +0100 Subject: [PATCH 02/18] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7aa2db9f..e16ca84b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Change Log All notable changes to this project will be documented in this file. -## [v3.7.x] +## [v3.8.0] ### Added From 6a215bbde6bf0a9fe75dea22215df5d1c0907845 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:42:16 +0100 Subject: [PATCH 03/18] Bump version 3801 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bc0a1b1c..5d2adcde 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3800" +REVISION="3801" From c0c1f479b8436efdd4039bef6b09239ca312c24e Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:47:08 +0100 Subject: [PATCH 04/18] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e16ca84b..4a252077 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ All notable changes to this project will be documented in this file. - Fixes typos: The word credentials doesn't have two consecutive e's ([#130](https://github.com/wazuh/wazuh-ansible/pull/130)) - Fixed multiple remote connection ([#120](https://github.com/wazuh/wazuh-ansible/pull/120)) - Fixed null value for wazuh_manager_fqdn ([#132](https://github.com/wazuh/wazuh-ansible/pull/132)) +- Erasing extra spaces in playbooks ([#131](https://github.com/wazuh/wazuh-ansible/pull/131)) ## [v3.7.2] From 36f2b4fe04aafe813989d92ba4ea23a900b145a8 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:47:42 +0100 Subject: [PATCH 05/18] Bump version 3802 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 5d2adcde..99767f24 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3801" +REVISION="3802" From 5a4b2ba5f5011549646dc71046176865d7c30a26 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:50:52 +0100 Subject: [PATCH 06/18] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a252077..688e99bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,8 @@ All notable changes to this project will be documented in this file. ### Added - Added custom name for single agent registration ([#117](https://github.com/wazuh/wazuh-ansible/pull/117)) -- Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118)) +- Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118)) +- Added labels to ossec.conf ([#135](https://github.com/wazuh/wazuh-ansible/pull/135)) ### Changed From cff25aae5104639662207ebc431c7f5427d1cb9b Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:51:38 +0100 Subject: [PATCH 07/18] Bump version 3803 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 99767f24..38e38a9c 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3802" +REVISION="3803" From 5ef887c0bf665902555fb8aed4a4c03579d025f7 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:54:39 +0100 Subject: [PATCH 08/18] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 688e99bb..7abe1a71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,10 @@ All notable changes to this project will be documented in this file. - Fixed null value for wazuh_manager_fqdn ([#132](https://github.com/wazuh/wazuh-ansible/pull/132)) - Erasing extra spaces in playbooks ([#131](https://github.com/wazuh/wazuh-ansible/pull/131)) +### Removed + +- delete useless files from wazuh-manager role ([#137](https://github.com/wazuh/wazuh-ansible/pull/137)) + ## [v3.7.2] ### Changed From 43adee9c04f57e5022699b17828de916b8020f5f Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Mon, 14 Jan 2019 10:55:27 +0100 Subject: [PATCH 09/18] Bump version 3804 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 38e38a9c..b70c5861 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3803" +REVISION="3804" From 3e1fcda11b882c3ccbe46f84ca1a665d9a9b3073 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Mon, 14 Jan 2019 17:35:58 +0100 Subject: [PATCH 10/18] Update Slack link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a9e0d8f5..28f3d28b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Wazuh-Ansible -[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://goo.gl/forms/M2AoZC4b2R9A9Zy12) +[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/) [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) [![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com) [![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com) From 61260986c0316cec8631b5831175f48924b8b354 Mon Sep 17 00:00:00 2001 From: cadoming Date: Wed, 16 Jan 2019 16:16:06 +0000 Subject: [PATCH 11/18] fixed java path --- roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml | 2 +- roles/elastic-stack/ansible-logstash/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 2 +- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml index 13d5ffbb..f4da0303 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml @@ -3,7 +3,7 @@ block: - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: - url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm + url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm dest: /tmp/jre-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download diff --git a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml index 09e68d87..a5ad2cb3 100644 --- a/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml +++ b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml @@ -3,7 +3,7 @@ block: - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: - url: https://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jre-8u191-linux-x64.rpm + url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm dest: /tmp/jre-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8aebbda8..4ec27997 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -31,7 +31,7 @@ - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: - url: http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jre-8u171-linux-x64.rpm + url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm dest: /tmp/jre-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 27eea91b..e603508a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -96,7 +96,7 @@ - name: RedHat/CentOS/Fedora | download Oracle Java RPM get_url: - url: http://download.oracle.com/otn-pub/java/jdk/8u172-b11/a58eab1ec242421181065cdc37240b08/jre-8u172-linux-x64.rpm + url: https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jre-8u202-linux-x64.rpm dest: /tmp/jre-8-linux-x64.rpm headers: 'Cookie:oraclelicense=accept-securebackup-cookie' register: oracle_java_task_rpm_download From 949aa7f043c8e9f72c3ceaf8f23f972abadd6b74 Mon Sep 17 00:00:00 2001 From: cadoming Date: Thu, 17 Jan 2019 15:42:11 +0000 Subject: [PATCH 12/18] adapt new version (3.8.0-6.5.4) --- .../ansible-kibana/defaults/main.yml | 2 +- .../ansible-kibana/tasks/main.yml | 3 +- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-agent/tasks/Debian.yml | 4 +- .../ansible-wazuh-agent/tasks/RedHat.yml | 12 +- .../ansible-wazuh-agent/tasks/Windows.yml | 3 +- .../ansible-wazuh-manager/tasks/Debian.yml | 4 +- .../ansible-wazuh-manager/tasks/RedHat.yml | 8 +- .../ansible-wazuh-manager/tasks/main.yml | 19 - .../ansible-wazuh-manager/tasks/main.yml.save | 383 ++++++++++++++++++ 10 files changed, 403 insertions(+), 37 deletions(-) create mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 5ccbdbab..e4a61c07 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 -wazuh_version: 3.7.2 +wazuh_version: 3.8.0 diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index db85a112..c0dc824b 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,7 +46,8 @@ tags: install - name: Install Wazuh-APP (can take a while) - shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + #shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 42e13eec..52521a7d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.7.0' + version: '3.8.0' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477 diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index d8affe84..22a4210d 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 8aebbda8..29b0b632 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int > 5 @@ -13,8 +13,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 @@ -23,8 +23,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 913f2453..08bf1f14 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -23,7 +23,8 @@ - name: Windows | Downloading windows Wazuh agent installer win_get_url: dest: C:\wazuh-agent-installer.msi - url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" + url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi when: - correct_version is not defined diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index f2885345..6d8de4f0 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' + repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index 27eea91b..c83d3388 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -36,8 +36,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ + gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") @@ -46,8 +46,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://packages.wazuh.com/3.x/yum/5/ - gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH + baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ + gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index b1c6fcf2..f5c8ba3d 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -235,25 +235,6 @@ tags: - config -- name: Check if ossec-authd is enabled - shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: authd_enabled - tags: - - config - -- name: Enable ossec-authd - command: /var/ossec/bin/ossec-control enable auth - notify: restart wazuh-manager - when: - - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout - - wazuh_manager_config.authd.enable == true - tags: - - config - - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save new file mode 100644 index 00000000..26b5f5ac --- /dev/null +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save @@ -0,0 +1,383 @@ +--- +- import_tasks: "RedHat.yml" + when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") + +- import_tasks: "Debian.yml" + when: ansible_os_family == "Debian" + +- name: Install wazuh-manager, wazuh-api and expect + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - wazuh-api + - expect + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6' + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install wazuh-manager and expect (EL5) + package: pkg={{ item }} state=latest + with_items: + - wazuh-manager + - expect + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + tags: + - init + +- name: Generate SSL files for authd + command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" + args: + creates: sslmanager.cert + chdir: /var/ossec/etc/ + tags: + - config + when: not wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Copy CA, SSL key and cert for authd + copy: + src: "{{ item }}" + dest: "/var/ossec/etc/{{ item | basename }}" + mode: 0644 + with_items: + - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" + - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" + - "{{ wazuh_manager_config.authd.ssl_manager_key }}" + tags: + - config + when: wazuh_manager_config.authd.ssl_agent_ca is not none + +- name: Verifying for old init authd service + stat: path=/etc/init.d/ossec-authd + register: old_authd_service + tags: + - config + +- name: Verifying for old systemd authd service + stat: path=/lib/systemd/system/ossec-authd.service + register: old_authd_service + tags: + - config + +- name: Ensure ossec-authd service is disabled + service: name=ossec-authd enabled=no state=stopped + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Removing old init authd services + file: path="{{ item }}" state=absent + with_items: + - "/etc/init.d/ossec-authd" + - "/lib/systemd/system/ossec-authd.service" + when: old_authd_service.stat.exists == True + tags: + - config + +- name: Installing the local_rules.xml (default local_rules.xml) + template: src=var-ossec-rules-local_rules.xml.j2 + dest=/var/ossec/etc/rules/local_rules.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local rules files + copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" + dest=/var/ossec/etc/rules/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Installing the local_decoder.xml + template: src=var-ossec-rules-local_decoder.xml.j2 + dest=/var/ossec/etc/decoders/local_decoder.xml + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Adding local decoders files + copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" + dest=/var/ossec/etc/decoders/ + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + - rules + +- name: Configure the shared-agent.conf + template: + src: var-ossec-etc-shared-agent.conf.j2 + dest: /var/ossec/etc/shared/default/agent.conf + owner: ossec + group: ossec + mode: 0640 + validate: '/var/ossec/bin/verify-agent-conf -f %s' + notify: restart wazuh-manager + tags: + - init + - config + +- name: Installing the config.js (api configuration) + template: src=var-ossec-api-configuration-config.js.j2 + dest=/var/ossec/api/configuration/config.js + owner=root + group=ossec + mode=0740 + notify: restart wazuh-api + tags: + - init + - config + +- name: Installing the local_internal_options.conf + template: src=var-ossec-etc-local-internal-options.conf.j2 + dest=/var/ossec/etc/local_internal_options.conf + owner=root + group=ossec + mode=0640 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Retrieving Agentless Credentials + include_vars: agentless_creds.yml + tags: + - config + +- name: Retrieving authd Credentials + include_vars: authd_pass.yml + tags: + - config + +- name: Retrieving Wazuh-API User Credentials + include_vars: wazuh_api_creds.yml + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Retrieving CDB lists + include_vars: cdb_lists.yml + tags: + - config + +- name: Check if syslog output is enabled + set_fact: syslog_output=true + when: item.server is not none + with_items: + - "{{ wazuh_manager_config.syslog_outputs }}" + tags: + - config + +- name: Check if client-syslog is enabled + shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: csyslog_enabled + tags: + - config + +- name: Enable client-syslog + command: /var/ossec/bin/ossec-control enable client-syslog + notify: restart wazuh-manager + when: + - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout + - syslog_output is defined and syslog_output == true + tags: + - config + +- name: Check if ossec-agentlessd is enabled + shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" + args: + removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: agentlessd_enabled + tags: + - config + +- name: Enable ossec-agentlessd + command: /var/ossec/bin/ossec-control enable agentless + notify: restart wazuh-manager + when: + - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout + - agentless_creds is defined + tags: + - config + +#- name: Check if ossec-authd is enabled +# shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" + args: + @# removes: /var/ossec/bin/.process_list + changed_when: False + check_mode: no + register: authd_enabled + tags: + - config + +#- name: Enable ossec-authd +# command: /var/ossec/bin/ossec-control enable auth +# notify: restart wazuh-manager +# when: +# - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout +# - wazuh_manager_config.authd.enable == true +# tags: +# - config + +- name: Checking alert log output settings + fail: msg="Please enable json_output or alerts_log options." + when: + - wazuh_manager_config.json_output == 'no' + - wazuh_manager_config.alerts_log == 'no' + tags: + - init + - config + +- name: Linux | Vuls integration deploy (runs in background, can take a while) + command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} + args: + creates: /var/ossec/wodles/vuls/config.toml + async: 3600 + poll: 0 + when: + - wazuh_manager_config.vuls.disable != 'yes' + - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle' + tags: + - init + +- name: Configure ossec.conf + template: src=var-ossec-etc-ossec-server.conf.j2 + dest=/var/ossec/etc/ossec.conf + owner=root + group=ossec + mode=0644 + notify: restart wazuh-manager + tags: + - init + - config + +- name: Ossec-authd password + template: + src: authd_pass.j2 + dest: "/var/ossec/etc/authd.pass" + owner: ossec + group: ossec + mode: 0640 + no_log: true + notify: restart wazuh-manager + when: + - wazuh_manager_config.authd.use_password is defined + - wazuh_manager_config.authd.use_password == 'yes' + tags: + - config + +- name: Wazuh-API User + template: + src: api_user.j2 + dest: "/var/ossec/api/configuration/auth/user" + owner: root + group: root + mode: 0750 + no_log: true + notify: restart wazuh-api + when: + - wazuh_api_user is defined + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + tags: + - config + +- name: Agentless Hosts & Passwd + template: + src: agentless.j2 + dest: "/var/ossec/agentless/.passlist_tmp" + owner: root + group: root + mode: 0644 + no_log: true + when: agentless_creds is defined + tags: + - config + +- name: Encode the secret + shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp + when: agentless_creds is defined + tags: + - config + +- name: CDB Lists + template: + src: cdb_lists.j2 + dest: "/var/ossec/etc/lists/{{ item.name }}" + owner: root + group: ossec + mode: 0640 + no_log: true + notify: + - rebuild cdb_lists + - restart wazuh-manager + with_items: + - "{{ cdb_lists }}" + when: cdb_lists is defined + tags: + - config + +- name: Ensure Wazuh Manager, wazuh API service is started and enabled + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - wazuh-manager + - wazuh-api + tags: + - config + environment: + LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" + when: + - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) + +- name: Ensure Wazuh Manager is started and enabled (EL5) + service: + name: wazuh-manager + enabled: yes + state: started + tags: + - config + when: + - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 + +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- import_tasks: "RMDebian.yml" + when: ansible_os_family == "Debian" From d4b2de38de35a6cecd396b6f899f11ba77be1eb1 Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Thu, 17 Jan 2019 17:03:17 +0100 Subject: [PATCH 13/18] delete save file --- .../ansible-wazuh-manager/tasks/main.yml.save | 383 ------------------ 1 file changed, 383 deletions(-) delete mode 100644 roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save deleted file mode 100644 index 26b5f5ac..00000000 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml.save +++ /dev/null @@ -1,383 +0,0 @@ ---- -- import_tasks: "RedHat.yml" - when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - -- import_tasks: "Debian.yml" - when: ansible_os_family == "Debian" - -- name: Install wazuh-manager, wazuh-api and expect - package: pkg={{ item }} state=latest - with_items: - - wazuh-manager - - wazuh-api - - expect - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - init - -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6' - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install wazuh-manager and expect (EL5) - package: pkg={{ item }} state=latest - with_items: - - wazuh-manager - - expect - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 - tags: - - init - -- name: Generate SSL files for authd - command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" - args: - creates: sslmanager.cert - chdir: /var/ossec/etc/ - tags: - - config - when: not wazuh_manager_config.authd.ssl_agent_ca is not none - -- name: Copy CA, SSL key and cert for authd - copy: - src: "{{ item }}" - dest: "/var/ossec/etc/{{ item | basename }}" - mode: 0644 - with_items: - - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - - "{{ wazuh_manager_config.authd.ssl_manager_key }}" - tags: - - config - when: wazuh_manager_config.authd.ssl_agent_ca is not none - -- name: Verifying for old init authd service - stat: path=/etc/init.d/ossec-authd - register: old_authd_service - tags: - - config - -- name: Verifying for old systemd authd service - stat: path=/lib/systemd/system/ossec-authd.service - register: old_authd_service - tags: - - config - -- name: Ensure ossec-authd service is disabled - service: name=ossec-authd enabled=no state=stopped - when: old_authd_service.stat.exists == True - tags: - - config - -- name: Removing old init authd services - file: path="{{ item }}" state=absent - with_items: - - "/etc/init.d/ossec-authd" - - "/lib/systemd/system/ossec-authd.service" - when: old_authd_service.stat.exists == True - tags: - - config - -- name: Installing the local_rules.xml (default local_rules.xml) - template: src=var-ossec-rules-local_rules.xml.j2 - dest=/var/ossec/etc/rules/local_rules.xml - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Adding local rules files - copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" - dest=/var/ossec/etc/rules/ - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Installing the local_decoder.xml - template: src=var-ossec-rules-local_decoder.xml.j2 - dest=/var/ossec/etc/decoders/local_decoder.xml - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Adding local decoders files - copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" - dest=/var/ossec/etc/decoders/ - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - - rules - -- name: Configure the shared-agent.conf - template: - src: var-ossec-etc-shared-agent.conf.j2 - dest: /var/ossec/etc/shared/default/agent.conf - owner: ossec - group: ossec - mode: 0640 - validate: '/var/ossec/bin/verify-agent-conf -f %s' - notify: restart wazuh-manager - tags: - - init - - config - -- name: Installing the config.js (api configuration) - template: src=var-ossec-api-configuration-config.js.j2 - dest=/var/ossec/api/configuration/config.js - owner=root - group=ossec - mode=0740 - notify: restart wazuh-api - tags: - - init - - config - -- name: Installing the local_internal_options.conf - template: src=var-ossec-etc-local-internal-options.conf.j2 - dest=/var/ossec/etc/local_internal_options.conf - owner=root - group=ossec - mode=0640 - notify: restart wazuh-manager - tags: - - init - - config - -- name: Retrieving Agentless Credentials - include_vars: agentless_creds.yml - tags: - - config - -- name: Retrieving authd Credentials - include_vars: authd_pass.yml - tags: - - config - -- name: Retrieving Wazuh-API User Credentials - include_vars: wazuh_api_creds.yml - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - config - -- name: Retrieving CDB lists - include_vars: cdb_lists.yml - tags: - - config - -- name: Check if syslog output is enabled - set_fact: syslog_output=true - when: item.server is not none - with_items: - - "{{ wazuh_manager_config.syslog_outputs }}" - tags: - - config - -- name: Check if client-syslog is enabled - shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: csyslog_enabled - tags: - - config - -- name: Enable client-syslog - command: /var/ossec/bin/ossec-control enable client-syslog - notify: restart wazuh-manager - when: - - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - - syslog_output is defined and syslog_output == true - tags: - - config - -- name: Check if ossec-agentlessd is enabled - shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" - args: - removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: agentlessd_enabled - tags: - - config - -- name: Enable ossec-agentlessd - command: /var/ossec/bin/ossec-control enable agentless - notify: restart wazuh-manager - when: - - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - - agentless_creds is defined - tags: - - config - -#- name: Check if ossec-authd is enabled -# shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo" - args: - @# removes: /var/ossec/bin/.process_list - changed_when: False - check_mode: no - register: authd_enabled - tags: - - config - -#- name: Enable ossec-authd -# command: /var/ossec/bin/ossec-control enable auth -# notify: restart wazuh-manager -# when: -# - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout -# - wazuh_manager_config.authd.enable == true -# tags: -# - config - -- name: Checking alert log output settings - fail: msg="Please enable json_output or alerts_log options." - when: - - wazuh_manager_config.json_output == 'no' - - wazuh_manager_config.alerts_log == 'no' - tags: - - init - - config - -- name: Linux | Vuls integration deploy (runs in background, can take a while) - command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} - args: - creates: /var/ossec/wodles/vuls/config.toml - async: 3600 - poll: 0 - when: - - wazuh_manager_config.vuls.disable != 'yes' - - ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Oracle' - tags: - - init - -- name: Configure ossec.conf - template: src=var-ossec-etc-ossec-server.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 - notify: restart wazuh-manager - tags: - - init - - config - -- name: Ossec-authd password - template: - src: authd_pass.j2 - dest: "/var/ossec/etc/authd.pass" - owner: ossec - group: ossec - mode: 0640 - no_log: true - notify: restart wazuh-manager - when: - - wazuh_manager_config.authd.use_password is defined - - wazuh_manager_config.authd.use_password == 'yes' - tags: - - config - -- name: Wazuh-API User - template: - src: api_user.j2 - dest: "/var/ossec/api/configuration/auth/user" - owner: root - group: root - mode: 0750 - no_log: true - notify: restart wazuh-api - when: - - wazuh_api_user is defined - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - tags: - - config - -- name: Agentless Hosts & Passwd - template: - src: agentless.j2 - dest: "/var/ossec/agentless/.passlist_tmp" - owner: root - group: root - mode: 0644 - no_log: true - when: agentless_creds is defined - tags: - - config - -- name: Encode the secret - shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp - when: agentless_creds is defined - tags: - - config - -- name: CDB Lists - template: - src: cdb_lists.j2 - dest: "/var/ossec/etc/lists/{{ item.name }}" - owner: root - group: ossec - mode: 0640 - no_log: true - notify: - - rebuild cdb_lists - - restart wazuh-manager - with_items: - - "{{ cdb_lists }}" - when: cdb_lists is defined - tags: - - config - -- name: Ensure Wazuh Manager, wazuh API service is started and enabled - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - wazuh-manager - - wazuh-api - tags: - - config - environment: - LD_LIBRARY_PATH: "$LD_LIBRARY_PATH:/var/ossec/framework/lib" - when: - - not (( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 ) - -- name: Ensure Wazuh Manager is started and enabled (EL5) - service: - name: wazuh-manager - enabled: yes - state: started - tags: - - config - when: - - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version|int < 6 - -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- import_tasks: "RMDebian.yml" - when: ansible_os_family == "Debian" From c20c6952072fdb8771b21abecb82c77a8da819ac Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Thu, 17 Jan 2019 17:19:37 +0100 Subject: [PATCH 14/18] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7abe1a71..8b262e06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file. - Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116)) - move redundant tags to the outer block ([#133](https://github.com/wazuh/wazuh-ansible/pull/133)) +- Adapt new version (3.8.0-6.5.4) ([#144](https://github.com/wazuh/wazuh-ansible/pull/144)) ### Fixed From 37bfa5be179b45d611c29b86b94f593ea62e526c Mon Sep 17 00:00:00 2001 From: cadoming Date: Fri, 18 Jan 2019 15:11:40 +0000 Subject: [PATCH 15/18] 3.8 release --- roles/elastic-stack/ansible-kibana/tasks/main.yml | 3 +-- roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml | 12 ++++++------ roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 3 +-- roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml | 4 ++-- roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml | 8 ++++---- 6 files changed, 16 insertions(+), 18 deletions(-) diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index c0dc824b..db85a112 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -46,8 +46,7 @@ tags: install - name: Install Wazuh-APP (can take a while) - #shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" - shell: "/usr/share/kibana/bin/kibana-plugin install https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.8.0_6.5.4.zip" + shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" environment: NODE_OPTIONS: "--max-old-space-size=3072" args: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 22a4210d..d8affe84 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing repository key - apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' + repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml index 29b0b632..8aebbda8 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml @@ -3,8 +3,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int > 5 @@ -13,8 +13,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ - gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/5/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH-5 gpgcheck: yes when: - ansible_distribution_major_version|int == 5 @@ -23,8 +23,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index 08bf1f14..913f2453 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -23,8 +23,7 @@ - name: Windows | Downloading windows Wazuh agent installer win_get_url: dest: C:\wazuh-agent-installer.msi - #url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" - url: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.8/windows/wazuh-agent-3.8.0-0.3802.20190114T114149.branch38.commit04f4687.msi + url: "{{ wazuh_winagent_config.repo }}wazuh-agent-{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.msi" when: - correct_version is not defined diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 6d8de4f0..f2885345 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -9,11 +9,11 @@ - ca-certificates - name: Debian/Ubuntu | Installing Wazuh repository key - apt_key: url=https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH - name: Debian/Ubuntu | Add Wazuh repositories apt_repository: - repo: 'deb https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/apt/ unstable main' + repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main' state: present update_cache: yes diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index c83d3388..27eea91b 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -36,8 +36,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/ - gpgkey: https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") @@ -46,8 +46,8 @@ yum_repository: name: wazuh_repo description: Wazuh repository - baseurl: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/pre-release/yum/5/ - gpgkey: http://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/key/GPG-KEY-WAZUH + baseurl: https://packages.wazuh.com/3.x/yum/5/ + gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH gpgcheck: yes when: - ansible_distribution_major_version|int == 5 From 492d7ad288ba1b74f9d2e6b48201cd12c5512ecb Mon Sep 17 00:00:00 2001 From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com> Date: Fri, 18 Jan 2019 16:33:33 +0100 Subject: [PATCH 16/18] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7abe1a71..89711ea0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ All notable changes to this project will be documented in this file. - Fixed multiple remote connection ([#120](https://github.com/wazuh/wazuh-ansible/pull/120)) - Fixed null value for wazuh_manager_fqdn ([#132](https://github.com/wazuh/wazuh-ansible/pull/132)) - Erasing extra spaces in playbooks ([#131](https://github.com/wazuh/wazuh-ansible/pull/131)) +- Fixed oracle java cookies ([#143](https://github.com/wazuh/wazuh-ansible/pull/143)) ### Removed From 09ed90b74fc19a5861fa89bb5946315997e1e453 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Thu, 24 Jan 2019 12:50:06 +0100 Subject: [PATCH 17/18] Bump version 3.8.1 --- CHANGELOG.md | 2 ++ VERSION | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db70ddde..48ec6fac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # Change Log All notable changes to this project will be documented in this file. +## [v3.8.1] + ## [v3.8.0] ### Added diff --git a/VERSION b/VERSION index b70c5861..7d501c8d 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-ANSIBLE_VERSION="v3.8.0" -REVISION="3804" +WAZUH-ANSIBLE_VERSION="v3.8.1" +REVISION="3800" From a0b3fae9d214b30d32bdf27c456f2bad71393993 Mon Sep 17 00:00:00 2001 From: AlfonsoRBJ Date: Thu, 24 Jan 2019 15:09:45 +0100 Subject: [PATCH 18/18] Update to Wazuh version 3.8.1 (#148) --- CHANGELOG.md | 3 +++ roles/elastic-stack/ansible-kibana/defaults/main.yml | 2 +- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48ec6fac..54ee6666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file. ## [v3.8.1] +### Changed +- Update to Wazuh version v3.8.1. ([#148](https://github.com/wazuh/wazuh-ansible/pull/148)) + ## [v3.8.0] ### Added diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index e4a61c07..149a162c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -4,5 +4,5 @@ elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 6.5.4 -wazuh_version: 3.8.0 +wazuh_version: 3.8.1 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 52521a7d..e08b891d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -23,7 +23,7 @@ wazuh_winagent_config: install_dir_x86: 'C:\Program Files (x86)\ossec-agent\' auth_path: C:\'Program Files'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - version: '3.8.0' + version: '3.8.1' revision: '1' repo: https://packages.wazuh.com/3.x/windows/ md5: 43936e7bc7eb51bd186f47dac4a6f477