Merge pull request #686 from wazuh/706-api-config

Api configuration options updated
2021-12-09 08:40:50 +01:00 · 2021-12-09 08:40:50 +01:00 · fd5054cac9
commit fd5054cac9
parent 3562feecb3 589fbebba6
8 changed files with 3 additions and 61 deletions
--- a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/molecule/distributed-wazuh-elk/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-elk/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/molecule/distributed-wazuh-odfe/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-odfe/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -47,7 +47,7 @@ nodejs:
 # Build from sources
 build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
+wazuh_plugin_branch: 4.3-7.10
 #Nodejs NODE_OPTIONS
 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -105,7 +105,7 @@ wazuh_agent_enrollment:
  agent_name: ''
  groups: ''
  agent_address: ''
-  ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+  ssl_ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
  server_ca_path: ''
  agent_certificate_path: ''
  agent_key_path: ''
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -388,7 +388,6 @@ wazuh_manager_api:
  https_cert: "api/configuration/ssl/server.crt"
  https_use_ca: False
  https_ca: "api/configuration/ssl/ca.crt"
  https_ssl_cipher: "TLSv1.2"
  logging_level: "info"
  logging_path: "logs/api.log"
  cors: no
@ -401,7 +400,6 @@ wazuh_manager_api:
  access_max_login_attempts: 5
  access_block_time: 300
  access_max_request_per_minute: 300
  use_only_authd: no
  drop_privileges: yes
  experimental_features: no
  remote_commands_localfile: yes
--- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
@ -2,7 +2,7 @@
 - name: Debian/Ubuntu | Remove Wazuh repository.
  apt_repository:
-    repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
+    repo: deb https://packages.wazuh.com/4.x/apt {{ ansible_distribution_release }} main
    state: absent
  changed_when: false
  when: ansible_os_family == "Debian"
--- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
@ -1,53 +0,0 @@
 # USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION
 host: {{ wazuh_manager_config.api.bind_addr }}
 port: {{ wazuh_manager_config.api.port }}
 # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
 behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }}
 #Advanced configuration
 https:
  enabled: {{ wazuh_manager_config.api.https }}
  key: "{{ wazuh_manager_config.api.https_key }}"
  cert: "{{ wazuh_manager_config.api.https_cert }}"
  use_ca: {{ wazuh_manager_config.api.https_use_ca }}
  ca: "{{ wazuh_manager_config.api.https_ca }}"
  ssl_cipher: "{{ wazuh_manager_config.api.https_ssl_cipher }}"
 # Logging configuration
 # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
 logs:
  level: "{{ wazuh_manager_config.api.logging_level }}"
  path: "{{ wazuh_manager_config.api.logging_path }}"
 # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
 cors:
  enabled: {{ wazuh_manager_config.api.cors }}
  source_route: "{{ wazuh_manager_config.api.cors_source_route }}"
  expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}"
  allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}"
  allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }}
 # Cache (time in seconds)
 cache:
  enabled: {{ wazuh_manager_config.api.cache }}
  time: {{ wazuh_manager_config.api.cache_time }}
 # Access parameters
 access:
  max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }}
  block_time: {{ wazuh_manager_config.api.access_block_time }}
  max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }}
 # Force the use of authd when adding and removing agents. Values: yes, no
 use_only_authd: {{ wazuh_manager_config.api.use_only_authd }}
 # Drop privileges (Run as ossec user)
 drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
 # Enable features under development
 experimental_features: {{ wazuh_manager_config.api.experimental_features }}
 # Enable remote commands
 remote_commands:
   localfile:
     enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
     exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
   wodle_command:
     enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
     exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}