Merge pull request #686 from wazuh/706-api-config

Api configuration options updated
2021-12-09 08:40:50 +01:00 · 2021-12-09 08:40:50 +01:00 · fd5054cac9
commit fd5054cac9
parent 3562feecb3 589fbebba6
8 changed files with 3 additions and 61 deletions
--- a/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-elk-xpack/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
-    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/molecule/distributed-wazuh-elk/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-elk/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
-    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/molecule/distributed-wazuh-odfe/group_vars/agents.yml
+++ b/molecule/distributed-wazuh-odfe/group_vars/agents.yml
@ -8,7 +8,6 @@ wazuh_agent_config:
    agent_name: '{{ ansible_hostname }}'
    #groups: ''
    #agent_address: ''
-    #ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
    #server_ca_path: ''
    #agent_certificate_path: ''
    #agent_key_path: ''
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@ -47,7 +47,7 @@ nodejs:

 # Build from sources
 build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
+wazuh_plugin_branch: 4.3-7.10

 #Nodejs NODE_OPTIONS
 node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@ -105,7 +105,7 @@ wazuh_agent_enrollment:
  agent_name: ''
  groups: ''
  agent_address: ''
-  ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+  ssl_ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
  server_ca_path: ''
  agent_certificate_path: ''
  agent_key_path: ''
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -388,7 +388,6 @@ wazuh_manager_api:
  https_cert: "api/configuration/ssl/server.crt"
  https_use_ca: False
  https_ca: "api/configuration/ssl/ca.crt"
-  https_ssl_cipher: "TLSv1.2"
  logging_level: "info"
  logging_path: "logs/api.log"
  cors: no
@ -401,7 +400,6 @@ wazuh_manager_api:
  access_max_login_attempts: 5
  access_block_time: 300
  access_max_request_per_minute: 300
-  use_only_authd: no
  drop_privileges: yes
  experimental_features: no
  remote_commands_localfile: yes
--- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
@ -2,7 +2,7 @@

 - name: Debian/Ubuntu | Remove Wazuh repository.
  apt_repository:
-    repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
+    repo: deb https://packages.wazuh.com/4.x/apt {{ ansible_distribution_release }} main
    state: absent
  changed_when: false
  when: ansible_os_family == "Debian"
--- a/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/api.yaml.j2
@ -1,53 +0,0 @@
-# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION
-
- host: {{ wazuh_manager_config.api.bind_addr }}
- port: {{ wazuh_manager_config.api.port }}
-
-# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
-
- behind_proxy_server: {{ wazuh_manager_config.api.behind_proxy_server }}
-#Advanced configuration
-
- https:
-  enabled: {{ wazuh_manager_config.api.https }}
-  key: "{{ wazuh_manager_config.api.https_key }}"
-  cert: "{{ wazuh_manager_config.api.https_cert }}"
-  use_ca: {{ wazuh_manager_config.api.https_use_ca }}
-  ca: "{{ wazuh_manager_config.api.https_ca }}"
-  ssl_cipher: "{{ wazuh_manager_config.api.https_ssl_cipher }}"
-# Logging configuration
-# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
- logs:
-  level: "{{ wazuh_manager_config.api.logging_level }}"
-  path: "{{ wazuh_manager_config.api.logging_path }}"
-# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
- cors:
-  enabled: {{ wazuh_manager_config.api.cors }}
-  source_route: "{{ wazuh_manager_config.api.cors_source_route }}"
-  expose_headers: "{{ wazuh_manager_config.api.cors_expose_headers }}"
-  allow_headers: "{{ wazuh_manager_config.api.cors_allow_headers }}"
-  allow_credentials: {{ wazuh_manager_config.api.cors_allow_credentials }}
-# Cache (time in seconds)
- cache:
-  enabled: {{ wazuh_manager_config.api.cache }}
-  time: {{ wazuh_manager_config.api.cache_time }}
-# Access parameters
- access:
-  max_login_attempts: {{ wazuh_manager_config.api.access_max_login_attempts }}
-  block_time: {{ wazuh_manager_config.api.access_block_time }}
-  max_request_per_minute: {{ wazuh_manager_config.api.access_max_request_per_minute }}
-# Force the use of authd when adding and removing agents. Values: yes, no
- use_only_authd: {{ wazuh_manager_config.api.use_only_authd }}
-# Drop privileges (Run as ossec user)
- drop_privileges: {{ wazuh_manager_config.api.drop_privileges }}
-# Enable features under development
- experimental_features: {{ wazuh_manager_config.api.experimental_features }}
-
-# Enable remote commands
- remote_commands:
-   localfile:
-     enabled: {{ wazuh_manager_config.api.remote_commands_localfile }}
-     exceptions: {{ wazuh_manager_config.api.remote_commands_localfile_exceptions }}
-   wodle_command:
-     enabled: {{ wazuh_manager_config.api.remote_commands_wodle }}
-     exceptions: {{ wazuh_manager_config.api.remote_commands_wodle_exceptions }}