diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91e5916b6..194502fcc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,18 @@
# Change Log
All notable changes to this project will be documented in this file.
+## [v4.6.0]
+
+### Added
+
+- Update to [Wazuh v4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
+
+## [v4.5.0]
+
+### Added
+
+- Update to [Wazuh v4.5.0](https://github.com/wazuh/wazuh/blob/v4.5.0/CHANGELOG.md#v450)
+
## [v4.4.0]
### Added
diff --git a/README.md b/README.md
index d39315555..d793bd74a 100644
--- a/README.md
+++ b/README.md
@@ -16,8 +16,11 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| Wazuh version | Elastic | ODFE |
|---------------|---------|--------|
+| v4.6.0 | | |
+| v4.5.0 | | |
| v4.4.0 | | |
| v4.3.10 | | |
+| v4.4.0 | | |
| v4.3.9 | | |
| v4.3.8 | | |
| v4.3.7 | | |
diff --git a/VERSION b/VERSION
index 50f0ba7fb..a434bd262 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.4.0"
-REVISION="40400"
+WAZUH-ANSIBLE_VERSION="v4.6.0"
+REVISION="40600"
diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
deleted file mode 100644
index 9edcf5d48..000000000
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-kibana_node_name: node-1
-
-elasticsearch_http_port: "9200"
-elasticsearch_network_host: "127.0.0.1"
-kibana_server_host: "0.0.0.0"
-kibana_server_port: "5601"
-kibana_conf_path: /etc/kibana
-elastic_stack_version: 7.10.2
-wazuh_version: 4.4.0
-wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
-
-elasticrepo:
- apt: 'https://artifacts.elastic.co/packages/7.x/apt'
- yum: 'https://artifacts.elastic.co/packages/7.x/yum'
- gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
-
-# API credentials
-wazuh_api_credentials:
- - id: "default"
- url: "https://localhost"
- port: 55000
- username: "wazuh"
- password: "wazuh"
-
-# Xpack Security
-kibana_xpack_security: false
-kibana_ssl_verification_mode: "full"
-
-elasticsearch_xpack_security_user: elastic
-elasticsearch_xpack_security_password: elastic_pass
-
-node_certs_destination: /etc/kibana/certs
-
-# CA Generation
-master_certs_path: "{{ playbook_dir }}/es_certs"
-generate_CA: true
-ca_cert_name: ""
-
-# Nodejs
-nodejs:
- repo_dict:
- debian: "deb"
- redhat: "rpm"
- repo_url_ext: "nodesource.com/setup_10.x"
-
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
-
-#Nodejs NODE_OPTIONS
-node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml b/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml
deleted file mode 100644
index 5b4908445..000000000
--- a/roles/opendistro/opendistro-elasticsearch/tasks/Debian.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-
----
-
-- name: Update cache
- apt:
- update_cache: yes
-
-- name: Debian 9 (Stretch)
- when: (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "9")
- block:
-
- - name: Install OpenDistro dependencies
- apt:
- name: [
- 'unzip', 'wget', 'curl', 'apt-transport-https', software-properties-common
- ]
- state: present
-
- - name: Add the repository key for Debian's Stretch Backports repository
- ansible.builtin.apt_key:
- keyserver: keyserver.ubuntu.com
- id: 648ACFD622F3D138
-
- - name: Add openjdk repository
- apt_repository:
- repo: "{{ package_repos.apt.openjdk.baseurl }}"
- state: present
- update_cache: yes
- filename: 'wazuh-openjdk'
-
-- name: Install openjdk-11-jdk
- apt:
- name: openjdk-11-jdk
- state: present
- environment:
- JAVA_HOME: /usr
-
-- name: Add Opendistro repository
- block:
- - name: Add apt repository signing key
- apt_key:
- url: "{{ package_repos.apt.opendistro.gpg }}"
- state: present
-
- - name: Add Opendistro repository
- apt_repository:
- repo: "{{ package_repos.apt.opendistro.baseurl }}"
- state: present
- filename: 'wazuh-opendistro'
- update_cache: yes
-
-- name: Install OpenDistro
- apt:
- name: opendistroforelasticsearch={{ opendistro_version }}-1
- state: present
- register: install
- tags: install
\ No newline at end of file
diff --git a/roles/opendistro/opendistro-kibana/defaults/main.yml b/roles/opendistro/opendistro-kibana/defaults/main.yml
deleted file mode 100644
index ce5eb14b8..000000000
--- a/roles/opendistro/opendistro-kibana/defaults/main.yml
+++ /dev/null
@@ -1,60 +0,0 @@
----
-
-# Kibana configuration
-elasticsearch_http_port: 9200
-elastic_api_protocol: https
-kibana_conf_path: /etc/kibana
-kibana_node_name: node-1
-kibana_server_host: "0.0.0.0"
-kibana_server_port: "5601"
-kibana_server_name: "kibana"
-kibana_max_payload_bytes: 1048576
-elastic_stack_version: 7.10.2
-wazuh_version: 4.4.0
-wazuh_app_url: https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana
-
-# The OpenDistro package repository
-kibana_opendistro_version: 1.13.2-1 # Version includes the - for RedHat family compatibility, replace with = for Debian hosts
-
-package_repos:
- yum:
- opendistro:
- baseurl: 'https://packages.wazuh.com/4.x/yum/'
- gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
- apt:
- opendistro:
- baseurl: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
- gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-
-# API credentials
-wazuh_api_credentials:
- - id: "default"
- url: "https://localhost"
- port: 55000
- username: "wazuh"
- password: "wazuh"
-
-# opendistro Security
-kibana_opendistro_security: true
-kibana_newsfeed_enabled: "false"
-kibana_telemetry_optin: "false"
-kibana_telemetry_enabled: "false"
-
-opendistro_admin_password: changeme
-opendistro_kibana_user: kibanaserver
-opendistro_kibana_password: changeme
-local_certs_path: "{{ playbook_dir }}/opendistro/certificates"
-
-# Nodejs
-nodejs:
- repo_dict:
- debian: "deb"
- redhat: "rpm"
- repo_url_ext: "nodesource.com/setup_10.x"
-
-# Build from sources
-build_from_sources: false
-wazuh_plugin_branch: 4.1-7.10
-
-#Nodejs NODE_OPTIONS
-node_options: --no-warnings --max-old-space-size=2048 --max-http-header-size=65536
diff --git a/roles/opendistro/opendistro-kibana/tasks/main.yml b/roles/opendistro/opendistro-kibana/tasks/main.yml
deleted file mode 100755
index acfd1f908..000000000
--- a/roles/opendistro/opendistro-kibana/tasks/main.yml
+++ /dev/null
@@ -1,124 +0,0 @@
----
-
-- name: Stopping early, trying to compile Wazuh Kibana Plugin on Debian 10 is not possible
- fail:
- msg: "It's not possible to compile the Wazuh Kibana plugin on Debian 10 due to: https://github.com/wazuh/wazuh-kibana-app/issues/1924"
- when:
- - build_from_sources
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "10"
-
-- import_tasks: RedHat.yml
- when: ansible_os_family == 'RedHat'
-
-- import_tasks: Debian.yml
- when: ansible_os_family == 'Debian'
-
-- name: Remove Kibana configuration file
- file:
- # noqa 503
- path: "{{ kibana_conf_path }}/kibana.yml"
- state: absent
- tags: install
-
-- import_tasks: security_actions.yml
-
-- name: Copy Configuration File
- blockinfile:
- block: "{{ lookup('template', 'opendistro_kibana.yml.j2') }}"
- dest: "{{ kibana_conf_path }}/kibana.yml"
- create: true
- group: kibana
- owner: kibana
- mode: 0640
- marker: "## {mark} Kibana general settings ##"
- notify: restart kibana
- tags:
- - install
- - configure
-
-- name: Ensuring Kibana directory owner
- file:
- # noqa 208
- path: "/usr/share/kibana"
- state: directory
- owner: kibana
- group: kibana
- recurse: yes
-
-- name: Build and Install Wazuh Kibana Plugin from sources
- import_tasks: build_wazuh_plugin.yml
- when:
- - build_from_sources is defined
- - build_from_sources
-
-- name: Install Wazuh Plugin (can take a while)
- shell: >-
- NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
- {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}-1.zip
- args:
- executable: /bin/bash
- creates: /usr/share/kibana/plugins/wazuh/package.json
- chdir: /usr/share/kibana
- become: yes
- become_user: kibana
- notify: restart kibana
- tags:
- - install
- - skip_ansible_lint
- when:
- - not build_from_sources
-
-- name: Kibana optimization (can take a while)
- shell: /usr/share/kibana/node/bin/node {{ node_options }} /usr/share/kibana/src/cli/cli.js --optimize -c {{ kibana_conf_path }}/kibana.yml
- args:
- executable: /bin/bash
- become: yes
- become_user: kibana
- changed_when: false
- tags:
- - skip_ansible_lint
-
-- name: Wait for Elasticsearch port
- wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
-
-- name: Select correct API protocol
- set_fact:
- elastic_api_protocol: "{% if kibana_opendistro_security is defined and kibana_opendistro_security %}https{% else %}http{% endif %}"
-
-- name: Attempting to delete legacy Wazuh index if exists
- uri:
- url: "{{ elastic_api_protocol }}://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}/.wazuh"
- method: DELETE
- user: "admin"
- password: "{{ opendistro_admin_password }}"
- validate_certs: no
- status_code: 200, 404
-
-- name: Create wazuh plugin config directory
- file:
- path: /usr/share/kibana/data/wazuh/config/
- state: directory
- recurse: yes
- owner: kibana
- group: kibana
- mode: 0751
- changed_when: False
-
-- name: Configure Wazuh Kibana Plugin
- template:
- src: wazuh.yml.j2
- dest: /usr/share/kibana/data/wazuh/config/wazuh.yml
- owner: kibana
- group: kibana
- mode: 0751
- changed_when: False
-
-- name: Ensure Kibana started and enabled
- service:
- name: kibana
- enabled: true
- state: started
-
-- import_tasks: RMRedHat.yml
- when: ansible_os_family == 'RedHat'
diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
deleted file mode 100644
index ee21f1c1f..000000000
--- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-- block:
-
- - name: Copy the certificates from local to the Kibana instance
- copy:
- src: "{{ local_certs_path }}/certs/{{ item }}"
- dest: /usr/share/kibana
- mode: 0644
- with_items:
- - "root-ca.pem"
- - "{{ kibana_node_name }}_http.key"
- - "{{ kibana_node_name }}_http.pem"
- tags:
- - security
diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
index eb90b20a4..fcaf6739b 100644
--- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml
@@ -1,7 +1,7 @@
---
filebeat_version: 7.10.2
-wazuh_template_branch: 4.4
+wazuh_template_branch: 4.6
filebeat_node_name: node-1
diff --git a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml
index f86de14bf..4e9c6f48d 100644
--- a/roles/wazuh/ansible-filebeat-oss/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat-oss/tasks/main.yml
@@ -1,9 +1,9 @@
---
- include_tasks: RedHat.yml
- when: ansible_os_family == 'RedHat'
+ when: ansible_facts.os_family == 'RedHat'
- include_tasks: Debian.yml
- when: ansible_os_family == 'Debian'
+ when: ansible_facts.os_family == 'Debian'
- name: Install Filebeat | Redhat
yum:
@@ -13,7 +13,7 @@
tags:
- install
- init
- when: ansible_os_family == 'RedHat'
+ when: ansible_facts.os_family == 'RedHat'
- name: Install Filebeat | Debian
apt:
@@ -23,7 +23,7 @@
tags:
- install
- init
- when: ansible_os_family == 'Debian'
+ when: ansible_facts.os_family == 'Debian'
- name: Checking if Filebeat Module folder file exists
stat:
@@ -72,7 +72,7 @@
enabled: true
- include_tasks: "RMRedHat.yml"
- when: ansible_os_family == "RedHat"
+ when: ansible_facts.os_family == "RedHat"
- include_tasks: "RMDebian.yml"
- when: ansible_os_family == "Debian"
+ when: ansible_facts.os_family == "Debian"
diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
deleted file mode 100644
index 6c048fbf1..000000000
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-filebeat_version: 7.10.2
-
-wazuh_template_branch: v4.4.0
-
-filebeat_create_config: true
-
-filebeat_node_name: node-1
-
-filebeat_output_elasticsearch_hosts:
- - "localhost:9200"
-
-filebeat_module_package_url: https://packages.wazuh.com/4.x/filebeat
-filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
-filebeat_module_package_path: /tmp/
-filebeat_module_destination: /usr/share/filebeat/module
-filebeat_module_folder: /usr/share/filebeat/module/wazuh
-
-# Xpack Security
-filebeat_xpack_security: false
-
-elasticsearch_xpack_security_user: elastic
-elasticsearch_xpack_security_password: elastic_pass
-
-node_certs_destination: /etc/filebeat/certs
-
-# CA Generation
-master_certs_path: "{{ playbook_dir }}/es_certs"
-generate_CA: true
-ca_cert_name: ""
-
-elasticrepo:
- apt: 'https://artifacts.elastic.co/packages/7.x/apt'
- yum: 'https://artifacts.elastic.co/packages/7.x/yum'
- gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
- key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 7b3335ef3..bde0c580c 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -1,6 +1,5 @@
---
-
-wazuh_agent_version: 4.4.0
+wazuh_agent_version: 4.6.0
# Custom packages installation
@@ -12,7 +11,7 @@ wazuh_custom_packages_installation_agent_rpm_url: ""
wazuh_agent_sources_installation:
enabled: false
- branch: "v4.4.0"
+ branch: "v4.6.0"
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index 1c9af6380..b200a1899 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -16,7 +16,7 @@
state: present
register: wazuh_agent_ca_package_install
until: wazuh_agent_ca_package_install is succeeded
- when: not (ansible_distribution == "Debian" and ansible_distribution_major_version in ['11'])
+ when: not (ansible_facts.distribution == "Debian" and ansible_facts.distribution_major_version in ['11'])
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
become: true
@@ -28,8 +28,8 @@
executable: /bin/bash
changed_when: false
when:
- - ansible_distribution == "Ubuntu"
- - ansible_distribution_major_version | int == 14
+ - ansible_facts.distribution == "Ubuntu"
+ - ansible_facts.distribution_major_version | int == 14
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
@@ -38,7 +38,7 @@
url: "{{ wazuh_agent_config.repo.gpg }}"
id: "{{ wazuh_agent_config.repo.key_id }}"
when:
- - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+ - not (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
@@ -55,7 +55,7 @@
- name: Debian/Ubuntu | Set Distribution CIS filename for debian
set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt
- when: ansible_os_family == "Debian"
+ when: ansible_facts.os_family == "Debian"
- name: Debian/Ubuntu | Install OpenJDK-8 repo
apt_repository:
@@ -63,7 +63,7 @@
state: present
update_cache: true
when:
- - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+ - (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
- when:
- wazuh_agent_config.cis_cat.disable == 'no'
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 99913e7b4..7c49725a1 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -1,9 +1,9 @@
---
- include_tasks: "RedHat.yml"
- when: ansible_os_family == "RedHat"
+ when: ansible_facts.os_family == "RedHat"
- include_tasks: "Debian.yml"
- when: ansible_os_family == "Debian"
+ when: ansible_facts.os_family == "Debian"
- include_tasks: "installation_from_sources.yml"
when:
@@ -19,7 +19,7 @@
state: present
lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
tags:
@@ -31,7 +31,7 @@
state: present
cache_valid_time: 3600
when:
- - ansible_os_family|lower != "redhat"
+ - ansible_facts.os_family|lower != "redhat"
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
- not ansible_check_mode
@@ -270,10 +270,10 @@
- include_tasks: "RMRedHat.yml"
when:
- - ansible_os_family == "RedHat"
+ - ansible_facts.os_family == "RedHat"
- not wazuh_agent_sources_installation.enabled
- include_tasks: "RMDebian.yml"
when:
- - ansible_os_family == "Debian"
+ - ansible_facts.os_family == "Debian"
- not wazuh_agent_sources_installation.enabled
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
index 17d97c96b..faec9686e 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
@@ -8,8 +8,8 @@
gpgcheck: true
changed_when: false
when:
- - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- - (ansible_distribution_major_version|int <= 5)
+ - (ansible_facts['os_family']|lower == 'redhat') and (ansible_facts.distribution|lower != 'amazon')
+ - (ansible_facts.distribution_major_version|int <= 5)
- not wazuh_agent_sources_installation.enabled
- not wazuh_custom_packages_installation_agent_enabled
register: repo_v5_installed
@@ -38,26 +38,26 @@
- name: Set Distribution CIS filename for RHEL5
set_fact:
cis_distribution_filename: cis_rhel5_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5"
+ when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == "5"
- name: Set Distribution CIS filename for RHEL6
set_fact:
cis_distribution_filename: cis_rhel6_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"
+ when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == "6"
- name: Set Distribution CIS filename for RHEL7
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version == "7"
+ - ansible_facts.os_family == "RedHat"
+ - ansible_facts.distribution_major_version == "7"
- name: Set Distribution CIS filename for RHEL7 (Amazon)
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when:
- - ansible_distribution == "Amazon"
- - ansible_distribution_major_version == "NA"
+ - ansible_facts.distribution == "Amazon"
+ - ansible_facts.distribution_major_version == "NA"
- name: RedHat/CentOS/RedHat | Install openscap
package: name=openscap-scanner state=present
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml
index aa50004f6..fc5f40064 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_custom_packages.yml
@@ -4,7 +4,7 @@
deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}"
state: present
when:
- - ansible_os_family|lower == "debian"
+ - ansible_facts.os_family|lower == "debian"
- wazuh_custom_packages_installation_agent_enabled
- name: Install Wazuh Agent from .rpm packages | yum
@@ -12,17 +12,17 @@
name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
state: present
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- wazuh_custom_packages_installation_agent_enabled
- - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
- - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
+ - not (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8")
+ - not (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
- name: Install Wazuh Agent from .rpm packages | dnf
dnf:
name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}"
state: present
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- wazuh_custom_packages_installation_agent_enabled
- - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
- (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
\ No newline at end of file
+ - (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8") or
+ (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
index fbfecd5b2..052069bb5 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
@@ -25,7 +25,7 @@
name:
- policycoreutils-python
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
@@ -34,7 +34,7 @@
- curl
- policycoreutils
when:
- - ansible_os_family|lower == "debian"
+ - ansible_facts.os_family|lower == "debian"
- name: Download required packages from github.com/wazuh/wazuh
get_url:
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
index d12446b1b..7bcc09f68 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
@@ -19,7 +19,7 @@
when: wazuh_agent_config_overlay | bool
- include_tasks: "Windows.yml"
- when: ansible_os_family == "Windows"
+ when: ansible_facts.os_family == "Windows"
- include_tasks: "Linux.yml"
- when: ansible_system == "Linux"
+ when: ansible_facts.system == "Linux"
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 8eef3d1da..408108882 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -24,9 +24,9 @@
{% endfor %}
{% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %}
- {% if ansible_distribution == 'CentOS' %}
+ {% if ansible_facts.distribution == 'CentOS' %}
{{ wazuh_profile_centos }}
- {% elif ansible_distribution == "Ubuntu" %}
+ {% elif ansible_facts.distribution == "Ubuntu" %}
{{ wazuh_profile_ubuntu }}
{% endif %}
{% endif %}
@@ -91,7 +91,7 @@
{% if wazuh_agent_config.rootcheck is defined %}
no
- {% if ansible_system == "Linux" %}
+ {% if ansible_facts.system == "Linux" %}
yes
yes
yes
@@ -107,7 +107,7 @@
{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt
yes
{% endif %}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
./shared/win_applications_rcl.txt
./shared/win_malware_rcl.txt
{% endif %}
@@ -116,61 +116,61 @@
{% endif %}
- {% if ansible_system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %}
+ {% if ansible_facts.system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %}
{{ wazuh_agent_config.openscap.disable }}
{{ wazuh_agent_config.openscap.timeout }}
{{ wazuh_agent_config.openscap.interval }}
{{ wazuh_agent_config.openscap.scan_on_start }}
- {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
+ {% if ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_release == 'xenial' %}
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution == 'Debian' %}
- {% if ansible_distribution_release == 'jessie' %}
+ {% elif ansible_facts.distribution == 'Debian' %}
+ {% if ansible_facts.distribution_release == 'jessie' %}
{% if openscap_version_valid.stdout == "0" %}
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% elif ansible_distribution_release == 'stretch' %}
+ {% elif ansible_facts.distribution_release == 'stretch' %}
{% endif %}
- {% elif ansible_distribution == 'CentOS' %}
- {% if ansible_distribution_major_version == '8' %}
+ {% elif ansible_facts.distribution == 'CentOS' %}
+ {% if ansible_facts.distribution_major_version == '8' %}
{# Policy not available #}
- {% elif ansible_distribution_major_version == '7' %}
+ {% elif ansible_facts.distribution_major_version == '7' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% elif ansible_distribution == 'RedHat' %}
- {% if ansible_distribution_major_version == '8' %}
+ {% elif ansible_facts.distribution == 'RedHat' %}
+ {% if ansible_facts.distribution_major_version == '8' %}
{# Policy not available #}
- {% elif ansible_distribution_major_version == '7' %}
+ {% elif ansible_facts.distribution_major_version == '7' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% if ansible_distribution_major_version == '7' %}
+ {% if ansible_facts.distribution_major_version == '7' %}
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
{% endif %}
- {% elif ansible_distribution == 'Fedora' %}
+ {% elif ansible_facts.distribution == 'Fedora' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
@@ -184,25 +184,25 @@
{{ wazuh_agent_config.cis_cat.timeout }}
{{ wazuh_agent_config.cis_cat.interval }}
{{ wazuh_agent_config.cis_cat.scan_on_start }}
- {% if wazuh_agent_config.cis_cat.install_java == 'yes' and ansible_system == "Linux" %}
+ {% if wazuh_agent_config.cis_cat.install_java == 'yes' and ansible_facts.system == "Linux" %}
/usr/bin
- {% elif ansible_os_family == "Windows" %}
+ {% elif ansible_facts.os_family == "Windows" %}
{{ wazuh_agent_config.cis_cat.java_path_win }}
{% else %}
{{ wazuh_agent_config.cis_cat.java_path }}
{% endif %}
- {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}
+ {% if ansible_facts.os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}
{{ wazuh_agent_config.osquery.disable }}
{{ wazuh_agent_config.osquery.run_daemon }}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
{{ wazuh_agent_config.osquery.bin_path_win }}
{% endif %}
- {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.log_path_win }}{% else %}{{ wazuh_agent_config.osquery.log_path }}{% endif %}
- {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.config_path_win }}{% else %}{{ wazuh_agent_config.osquery.config_path }}{% endif %}
+ {% if ansible_facts.os_family == "Windows" %}{{ wazuh_agent_config.osquery.log_path_win }}{% else %}{{ wazuh_agent_config.osquery.log_path }}{% endif %}
+ {% if ansible_facts.os_family == "Windows" %}{{ wazuh_agent_config.osquery.config_path_win }}{% else %}{{ wazuh_agent_config.osquery.config_path }}{% endif %}
{{ wazuh_agent_config.osquery.add_labels }}
@@ -249,10 +249,10 @@
no
{{ wazuh_agent_config.syscheck.frequency }}
- {% if ansible_system == "Linux" %}
+ {% if ansible_facts.system == "Linux" %}
{{ wazuh_agent_config.syscheck.scan_on_start }}
- {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
+ {% if wazuh_agent_config.syscheck.directories is defined and ansible_facts.system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
{{ directory.dirs }}
{% endfor %}
@@ -260,14 +260,14 @@
{% endif %}
- {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %}
+ {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_facts.os_family == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
{{ directory.dirs }}
{% endfor %}
{% endif %}
- {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
+ {% if wazuh_agent_config.syscheck.ignore is defined and ansible_facts.system == "Linux" %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
{{ ignore }}
{% endfor %}
@@ -280,13 +280,13 @@
{% endfor %}
{% endif %}
- {% if wazuh_agent_config.syscheck.ignore is defined and ansible_os_family == "Windows" %}
+ {% if wazuh_agent_config.syscheck.ignore is defined and ansible_facts.os_family == "Windows" %}
{% for ignore in wazuh_agent_config.syscheck.ignore_win %}
{{ ignore }}
{% endfor %}
{% endif %}
- {% if ansible_system == "Linux" %}
+ {% if ansible_facts.system == "Linux" %}
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
{{ no_diff }}
@@ -298,7 +298,7 @@
{{ wazuh_agent_config.syscheck.skip_sys }}
{% endif %}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %}
{{ registry_key.key }}
@@ -308,7 +308,7 @@
{% endfor %}
{% endif %}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
{% if registry_key.type is defined %}
{{ registry_key.key }}
@@ -318,7 +318,7 @@
{% endfor %}
{% endif %}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
{{ wazuh_agent_config.syscheck.win_audit_interval }}
{% endif %}
@@ -340,7 +340,7 @@
{% endif %}
- {% if ansible_system == "Linux" %}
+ {% if ansible_facts.system == "Linux" %}
{% for localfile in wazuh_agent_config.localfiles.linux %}
@@ -363,7 +363,7 @@
{% endfor %}
{% endif %}
- {% if ansible_os_family == "Debian" %}
+ {% if ansible_facts.os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %}
@@ -386,7 +386,7 @@
{% endfor %}
{% endif %}
- {% if ansible_os_family == "RedHat" %}
+ {% if ansible_facts.os_family == "RedHat" %}
{% for localfile in wazuh_agent_config.localfiles.centos %}
@@ -409,7 +409,7 @@
{% endfor %}
{% endif %}
- {% if ansible_os_family == "Windows" %}
+ {% if ansible_facts.os_family == "Windows" %}
{% for localfile in wazuh_agent_config.localfiles.windows %}
@@ -439,7 +439,7 @@
{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}
- {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}
+ {% if ansible_facts.os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}
{{ wazuh_agent_config.active_response.ca_verification }}
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 74172080e..93b0aba70 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -1,6 +1,5 @@
---
-
-wazuh_manager_version: 4.4.0
+wazuh_manager_version: 4.6.0
wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present
@@ -13,7 +12,7 @@ wazuh_custom_packages_installation_manager_rpm_url: "https://s3-us-west-1.amazon
# Sources installation
wazuh_manager_sources_installation:
enabled: false
- branch: "v4.4.0"
+ branch: "v4.6.0"
user_language: "en"
user_no_stop: "y"
user_install_type: "server"
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index 1079f8d20..188169db1 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -22,8 +22,8 @@
executable: /bin/bash
changed_when: false
when:
- - ansible_distribution == "Ubuntu"
- - ansible_distribution_major_version | int == 14
+ - ansible_facts.distribution == "Ubuntu"
+ - ansible_facts.distribution_major_version | int == 14
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
@@ -32,7 +32,7 @@
url: "{{ wazuh_manager_config.repo.gpg }}"
id: "{{ wazuh_manager_config.repo.key_id }}"
when:
- - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+ - not (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
@@ -57,7 +57,7 @@
state: present
update_cache: true
when:
- - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
+ - (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version | int == 14)
- when:
- wazuh_manager_config.cis_cat.disable == 'no'
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index b873b0211..0f0cf5f39 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -8,8 +8,8 @@
gpgcheck: true
changed_when: false
when:
- - (ansible_os_family|lower == 'redhat') and (ansible_distribution|lower != 'amazon')
- - (ansible_distribution_major_version|int <= 5)
+ - (ansible_facts.os_family|lower == 'redhat') and (ansible_facts.distribution|lower != 'amazon')
+ - (ansible_facts.distribution_major_version|int <= 5)
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
register: repo_v5_manager_installed
@@ -35,15 +35,15 @@
until: wazuh_manager_openscp_packages_installed is succeeded
tags:
- init
- when: not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA") and
- not (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
+ when: not (ansible_facts.distribution == "Amazon" and ansible_facts.distribution_major_version == "NA") and
+ not (ansible_facts.distribution == "CentOS" and ansible_facts.distribution_major_version == "8")
- name: CentOS 6 | Install Software Collections (SCL) Repository
package: name=centos-release-scl state=present
register: wazuh_manager_scl_packages_installed
until: wazuh_manager_scl_packages_installed is succeeded
when:
- - ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
+ - ansible_facts.distribution == 'CentOS' and ansible_facts.distribution_major_version == '6'
- wazuh_manager_config.cluster.disable != 'yes'
- name: RedHat 6 | Enabling Red Hat Software Collections (RHSCL)
@@ -52,7 +52,7 @@
- rhui-REGION-rhel-server-rhscl
- rhel-server-rhscl-6-rpms
when:
- - ansible_distribution == 'RedHat' and ansible_distribution_major_version == '6'
+ - ansible_facts.distribution == 'RedHat' and ansible_facts.distribution_major_version == '6'
- wazuh_manager_config.cluster.disable != 'yes'
- name: CentOS/RedHat 6 | Install Python 2.7
@@ -60,7 +60,7 @@
register: wazuh_manager_python_package_installed
until: wazuh_manager_python_package_installed is succeeded
when:
- - ( ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ) and ansible_distribution_major_version == '6'
+ - ( ansible_facts.distribution == 'CentOS' or ansible_facts.distribution == 'RedHat' ) and ansible_facts.distribution_major_version == '6'
- wazuh_manager_config.cluster.disable != 'yes'
- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8
@@ -74,24 +74,24 @@
- name: Set Distribution CIS filename for RHEL5/CentOS-5
set_fact:
cis_distribution_filename: cis_rhel5_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '5'
+ when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == '5'
- name: Set Distribution CIS filename for RHEL6/CentOS-6
set_fact:
cis_distribution_filename: cis_rhel6_linux_rcl.txt
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '6'
+ when: ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == '6'
- name: Set Distribution CIS filename for RHEL7/CentOS-7
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when:
- - ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'
+ - ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version == '7'
- name: Set Distribution CIS filename for RHEL7/CentOS-7 (Amazon)
set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt
when:
- - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA"
+ - ansible_facts.distribution == "Amazon" and ansible_facts.distribution_major_version == "NA"
- name: Install dependencies to build from sources
yum:
@@ -106,7 +106,7 @@
register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- not wazuh_manager_sources_installation.enabled
- not wazuh_custom_packages_installation_manager_enabled
tags:
@@ -126,7 +126,7 @@
regexp: 'echo -n "Starting Wazuh-manager: "'
replace: "echo -n \"Starting Wazuh-manager (EL6): \"; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:{{ wazuh_dir }}/framework/lib"
when:
- - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6
+ - ansible_facts.distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_facts.distribution_major_version|int == 6
- wazuh_manager_config.cluster.disable != 'yes'
- name: Install expect (EL5)
@@ -138,7 +138,7 @@
register: wazuh_manager_main_packages_installed
until: wazuh_manager_main_packages_installed is succeeded
when:
- - ansible_os_family|lower == "RedHat"
- - ansible_distribution_major_version|int < 6
+ - ansible_facts.os_family|lower == "RedHat"
+ - ansible_facts.distribution_major_version|int < 6
tags:
- init
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
index e238ad0f2..b72dd2ebc 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_custom_packages.yml
@@ -7,7 +7,7 @@
when:
- wazuh_custom_packages_installation_manager_enabled
when:
- - ansible_os_family|lower == "debian"
+ - ansible_facts.os_family|lower == "debian"
- block:
- name: Install Wazuh Manager from .rpm packages | yum
@@ -16,8 +16,8 @@
state: present
when:
- wazuh_custom_packages_installation_manager_enabled
- - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8")
- - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
+ - not (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8")
+ - not (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
- name: Install Wazuh Manager from .rpm packages | dnf
dnf:
@@ -25,7 +25,7 @@
state: present
when:
- wazuh_custom_packages_installation_manager_enabled
- - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or
- (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8")
+ - (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version >= "8") or
+ (ansible_facts.distribution|lower == "redhat" and ansible_facts.distribution_major_version >= "8")
when:
- - ansible_os_family|lower == "redhat"
\ No newline at end of file
+ - ansible_facts.os_family|lower == "redhat"
\ No newline at end of file
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
index 74818bc55..498ea8dab 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
@@ -36,7 +36,7 @@
name:
- policycoreutils-python
when:
- - ansible_os_family|lower == "redhat"
+ - ansible_facts.os_family|lower == "redhat"
- name: Installing policycoreutils-python-utils (Debian families)
package:
@@ -45,7 +45,7 @@
- curl
- policycoreutils
when:
- - ansible_os_family|lower == "debian"
+ - ansible_facts.os_family|lower == "debian"
- name: Remove old repository folder
file:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 57ee132dc..2edd42e43 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -28,18 +28,18 @@
when: wazuh_manager_config_overlay | bool
- include_tasks: "RedHat.yml"
- when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon")
+ when: (ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version|int > 5) or (ansible_facts.os_family == "RedHat" and ansible_facts.distribution == "Amazon")
- include_tasks: "Debian.yml"
- when: ansible_os_family == "Debian"
+ when: ansible_facts.os_family == "Debian"
- name: Install expect
package:
name: expect
state: "{{ wazuh_manager_package_state }}"
when:
- - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) and
- not (ansible_distribution|lower == "centos" and ansible_distribution_major_version|int == 8)
+ - not (ansible_facts.os_family|lower == "redhat" and ansible_facts.distribution_major_version|int < 6) and
+ not (ansible_facts.distribution|lower == "centos" and ansible_facts.distribution_major_version|int == 8)
tags: init
- name: Generate SSL files for authd
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
index 824e69268..29f82fd2f 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/uninstall.yml
@@ -5,11 +5,11 @@
repo: "{{ wazuh_manager_config.repo.apt }}"
state: absent
changed_when: false
- when: ansible_os_family == "Debian"
+ when: ansible_facts.os_family == "Debian"
- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
yum_repository:
name: wazuh_repo
state: absent
changed_when: false
- when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon"
+ when: ansible_facts.os_family == "RedHat" or ansible_facts.os_family == "Amazon"
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index cf87a44cc..7cba2ee54 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -136,61 +136,61 @@
yes
- {% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
+ {% if ansible_facts.system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
no
{{ wazuh_manager_config.openscap.timeout }}
{{ wazuh_manager_config.openscap.interval }}
{{ wazuh_manager_config.openscap.scan_on_start }}
- {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
+ {% if ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_release == 'xenial' %}
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution == 'Debian' %}
- {% if ansible_distribution_release == 'jessie' %}
+ {% elif ansible_facts.distribution == 'Debian' %}
+ {% if ansible_facts.distribution_release == 'jessie' %}
{% if openscap_version_valid.stdout == "0" %}
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% elif ansible_distribution_release == 'stretch' %}
+ {% elif ansible_facts.distribution_release == 'stretch' %}
{% endif %}
- {% elif ansible_distribution == 'CentOS' %}
- {% if ansible_distribution_major_version == '8' %}
+ {% elif ansible_facts.distribution == 'CentOS' %}
+ {% if ansible_facts.distribution_major_version == '8' %}
{# Policy not available #}
- {% elif ansible_distribution_major_version == '7' %}
+ {% elif ansible_facts.distribution_major_version == '7' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% elif ansible_distribution == 'RedHat' %}
- {% if ansible_distribution_major_version == '8' %}
+ {% elif ansible_facts.distribution == 'RedHat' %}
+ {% if ansible_facts.distribution_major_version == '8' %}
{# Policy not available #}
- {% elif ansible_distribution_major_version == '7' %}
+ {% elif ansible_facts.distribution_major_version == '7' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
{% endif %}
- {% if ansible_distribution_major_version == '7' %}
+ {% if ansible_facts.distribution_major_version == '7' %}
- {% elif ansible_distribution_major_version == '6' %}
+ {% elif ansible_facts.distribution_major_version == '6' %}
{% endif %}
- {% elif ansible_distribution == 'Fedora' %}
+ {% elif ansible_facts.distribution == 'Fedora' %}
xccdf_org.ssgproject.content_profile_pci-dss
xccdf_org.ssgproject.content_profile_common
@@ -440,7 +440,7 @@
{% endfor %}
-{% if ansible_os_family == "Debian" %}
+{% if ansible_facts.os_family == "Debian" %}
{% for localfile in wazuh_manager_config.localfiles.debian %}
@@ -479,7 +479,7 @@
{% endfor %}
{% endif -%}
-{% if ansible_os_family == "RedHat" %}
+{% if ansible_facts.os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %}
diff --git a/roles/wazuh/vars/repo.yml b/roles/wazuh/vars/repo.yml
index d4c0d3116..d8e761fb5 100644
--- a/roles/wazuh/vars/repo.yml
+++ b/roles/wazuh/vars/repo.yml
@@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-certs_gen_tool_version: 4.4
+certs_gen_tool_version: 4.6
# Url of certificates generator tool
certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
\ No newline at end of file
diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml
index 76a04f17d..e5aaec252 100644
--- a/roles/wazuh/vars/repo_pre-release.yml
+++ b/roles/wazuh/vars/repo_pre-release.yml
@@ -6,7 +6,7 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
-certs_gen_tool_version: 4.4
+certs_gen_tool_version: 4.6
# Url of certificates generator tool
certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh"
\ No newline at end of file
diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml
index 25ed85636..d0523d723 100644
--- a/roles/wazuh/wazuh-dashboard/defaults/main.yml
+++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml
@@ -8,12 +8,12 @@ dashboard_node_name: node-1
dashboard_server_host: "0.0.0.0"
dashboard_server_port: "443"
dashboard_server_name: "dashboard"
-wazuh_version: 4.4.0
+wazuh_version: 4.6.0
indexer_cluster_nodes:
- 127.0.0.1
# The Wazuh dashboard package repository
-dashboard_version: "4.4.0"
+dashboard_version: "4.6.0"
# API credentials
wazuh_api_credentials:
diff --git a/roles/wazuh/wazuh-dashboard/tasks/main.yml b/roles/wazuh/wazuh-dashboard/tasks/main.yml
index 3f3fa665a..3e5b60188 100755
--- a/roles/wazuh/wazuh-dashboard/tasks/main.yml
+++ b/roles/wazuh/wazuh-dashboard/tasks/main.yml
@@ -11,10 +11,10 @@
when: packages_repository == 'staging'
- import_tasks: RedHat.yml
- when: ansible_os_family == 'RedHat'
+ when: ansible_facts.os_family == 'RedHat'
- import_tasks: Debian.yml
- when: ansible_os_family == 'Debian'
+ when: ansible_facts.os_family == 'Debian'
- name: Remove Dashboard configuration file
file:
@@ -96,4 +96,4 @@
state: started
- import_tasks: RMRedHat.yml
- when: ansible_os_family == 'RedHat'
+ when: ansible_facts.os_family == 'RedHat'
diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml
index 09be1e06d..e4b409bba 100644
--- a/roles/wazuh/wazuh-dashboard/vars/debian.yml
+++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml
@@ -1,2 +1,2 @@
---
-dashboard_version: 4.4.0
+dashboard_version: 4.6.0
diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml
index 7c52a6961..974d089da 100644
--- a/roles/wazuh/wazuh-indexer/defaults/main.yml
+++ b/roles/wazuh/wazuh-indexer/defaults/main.yml
@@ -1,6 +1,6 @@
---
# Cluster Settings
-indexer_version: 4.4.0
+indexer_version: 4.6.0
single_node: false
indexer_node_name: node-1
diff --git a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
index 53a67ab60..6d00e7589 100644
--- a/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/RedHat.yml
@@ -33,7 +33,7 @@
become: yes
when:
- - ansible_distribution == 'Amazon'
+ - ansible_facts.distribution == 'Amazon'
- name: RedHat/CentOS/Fedora | Install Indexer dependencies
yum:
diff --git a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
index 4a215bef5..6688cbe88 100644
--- a/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/local_actions.yml
@@ -30,8 +30,8 @@
- name: Local action | Prepare the certificates generation template file
template:
- src: "templates/config.yml.j2"
- dest: "{{ local_certs_path }}/config.yml"
+ src: "templates/wazuh-config.yml.j2"
+ dest: "{{ local_certs_path }}/wazuh-config.yml"
mode: 0644
register: tlsconfig_template
diff --git a/roles/wazuh/wazuh-indexer/tasks/main.yml b/roles/wazuh/wazuh-indexer/tasks/main.yml
index 48034ae6a..29ce531da 100644
--- a/roles/wazuh/wazuh-indexer/tasks/main.yml
+++ b/roles/wazuh/wazuh-indexer/tasks/main.yml
@@ -16,10 +16,10 @@
- block:
- import_tasks: RedHat.yml
- when: ansible_os_family == 'RedHat'
+ when: ansible_facts.os_family == 'RedHat'
- import_tasks: Debian.yml
- when: ansible_os_family == 'Debian'
+ when: ansible_facts.os_family == 'Debian'
- name: Remove performance analyzer plugin from Wazuh indexer
become: true
@@ -130,7 +130,7 @@
- hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip']
- import_tasks: "RMRedHat.yml"
- when: ansible_os_family == "RedHat"
+ when: ansible_facts.os_family == "RedHat"
- name: Reload systemd configuration
systemd:
diff --git a/roles/wazuh/wazuh-indexer/templates/jvm.options.j2 b/roles/wazuh/wazuh-indexer/templates/jvm.options.j2
index 74c01054b..bf5ba93aa 100644
--- a/roles/wazuh/wazuh-indexer/templates/jvm.options.j2
+++ b/roles/wazuh/wazuh-indexer/templates/jvm.options.j2
@@ -28,9 +28,9 @@
-Xmx32000m
{% endif %}
{% else %}
--Xms{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
+-Xms{% if ansible_facts.memtotal_mb < 64000 %}{{ ((ansible_facts.memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
--Xmx{% if ansible_memtotal_mb < 64000 %}{{ ((ansible_memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
+-Xmx{% if ansible_facts.memtotal_mb < 64000 %}{{ ((ansible_facts.memtotal_mb|int)/2)|int }}m{% else %}32000m{% endif %}
{% endif %}