CHANGELOG.md

Change Log

All notable changes to this project will be documented in this file.

[v4.1.4]

Added

• Update to Wazuh v4.1.4

[v4.1.3]

Added

• Update to Wazuh v4.1.3

[v4.1.1]

Added

• Update to Wazuh v4.1.1
• Apply changes in ossec.conf file
• Modify jvm.options to v7.10
• Change opendistro repository packages (opendistroforelasticsearch, elasticsearch-oss) to Wazuh URL and GPG key

[v4.0.4]

Added

• Update to Wazuh v4.0.4

• Support for new Wazuh API config options.

• Add localfile labels to agent ossec.conf template (@dragospe) PR#521

Changed

• Please notice that default Kibana user in role defaults changed from kibanaserver to admin. See listed PRs below for details.

Fixed

• create_user.py generates invalid passwords (@singuliere) PR#519
• Fix invalid Jinja2 syntax in centralized configuration template (@kravietz) PR#528
• Replace default user for opendistro-kibana role (@zenidd) PR#529
• Remove legacy declarations of od_node_name in opendistro-elasticsearch (@neonmei, @dragospe) PR#530
• Add missing variable elasticsearch_node_master in opendistro-elasticsearch (@neonmei) PR#534
• Add missing variable elasticsearch_network_host in opendistro-elasticsearch (@neonmei) PR#540

[v4.0.3]

Added

• Update to Wazuh v4.0.3

Fixed

• Fix wrong delegate_to in task added by PR#488, hotfixed in v4.0.2 in PR#511

[v4.0.2]

Added

• Update to Wazuh v4.0.2

Changed

• New role variables have been introduced (e.g: wazuh_agent_api_validate), see documentation or PRs listed here for details.
• Some variables have been deprecated (e.g: wazuh_agent_nat) in favour of other ones, see documentation or PRs listed here for details.

Fixed

• Fix agent enrollment default value. Fix authd registration. PR#505
• Remove async clause causing agent install timeout on resource-constrained Centos installations PR#507
• Fix REST registration method for agents PR#509
• authd_pass and api_pass precedence too high, lower to role defaults PR#488

[v4.0.1]

Added

• Update to Wazuh v4.0.1
• Allow installing fixed Filebeat-oss version (@Zenidd) PR#486
• Feature adapt molecule tests (@neonmei) PR#477

Fixed

• Roles/elastic-stack: update jvm.options template per upstream updates (@neonmei) PR#501
• Improve linting history (@neonmei)
  • Fix lint opendistro kibana PR#497
  • Feature lint roles configurations PR#496
  • Feature lint role wazuh agent PR#495
  • Feature lint role filebeat oss PR#494
  • Lint role wazuh-manager PR#493
  • Feature lint role elasticsearch PR#492
  • Feature lint role opendistro-elasticsearch PR#491
  • Feature lint remove unused variables PR#487
  • Feature agent default vars depth reduction PR#485
• Remove unnecesary nodejs dependency (@neonmei) PR#482
• Feature manager configuration unnest (@neonmei) PR#481
• Elastic API check fix (@Zenidd) PR#480
• Improve handling of run_once at opendistro-elasticsearch role (@neonmei) PR#478

[v4.0.0]

Added

• Update to Wazuh v4.0.0
• New example playbooks on README (@Zenidd) PR#468

Fixed

• Ensure recursive /usr/share/kibana permissions before installing WUI (@Zenidd) PR#471
• Remove vuls integration (@manuasir) PR#469

[v3.13.2]

Added

• Update to Wazuh v3.13.2
• Add kibana extra ssl option (@xr09) PR#451
• Force basic auth (@xr09) PR#456

Fixed

• Fix check_mode condition (@manuasir) PR#452
• Fixes for opendistro role (@xr09) PR#453

[v3.13.1_7.8.0]

Added

• Update to Wazuh v3.13.1
• Add support to configure path.repo option in ES. Required for backups/snapshots (@pescobar) PR#433

Changed

• Update Opendistro tasks (@jm404) PR#443
• Provide ansible.cfg with merge hash_behaviour (@xr09) PR#440

Fixed

• Fixes for wazuh-agent registration (@pchristos) PR#406
• Fixes for OpenDistro deployments (@xr09) PR#445

[v3.13.0_7.7.1]

Added

• Update to Wazuh v3.13.0
• Open Distro-Kibana and Filebeat-oss roles (@manuasir) PR#424

Changed

• Fetch ES template from wazuh/wazuh repository (@Zenidd) PR#435

Fixed

• Use local path while generating xpack certificates (@xr09) PR#432

[v3.12.3_7.6.2]

Added

• Update to Wazuh v3.12.2
• AWS S3 block to template (@limitup) PR#404

Changed

• Update Kibana optimize task parameters and command (@jm404) PR#404
• Update Kibana optimize folder and owner (@jm404) PR#404

[v3.12.2_7.6.2]

Added

• Update to Wazuh v3.12.2

Fixed

• Adjusting Kibana plugin optimization max memory (@Zenidd) PR#404
• Removed python-cryptography library tasks (@Zenidd) PR#401
• Removed duplicated task block (@manuasir) PR#400

[v3.12.0_7.6.1]

Added

• Update to Wazuh v3.12.0
• Added registration address variable to wazuh-agent playbook (@Zenidd) PR#392

Changed

• Bump NodeJS version to 10.x (@manuasir) PR#386
• Add flag to enable/disable Windows MD5 check (@jm404) PR#383
• Rule paths are now relative to playbooks. (@Zenidd ) PR#393
• Add the option to create agent groups and add an agent to 1 or more group. (@rshad) PR#361

Fixed

• Removed bad formed XML comments. (@manuasir) PR#391
• NodeJS node_options variable and Kibana plugin optimization fix. (@Zenidd) PR#385
• Restrictive permissions for certificate files. (@Zenidd) PR#382

[v3.11.4_7.6.1]

Added

• Update to Wazuh v3.11.4
• Support for RHEL/CentOS 8 (@jm404) PR#377

Changed

• Disabled shared configuration by default (@jm404) PR#369
• Add chdir argument to Wazuh Kibana Plugin installation tasks (@jm404) PR#375
• Adjustments for systems without (direct) internet connection (@joschneid) PR#348

Fixed

• Avoid to install Wazuh API in worker nodes (@manuasir) PR#371
• Conditionals of custom Wazuh packages installation tasks (@rshad) PR#372
• Fix Ansible elastic_stack-distributed template (@francobep) PR#352
• Fix manager API verification (@Zenidd) PR#360

[v3.11.3_7.5.2]

Added

• Update to Wazuh v3.11.3

Fixed

• Fix Wazuh Agent configuration file for RHEL 8 (@xr09) PR#354
• Fix default port used in Wazuh Agent playbook (@jm404) PR#347

[v3.11.2_7.5.1]

Added

• Update to Wazuh v3.11.2

Changed

• Update templates for Python 3 compatibility (@xr09) PR#344

[v3.11.1_7.5.1]

Added

• Update to Wazuh v3.11.1

[v3.11.0_7.5.1]

Added

• Update to Wazuh v3.11.0

• Implemented changes to configure Wazuh API using the wazuh.yml file (@xr09) PR#342

• Wazuh Agent registration task now explicitly notify restart (@jm404) PR#302

• Support both IP and DNS when creating elastic cluster (@xr09) PR#252

• Added config tag to the Wazuh Agent's enable task (@xr09) PR#261

• Implement task to configure Elasticsearch user on every cluster node (@xr09) PR#270

• Added SCA to Wazuh Agent and Manager installation (@jm404) PR#260

• Added support for environments with low disk space (@xr09) PR#281

• Add parameters to configure an Elasticsearch coordinating node (@jm404) PR#292

Changed

• Updated Filebeat and Elasticsearch templates (@manuasir) PR#285

• Make ossec.conf file more readable by removing trailing whitespaces (@jm404) PR#286

• Wazuh repositories can now be configured to different sources URLs (@jm404) PR#288

• Wazuh App URL is now flexible (@jm404) PR#304

• Agent installation task now does not hardcodes the "-1" sufix (@jm404) PR#310

• Enhanced task importation in Wazuh Manager role and removed deprecated warnings (@xr09) PR#320

• Wazuh API installation task have been upgraded (@rshad) PR#330

• It's now possible to install Wazuh Manager and Agent from sources (@jm404) PR#329

Fixed

• Ansible upgrade from 6.x to 7.x (@jm404) PR#252

• Wazuh Agent registration using agent name has been fixed (@jm404) PR#298

• Fix Wazuh repository and installation conditionals (@jm404) PR#299

• Fixed Wazuh Agent registration using an Agent's name (@jm404) PR#334

[v3.11.0_7.3.2]

Added

• Update to Wazuh v3.11.0

Changed

• Moved molecule folder to Wazuh QA Repository manuasir #120ed16

• Refactored XPack Security configuration tasks @jm404 #246

Fixed

• Fixed ES bootstrap password configuration @jm404 #b8803de

[v3.10.0_7.3.2]

Added

• Update to Wazuh v3.10.0

Changed

• Updated Kibana @jm404 #237
• Updated agent.conf template @moodymob #222
• Improved molecule tests @rshad #223
• Moved "run_cluster_mode.sh" script to molecule folder @jm404 #a9d2c52

Fixed

• Fixed typo in the agent.conf template @joey1a2b3c #227
• Updated conditionals in tasks to fix Amazon Linux installation @jm404 #229
• Fixed Kibana installation in Amazon Linux @jm404 #232
• Fixed Windows Agent installation and configuration @jm404 #234

Fixed

• Removed registry key check on Wazuh Agent installation in windows @jm404 #265

[v3.9.5_7.2.1]

Added

• Update to Wazuh v3.9.5
• Update to Elastic Stack to v7.2.1

[v3.9.4_7.2.0]

Added

• Support for registring agents behind NAT @jheikki100 #208

Changed

• Default protocol to TCP @ionphractal #204.

Fixed

• Fixed network.host is not localhost @rshad #204.

[v3.9.3_7.2.0]

Added

• Update to Wazuh v3.9.3 (rshad PR#206)
• Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. (rshad PR#206)
• Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. (rshad PR#206)
• Fixes for Wazuh components installations' related issues. Such issues were related to determined OS distributions such as Ubuntu Trusty and CetOS 6. (rshad PR#206)
• Created Ansible playbook and role in order to automate the uninstallation of already installed Wazuh components. (rshad PR#206)

[v3.9.2_7.1.1]

Added

• Update to Wazuh v3.9.2
• Support for Elastic 7
• Ability to deploy an Elasticsearch cluster #6b95e3

[v3.9.2_6.8.0]

Added

• Update to Wazuh v3.9.2

[v3.9.1]

Added

• Update to Wazuh v3.9.1
• Support for ELK v6.8.0

[v3.9.0]

Added

• Update to Wazuh Wazuh v3.9.0 (manuasir #177).
• Support for Elasticsearch v6.7.1 (LuisGi91 #168).
• Added Molecule testing suit (JJediny #151).
• Added Molecule tests for Wazuh Manager (dj-wasabi #169).
• Added Molecule tests for Wazuh Agent (dj-wasabi #174).

Changed

• Updated network commands (kravietz #159).
• Enable active response section (kravietz #155).

Fixed

• Fix default active response (LuisGi93 #164).
• Changing from Oracle Java to OpenJDK (LuisGi93 #173).
• Adding alias to agent config file template (LuisGi93 #163).

[v3.8.2]

Changed

• Update to Wazuh version v3.8.2. (#150)

[v3.8.1]

Changed

• Update to Wazuh version v3.8.1. (#148)

[v3.8.0]

Added

• Added custom name for single agent registration (#117)
• Adapt ossec.conf file for windows agents (#118)
• Added labels to ossec.conf (#135)

Changed

• Changed Windows installation directory (#116)
• move redundant tags to the outer block (#133)
• Adapt new version (3.8.0-6.5.4) (#144)

Fixed

• Fixed a couple linting issues with yamllint and ansible-review (#111)
• Fixes typos: The word credentials doesn't have two consecutive e's (#130)
• Fixed multiple remote connection (#120)
• Fixed null value for wazuh_manager_fqdn (#132)
• Erasing extra spaces in playbooks (#131)
• Fixed oracle java cookies (#143)

Removed

• delete useless files from wazuh-manager role (#137)

[v3.7.2]

Changed

• Adapt configuration to current release (#106)

[v3.7.1]

Added

• include template local_internal_options.conf. (#87)
• Add multiple Elasticsearch IPs for Logstash reports. (#92)

Changed

• Changed windows agent version. (#89)
• Updating to Elastic Stack to 6.5.3 and Wazuh 3.7.1. (#108)

Fixed

• Solve the conflict betwwen tha agent configuration and the shared master configuration. Also include monitoring for /var/log/auth.log. (#90)
• Moved custom_ruleset files. (#98)
• Add authlog fix to localfile. (#99)
• Exceptions reload systemd. (#114)

Removed

• clean old code for windows agent. (#86)

v3.7.0-3701

Added

• Amazon Linux deployments are now supported (#71) and for the old repository structure (#67)
• Added the option to add rule files and decoders directly over the local rule and decoder directories in /var/ossec/etc (#81).
• Added the necessary variables to configure a new configuration template for the Wazuh API (#80).
• Added the option to verify the shared configuration for agents set in the manager (#76).
• Added the option to configure the active response (#75).

Changed

• Repository restructure.
• Extended conditions to register a Wazuh agent. Now will register the agent in cases where there is no client.keys or the file exists but this empty (#79).
• Grouping of tasks in a block under the same condition to improve the efficiency of the code (#74).
• Improved efficiency of the Java repository (#73).

Fixed

• Fix oracle java cookie (#71).
• include the logall_json label in ossec.conf template. This was causing an error when recreating the cdb_lists (#84).

v3.6.0

Ansible starting point.

Roles:

• Elastic Stack:
  • ansible-elasticsearch: This role is prepared to install elasticsearch on the host that runs it.
  • ansible-kibana: Using this role we will install Kibana on the host that runs it.
• Wazuh:
  • ansible-filebeat: This role is prepared to install filebeat on the host that runs it.
  • ansible-wazuh-manager: With this role we will install Wazuh manager and Wazuh API on the host that runs it.
  • ansible-wazuh-agent: Using this role we will install Wazuh agent on the host that runs it and is able to register it.