Conflicts resolved

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
+    target-branch: "4.4"

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v4.4.0]
+
+### Added
+
+- Update to [Wazuh v4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
+
 ## [v4.3.10]
 
 ### Added
@@ -67,6 +73,12 @@ All notable changes to this project will be documented in this file.
 
 - Update to [Wazuh v4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
 
+## [v4.2.6]
+
+### Added
+
+- Update to [Wazuh v4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
+
 ## [v4.2.5]
 
 ### Added

README.md

@@ -16,6 +16,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
+| v4.4.0        |         |        |
 | v4.3.10       |         |        |
 | v4.3.9        |         |        |
 | v4.3.8        |         |        |
@@ -27,6 +28,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 | v4.3.2        |         |        |
 | v4.3.1        |         |        |
 | v4.3.0        |         |        |
+| v4.2.6        | 7.10.2  | 1.13.2 |
 | v4.2.5        | 7.10.2  | 1.13.2 |
 | v4.2.4        | 7.10.2  | 1.13.2 |
 | v4.2.3        | 7.10.2  | 1.13.2 |
@@ -394,6 +396,124 @@ sudo ansible-playbook wazuh-single.yml -i inventory
 
 After the playbook execution, the Wazuh UI should be reachable through `https://<your server host>`
 
+## Example: Wazuh server cluster (without Filebeat)
+
+### Playbook
+
+The hereunder example playbook uses the `wazuh-ansible` role to provision a Wazuh server cluster without Filebeat. This architecture includes 2 Wazuh servers distributed in two different nodes.
+
+```yaml
+---
+# Wazuh cluster without Filebeat
+    - hosts: manager
+      roles:
+        - role: "../roles/wazuh/ansible-wazuh-manager"
+      become: yes
+      become_user: root
+      vars:
+        wazuh_manager_config:
+          connection:
+              - type: 'secure'
+                port: '1514'
+                protocol: 'tcp'
+                queue_size: 131072
+          api:
+              https: 'yes'
+          cluster:
+              disable: 'no'
+              node_name: 'master'
+              node_type: 'master'
+              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
+              nodes:
+                  - "{{ hostvars.manager.private_ip }}"
+              hidden: 'no'
+        wazuh_api_users:
+          - username: custom-user
+            password: SecretPassword1!
+
+    - hosts: worker01
+      roles:
+        - role: "../roles/wazuh/ansible-wazuh-manager"
+      become: yes
+      become_user: root
+      vars:
+        wazuh_manager_config:
+          connection:
+              - type: 'secure'
+                port: '1514'
+                protocol: 'tcp'
+                queue_size: 131072
+          api:
+              https: 'yes'
+          cluster:
+              disable: 'no'
+              node_name: 'worker_01'
+              node_type: 'worker'
+              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
+              nodes:
+                  - "{{ hostvars.manager.private_ip }}"
+              hidden: 'no'
+```
+
+### Inventory file
+
+```ini
+[manager]
+<your manager master server host>
+
+[worker01]
+<your manager worker01 server host>
+
+[all:vars]
+ansible_ssh_user=vagrant
+ansible_ssh_private_key_file=/path/to/ssh/key.pem
+ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
+```
+
+### Adding additional workers
+
+Add the following block at the end of the playbook
+
+```yaml
+    - hosts: worker02
+      roles:
+        - role: "../roles/wazuh/ansible-wazuh-manager"
+      become: yes
+      become_user: root
+      vars:
+        wazuh_manager_config:
+          connection:
+              - type: 'secure'
+                port: '1514'
+                protocol: 'tcp'
+                queue_size: 131072
+          api:
+              https: 'yes'
+          cluster:
+              disable: 'no'
+              node_name: 'worker_02'
+              node_type: 'worker'
+              key: 'c98b62a9b6169ac5f67dae55ae4a9088'
+              nodes:
+                  - "{{ hostvars.manager.private_ip }}"
+              hidden: 'no'
+```
+
+NOTE: `hosts` and `wazuh_manager_config.cluster_node_name` are the only parameters that differ from the `worker01` configuration.
+
+Add the following lines to the inventory file:
+
+```ini
+[worker02]
+<your manager worker02 server host>
+```
+
+### Launching the playbook
+
+```bash
+sudo ansible-playbook wazuh-manager-oss-cluster.yml -i inventory
+```
+
 ## Contribute
 
 If you want to contribute to our repository, please fork our Github repository and submit a pull request.

VERSION

@@ -1,2 +1,2 @@
-WAZUH-ANSIBLE_VERSION="v4.3.10"
-REVISION="40323"
+WAZUH-ANSIBLE_VERSION="v4.4.0"
+REVISION="40400"

molecule/default/tests/test_default.py

@@ -8,7 +8,7 @@
 
 def get_wazuh_version():
     """This return the version of Wazuh."""
-    return "4.3.10"
+    return "4.4.0"
 
 
 

molecule/distributed-wazuh-elk-xpack/group_vars/all.yml

@@ -0,0 +1,36 @@
+---
+
+########################################################
+# Helper variables
+private_ip: '{{ ansible_default_ipv4.address }}'
+
+managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
+elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
+kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars)  | list }}"
+
+manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
+elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
+kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
+
+########################################################
+# Versions
+elastic_stack_version: 7.10.2
+filebeat_version: 7.10.2
+
+# Debian packages need the ${VERSION}-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
+
+# Kibana role appends it automatically.
+wazuh_version: 4.4.0
+
+########################################################
+# General ELK stack variables
+
+# Xpack Security: autogenerate CA
+generate_CA: true
+filebeat_xpack_security: true
+kibana_xpack_security: true
+elasticsearch_xpack_security: true
+elasticsearch_xpack_security_user: elastic
+elasticsearch_xpack_security_password: elastic_pass

molecule/distributed-wazuh-elk-xpack/tests/test_default.py

@@ -0,0 +1,64 @@
+import os
+import pytest
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def get_wazuh_version():
+    """This return the version of Wazuh."""
+    return "4.4.0"
+
+
+def test_wazuh_packages_are_installed(host):
+    """Test the main packages are installed."""
+    manager = host.package("wazuh-manager")
+    assert manager.is_installed
+    assert manager.version.startswith(get_wazuh_version())
+
+
+def test_wazuh_services_are_running(host):
+    """Test the services are enabled and running.
+
+    When assert commands are commented, this means that the service command has
+    a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
+    """
+    # This currently doesn't work with out current Docker base images
+    # manager = host.service("wazuh-manager")
+    # api = host.service("wazuh-api")
+    # assert manager.is_running
+    # assert api.is_running
+    output = host.check_output(
+        'ps aux | grep ossec | tr -s " " | cut -d" " -f11'
+        )
+    assert 'ossec-authd' in output
+    assert 'wazuh-modulesd' in output
+    assert 'wazuh-db' in output
+    assert 'ossec-execd' in output
+    assert 'ossec-monitord' in output
+    assert 'ossec-remoted' in output
+    assert 'ossec-logcollector' in output
+    assert 'ossec-analysisd' in output
+    assert 'ossec-syscheckd' in output
+
+
+@pytest.mark.parametrize("wazuh_file, wazuh_owner, wazuh_group, wazuh_mode", [
+    ("/var/ossec/etc/sslmanager.cert", "root", "root", 0o640),
+    ("/var/ossec/etc/sslmanager.key", "root", "root", 0o640),
+    ("/var/ossec/etc/rules/local_rules.xml", "wazuh", "wazuh", 0o640),
+    ("/var/ossec/etc/lists/audit-keys", "wazuh", "wazuh", 0o660),
+])
+def test_wazuh_files(host, wazuh_file, wazuh_owner, wazuh_group, wazuh_mode):
+    """Test Wazuh related files exist and have proper owners and mode."""
+    wazuh_file_host = host.file(wazuh_file)
+    assert wazuh_file_host.user == wazuh_owner
+    assert wazuh_file_host.group == wazuh_group
+    assert wazuh_file_host.mode == wazuh_mode
+
+
+def test_filebeat_is_installed(host):
+    """Test the elasticsearch package is installed."""
+    filebeat = host.package("filebeat")
+    assert filebeat.is_installed
+    assert filebeat.version.startswith('7.10.2')

molecule/distributed-wazuh-elk/group_vars/all.yml

@@ -0,0 +1,23 @@
+---
+
+########################################################
+# Helper variables
+private_ip: '{{ ansible_default_ipv4.address }}'
+
+managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
+elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
+
+manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
+elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
+
+########################################################
+# Versions
+elastic_stack_version: 7.10.2
+filebeat_version: 7.10.2
+
+# Debian packages need the ${VERSION}-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
+
+# Kibana role appends it automatically.
+wazuh_version: 4.4.0

molecule/distributed-wazuh-odfe/group_vars/all.yml

@@ -0,0 +1,47 @@
+---
+
+########################################################
+# Helper variables
+private_ip: '{{ ansible_default_ipv4.address }}'
+
+managers_hostvars: "{{ groups['managers'] | map('extract', hostvars)  | list }}"
+elastic_hostvars: "{{ groups['elastic'] | map('extract', hostvars)  | list }}"
+kibana_hostvars: "{{ groups['kibana'] | map('extract', hostvars)  | list }}"
+
+manager_addresses: "{{ managers_hostvars | map(attribute='private_ip') | list }}"
+elastic_addresses: "{{ elastic_hostvars | map(attribute='private_ip') | list }}"
+kibana_addresses: "{{ kibana_hostvars | map(attribute='private_ip') | list }}"
+
+########################################################
+# General ELK stack variables
+
+# OpenDistro
+kibana_opendistro_security: true
+
+opendistro_kibana_user: kibanaserver
+opendistro_security_user: elastic
+
+opendistro_kibana_password: changeme
+opendistro_security_password: admin
+opendistro_admin_password: changeme
+
+# All nodes are called by IP name
+elasticsearch_node_name: '{{ ansible_hostname }}'
+kibana_node_name: '{{ ansible_hostname }}'
+filebeat_node_name: '{{ ansible_hostname }}'
+
+########################################################
+# Versions
+# See: https://opendistro.github.io/for-elasticsearch-docs/version-history/
+
+elastic_stack_version: 7.10.2
+opendistro_version: 1.13.2
+filebeat_version: 7.10.2
+kibana_opendistro_version: 1.13.2-1
+
+# Debian packages need the ${VERSION}-1
+wazuh_manager_version: 4.4.0-1
+wazuh_agent_version: 4.4.0-1
+
+# Kibana role appends it automatically.
+wazuh_version: 4.4.0