Merge pull request #207 from wazuh/release-wazuh_3.11.3_7.5.2

Release Wazuh 3.11.3_7.5.2
wazuh · Jan 28, 2020 · 4885e89 · 4885e89
2 parents 1240b08 + 172de38
commit 4885e89
Show file tree

Hide file tree

Showing 20 changed files with 342 additions and 228 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,14 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Puppet v3.11.3_7.5.2
+
+### Added
+
+- Update to Wazuh version 3.11.3_7.5.2
+
+- Improved agent Windows config. and secondary fixes ([@rshad](https://github.com/rshad)) [PR#205](https://github.com/wazuh/wazuh-puppet/pull/205)
+
 ## Wazuh Puppet v3.11.2_7.5.1
 
 ### Added

diff --git a/VERSION b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-PUPPET_VERSION="v3.11.2"
-REVISION="31120"
+WAZUH-PUPPET_VERSION="v3.11.3"
+REVISION="31130"
diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -49,7 +49,6 @@
   $ossec_sca_template                = $wazuh::params_agent::ossec_sca_template,
   $ossec_syscheck_template           = $wazuh::params_agent::ossec_syscheck_template,
   $ossec_localfile_template          = $wazuh::params_agent::ossec_localfile_template,
-  $ossec_ruleset                     = $wazuh::params_agent::ossec_ruleset,
   $ossec_auth                        = $wazuh::params_agent::ossec_auth,
   $ossec_cluster                     = $wazuh::params_agent::ossec_cluster,
   $ossec_active_response_template    = $wazuh::params_agent::ossec_active_response_template,
@@ -61,7 +60,8 @@
   $wazuh_reporting_endpoint          = $wazuh::params_agent::wazuh_reporting_endpoint,
   $ossec_port                        = $wazuh::params_agent::ossec_port,
   $ossec_protocol                    = $wazuh::params_agent::ossec_protocol,
-  $ossec_config_profiles             = $wazuh::params_agent::ossec_config_profiles,
+  $ossec_config_ubuntu_profiles      = $wazuh::params_agent::ossec_config_ubuntu_profiles,
+  $ossec_config_centos_profiles      = $wazuh::params_agent::ossec_config_centos_profiles,
   $ossec_notify_time                 = $wazuh::params_agent::ossec_notify_time,
   $ossec_time_reconnect              = $wazuh::params_agent::ossec_time_reconnect,
   $ossec_auto_restart                = $wazuh::params_agent::ossec_auto_restart,
@@ -83,6 +83,12 @@
   $ossec_rootcheck_rootkit_trojans   = $wazuh::params_agent::ossec_rootcheck_rootkit_trojans,
   $ossec_rootcheck_skip_nfs          = $wazuh::params_agent::ossec_rootcheck_skip_nfs,
 
+
+  # rootcheck windows
+  $ossec_rootcheck_windows_disabled        = $wazuh::params_agent::ossec_rootcheck_windows_disabled,
+  $ossec_rootcheck_windows_windows_apps    = $wazuh::params_agent::ossec_rootcheck_windows_windows_apps,
+  $ossec_rootcheck_windows_windows_malware = $wazuh::params_agent::ossec_rootcheck_windows_windows_malware,
+
   # SCA
 
   ## Amazon
@@ -93,18 +99,24 @@
   $sca_amazon_amazon_policies = $wazuh::params_agent::sca_amazon_policies,
 
   ## RHEL
-  $sca_amazon_rhel_enabled = $wazuh::params_agent::sca_rhel_enabled,
-  $sca_amazon_rhel_scan_on_start = $wazuh::params_agent::sca_rhel_scan_on_start,
-  $sca_amazon_rhel_interval = $wazuh::params_agent::sca_rhel_interval,
-  $sca_amazon_rhel_skip_nfs = $wazuh::params_agent::sca_rhel_skip_nfs,
-  $sca_amazon_rhel_policies = $wazuh::params_agent::sca_rhel_policies,
-
-  ## <else>
-  $sca_amazon_else_enabled = $wazuh::params_agent::sca_else_enabled,
-  $sca_amazon_else_scan_on_start = $wazuh::params_agent::sca_else_scan_on_start,
-  $sca_amazon_else_interval = $wazuh::params_agent::sca_else_interval,
-  $sca_amazon_else_skip_nfs = $wazuh::params_agent::sca_else_skip_nfs,
-  $sca_amazon_else_policies = $wazuh::params_agent::sca_else_policies,
+  $sca_rhel_enabled = $wazuh::params_agent::sca_rhel_enabled,
+  $sca_rhel_scan_on_start = $wazuh::params_agent::sca_rhel_scan_on_start,
+  $sca_rhel_interval = $wazuh::params_agent::sca_rhel_interval,
+  $sca_rhel_skip_nfs = $wazuh::params_agent::sca_rhel_skip_nfs,
+  $sca_rhel_policies = $wazuh::params_agent::sca_rhel_policies,
+
+  ## <Linux else>
+  $sca_else_enabled = $wazuh::params_agent::sca_else_enabled,
+  $sca_else_scan_on_start = $wazuh::params_agent::sca_else_scan_on_start,
+  $sca_else_interval = $wazuh::params_agent::sca_else_interval,
+  $sca_else_skip_nfs = $wazuh::params_agent::sca_else_skip_nfs,
+  $sca_else_policies = $wazuh::params_agent::sca_else_policies,
+
+  $sca_windows_enabled = $wazuh::params_agent::sca_windows_enabled,
+  $sca_windows_scan_on_start = $wazuh::params_agent::sca_windows_scan_on_start,
+  $sca_windows_interval = $wazuh::params_agent::sca_windows_interval,
+  $sca_windows_skip_nfs = $wazuh::params_agent::sca_windows_skip_nfs,
+  $sca_windows_policies = $wazuh::params_agent::sca_windows_policies,
 
   ## Wodles
 
@@ -126,6 +138,7 @@
 
   $wodle_osquery_disabled            = $wazuh::params_agent::wodle_osquery_disabled,
   $wodle_osquery_run_daemon          = $wazuh::params_agent::wodle_osquery_run_daemon,
+  $wodle_osquery_bin_path            = $wazuh::params_agent::wodle_osquery_bin_path,
   $wodle_osquery_log_path            = $wazuh::params_agent::wodle_osquery_log_path,
   $wodle_osquery_config_path         = $wazuh::params_agent::wodle_osquery_config_path,
   $wodle_osquery_add_labels          = $wazuh::params_agent::wodle_osquery_add_labels,
@@ -153,13 +166,22 @@
   $ossec_syscheck_auto_ignore        = $wazuh::params_agent::ossec_syscheck_auto_ignore,
   $ossec_syscheck_directories_1      = $wazuh::params_agent::ossec_syscheck_directories_1,
   $ossec_syscheck_directories_2      = $wazuh::params_agent::ossec_syscheck_directories_2,
-  $ossec_syscheck_whodata            = $wazuh::params_agent::ossec_syscheck_whodata,
-  $ossec_syscheck_realtime           = $wazuh::params_agent::ossec_syscheck_realtime,
+  $ossec_syscheck_whodata_directories_1            = $wazuh::params_agent::ossec_syscheck_whodata_directories_1,
+  $ossec_syscheck_realtime_directories_1           = $wazuh::params_agent::ossec_syscheck_realtime_directories_1,
+  $ossec_syscheck_whodata_directories_2            = $wazuh::params_agent::ossec_syscheck_whodata_directories_2,
+  $ossec_syscheck_realtime_directories_2           = $wazuh::params_agent::ossec_syscheck_realtime_directories_2,
   $ossec_syscheck_ignore_list        = $wazuh::params_agent::ossec_syscheck_ignore_list,
   $ossec_syscheck_ignore_type_1      = $wazuh::params_agent::ossec_syscheck_ignore_type_1,
   $ossec_syscheck_ignore_type_2      = $wazuh::params_agent::ossec_syscheck_ignore_type_2,
   $ossec_syscheck_nodiff             = $wazuh::params_agent::ossec_syscheck_nodiff,
   $ossec_syscheck_skip_nfs           = $wazuh::params_agent::ossec_syscheck_skip_nfs,
+  $ossec_syscheck_windows_audit_interval      = $wazuh::params_agent::windows_audit_interval,
+
+  # active-response
+  $ossec_active_response_disabled          =  $wazuh::params_agent::active_response_disabled,
+  $ossec_active_response_linux_ca_store    =  $wazuh::params_agent::active_response_linux_ca_store,
+  $ossec_active_response_windows_ca_store  =  $wazuh::params_agent::active_response_windows_ca_store,
+  $ossec_active_response_ca_verification   =  $wazuh::params_agent::active_response_ca_verification,
 
   # Agent Labels
   $ossec_labels                      = $wazuh::params_agent::ossec_labels,
@@ -172,6 +194,9 @@
   ## Windows
 
   $download_path                     = $wazuh::params_agent::download_path,
+
+  # Logging
+  $logging_log_format                = $wazuh::params_agent::logging_log_format,
 ) inherits wazuh::params_agent {
   # validate_bool(
   #   $ossec_active_response, $ossec_rootcheck,
@@ -182,7 +207,7 @@
   validate_string($agent_package_name)
   validate_string($agent_service_name)
 
-  if($ossec_syscheck_whodata == '"yes"') { # Install Audit if whodata is enabled
+  if (( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' )) {
     package { 'Installing Audit...':
       name   => 'audit',
     }

diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp
@@ -11,7 +11,7 @@
   $elasticsearch_node_max_local_storage_nodes = '1',
   $elasticsearch_service = 'elasticsearch',
   $elasticsearch_package = 'elasticsearch',
-  $elasticsearch_version = '7.5.1',
+  $elasticsearch_version = '7.5.2',
 
   $elasticsearch_path_data = '/var/lib/elasticsearch',
   $elasticsearch_path_logs = '/var/log/elasticsearch',

diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp
@@ -7,9 +7,9 @@
 
   $filebeat_package = 'filebeat',
   $filebeat_service = 'filebeat',
-  $filebeat_version = '7.5.1',
-  $wazuh_app_version = '3.11.2_7.5.1',
-  $wazuh_extensions_version = 'v3.11.2',
+  $filebeat_version = '7.5.2',
+  $wazuh_app_version = '3.11.3_7.5.2',
+  $wazuh_extensions_version = 'v3.11.3',
   $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
 ){
 

diff --git a/manifests/kibana.pp b/manifests/kibana.pp
@@ -3,8 +3,8 @@
 class wazuh::kibana (
   $kibana_package = 'kibana',
   $kibana_service = 'kibana',
-  $kibana_version = '7.5.1',
-  $kibana_app_version = '3.11.2_7.5.1',
+  $kibana_version = '7.5.2',
+  $kibana_app_version = '3.11.3_7.5.2',
   $kibana_elasticsearch_ip = 'localhost',
   $kibana_elasticsearch_port = '9200',
 

diff --git a/manifests/manager.pp b/manifests/manager.pp
@@ -87,18 +87,18 @@
   $sca_amazon_amazon_policies = $wazuh::params_manager::sca_amazon_policies,
 
   ## RHEL
-  $sca_amazon_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled,
-  $sca_amazon_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start,
-  $sca_amazon_rhel_interval = $wazuh::params_manager::sca_rhel_interval,
-  $sca_amazon_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs,
-  $sca_amazon_rhel_policies = $wazuh::params_manager::sca_rhel_policies,
+  $sca_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled,
+  $sca_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start,
+  $sca_rhel_interval = $wazuh::params_manager::sca_rhel_interval,
+  $sca_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs,
+  $sca_rhel_policies = $wazuh::params_manager::sca_rhel_policies,
 
-  ## <else>
-  $sca_amazon_else_enabled = $wazuh::params_manager::sca_else_enabled,
-  $sca_amazon_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start,
-  $sca_amazon_else_interval = $wazuh::params_manager::sca_else_interval,
-  $sca_amazon_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs,
-  $sca_amazon_else_policies = $wazuh::params_manager::sca_else_policies,
+  ## <Linux else>
+  $sca_else_enabled = $wazuh::params_manager::sca_else_enabled,
+  $sca_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start,
+  $sca_else_interval = $wazuh::params_manager::sca_else_interval,
+  $sca_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs,
+  $sca_else_policies = $wazuh::params_manager::sca_else_policies,
 
 
       ## Wodles
@@ -198,8 +198,10 @@
       $ossec_syscheck_auto_ignore           = $wazuh::params_manager::ossec_syscheck_auto_ignore,
       $ossec_syscheck_directories_1         = $wazuh::params_manager::ossec_syscheck_directories_1,
       $ossec_syscheck_directories_2         = $wazuh::params_manager::ossec_syscheck_directories_2,
-      $ossec_syscheck_whodata               = $wazuh::params_manager::ossec_syscheck_whodata,
-      $ossec_syscheck_realtime              = $wazuh::params_manager::ossec_syscheck_realtime,
+      $ossec_syscheck_whodata_directories_1            = $wazuh::params_manager::ossec_syscheck_whodata_directories_1,
+      $ossec_syscheck_realtime_directories_1           = $wazuh::params_manager::ossec_syscheck_realtime_directories_1,
+      $ossec_syscheck_whodata_directories_2            = $wazuh::params_manager::ossec_syscheck_whodata_directories_2,
+      $ossec_syscheck_realtime_directories_2           = $wazuh::params_manager::ossec_syscheck_realtime_directories_2,
       $ossec_syscheck_ignore_list           = $wazuh::params_manager::ossec_syscheck_ignore_list,
 
       $ossec_syscheck_ignore_type_1         = $wazuh::params_manager::ossec_syscheck_ignore_type_1,
@@ -265,9 +267,9 @@
   }
 
 
-  if($ossec_syscheck_whodata == '"yes"') { # Install Audit if whodata is enabled
+  if ( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' ) {
     package { 'Installing Auditd...':
-      name   => 'audit',
+      name   => 'auditd',
     }
     service { 'auditd':
       ensure => running,
@@ -569,7 +571,7 @@
     }
   }
 
-  if($ossec_syscheck_whodata == '"yes"') {
+  if ( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' ) {
     exec { 'Ensure wazuh-fim rule is added to auditctl':
       command => '/sbin/auditctl -l',
       unless  => '/sbin/auditctl -l | grep wazuh_fim',