All notable changes to this project will be documented in this file.
- Support to 4.3.0 Wazuh release.
- Support to 4.2.4 Wazuh release.
- Support to 4.2.3 Wazuh release.
- Support to 4.2.2 Wazuh release.
- Fixed a bug in the agent.pp manifest that prevented the Wazuh Agent from upgrading in Windows (#374)
- Support to 4.2.1 Wazuh release.
- Support to 4.2.0 Wazuh release.
- Support to 4.1.5 Wazuh release.
- Update to Wazuh v4.0.4
- Add support for Elasticsearch cluster in Kibana manifests (@neonmei) PR#317
- Add support for Ubuntu 20.04 (Focal Fossa) (@Zenidd, @neonmei) PR#321
- Idempotency improvements in Elasticsearch manifests (@neonmei) PR#313
- Linting improvements work for Puppet Forge publishing (@Zenidd) PR#314
- Idempotency improvements in Kibana manifests (@neonmei) PR#315
- PDK validate improvements (@neonmei) PR#319
- Fix warnings due to undefined variables (@Hexta) PR#331
- Use
manager_ossec.conf
as render target for Integrations (@Zenidd) PR#327 - Use
manager_ossec.conf
as render target for Reports (@Zenidd) PR#328 - Remove manager-specific options for active response in agent manifest (@Zenidd) PR#332
- Fix stdlib deprecation warnings related to
validate_*
functions (@Hexta) PR#334 - Update target name in concat resources for
manager_ossec.conf
(@g3rhard) PR#341
- Update to Wazuh version 4.0.3
- Templates: update jvm.options template with version information (@neonmei) PR#310
- Restart manager service after modifying agent_auth_password (@Fabian1976) PR#307
- Update to Wazuh version 4.0.2
- Update to Wazuh version 4.0.1
- Support for Wazuh v4 new features (@Zenidd) PR#300:
- Agent autoenrollment
- API RBAC
- Update to Wazuh version 3.13.1_7.8.0
- Update to Wazuh version 3.13.0_7.7.1
- Add syscollector related config in Wazuh Agent manifest (@rshad) PR#241
- Update to Wazuh version 3.12.3_7.6.2
- Add option for report files changes in syscheck (@Hexta) PR#212
- Update to Wazuh version 3.12.2_7.6.2
-
Update to Wazuh version 3.12.0_7.6.1
-
Add a parameter wazuh_api::manage_nodejs_package (@Hexta) PR#213
-
Always treat $ossec_emailnotification as a boolean (@alanwevans) PR#229
-
Fixes #215: Fix audit package name for Debian (@djmgit) PR#216
-
Fixes #227 : Add system_audit subsection in rootcheck (@djmgit) PR#228
-
Fixes #225 : Option to configure audit rules from this module itself (@djmgit) PR#226
-
Fixes #221 : No kern.log, auth.log, mail.log in default localfile config for Debian family (@rshad) Issue#221
- Update to Wazuh version 3.11.4_7.6.1
-
Update to Wazuh version 3.11.3_7.5.2
-
Improved agent Windows config. and secondary fixes (@rshad) PR#205
- Update to Wazuh version 3.11.2_7.5.1
-
Update to Wazuh version 3.11.1_7.5.1
-
Update to Wazuh version 3.11.0_7.5.1
-
Added Debian Buster support (@aderumier) PR#167
- Fixed Windows Agent Installation (@JPLachance) PR#163
- Update to Wazuh version 3.10.2_7.3.2
- Update to Wazuh version 3.10.0_7.3.2
- Change Wazuh Filebeat Module to production. (@jm404) #1bc6b792af68ff26fc0dfc9125e5d33f7831b32e
- Update to Wazuh version 3.9.5_7.2.1
-
Update to Wazuh version 3.9.4_7.2.0
-
Added Filebeat module and adapted Elasticsearch IP (rshad) PR#144
-
Added Kitchen testing for Wazuh deployment with Puppet. (rshad) PR#139
-
Added Ubuntu as a recognized operating system to Puppet manifests. (rshad) PR#141
-
Wazuh Agent is now able to register and report to different IPs. (@jm404) PR#136
- Update to Wazuh version 3.9.3_7.2.0
- Update to Wazuh version 3.9.2_7.1.1
-
Created required files for Filebeat installation. (@jm404) #f36be695
-
Created required files for Elasticsearch installation. (@jm404) #890fb88
-
Created required files for Kibana installation. (@jm404) #ac31a02
-
Added configuration variables to make
ossec.conf
more flexible. (@jm404) #5631753 -
Now it's possible to install an agent without registering it. (@jm404) #63e1a13
- The
server.pp
manifest has been renamed tomanager.pp
. (@jm404) #f859f87 - The
client.pp
manifest moved toagent.pp
. (@jm404) #69fe628
- Registration method
export
deleted due to security issues. (@jm404) #f77fe49 - Eliminated
inotify-tools
. (@jm404) #628db1e - Deleted
_common.erb
fragment in order to give flexibility to Agent and Manager. (@jm404) #92114ea
- Update to Wazuh version 3.9.1_6.8.0
- Allow certificates to be defined by file path (#112)
- Update to Wazuh version 3.9.0 (#118)
- Update to Wazuh version 3.8.2. (#107)
- Update to Wazuh version 3.8.1 (#104)
- Updating params.pp and _common.erb so all the options of localfile can be used (#97)
- Updating params.pp and _common.erb so all the options of localfile can be used (#97)
- Fix firewall module and support excluding decoders and rules. (#81)
- Updated metadata.json.
- Changed addlog for command support. (#90)
- New repository management and content.
- Add support for Wazuh 3.x. (#85)
- Fix username (puppet to puppetlabs). (#74)
2017-xx-xx [email protected] - 2.0.23
- Fixed issue #18 with the pull request #17. (thanks @lemrouch)
- Fixed issue #29 puppetlabs/apt version 4 onwards breaks the installation of wazuh server (thanks @rafaelfc-olx)
- Adding support for changing ossec_server_protocol with the pull request #30 (thanks @rafaelfc-olx)
- Managing wazuh-api alongside with wazuh-manager with the pull request #31 (thanks @rafaelfc-olx)
- Preventing Duplicated declaration issues regarding apt-transport-https package with the pull request #32 (thanks @rafaelfc-olx)
- Adding support for changing the client protocol and validating the manager by CA with the pull request #34 (thanks @rafaelfc-olx)
- Configuring wazuh-api from puppet with the pull request #35 (thanks @rafaelfc-olx)
- Adding notify_time and time-reconnect options to client config with the pull request #36 (thanks @rafaelfc-olx)
- New wazuh-winagent-v2.1.1-1.exe added.
- Profile name for Centos 7 is not _server, it's _common like RHEL7 with the pull request #38 (thanks @juliovalcarcel)
- Verifying if @wodle_openscap_content is defined, fixed #45 and #46
- Set the same file permissions than the installed package, fixed #41
- Adding the ability to set "type" attribute for "ignore" tag, fixed #19
- Adding support to OracleLinux, Fixed #43
- Add an option for the agent/manager class to manage the firewall automatically with puppetlabs/firewall
2017-05-27 [email protected] - 2.0.22
- Fixed issue #3. (Thanks for reporting it @ddholstad99)
- Fixed issue #4. (Thanks for reporting it @elisiano)
- Explicitly use the windows package provider pull request #11 (Thanks @damoxc)
- Enable fedora 23/24/25 for pull request #9 (Thanks @ddholstad99)
- Fix for issue Fix for #6 validate_cmd pull request #12 (Thanks @dakine1111)
- Add $wodle_openscap_content parameter to server.pp pull request #12 (Thanks hex2a)
- Added some changes in order to do this module compatible. (pull request #5 thanks elisano)
- Fix apt deprecation warnings. (thanks @kdole)
- Avoid warnings when storeconfigs are not available. (thanks @kdole)
- Use default local_files setting. (thanks @kdole)
- Making ossec server port configurable. (thanks @edge-records)
- Allow custom agent configurations (thanks @ffleming)
- Fixed issec #66 (thanks @thedawidbalut)
- Adds options to control rootcheck feature. (thanks @netman2k)
- Use puppet-selinux instead of jfryman-selinux (thanks @netman2k)
- Allow custom ossec.conf in agent and server template (thanks @sam-wouters)
- Fixed issue #71. (Thanks for reporting it @sc-chad)
- Fixed issue #72. (Thanks for reporting it @sc-chad)
- Clean code and added new OpenScap option (thanks @0x2A)
- module refactored/adapted for wazuh 2.0 (thanks @0x2A)
- New wazuh-agent-2.0.exe for Windows.
- Fixed typo in the windows package, this type made the deploy fails under windows.
- Compat with Older versions facter. (pull request #47 thanks @seefood)
- Template paths as parameters. (pull request #48 thanks @seefood )
- Client: allow configurable service_has_status, default to params. (pull request #51 thanks @josephholsten )
- Added Yakketi to the supported distributions.
- Modified activeresponse.erb to include <rules_id></rules_id> tags (pull request #56 thanks @MatthewRBruce)
- Modified client.pp and server.pp to accept package versions as parameter. (pull request #57 thanks @MatthewRBruce)
- Fixed 10_ossec.conf.erb template, "local_decoder" added to rules configuration
- Fixed gpgkey path under CentOS and RHEL
- Add local_decoder.xml and local_rules.xml templates
- Add option to enable syslog output. (pull request #35 thanks @TravellingGUy )
- Add Add Amazon Linux support. (pull request #37 thanks @seefood)
- Hard-coded GPG key for RHEL-like systems. (pull request #37 thanks @tobowers)
- Override package & service name for client installation. (pull request #43 thanks MrSecure)
- Add prefilter to agent config. (pull request #32 thanks @cmblong )
- Add function addlog to the agent. (issue #30 thanks @paul-cs)
- Add the apt::key can set a proxy and the key add process could be done. (issue #34 thanks @drequena)
- Adding xenial to the supported distributions.(pull request #31 thanks @stephen-kainos)
Jose Luis Ruiz [email protected]:
- Add MariaDB support ( (pull reques #3 thanks @ialokin)
- Permit admin to disable auto_ignore for files which change more than three times. (pull request #24 thanks @cmblong)
- Change fqdn_rand(3000) to a variable to allow us to increase the number of available clients. (pull request #25 thanks @cmblong)
- Can now set a minimal activeresponse entry containing just repeated_offenders by defining $ar_repeated_offenders in the wazuh::client. (pull request #26 thanks @ialokin)
- Add variable to enable prefilter command. (pull request #27 thanks @cmblong)
- Set service provider to redhat on Redhat systems. (pull request #28 thanks @cmblong))
Jose Luis Ruiz [email protected]:
- Fix windows installation error in params. (pull request #20 thanks @cmblong)
- Added support for repeated_offenders in activeresponse (pull request #21 thanks @ialokin)
Jose Luis Ruiz [email protected]:
- Extra rules config to integrate Wazuh ruleset. (pull request #17 thanks @TravellingGUy)
- Allow configuration of the email_maxperhour and email_idsname configuration items. (pull request #18 thanks @TravellingGUy)
- Fix bug in client exported resources (pull request #19 thanks @scottcunningham)
Jose Luis Ruiz [email protected]:
- Allow the agent identity to be modified. (pull request #10 thanks @damoxc)
- prevent the agent-auth command being used. (pull request #11 thanks @damoxc)
- Change log directory to only be readable by user and group. (pull request #12 thanks @damoxc)
- Add the ability to configure a MySQL database with OSSEC server. (pull request #14 thanks @coreone)
Jose Luis Ruiz [email protected]:
- Fix some typos with puppet-lint.
2016-02-05 Jose Luis Ruiz [email protected] - 2.0.7
Jose Luis Ruiz [email protected]:
- Run agent-auth if client.keys doesn't exist an agent. (pull request #9 thanks @TravellingGuy)
2016-02-03 Jose Luis Ruiz [email protected] - 2.0.6
Jose Luis Ruiz [email protected]:
- Add ability to manage epel repo to master/client configs (pull request #4 thanks @justicel)
- The @path uses the puppet level path variable (pull request #5 thanks @justicel)
- Allow whitelisting of IP addreses (thanks @chaordix)
- Provides an option to tell the puppet module to not manage the client.keys file at all. (pull request #7 thanks @TravellingGuy)
2016-01-19 Jose Luis Ruiz [email protected] - 2.0.5
Jose Luis Ruiz [email protected]:
- Add multiple email_to addresses
- Adding support for server-hostname in agent config (pull request #3 thanks @alustenberg)
- Adding ossec_scanpaths configuration thanks to @djjudas21 repository
2015-12-21 Jose Luis Ruiz [email protected] - 2.0.4
Jose Luis Ruiz [email protected]:
- Add manage_repo option on client.pp (issue #2 reported by @cudgel)
- Add new repo for RHEL5 and CentOS5 have different rpm signature.
2015-12-02 Jose Luis Ruiz [email protected] - 2.0.3
Jose Luis Ruiz [email protected]:
- Fix server package name for Ubuntu (thanks to @HielkeJ for Pull request)
- Add full fingerprint for Ubuntu and Debian (thanks to @HielkeJ for Pull request)
2015-10-13 Jose Luis Ruiz [email protected] - 2.0.2
Jose Luis Ruiz [email protected]:
- Update Windows Agent to version 2.8.3
- Update packaget to Ubuntu Vivid and Wily
- Update packages to Debian Stretch and Sid
2015-10-13 Jose Luis Ruiz [email protected] - 2.0.1
Jose Luis Ruiz [email protected]:
- Update Windows Agent to version 2.8.1
- Fix a bug with the Windows Agent ID, now use for all systems fqdn_rand to generate the client.keys ID
2015-09-16 Jose Luis Ruiz [email protected] - 2.0.0
Jose Luis Ruiz [email protected]:
- Update for all kind of Windows
- Change repos to Wazuh, Inc.
2015-09-16 Michael Porter [email protected] - 2.0.0
Michael Porter [email protected]:
- Allow skipping MySQL dependency, disabling active response, and executing rootcheck
- Windows agent support
- Use Puppet md5 support, instead of adding parser function
- Utilize centralized agent configuration
- Various clean-up and reorganization of Puppet module structure
- Utilize 'hostname' instead of 'uniqueid' for agent ID, due to uniqueid not existing on Windows, and not necessarily being unique across the org on Linux
2015-08-21 Jonathan Gazeley [email protected] - 1.7.2
Jonathan Gazeley [email protected]:
- SELinux permissions fix
2015-08-07 Jonathan Gazeley [email protected] - 1.7.0
Jonathan Gazeley [email protected]:
- Use puppetlabs/mysql to manage MySQL client
2015-08-03 Jonathan Gazeley [email protected] - 1.6.2
Jonathan Gazeley [email protected]:
- Fix log directory permissions
2015-07-20 Jonathan Gazeley [email protected] - 1.6.0
Jonathan Gazeley [email protected]:
- Enable SELinux support
2015-07-06 Jonathan Gazeley [email protected] - 1.5.4
Jonathan Gazeley [email protected]:
- Fix regression in log file permissions (thanks to @paulseward)
2015-06-30 Jonathan Gazeley [email protected] - 1.5.3
Jonathan Gazeley [email protected]:
- Fix permissions on log files so logwatch on EL7 doesn't complain
- Key concat::fragment for agentkeys on $agent_name to avoid duplicated resources
2015-06-11 Jonathan Gazeley [email protected] - 1.5.1
Jonathan Gazeley [email protected]:
- Stop using andyshinn/atomic and configure Atomicorp's OSSEC repo locally
2015-06-10 Jonathan Gazeley [email protected] - 1.4.2
Jonathan Gazeley [email protected]:
- Fix regression that breaks behaviour on CentOS 6 and lower
2015-05-28 Jonathan Gazeley [email protected] - 1.4.1
Jonathan Gazeley [email protected]:
- Email notification is no longer hard-coded in ossec.conf (thanks to @earsdown)
2015-03-02 Jonathan Gazeley [email protected] - 1.4.0
Jonathan Gazeley [email protected]:
- Fix dependency problem by providing EPEL on RHEL (thanks to @otteydw for reporting)
2015-01-16 Jonathan Gazeley [email protected] - 1.3.3
Jonathan Gazeley [email protected]:
- Fix compatibility issue with PuppetServer (thanks to @d9705996)
2014-11-28 Jonathan Gazeley [email protected] - 1.3.0
Jonathan Gazeley [email protected]:
- Add support for Debian "Jessie" (thanks to @ivan7farre)