Merge pull request #56 from wazuh/3.10.0_7.3.2-bump

Bump version

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Chef v3.10.0_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.0_7.3.2
+
 ## Wazuh Chef v3.9.5_7.2.1
 
 ### Added

README.md

@@ -17,35 +17,6 @@ There is software that must be installed to ensure the correct installation.
 - Wget
 - Chef Server Core v12.19.31
 
-### In case you're using SysV Init systems with Elasticsearch and Kibana 7.2.0
-
-#### Related to Elasticsearch
-
-Elasticsearch 7.2.0 is not able to use their bundled JDK in SysV init, resulting in a startup failure.
-
-In order to workaround this problem you can create a symbolic link:
-
-```
-ln -s /usr/share/elasticsearch/jdk/bin/java /usr/bin/java 
-```
-
-Then start `Elasticsearch`:
-
-```
-service elasticsearch start
-```
-
-Please note that this issue was resolved in Elasticsearch 7.3.
-
-#### Related to Kibana
-
-Kibana 7.2.0 default installation is failing on CentOS 6 reporting that the library `GLIBC_2.14` was not found. 
-
-If you require to use Kibana 7.2.0 in a Sysv system, there is a workaround that fixes the problem [here](https://github.com/elastic/kibana/issues/40388#issuecomment-511237316).
-
-Modifying the Kibana binary is strongly discouraged and we recommend upgrading to 7.2.1 where the problem has been fixed.
-
-
 ## Cookbooks
 
 * [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent)

cookbooks/wazuh_agent/attributes/version.rb

@@ -1 +1 @@
-default['wazuh-agent']['version'] = "3.9.5"
+default['wazuh-agent']['version'] = "3.10.0"

cookbooks/wazuh_elastic/attributes/versions.rb

@@ -1,3 +1,3 @@
-default['wazuh-elastic']['elastic_stack_version'] = '7.2.1'
-default['wazuh-elastic']['wazuh_app_version'] = "3.9.5_7.2.1"
-default['wazuh-elastic']['extensions_version'] = "v3.9.5"
+default['wazuh-elastic']['elastic_stack_version'] = '7.3.2'
+default['wazuh-elastic']['wazuh_app_version'] = "3.10.0_7.3.2"
+default['wazuh-elastic']['extensions_version'] = "v3.10.0"

cookbooks/wazuh_filebeat/attributes/versions.rb

@@ -1,4 +1,4 @@
-default['filebeat']['elastic_stack_version'] = '7.2.1'
-default['filebeat']['wazuh_app_version'] = "3.9.5_7.2.1"
-default['filebeat']['extensions_version'] = "v3.9.5"
+default['filebeat']['elastic_stack_version'] = '7.3.2'
+default['filebeat']['wazuh_app_version'] = "3.10.0_7.3.2"
+default['filebeat']['extensions_version'] = "v3.10.0"
 default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz"

cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb

@@ -1,58 +1,15 @@
 # Wazuh - Filebeat configuration file
-
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
 
 setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
 setup.template.overwrite: true
+setup.ilm.enabled: false
 
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-# Send events directly to Elasticsearch
-output.elasticsearch:
-<%= @elasticsearch_server_ip %>
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
-
-# Optional. Send events to Logstash instead of Elasticsearch
-#output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"]
+output.elasticsearch.hosts: ['http://YOUR_ELASTIC_SERVER_IP:9200']

cookbooks/wazuh_manager/attributes/versions.rb

@@ -1 +1 @@
-default['wazuh-manager']['version'] = "3.9.5"
+default['wazuh-manager']['version'] = "3.10.0"