Merge 4.7.0 into master

CHANGELOG.md

@@ -19,6 +19,12 @@ All notable changes to this project will be documented in this file.
 
 - Update to [Wazuh v4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
 
+## [v4.5.3]
+
+### Added
+
+- Update to [Wazuh v4.5.3](https://github.com/wazuh/wazuh/blob/v4.5.3/CHANGELOG.md#v453)
+
 ## [v4.5.2]
 
 ### Added

README.md

@@ -19,6 +19,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
 | v4.8.0        |         |        |
 | v4.7.0        |         |        |
 | v4.6.0        |         |        |
+| v4.5.3        |         |        |
 | v4.5.2        |         |        |
 | v4.5.1        |         |        |
 | v4.5.0        |         |        |

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -52,8 +52,7 @@ wazuh_winagent_config:
   auth_path: C:\Program Files\ossec-agent\agent-auth.exe
   # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
   auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
-  check_md5: True
-  md5: 3823a34bb108b9ad4e9fb43cb8f0b4e3
+  check_sha512: True
 
 wazuh_dir: "/var/ossec"
 

roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml

@@ -30,17 +30,29 @@
   when:
     - not wazuh_package_downloaded.stat.exists
 
+- name: Windows | Download SHA512 checksum file
+  win_get_url:
+    url: "{{ wazuh_winagent_sha512_url }}"
+    dest: "{{ wazuh_winagent_config.download_dir }}"
+  when:
+    - wazuh_winagent_config.check_sha512
+
+- name: Extract checksum from SHA512 file
+  win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] }
+  register: extracted_checksum
+  when:
+    - wazuh_winagent_config.check_sha512
+
 - name: Windows | Verify the Wazuh Agent installer
   win_stat:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     get_checksum: true
-    checksum_algorithm: md5
+    checksum_algorithm: sha512
   register: wazuh_agent_status
   failed_when:
-    - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
+    - wazuh_agent_status.stat.checksum != extracted_checksum.stdout_lines[0]
   when:
-    - wazuh_winagent_config.check_md5
-
+    - wazuh_winagent_config.check_sha512
 
 - name: Windows | Install Agent if not already installed
   win_package:
@@ -95,3 +107,8 @@
   win_file:
     path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"
     state: absent
+
+- name: Windows | Delete downloaded checksum file
+  win_file:
+    path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512"
+    state: absent

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -189,6 +189,7 @@ wazuh_manager_vulnerability_detector:
       os:
         - 'buster'
         - 'bullseye'
+        - 'bookworm'
       update_interval: '1h'
       name: '"debian"'
     - enabled: 'no'

roles/wazuh/vars/repo.yml

@@ -5,6 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 
 certs_gen_tool_version: 4.8
 

roles/wazuh/vars/repo_pre-release.yml

@@ -5,6 +5,7 @@ wazuh_repo:
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
 wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
 wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
+wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
 
 certs_gen_tool_version: 4.8