Andrés Felipe Marulanda Hernández
afa2ad2b05
El paquete 'libopenscap8' fue reemplazado por 'openscap-scanner' en distribuciones recientes como Ubuntu 24.04, lo que causaba un fallo en la instalación. Se reintroduce la lógica condicional para seleccionar el nombre del paquete correcto según la versión del sistema operativo, restaurando la compatibilidad del rol.
131 lines
4.2 KiB
YAML
131 lines
4.2 KiB
YAML
---
|
|
- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
- acl
|
|
state: present
|
|
cache_valid_time: 3600
|
|
install_recommends: false
|
|
register: wazuh_manager_https_packages_installed
|
|
until: wazuh_manager_https_packages_installed is succeeded
|
|
|
|
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
|
|
become: true
|
|
shell: |
|
|
set -o pipefail
|
|
curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add -
|
|
args:
|
|
# warn: false
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Download Wazuh repository key
|
|
get_url:
|
|
url: "{{ wazuh_manager_config.repo.gpg }}"
|
|
dest: "{{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Import Wazuh GPG key
|
|
command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
args:
|
|
creates: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
|
|
- name: Debian/Ubuntu | Set permissions for Wazuh GPG key
|
|
file:
|
|
path: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
mode: '0644'
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Add Wazuh repositories
|
|
apt_repository:
|
|
filename: wazuh_repo
|
|
repo: "{{ wazuh_manager_config.repo.apt }}"
|
|
state: present
|
|
update_cache: true
|
|
changed_when: false
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
|
|
set_fact:
|
|
cis_distribution_filename: cis_debian_linux_rcl.txt
|
|
|
|
- name: Debian/Ubuntu | Install OpenJDK-8 repo
|
|
apt_repository:
|
|
repo: 'ppa:openjdk-r/ppa'
|
|
state: present
|
|
update_cache: true
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- when:
|
|
- wazuh_manager_config.cis_cat.disable == 'no'
|
|
- wazuh_manager_config.cis_cat.install_java == 'yes'
|
|
block:
|
|
- name: Debian/Ubuntu | Install OpenJDK 1.8
|
|
apt: name=openjdk-8-jre state=present cache_valid_time=3600
|
|
tags:
|
|
- init
|
|
|
|
# Código modificado por Andres F. Marulanda...
|
|
|
|
- name: Debian/Ubuntu | Install OpenScap
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ openscap_packages }}"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
tags:
|
|
- init
|
|
register: wazuh_manager_openscap_installed
|
|
until: wazuh_manager_openscap_installed is succeeded
|
|
vars:
|
|
openscap_packages: "{{ (ansible_distribution_version is version('24.04', '>=')) | ternary(['openscap-scanner', 'xsltproc'], ['libopenscap8', 'xsltproc']) }}"
|
|
|
|
- name: Debian/Ubuntu | Get OpenScap installed version
|
|
shell: "dpkg-query --showformat='${Version}' --show {{ openscap_package_name }}"
|
|
register: openscap_version
|
|
changed_when: false
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
vars:
|
|
openscap_package_name: "{{ (ansible_distribution_version is version('24.04', '>=')) | ternary('openscap-scanner', 'libopenscap8') }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Check OpenScap version
|
|
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
register: openscap_version_valid
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
|
|
# Modificación hasta acá.
|
|
|
|
- name: Debian/Ubuntu | Install wazuh-manager
|
|
apt:
|
|
name:
|
|
- "wazuh-manager={{ wazuh_manager_version }}-*"
|
|
state: present
|
|
tags: init
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- include_tasks: "installation_from_custom_packages.yml"
|
|
when:
|
|
- wazuh_custom_packages_installation_manager_enabled
|