diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 75c21d3c..953da95e 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -111,11 +111,7 @@ wazuh_agent_config:
- /etc/cups/certs
- /etc/dumpdates
- /etc/svc/volatile
- - /sys/kernel/security
- - /sys/kernel/debug
- - /dev/core
ignore_linux_type:
- - '^/proc'
- '.log$|.swp$'
ignore_win:
- '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index a4ce627f..db4f8841 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -105,7 +105,7 @@ wazuh_manager_config:
authd:
enable: true
port: 1515
- use_source_ip: 'yes'
+ use_source_ip: 'no'
force_insert: 'yes'
force_time: 0
purge: 'yes'
@@ -166,24 +166,29 @@ wazuh_manager_config:
- /etc/cups/certs
- /etc/dumpdates
- /etc/svc/volatile
- - /sys/kernel/security
- - /sys/kernel/debug
- - /dev/core
ignore_linux_type:
- - '^/proc'
- '.log$|.swp$'
no_diff:
- /etc/ssl/private.key
directories:
- dirs: /etc,/usr/bin,/usr/sbin
- checks: 'check_all="yes"'
+ checks: ''
- dirs: /bin,/sbin,/boot
- checks: 'check_all="yes"'
+ checks: ''
auto_ignore_frequency:
frequency: 'frequency="10"'
timeframe: 'timeframe="3600"'
value: 'no'
skip_nfs: 'yes'
+ skip_dev: 'yes'
+ skip_proc: 'yes'
+ skip_sys: 'yes'
+ process_priority: 10
+ max_eps: 100
+ sync_enabled: 'yes'
+ sync_interval: '5m'
+ sync_max_interval: '1h'
+ sync_max_eps: 10
rootcheck:
frequency: 43200
openscap:
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index d4340c9b..1a6b59c7 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -245,13 +245,13 @@
{% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
yes
{% endif %}
- {% if wazuh_manager_config.sca.day | length > 0 %}
+ {% if wazuh_manager_config.sca.day | length > 0 %}
yes
{% endif %}
- {% if wazuh_manager_config.sca.wday | length > 0 %}
+ {% if wazuh_manager_config.sca.wday | length > 0 %}
yes
{% endif %}
- {% if wazuh_manager_config.sca.time | length > 0 %}
+ {% if wazuh_manager_config.sca.time | length > 0 %}
{% endif %}
@@ -332,6 +332,29 @@
{% if wazuh_manager_config.syscheck.skip_nfs is defined %}
{{ wazuh_manager_config.syscheck.skip_nfs }}
{% endif %}
+ {% if wazuh_manager_config.syscheck.skip_dev is defined %}
+ {{ wazuh_manager_config.syscheck.skip_dev }}
+ {% endif %}
+ {% if wazuh_manager_config.syscheck.skip_proc is defined %}
+ {{ wazuh_manager_config.syscheck.skip_proc }}
+ {% endif %}
+ {% if wazuh_manager_config.syscheck.skip_sys is defined %}
+ {{ wazuh_manager_config.syscheck.skip_sys }}
+ {% endif %}
+
+
+ {{ wazuh_agent_config.syscheck.process_priority }}
+
+
+ {{ wazuh_agent_config.syscheck.max_eps }}
+
+
+
+ {{ wazuh_agent_config.syscheck.sync_enabled }}
+ {{ wazuh_agent_config.syscheck.interval }}
+ {{ wazuh_agent_config.syscheck.max_interval }}
+ {{ wazuh_agent_config.syscheck.max_eps }}
+
@@ -470,7 +493,7 @@
{% endfor %}
{% endif -%}
-{% if ansible_os_family == "RedHat" %}
+{% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %}
@@ -578,7 +601,7 @@
{% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %}
{{wazuh_manager_config.authd.ciphers}}
- {% endif %}
+ {% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}
{% endif %}