afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating manager configuration templates and vars

Browse Source
This commit is contained in:
Zenidd 2020-03-25 12:49:49 +01:00
parent 14307bd22a
commit 0019c7fdf2
3 changed files with 40 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -111,11 +111,7 @@ wazuh_agent_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
ignore_win: ignore_win:
- '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'

19
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -105,7 +105,7 @@ wazuh_manager_config:
authd: authd:
enable: true enable: true
port: 1515 port: 1515
use_source_ip: 'yes' use_source_ip: 'no'
force_insert: 'yes' force_insert: 'yes'
force_time: 0 force_time: 0
purge: 'yes' purge: 'yes'
@ -166,24 +166,29 @@ wazuh_manager_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
no_diff: no_diff:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: ''
auto_ignore_frequency: auto_ignore_frequency:
frequency: 'frequency="10"' frequency: 'frequency="10"'
timeframe: 'timeframe="3600"' timeframe: 'timeframe="3600"'
value: 'no' value: 'no'
skip_nfs: 'yes' skip_nfs: 'yes'
skip_dev: 'yes'
skip_proc: 'yes'
skip_sys: 'yes'
process_priority: 10
max_eps: 100
sync_enabled: 'yes'
sync_interval: '5m'
sync_max_interval: '1h'
sync_max_eps: 10
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:

33
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -245,13 +245,13 @@
{% if wazuh_manager_config.sca.skip_nfs | length > 0 %} {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.day | length > 0 %} {% if wazuh_manager_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.wday | length > 0 %} {% if wazuh_manager_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.time | length > 0 %} {% if wazuh_manager_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
@ -332,6 +332,29 @@
{% if wazuh_manager_config.syscheck.skip_nfs is defined %} {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
<skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.syscheck.skip_dev is defined %}
<skip_dev>{{ wazuh_manager_config.syscheck.skip_dev }}</skip_dev>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_proc is defined %}
<skip_proc>{{ wazuh_manager_config.syscheck.skip_proc }}</skip_proc>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_sys is defined %}
<skip_sys>{{ wazuh_manager_config.syscheck.skip_sys }}</skip_sys>
{% endif %}
<!-- Nice value for Syscheck module -->
<process_priority>{{ wazuh_agent_config.syscheck.process_priority }}</process_priority>
<!-- Maximum output throughput -->
<max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>{{ wazuh_agent_config.syscheck.sync_enabled }}</enabled>
<interval>{{ wazuh_agent_config.syscheck.interval }}</interval>
<max_interval>{{ wazuh_agent_config.syscheck.max_interval }}</max_interval>
<max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
</synchronization>
</syscheck> </syscheck>
<global> <global>
@ -470,7 +493,7 @@
{% endfor %} {% endfor %}
{% endif -%} {% endif -%}
{% if ansible_os_family == "RedHat" %} {% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %} {% for localfile in wazuh_manager_config.localfiles.centos %}
<localfile> <localfile>
@ -578,7 +601,7 @@
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %} {% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers> <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca> <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
{% endif %} {% endif %}