afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #396 from wazuh/wazuh-release-v3.12.0_7.6.1

Browse Source 
Wazuh release v3.12.0 7.6.1
This commit is contained in:
Manuel J. Bernal 2020-03-25 17:26:17 +01:00 committed by GitHub
commit 018973c8d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 205 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
playbooks/wazuh-agent.yml
View File

@ -1,7 +1,7 @@
--- ---
- hosts: <your wazuh agents hosts> - hosts: <your wazuh agents hosts>
roles: roles:
- /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-agent - ../roles/wazuh/ansible-wazuh-agent
vars: vars:
wazuh_managers: wazuh_managers:
- address: <your manager IP> - address: <your manager IP>
@ -11,6 +11,7 @@
api_proto: 'http' api_proto: 'http'
api_user: ansible api_user: ansible
wazuh_agent_authd: wazuh_agent_authd:
registration_address: <registration IP>
enable: true enable: true
port: 1515 port: 1515
ssl_agent_ca: null ssl_agent_ca: null

2
playbooks/wazuh-elastic.yml
View File

@ -1,5 +1,5 @@
--- ---
- hosts: <YOUR_ELASTICSEARCH_IP> - hosts: <YOUR_ELASTICSEARCH_IP>
roles: roles:
- role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch - role: ../roles/elastic-stack/ansible-elasticsearch
elasticsearch_network_host: '<YOUR_ELASTICSEARCH_IP>' elasticsearch_network_host: '<YOUR_ELASTICSEARCH_IP>'

16
playbooks/wazuh-elastic_stack-distributed.yml
View File

@ -2,7 +2,7 @@
- hosts: <node-1 IP> - hosts: <node-1 IP>
roles: roles:
- role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch - role: ../roles/elastic-stack/ansible-elasticsearch
elasticsearch_network_host: <node-1 IP> elasticsearch_network_host: <node-1 IP>
elasticsearch_node_name: node-1 elasticsearch_node_name: node-1
elasticsearch_bootstrap_node: true elasticsearch_bootstrap_node: true
@ -33,7 +33,7 @@
- hosts: <node-2 IP> - hosts: <node-2 IP>
roles: roles:
- role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch - role: ../roles/elastic-stack/ansible-elasticsearch
elasticsearch_network_host: <node-2 IP> elasticsearch_network_host: <node-2 IP>
elasticsearch_node_name: node-2 elasticsearch_node_name: node-2
single_node: false single_node: false
@ -46,7 +46,7 @@
- hosts: <node-3 IP> - hosts: <node-3 IP>
roles: roles:
- role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch - role: ../roles/elastic-stack/ansible-elasticsearch
elasticsearch_network_host: <node-3 IP> elasticsearch_network_host: <node-3 IP>
elasticsearch_node_name: node-3 elasticsearch_node_name: node-3
single_node: false single_node: false
@ -60,21 +60,21 @@
# - hosts: 172.16.0.162 # - hosts: 172.16.0.162
# roles: # roles:
# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager # - role: ../roles/wazuh/ansible-wazuh-manager
# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat # - role: ../roles/wazuh/ansible-filebeat
# filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 # filebeat_output_elasticsearch_hosts: 172.16.0.161:9200
# filebeat_xpack_security: true # filebeat_xpack_security: true
# filebeat_node_name: node-2 # filebeat_node_name: node-2
# node_certs_generator: false # node_certs_generator: false
# elasticsearch_xpack_security_password: elastic_pass # elasticsearch_xpack_security_password: elastic_pass
# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch # - role: ../roles/elastic-stack/ansible-elasticsearch
# elasticsearch_network_host: 172.16.0.162 # elasticsearch_network_host: 172.16.0.162
# node_name: node-2 # node_name: node-2
# elasticsearch_bootstrap_node: false # elasticsearch_bootstrap_node: false
# elasticsearch_master_candidate: true # elasticsearch_master_candidate: true
# elasticsearch_discovery_nodes: # elasticsearch_discovery_nodes:
# - 172.16.0.161 # - 172.16.0.161
# - 172.16.0.162 # - 172.16.0.162
# elasticsearch_xpack_security: true # elasticsearch_xpack_security: true
@ -83,7 +83,7 @@
# - hosts: 172.16.0.163 # - hosts: 172.16.0.163
# roles: # roles:
# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana # - role: ../roles/elastic-stack/ansible-kibana
# kibana_xpack_security: true # kibana_xpack_security: true
# kibana_node_name: node-3 # kibana_node_name: node-3
# elasticsearch_network_host: 172.16.0.161 # elasticsearch_network_host: 172.16.0.161

12
roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
View File

@ -35,7 +35,7 @@
copy: copy:
src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" src: "{{ master_certs_path }}/ca/{{ ca_key_name }}"
dest: "{{ node_certs_source }}/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}"
mode: '0664' mode: 0440
when: when:
- not generate_CA - not generate_CA
- node_certs_generator - node_certs_generator
@ -45,7 +45,7 @@
copy: copy:
src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}"
dest: "{{ node_certs_source }}/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}"
mode: '0664' mode: 0440
when: when:
- not generate_CA - not generate_CA
- node_certs_generator - node_certs_generator
@ -100,7 +100,7 @@
file: file:
path: "{{ master_certs_path }}" path: "{{ master_certs_path }}"
state: directory state: directory
mode: '0700' mode: 0700
delegate_to: "127.0.0.1" delegate_to: "127.0.0.1"
when: when:
- node_certs_generator - node_certs_generator
@ -109,7 +109,7 @@
file: file:
path: "{{ master_certs_path }}/ca/" path: "{{ master_certs_path }}/ca/"
state: directory state: directory
mode: '0700' mode: 0700
delegate_to: "127.0.0.1" delegate_to: "127.0.0.1"
when: when:
- node_certs_generator - node_certs_generator
@ -149,6 +149,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
- "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
@ -163,6 +164,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
- "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
@ -176,7 +178,7 @@
- name: Ensuring folder permissions - name: Ensuring folder permissions
file: file:
path: "{{ node_certs_destination }}/" path: "{{ node_certs_destination }}/"
mode: '0774' mode: 0774
state: directory state: directory
recurse: yes recurse: yes
when: when:

3
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2
View File

@ -531,6 +531,9 @@
"sha1_before": { "sha1_before": {
"type": "keyword" "type": "keyword"
}, },
"hard_links": {
"type": "keyword"
},
"sha1_after": { "sha1_after": {
"type": "keyword" "type": "keyword"
}, },

9
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 7.6.1 elastic_stack_version: 7.6.1
wazuh_version: 3.11.4 wazuh_version: 3.12.0
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
elasticrepo: elasticrepo:
@ -43,8 +43,11 @@ nodejs:
repo_dict: repo_dict:
debian: "deb" debian: "deb"
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_8.x" repo_url_ext: "nodesource.com/setup_10.x"
# Build from sources # Build from sources
build_from_sources: false build_from_sources: false
wazuh_plugin_branch: 3.11-7.6 wazuh_plugin_branch: 3.12-7.6
#Nodejs NODE_OPTIONS
node_options: --max-old-space-size=4096

6
roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml
View File

@ -14,7 +14,7 @@
get_url: get_url:
url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
dest: "/tmp/setup_nodejs_repo.sh" dest: "/tmp/setup_nodejs_repo.sh"
mode: "0700" mode: 0700
- name: Execute downloaded script to install Nodejs repo - name: Execute downloaded script to install Nodejs repo
command: /tmp/setup_nodejs_repo.sh command: /tmp/setup_nodejs_repo.sh
@ -63,9 +63,7 @@
chdir: "/tmp/app/build" chdir: "/tmp/app/build"
- name: Install Wazuh Plugin (can take a while) - name: Install Wazuh Plugin (can take a while)
shell: "/usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}" shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install file:///tmp/app/build/{{ wazuhapp_package_name.stdout }}
environment:
NODE_OPTIONS: "--max-old-space-size=3072"
args: args:
executable: /bin/bash executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json creates: /usr/share/kibana/plugins/wazuh/package.json

31
roles/elastic-stack/ansible-kibana/tasks/main.yml
View File

@ -28,6 +28,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
- "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt"
@ -41,7 +42,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: '0664' mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
- "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt"
@ -65,7 +66,7 @@
- name: Ensuring certificates folder owner - name: Ensuring certificates folder owner
file: file:
path: "{{ node_certs_destination }}/" path: "{{ node_certs_destination }}/"
mode: '0770' mode: 0770
recurse: yes recurse: yes
when: when:
- kibana_xpack_security - kibana_xpack_security
@ -78,7 +79,7 @@
dest: /etc/kibana/kibana.yml dest: /etc/kibana/kibana.yml
owner: root owner: root
group: root group: root
mode: '0664' mode: 0644
notify: restart kibana notify: restart kibana
tags: configure tags: configure
@ -117,11 +118,10 @@
- build_from_sources is defined - build_from_sources is defined
- build_from_sources - build_from_sources
- name: Install Wazuh Plugin (can take a while) - name: Install Wazuh Plugin (can take a while)
shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip" shell: >-
environment: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana-plugin install
NODE_OPTIONS: "--max-old-space-size=3072" {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip
args: args:
executable: /bin/bash executable: /bin/bash
creates: /usr/share/kibana/plugins/wazuh/package.json creates: /usr/share/kibana/plugins/wazuh/package.json
@ -135,6 +135,16 @@
when: when:
- not build_from_sources - not build_from_sources
- name: Kibana optimization (can take a while)
shell: NODE_OPTIONS="{{ node_options }}" /usr/share/kibana/bin/kibana --optimize
args:
executable: /bin/bash
become: yes
become_user: kibana
changed_when: false
tags:
- skip_ansible_lint
- name: Wait for Elasticsearch port - name: Wait for Elasticsearch port
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }}
@ -151,10 +161,15 @@
validate_certs: no validate_certs: no
status_code: 200, 404 status_code: 200, 404
- name: Create wazuh plugin config directory
file:
path: /usr/share/kibana/optimize/wazuh/config/
state: directory
- name: Configure Wazuh Kibana Plugin - name: Configure Wazuh Kibana Plugin
template: template:
src: wazuh.yml.j2 src: wazuh.yml.j2
dest: /usr/share/kibana/plugins/wazuh/wazuh.yml dest: /usr/share/kibana/optimize/wazuh/config/wazuh.yml
owner: kibana owner: kibana
group: root group: root
mode: 0644 mode: 0644

6
roles/wazuh/ansible-filebeat/tasks/config.yml
View File

@ -5,7 +5,7 @@
dest: "/etc/filebeat/filebeat.yml" dest: "/etc/filebeat/filebeat.yml"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0400
notify: restart filebeat notify: restart filebeat
tags: configure tags: configure
@ -15,7 +15,7 @@
dest: "/etc/filebeat/wazuh-template.json" dest: "/etc/filebeat/wazuh-template.json"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0400
notify: restart filebeat notify: restart filebeat
tags: configure tags: configure
@ -30,7 +30,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}"
mode: 0644 mode: 0400
with_items: with_items:
- "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_key_file }}"
- "{{ filebeat_ssl_certificate_file }}" - "{{ filebeat_ssl_certificate_file }}"

4
roles/wazuh/ansible-filebeat/tasks/main.yml
View File

@ -30,6 +30,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
- "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
@ -43,6 +44,7 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_certs_destination }}/" dest: "{{ node_certs_destination }}/"
mode: 0440
with_items: with_items:
- "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
- "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
@ -55,7 +57,7 @@
- name: Ensuring folder & certs permissions - name: Ensuring folder & certs permissions
file: file:
path: "{{ node_certs_destination }}/" path: "{{ node_certs_destination }}/"
mode: '0774' mode: 0774
state: directory state: directory
recurse: yes recurse: yes
when: when:

3
roles/wazuh/ansible-wazuh-agent/README.md
View File

@ -37,11 +37,12 @@ The following is an example of how this role can be used:
api_proto: 'http' api_proto: 'http'
api_user: 'ansible' api_user: 'ansible'
wazuh_agent_authd: wazuh_agent_authd:
registration_address: 127.0.0.1
enable: true enable: true
port: 1515 port: 1515
ssl_agent_ca: null ssl_agent_ca: null
ssl_auto_negotiate: 'no' ssl_auto_negotiate: 'no'
License and copyright License and copyright
--------------------- ---------------------

153
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_agent_version: 3.11.4-1 wazuh_agent_version: 3.12.0-1
# Custom packages installation # Custom packages installation
@ -12,7 +12,7 @@ wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaw
wazuh_agent_sources_installation: wazuh_agent_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
user_language: "y" user_language: "y"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "agent" user_install_type: "agent"
@ -43,9 +43,11 @@ wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_agent_authd: wazuh_agent_authd:
registration_address: 127.0.0.1
enable: false enable: false
port: 1515 port: 1515
agent_name: null agent_name: null
groups: []
ssl_agent_ca: null ssl_agent_ca: null
ssl_agent_cert: null ssl_agent_cert: null
ssl_agent_key: null ssl_agent_key: null
@ -60,9 +62,10 @@ wazuh_winagent_config:
auth_path: C:\Program Files\ossec-agent\agent-auth.exe auth_path: C:\Program Files\ossec-agent\agent-auth.exe
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
md5: 87ce22038688efb44d95f9daff472056 check_md5: True
wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi md5: 91efaefae4e1977670eab0c768a22a93
wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.0-1.msi
wazuh_winagent_package_name: wazuh-agent-3.12.0-1.msi
wazuh_agent_config: wazuh_agent_config:
repo: repo:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
@ -84,8 +87,17 @@ wazuh_agent_config:
scan_on_start: 'yes' scan_on_start: 'yes'
auto_ignore: 'no' auto_ignore: 'no'
alert_new_files: 'yes' alert_new_files: 'yes'
win_audit_interval: 300 win_audit_interval: 60
skip_nfs: 'yes' skip_nfs: 'yes'
skip_dev: 'yes'
skip_proc: 'yes'
skip_sys: 'yes'
process_priority: 10
max_eps: 100
sync_enabled: 'yes'
sync_interval: '5m'
sync_max_interval: '1h'
sync_max_eps: 10
ignore: ignore:
- /etc/mtab - /etc/mtab
- /etc/hosts.deny - /etc/hosts.deny
@ -99,11 +111,7 @@ wazuh_agent_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
ignore_win: ignore_win:
- '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
@ -111,106 +119,39 @@ wazuh_agent_config:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: ''
win_directories: win_directories:
- dirs: '%WINDIR%\regedit.exe' - dirs: '%WINDIR%'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"'
- dirs: '%WINDIR%\system.ini' - dirs: '%WINDIR%\SysNative'
checks: 'check_all="yes"' checks: >-
- dirs: '%WINDIR%\win.ini' recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|
checks: 'check_all="yes"' net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$"
- dirs: '%WINDIR%\SysNative\at.exe' - dirs: '%WINDIR%\SysNative\drivers\etc%'
checks: 'check_all="yes"' checks: 'recursion_level="0"'
- dirs: '%WINDIR%\SysNative\attrib.exe' - dirs: '%WINDIR%\SysNative\wbem'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="WMIC.exe$"'
- dirs: '%WINDIR%\SysNative\cacls.exe' - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="powershell.exe$"'
- dirs: '%WINDIR%\SysNative\cmd.exe' - dirs: '%WINDIR%\SysNative'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="winrm.vbs$"'
- dirs: '%WINDIR%\SysNative\drivers\etc' - dirs: '%WINDIR%\System32'
checks: 'check_all="yes"' checks: >-
- dirs: '%WINDIR%\SysNative\eventcreate.exe' recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$|
checks: 'check_all="yes"' netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$"
- dirs: '%WINDIR%\SysNative\ftp.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\lsass.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\net.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\net1.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\netsh.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\reg.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\regedt32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\regsvr32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\runas.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\sc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\schtasks.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\sethc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\subst.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\wbem\WMIC.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\winrm.vbs'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\at.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\attrib.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\cacls.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\cmd.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\drivers\etc' - dirs: '%WINDIR%\System32\drivers\etc'
checks: 'check_all="yes"' checks: 'recursion_level="0"'
- dirs: '%WINDIR%\System32\eventcreate.exe' - dirs: '%WINDIR%\System32\wbem'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="WMIC.exe$"'
- dirs: '%WINDIR%\System32\ftp.exe' - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="powershell.exe$"'
- dirs: '%WINDIR%\System32\net.exe' - dirs: '%WINDIR%\System32'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="winrm.vbs$"'
- dirs: '%WINDIR%\System32\net1.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\netsh.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\reg.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regedit.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regedt32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regsvr32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\runas.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\sc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\schtasks.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\sethc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\subst.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\wbem\WMIC.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\winrm.vbs'
checks: 'check_all="yes"'
- dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
checks: 'check_all="yes" realtime="yes"' checks: 'realtime="yes"'
windows_registry: windows_registry:
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'

21
roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
View File

@ -68,7 +68,7 @@
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
-A {{ wazuh_agent_authd.agent_name }} -A {{ wazuh_agent_authd.agent_name }}
{% endif %} {% endif %}
-m {{ wazuh_managers.0.address }} -m {{ wazuh_agent_authd.registration_address }}
-p {{ wazuh_agent_authd.port }} -p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_nat %} -I "any" {% endif %} {% if wazuh_agent_nat %} -I "any" {% endif %}
{% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %}
@ -82,19 +82,22 @@
-k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %} {% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
-G "{{ wazuh_agent_authd.groups | join(',') }}"
{% endif %}
register: agent_auth_output register: agent_auth_output
notify: restart wazuh-agent notify: restart wazuh-agent
vars: vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
- name: Linux | Verify agent registration - name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key created" shell: echo {{ agent_auth_output }} | grep "Valid key created"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
when: wazuh_agent_authd.enable when: wazuh_agent_authd.enable
tags: tags:
@ -109,7 +112,7 @@
- name: Linux | Create the agent key via rest-API - name: Linux | Create the agent key via rest-API
uri: uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/" url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/"
validate_certs: false validate_certs: false
method: POST method: POST
body: '{"name":"{{ agent_name }}"}' body: '{"name":"{{ agent_name }}"}'
@ -126,13 +129,15 @@
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}" agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
become: false become: false
ignore_errors: true ignore_errors: true
- name: Linux | Retieve new agent data via rest-API - name: Linux | Retieve new agent data via rest-API
uri: uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}" url: >-
"{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address
}}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}"
validate_certs: false validate_certs: false
method: GET method: GET
return_content: true return_content: true
@ -140,7 +145,7 @@
password: "{{ api_pass }}" password: "{{ api_pass }}"
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
- newagent_api.json.error == 0 - newagent_api.json.error == 0
register: newagentdata_api register: newagentdata_api
delegate_to: localhost delegate_to: localhost
@ -158,7 +163,7 @@
register: manage_agents_output register: manage_agents_output
when: when:
- not check_keys.stat.exists or check_keys.stat.size == 0 - not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
- newagent_api.changed - newagent_api.changed
notify: restart wazuh-agent notify: restart wazuh-agent

7
roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
View File

@ -38,6 +38,9 @@
register: wazuh_agent_status register: wazuh_agent_status
failed_when: failed_when:
- wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5 - wazuh_agent_status.stat.checksum != wazuh_winagent_config.md5
when:
- wazuh_winagent_config.check_md5
- name: Windows | Install Agent if not already installed - name: Windows | Install Agent if not already installed
win_package: win_package:
@ -59,7 +62,7 @@
- name: Windows | Register agent - name: Windows | Register agent
win_shell: > win_shell: >
{{ wazuh_agent_win_auth_path }} {{ wazuh_agent_win_auth_path }}
-m {{ wazuh_managers.0.address }} -m {{ wazuh_agent_authd.registration_address }}
-p {{ wazuh_agent_authd.port }} -p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} {% if wazuh_agent_authd.agent_name is defined %}-A {{ wazuh_agent_authd.agent_name }} {% endif %}
{% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %}
@ -68,7 +71,7 @@
when: when:
- wazuh_agent_authd.enable - wazuh_agent_authd.enable
- not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - not check_windows_key.stat.exists or check_windows_key.stat.size == 0
- wazuh_managers.0.address is not none - wazuh_agent_authd.registration_address is not none
tags: tags:
- config - config

2
roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
View File

@ -76,7 +76,7 @@
dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root owner: root
group: root group: root
mode: '644' mode: 0644
changed_when: false changed_when: false
- name: Executing "install.sh" script to build and install the Wazuh Agent - name: Executing "install.sh" script to build and install the Wazuh Agent

29
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -61,7 +61,6 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
<windows_audit>./shared/win_audit_rcl.txt</windows_audit>
<windows_apps>./shared/win_applications_rcl.txt</windows_apps> <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
<windows_malware>./shared/win_malware_rcl.txt</windows_malware> <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
{% endif %} {% endif %}
@ -186,13 +185,13 @@
{% if wazuh_agent_config.sca.skip_nfs | length > 0 %} {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.day | length > 0 %} {% if wazuh_agent_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.wday | length > 0 %} {% if wazuh_agent_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.time | length > 0 %} {% if wazuh_agent_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
@ -203,7 +202,6 @@
<syscheck> <syscheck>
<disabled>no</disabled> <disabled>no</disabled>
<!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> --> <!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
@ -247,8 +245,11 @@
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
{% endfor %} {% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
<skip_dev>{{ wazuh_agent_config.syscheck.skip_dev }}</skip_dev>
<skip_proc>{{ wazuh_agent_config.syscheck.skip_proc }}</skip_proc>
<skip_sys>{{ wazuh_agent_config.syscheck.skip_sys }}</skip_sys>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
@ -275,6 +276,20 @@
<!-- Frequency for ACL checking (seconds) --> <!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval> <windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %} {% endif %}
<!-- Nice value for Syscheck module -->
<process_priority>{{ wazuh_agent_config.syscheck.process_priority }}</process_priority>
<!-- Maximum output throughput -->
<max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>{{ wazuh_agent_config.syscheck.sync_enabled }}</enabled>
<interval>{{ wazuh_agent_config.syscheck.sync_interval }}</interval>
<max_interval>{{ wazuh_agent_config.syscheck.sync_max_interval }}</max_interval>
<max_eps>{{ wazuh_agent_config.syscheck.sync_max_eps }}</max_eps>
</synchronization>
</syscheck> </syscheck>
{% endif %} {% endif %}
@ -293,7 +308,7 @@
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
{% for localfile in wazuh_agent_config.localfiles.linux %} {% for localfile in wazuh_agent_config.localfiles.linux %}
<localfile> <localfile>
<log_format>{{ localfile.format }}</log_format> <log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}

27
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_version: 3.11.4-1 wazuh_manager_version: 3.12.0-1
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present wazuh_manager_package_state: present
@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.
# Sources installation # Sources installation
wazuh_manager_sources_installation: wazuh_manager_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
user_language: "en" user_language: "en"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "server" user_install_type: "server"
@ -40,7 +40,7 @@ wazuh_manager_sources_installation:
wazuh_api_sources_installation: wazuh_api_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
update: "y" update: "y"
remove: "y" remove: "y"
directory: null directory: null
@ -105,7 +105,7 @@ wazuh_manager_config:
authd: authd:
enable: true enable: true
port: 1515 port: 1515
use_source_ip: 'yes' use_source_ip: 'no'
force_insert: 'yes' force_insert: 'yes'
force_time: 0 force_time: 0
purge: 'yes' purge: 'yes'
@ -166,24 +166,29 @@ wazuh_manager_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
no_diff: no_diff:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: ''
auto_ignore_frequency: auto_ignore_frequency:
frequency: 'frequency="10"' frequency: 'frequency="10"'
timeframe: 'timeframe="3600"' timeframe: 'timeframe="3600"'
value: 'no' value: 'no'
skip_nfs: 'yes' skip_nfs: 'yes'
skip_dev: 'yes'
skip_proc: 'yes'
skip_sys: 'yes'
process_priority: 10
max_eps: 100
sync_enabled: 'yes'
sync_interval: '5m'
sync_max_interval: '1h'
sync_max_eps: 10
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:
@ -409,3 +414,5 @@ nodejs:
debian: "deb" debian: "deb"
redhat: "rpm" redhat: "rpm"
repo_url_ext: "nodesource.com/setup_10.x" repo_url_ext: "nodesource.com/setup_10.x"
agent_groups: [] # groups to create

6
roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
View File

@ -60,7 +60,7 @@
path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}"
state: directory state: directory
# When downloading "v3.11.0" extracted folder name is 3.11.0. # When downloading "v3.11.0" extracted folder name is 3.11.0.
# Explicitly creating the folder with proper naming and striping first level in .tar.gz file # Explicitly creating the folder with proper naming and striping first level in .tar.gz file
@ -91,7 +91,7 @@
dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf"
owner: root owner: root
group: root group: root
mode: '644' mode: 0644
- name: Executing "install.sh" script to build and install the Wazuh Manager - name: Executing "install.sh" script to build and install the Wazuh Manager
shell: ./install.sh > /tmp/build_wazuh_manager_log.txt shell: ./install.sh > /tmp/build_wazuh_manager_log.txt
@ -167,7 +167,7 @@
dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf"
owner: root owner: root
group: root group: root
mode: '644' mode: 0644
- name: Execute Wazuh API installation script - name: Execute Wazuh API installation script
shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt

10
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -18,7 +18,7 @@
get_url: get_url:
url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}"
dest: /etc/nodejs.sh dest: /etc/nodejs.sh
mode: '0775' mode: 0775
changed_when: false changed_when: false
- name: Run NodeJS bash script - name: Run NodeJS bash script
@ -351,6 +351,14 @@
tags: tags:
- config - config
- name: Create agent groups
command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q"
with_items:
- "{{ agent_groups }}"
when:
- ( agent_groups is defined) and ( agent_groups|length > 0)
tags: molecule-idempotence-notest
- include_tasks: "RMRedHat.yml" - include_tasks: "RMRedHat.yml"
when: when:
- ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - ansible_os_family == "RedHat" or ansible_os_family == "Amazon"

34
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -245,13 +245,13 @@
{% if wazuh_manager_config.sca.skip_nfs | length > 0 %} {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.day | length > 0 %} {% if wazuh_manager_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.wday | length > 0 %} {% if wazuh_manager_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.time | length > 0 %} {% if wazuh_manager_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
@ -295,7 +295,6 @@
<syscheck> <syscheck>
<disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled> <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files> <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
@ -333,6 +332,29 @@
{% if wazuh_manager_config.syscheck.skip_nfs is defined %} {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
<skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.syscheck.skip_dev is defined %}
<skip_dev>{{ wazuh_manager_config.syscheck.skip_dev }}</skip_dev>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_proc is defined %}
<skip_proc>{{ wazuh_manager_config.syscheck.skip_proc }}</skip_proc>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_sys is defined %}
<skip_sys>{{ wazuh_manager_config.syscheck.skip_sys }}</skip_sys>
{% endif %}
<!-- Nice value for Syscheck module -->
<process_priority>{{ wazuh_manager_config.syscheck.process_priority }}</process_priority>
<!-- Maximum output throughput -->
<max_eps>{{ wazuh_manager_config.syscheck.max_eps }}</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>{{ wazuh_manager_config.syscheck.sync_enabled }}</enabled>
<interval>{{ wazuh_manager_config.syscheck.sync_interval }}</interval>
<max_interval>{{ wazuh_manager_config.syscheck.sync_max_interval }}</max_interval>
<max_eps>{{ wazuh_manager_config.syscheck.sync_max_eps }}</max_eps>
</synchronization>
</syscheck> </syscheck>
<global> <global>
@ -471,7 +493,7 @@
{% endfor %} {% endfor %}
{% endif -%} {% endif -%}
{% if ansible_os_family == "RedHat" %} {% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %} {% for localfile in wazuh_manager_config.localfiles.centos %}
<localfile> <localfile>
@ -579,7 +601,7 @@
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %} {% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers> <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca> <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
{% endif %} {% endif %}

1
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
View File

@ -8,7 +8,6 @@
<auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore> <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
{% endif %} {% endif %}
<alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files> <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ agent_config.syscheck.frequency }}</frequency> <frequency>{{ agent_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ agent_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ agent_config.syscheck.scan_on_start }}</scan_on_start>