afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'devel' into feature-387-kibana-app-changes

Browse Source
This commit is contained in:
Jose M. Garcia 2020-03-26 14:52:28 +01:00 committed by GitHub
commit 05955a89d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 147 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CHANGELOG.md
View File

@ -1,6 +1,27 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [v3.12.0_7.6.1]
### Added
- Update to Wazuh v3.12.0
- Added registration address variable to wazuh-agent playbook ([@Zenidd](https://github.com/Zenidd)) [PR#392](https://github.com/wazuh/wazuh-ansible/pull/392)
### Changed
- Bump NodeJS version to 10.x ([@manuasir](https://github.com/manuasir)) [PR#386](https://github.com/wazuh/wazuh-ansible/pull/386)
- Add flag to enable/disable Windows MD5 check ([@jm404](https://github.com/jm404)) [PR#383](https://github.com/wazuh/wazuh-ansible/pull/383)
- Rule paths are now relative to playbooks. ([@Zenidd ](https://github.com/Zenidd)) [PR#393](https://github.com/wazuh/wazuh-ansible/pull/393)
- Add the option to create agent groups and add an agent to 1 or more group. ([@rshad](https://github.com/rshad)) [PR#361](https://github.com/wazuh/wazuh-ansible/pull/361)
### Fixed
- Removed bad formed XML comments. ([@manuasir](https://github.com/manuasir)) [PR#391](https://github.com/wazuh/wazuh-ansible/pull/391)
- NodeJS node_options variable and Kibana plugin optimization fix. ([@Zenidd](https://github.com/Zenidd)) [PR#385](https://github.com/wazuh/wazuh-ansible/pull/385)
- Restrictive permissions for certificate files. ([@Zenidd](https://github.com/Zenidd)) [PR#382](https://github.com/wazuh/wazuh-ansible/pull/382)
## [v3.11.4_7.6.1] ## [v3.11.4_7.6.1]
### Added ### Added
@ -70,7 +91,7 @@ All notable changes to this project will be documented in this file.
- Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281) - Added support for environments with low disk space ([@xr09](https://github.com/xr09)) [PR#281](https://github.com/wazuh/wazuh-ansible/pull/281)
- Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292) - Add parameters to configure an Elasticsearch coordinating node ([@jm404](https://github.com/jm404)) [PR#292](https://github.com/wazuh/wazuh-ansible/pull/292)
### Changed ### Changed
@ -121,7 +142,7 @@ All notable changes to this project will be documented in this file.
### Added ### Added
- Update to Wazuh v3.10.0 - Update to Wazuh v3.10.0
### Changed ### Changed
@ -143,14 +164,14 @@ All notable changes to this project will be documented in this file.
## [v3.9.5_7.2.1] ## [v3.9.5_7.2.1]
### Added ### Added
- Update to Wazuh v3.9.5 - Update to Wazuh v3.9.5
- Update to Elastic Stack to v7.2.1 - Update to Elastic Stack to v7.2.1
## [v3.9.4_7.2.0] ## [v3.9.4_7.2.0]
### Added ### Added
- Support for registring agents behind NAT [@jheikki100](https://github.com/jheikki100) [#208](https://github.com/wazuh/wazuh-ansible/pull/208) - Support for registring agents behind NAT [@jheikki100](https://github.com/jheikki100) [#208](https://github.com/wazuh/wazuh-ansible/pull/208)
@ -164,7 +185,7 @@ All notable changes to this project will be documented in this file.
## [v3.9.3_7.2.0] ## [v3.9.3_7.2.0]
### Added ### Added
- Update to Wazuh v3.9.3 ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) - Update to Wazuh v3.9.3 ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#))
- Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) - Added Versioning Control for Wazuh stack's components installation, so now it's possible to specify which package to install for wazuh-manager, wazuh-agent, Filebeat, Elasticsearch and Kibana. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#))
- Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#)) - Fixes for Molecule testing issues. Issues such as Ansible-Lint and None-Idempotent tasks. ([rshad](https://github.com/rshad) [PR#206](https://github.com/wazuh/wazuh-ansible/pull/206#))
@ -174,7 +195,7 @@ All notable changes to this project will be documented in this file.
## [v3.9.2_7.1.1] ## [v3.9.2_7.1.1]
### Added ### Added
- Update to Wazuh v3.9.2 - Update to Wazuh v3.9.2
- Support for Elastic 7 - Support for Elastic 7
@ -182,13 +203,13 @@ All notable changes to this project will be documented in this file.
## [v3.9.2_6.8.0] ## [v3.9.2_6.8.0]
### Added ### Added
- Update to Wazuh v3.9.2 - Update to Wazuh v3.9.2
## [v3.9.1] ## [v3.9.1]
### Added ### Added
- Update to Wazuh v3.9.1 - Update to Wazuh v3.9.1
- Support for ELK v6.8.0 - Support for ELK v6.8.0
@ -216,7 +237,7 @@ All notable changes to this project will be documented in this file.
## [v3.8.2] ## [v3.8.2]
### Changed ### Changed
- Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150)) - Update to Wazuh version v3.8.2. ([#150](https://github.com/wazuh/wazuh-ansible/pull/150))
@ -316,4 +337,3 @@ Roles:
- ansible-filebeat: This role is prepared to install filebeat on the host that runs it. - ansible-filebeat: This role is prepared to install filebeat on the host that runs it.
- ansible-wazuh-manager: With this role we will install Wazuh manager and Wazuh API on the host that runs it. - ansible-wazuh-manager: With this role we will install Wazuh manager and Wazuh API on the host that runs it.
- ansible-wazuh-agent: Using this role we will install Wazuh agent on the host that runs it and is able to register it. - ansible-wazuh-agent: Using this role we will install Wazuh agent on the host that runs it and is able to register it.

3
roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic7-template-alerts.json.j2
View File

@ -531,6 +531,9 @@
"sha1_before": { "sha1_before": {
"type": "keyword" "type": "keyword"
}, },
"hard_links": {
"type": "keyword"
},
"sha1_after": { "sha1_after": {
"type": "keyword" "type": "keyword"
}, },

4
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -6,7 +6,7 @@ elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 7.6.1 elastic_stack_version: 7.6.1
wazuh_version: 3.11.4 wazuh_version: 3.12.0
wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp wazuh_app_url: https://packages.wazuh.com/wazuhapp/wazuhapp
elasticrepo: elasticrepo:
@ -47,7 +47,7 @@ nodejs:
# Build from sources # Build from sources
build_from_sources: false build_from_sources: false
wazuh_plugin_branch: 3.11-7.6 wazuh_plugin_branch: 3.12-7.6
#Nodejs NODE_OPTIONS #Nodejs NODE_OPTIONS
node_options: --max-old-space-size=4096 node_options: --max-old-space-size=4096

154
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -1,18 +1,18 @@
--- ---
wazuh_agent_version: 3.11.4-1 wazuh_agent_version: 3.12.0-1
# Custom packages installation # Custom packages installation
wazuh_custom_packages_installation_agent_enabled: false wazuh_custom_packages_installation_agent_enabled: false
wazuh_custom_packages_installation_agent_deb_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/deb/var/wazuh-agent_3.12.0-0.3319fimreworksqlite_amd64.deb" wazuh_custom_packages_installation_agent_deb_url: ""
wazuh_custom_packages_installation_agent_rpm_url: "https://s3-us-west-1.amazonaws.com/packages-dev.wazuh.com/warehouse/branches/3.12/rpm/var/wazuh-agent-3.12.0-0.3319fimreworksqlite.x86_64.rpm" wazuh_custom_packages_installation_agent_rpm_url: ""
# Sources installation # Sources installation
wazuh_agent_sources_installation: wazuh_agent_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
user_language: "y" user_language: "y"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "agent" user_install_type: "agent"
@ -63,9 +63,9 @@ wazuh_winagent_config:
# Adding quotes to auth_path_x86 since win_shell outputs error otherwise # Adding quotes to auth_path_x86 since win_shell outputs error otherwise
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_md5: True check_md5: True
md5: 87ce22038688efb44d95f9daff472056 md5: 91efaefae4e1977670eab0c768a22a93
wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.11.4-1.msi wazuh_winagent_config_url: https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.0-1.msi
wazuh_winagent_package_name: wazuh-agent-3.11.4-1.msi wazuh_winagent_package_name: wazuh-agent-3.12.0-1.msi
wazuh_agent_config: wazuh_agent_config:
repo: repo:
apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main' apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
@ -87,8 +87,17 @@ wazuh_agent_config:
scan_on_start: 'yes' scan_on_start: 'yes'
auto_ignore: 'no' auto_ignore: 'no'
alert_new_files: 'yes' alert_new_files: 'yes'
win_audit_interval: 300 win_audit_interval: 60
skip_nfs: 'yes' skip_nfs: 'yes'
skip_dev: 'yes'
skip_proc: 'yes'
skip_sys: 'yes'
process_priority: 10
max_eps: 100
sync_enabled: 'yes'
sync_interval: '5m'
sync_max_interval: '1h'
sync_max_eps: 10
ignore: ignore:
- /etc/mtab - /etc/mtab
- /etc/hosts.deny - /etc/hosts.deny
@ -102,11 +111,7 @@ wazuh_agent_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
ignore_win: ignore_win:
- '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
@ -114,106 +119,39 @@ wazuh_agent_config:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: ''
win_directories: win_directories:
- dirs: '%WINDIR%\regedit.exe' - dirs: '%WINDIR%'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"'
- dirs: '%WINDIR%\system.ini' - dirs: '%WINDIR%\SysNative'
checks: 'check_all="yes"' checks: >-
- dirs: '%WINDIR%\win.ini' recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|
checks: 'check_all="yes"' net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$"
- dirs: '%WINDIR%\SysNative\at.exe' - dirs: '%WINDIR%\SysNative\drivers\etc%'
checks: 'check_all="yes"' checks: 'recursion_level="0"'
- dirs: '%WINDIR%\SysNative\attrib.exe' - dirs: '%WINDIR%\SysNative\wbem'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="WMIC.exe$"'
- dirs: '%WINDIR%\SysNative\cacls.exe' - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="powershell.exe$"'
- dirs: '%WINDIR%\SysNative\cmd.exe' - dirs: '%WINDIR%\SysNative'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="winrm.vbs$"'
- dirs: '%WINDIR%\SysNative\drivers\etc' - dirs: '%WINDIR%\System32'
checks: 'check_all="yes"' checks: >-
- dirs: '%WINDIR%\SysNative\eventcreate.exe' recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$|
checks: 'check_all="yes"' netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$"
- dirs: '%WINDIR%\SysNative\ftp.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\lsass.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\net.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\net1.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\netsh.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\reg.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\regedt32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\regsvr32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\runas.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\sc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\schtasks.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\sethc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\subst.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\wbem\WMIC.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\SysNative\winrm.vbs'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\at.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\attrib.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\cacls.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\cmd.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\drivers\etc' - dirs: '%WINDIR%\System32\drivers\etc'
checks: 'check_all="yes"' checks: 'recursion_level="0"'
- dirs: '%WINDIR%\System32\eventcreate.exe' - dirs: '%WINDIR%\System32\wbem'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="WMIC.exe$"'
- dirs: '%WINDIR%\System32\ftp.exe' - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="powershell.exe$"'
- dirs: '%WINDIR%\System32\net.exe' - dirs: '%WINDIR%\System32'
checks: 'check_all="yes"' checks: 'recursion_level="0" restrict="winrm.vbs$"'
- dirs: '%WINDIR%\System32\net1.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\netsh.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\reg.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regedit.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regedt32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\regsvr32.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\runas.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\sc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\schtasks.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\sethc.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\subst.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\wbem\WMIC.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe'
checks: 'check_all="yes"'
- dirs: '%WINDIR%\System32\winrm.vbs'
checks: 'check_all="yes"'
- dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
checks: 'check_all="yes" realtime="yes"' checks: 'realtime="yes"'
windows_registry: windows_registry:
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'

1
roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
View File

@ -41,6 +41,7 @@
when: when:
- wazuh_winagent_config.check_md5 - wazuh_winagent_config.check_md5
- name: Windows | Install Agent if not already installed - name: Windows | Install Agent if not already installed
win_package: win_package:
path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}"

28
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -61,7 +61,6 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
<windows_audit>./shared/win_audit_rcl.txt</windows_audit>
<windows_apps>./shared/win_applications_rcl.txt</windows_apps> <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
<windows_malware>./shared/win_malware_rcl.txt</windows_malware> <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
{% endif %} {% endif %}
@ -186,13 +185,13 @@
{% if wazuh_agent_config.sca.skip_nfs | length > 0 %} {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.day | length > 0 %} {% if wazuh_agent_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.wday | length > 0 %} {% if wazuh_agent_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.time | length > 0 %} {% if wazuh_agent_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
@ -246,8 +245,11 @@
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
{% endfor %} {% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
<skip_dev>{{ wazuh_agent_config.syscheck.skip_dev }}</skip_dev>
<skip_proc>{{ wazuh_agent_config.syscheck.skip_proc }}</skip_proc>
<skip_sys>{{ wazuh_agent_config.syscheck.skip_sys }}</skip_sys>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
@ -274,6 +276,20 @@
<!-- Frequency for ACL checking (seconds) --> <!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval> <windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %} {% endif %}
<!-- Nice value for Syscheck module -->
<process_priority>{{ wazuh_agent_config.syscheck.process_priority }}</process_priority>
<!-- Maximum output throughput -->
<max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>{{ wazuh_agent_config.syscheck.sync_enabled }}</enabled>
<interval>{{ wazuh_agent_config.syscheck.sync_interval }}</interval>
<max_interval>{{ wazuh_agent_config.syscheck.sync_max_interval }}</max_interval>
<max_eps>{{ wazuh_agent_config.syscheck.sync_max_eps }}</max_eps>
</synchronization>
</syscheck> </syscheck>
{% endif %} {% endif %}
@ -292,7 +308,7 @@
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
{% for localfile in wazuh_agent_config.localfiles.linux %} {% for localfile in wazuh_agent_config.localfiles.linux %}
<localfile> <localfile>
<log_format>{{ localfile.format }}</log_format> <log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}

25
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -1,5 +1,5 @@
--- ---
wazuh_manager_version: 3.11.4-1 wazuh_manager_version: 3.12.0-1
wazuh_manager_fqdn: "wazuh-server" wazuh_manager_fqdn: "wazuh-server"
wazuh_manager_package_state: present wazuh_manager_package_state: present
@ -15,7 +15,7 @@ wazuh_custom_packages_installation_api_rpm_url: "https://s3-us-west-1.amazonaws.
# Sources installation # Sources installation
wazuh_manager_sources_installation: wazuh_manager_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
user_language: "en" user_language: "en"
user_no_stop: "y" user_no_stop: "y"
user_install_type: "server" user_install_type: "server"
@ -40,7 +40,7 @@ wazuh_manager_sources_installation:
wazuh_api_sources_installation: wazuh_api_sources_installation:
enabled: false enabled: false
branch: "v3.11.4" branch: "v3.12.0"
update: "y" update: "y"
remove: "y" remove: "y"
directory: null directory: null
@ -105,7 +105,7 @@ wazuh_manager_config:
authd: authd:
enable: true enable: true
port: 1515 port: 1515
use_source_ip: 'yes' use_source_ip: 'no'
force_insert: 'yes' force_insert: 'yes'
force_time: 0 force_time: 0
purge: 'yes' purge: 'yes'
@ -166,24 +166,29 @@ wazuh_manager_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
- /dev/core
ignore_linux_type: ignore_linux_type:
- '^/proc'
- '.log$|.swp$' - '.log$|.swp$'
no_diff: no_diff:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: ''
auto_ignore_frequency: auto_ignore_frequency:
frequency: 'frequency="10"' frequency: 'frequency="10"'
timeframe: 'timeframe="3600"' timeframe: 'timeframe="3600"'
value: 'no' value: 'no'
skip_nfs: 'yes' skip_nfs: 'yes'
skip_dev: 'yes'
skip_proc: 'yes'
skip_sys: 'yes'
process_priority: 10
max_eps: 100
sync_enabled: 'yes'
sync_interval: '5m'
sync_max_interval: '1h'
sync_max_eps: 10
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:

33
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -245,13 +245,13 @@
{% if wazuh_manager_config.sca.skip_nfs | length > 0 %} {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.day | length > 0 %} {% if wazuh_manager_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.wday | length > 0 %} {% if wazuh_manager_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_manager_config.sca.time | length > 0 %} {% if wazuh_manager_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
@ -332,6 +332,29 @@
{% if wazuh_manager_config.syscheck.skip_nfs is defined %} {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
<skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_manager_config.syscheck.skip_dev is defined %}
<skip_dev>{{ wazuh_manager_config.syscheck.skip_dev }}</skip_dev>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_proc is defined %}
<skip_proc>{{ wazuh_manager_config.syscheck.skip_proc }}</skip_proc>
{% endif %}
{% if wazuh_manager_config.syscheck.skip_sys is defined %}
<skip_sys>{{ wazuh_manager_config.syscheck.skip_sys }}</skip_sys>
{% endif %}
<!-- Nice value for Syscheck module -->
<process_priority>{{ wazuh_manager_config.syscheck.process_priority }}</process_priority>
<!-- Maximum output throughput -->
<max_eps>{{ wazuh_manager_config.syscheck.max_eps }}</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>{{ wazuh_manager_config.syscheck.sync_enabled }}</enabled>
<interval>{{ wazuh_manager_config.syscheck.sync_interval }}</interval>
<max_interval>{{ wazuh_manager_config.syscheck.sync_max_interval }}</max_interval>
<max_eps>{{ wazuh_manager_config.syscheck.sync_max_eps }}</max_eps>
</synchronization>
</syscheck> </syscheck>
<global> <global>
@ -470,7 +493,7 @@
{% endfor %} {% endfor %}
{% endif -%} {% endif -%}
{% if ansible_os_family == "RedHat" %} {% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %} {% for localfile in wazuh_manager_config.localfiles.centos %}
<localfile> <localfile>
@ -578,7 +601,7 @@
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %} {% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers> <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %} {% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %} {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca> <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
{% endif %} {% endif %}