afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added auto enrollment alternative to macOS.yml

Browse Source
This commit is contained in:
David Correa Rodríguez 2023-10-10 19:06:42 +02:00
parent 61c40a1fec
commit 07d4228fa4
No known key found for this signature in database
GPG Key ID: 8787C7C9FF271262
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml
View File

@ -206,6 +206,16 @@
- config
- api
- name: macOS | Agent registration via auto-enrollment
debug:
msg: Agent registration will be performed through enrollment option in templated ossec.conf
when: wazuh_agent_config.enrollment.enabled == 'yes'
- name: macOS | Ensure group "wazuh" exists
ansible.builtin.group:
name: wazuh
state: present
- name: macOS | Installing agent configuration (ossec.conf)
template:
src: var-ossec-etc-ossec-agent.conf.j2
@ -230,6 +240,20 @@
- init
- config
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
owner: wazuh
group: wazuh
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
- authd_pass | length > 0
tags:
- config
- name: macOS | Delete downloaded Wazuh agent installer file
file:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"

4
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -67,8 +67,10 @@
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
{% endif %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path>
{% else %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path_macos }}</authorization_pass_path>
{% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>