From 7371e7392041fe1753073290e231acf143ee8b71 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 13:38:45 +0200
Subject: [PATCH 1/4] Update default variables for sca configuration

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 170a8da5..f45e95b0 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -154,6 +154,14 @@ wazuh_manager_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   vul_detector:
     disable: 'yes'
     interval: '5m'

From beacf88017b24f9b473b11dbfa56e6c76c782b2f Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:29:53 +0200
Subject: [PATCH 2/4] Update Manager template to add <sca> configuration

---
 .../var-ossec-etc-ossec-server.conf.j2        | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 65ae38fb..b107d6d1 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -222,6 +222,32 @@
     <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
   </wodle>
 
+  {% if ansible_system == "Linux" %}
+    <sca>
+    {% if wazuh_manager_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_manager_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_manager_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_manager_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_manager_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_manager_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_manager_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_manager_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
+  {% endif %}
+
   <wodle name="vulnerability-detector">
     <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
     <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>

From 3e0cc08104726cc9338260eaf4ab58312df7fa64 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:30:11 +0200
Subject: [PATCH 3/4] Add sca default variables to wazuh agent defaults

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index fe6749ce..7eaab059 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -237,6 +237,14 @@ wazuh_agent_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   cis_cat:
     disable: 'yes'
     install_java: 'yes'

From d45ad1db03538c8935ad57c0132f2e78bf96eb89 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:30:20 +0200
Subject: [PATCH 4/4] Update wazuh agent template to add sca configuration

---
 .../var-ossec-etc-ossec-agent.conf.j2         | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 6946cc07..59ab67d2 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -270,7 +270,31 @@
     <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
   </wodle>
 
-
+    {% if ansible_system == "Linux" %}
+    <sca>
+    {% if wazuh_agent_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_agent_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_agent_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_agent_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_agent_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_agent_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
+  {% endif %}
 
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">