diff --git a/ansible-wazuh-server/README.md b/ansible-wazuh-server/README.md
index b70b7c53..1747af9b 100644
--- a/ansible-wazuh-server/README.md
+++ b/ansible-wazuh-server/README.md
@@ -10,7 +10,6 @@ This role will work on:
* Red Hat
* Debian
-So, you'll need one of those operating systems.. :-)
Role Variables
--------------
@@ -19,13 +18,20 @@ This role has some variables which you can or need to override.
```
ossec_server_config: []
ossec_agent_configs: []
+api_user: []
```
+Vault variables
+----------------
+### vars/api_user.yml
+```
---
-user: "jose:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
-
+user:
+ - "wazuh:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
+ - "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
+```
###Example setup
diff --git a/ansible-wazuh-server/tasks/main.yml b/ansible-wazuh-server/tasks/main.yml
index 799198c9..2f1ea46d 100644
--- a/ansible-wazuh-server/tasks/main.yml
+++ b/ansible-wazuh-server/tasks/main.yml
@@ -41,6 +41,17 @@
- config
- rules
+- name: Configure the shared-agent.conf
+ template: src=var-ossec-etc-shared-agent.conf.j2
+ dest=/var/ossec/etc/shared/agent.conf
+ owner=ossec
+ group=ossec
+ mode=0640
+ notify: restart wazuh-manager
+ tags:
+ - init
+ - config
+
- name: Check if client-syslog is enabled
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
register: csyslog_running
@@ -54,6 +65,19 @@
command: /var/ossec/bin/ossec-control start client-syslog
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
+- name: Check if ossec-agentlessd is enabled
+ shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo"
+ register: agentless_running
+ changed_when: False
+
+- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
+ command: /var/ossec/bin/ossec-control enable agentless
+ when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+
+- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
+ command: /var/ossec/bin/ossec-control start agentless
+ when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+
- name: Set ossec deploy facts for Debian
set_fact:
ossec_server_config_filename: ossec.conf
@@ -91,13 +115,17 @@
- init
- config
-- name: Import secret variable file
- include_vars: "api-user.yml"
+- name: Import api_user secret variable file
+ include_vars: "api_user.yml"
+ no_log: true
+
+- name: Import agentless secret variable file
+ include_vars: "agentless.yml"
no_log: true
- name: Wazuh-api User
- copy:
- content: "{{user}}"
+ template:
+ src: api_user.j2
dest: "/var/ossec/api/configuration/auth/user"
owner: root
group: root
@@ -105,6 +133,20 @@
no_log: true
notify: restart wazuh-api
+- name: Agentless Credentials
+ template:
+ src: agentless.j2
+ dest: "/var/ossec/agentless/.passlist2"
+ owner: root
+ group: root
+ mode: 0644
+ no_log: true
+ when: agentless_passlist is defined
+
+- name: Encode the secret
+ shell: /usr/bin/base64 /var/ossec/agentless/.passlist2 > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist2
+ when: agentless_passlist is defined
+
- name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled
service:
name: "{{ item }}"
diff --git a/ansible-wazuh-server/templates/agentless.j2 b/ansible-wazuh-server/templates/agentless.j2
new file mode 100644
index 00000000..64081b96
--- /dev/null
+++ b/ansible-wazuh-server/templates/agentless.j2
@@ -0,0 +1,3 @@
+{% for agentless in agentless_passlist %}
+{{ agentless.host }}|{{ agentless.passwd }}
+{% endfor %}
diff --git a/ansible-wazuh-server/templates/api_user.j2 b/ansible-wazuh-server/templates/api_user.j2
new file mode 100644
index 00000000..5a7dffcb
--- /dev/null
+++ b/ansible-wazuh-server/templates/api_user.j2
@@ -0,0 +1,3 @@
+{% for user in api_user %}
+{{ user }}
+{% endfor %}
diff --git a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
index 59ee7862..dd45dd32 100644
--- a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
@@ -147,6 +147,20 @@
{% endif %}
+{% if ossec_server_config.agentless is defined %}
+{% for agentless in ossec_server_config.agentless %}
+
+ {{ agentless.type }}
+ {{ agentless.frequency }}
+ {{ agentless.host }}
+ {{ agentless.state }}
+ {% if agentless.arguments is defined %}
+ {{ agentless.arguments }}
+ {% endif %}
+
+
+{% endfor %}
+{% endif %}
{% for white_list in ossec_server_config.globals %}
diff --git a/ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2 b/ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2
new file mode 100644
index 00000000..607631c9
--- /dev/null
+++ b/ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2
@@ -0,0 +1,44 @@
+{% for item in ossec_agent_configs %}
+
+
+
+{% for directory in item.directories %}
+ {{ directory.dirs }}
+{% endfor %}
+
+ {{ item.frequency_check }}
+ {% for ignore_file in item.ignore_files %}
+ {{ ignore_file }}
+ {% endfor %}
+
+
+
+{% for localfile in item.localfiles %}
+
+ {{ localfile.format }}
+ {% if localfile.command is defined %}
+ {{ localfile.command }}
+ {% else %}
+ {{ localfile.location }}
+ {% endif %}
+
+{% endfor %}
+
+
+ /var/ossec/etc/shared/rootkit_files.txt
+ /var/ossec/etc/shared/rootkit_trojans.txt
+ /var/ossec/etc/shared/system_audit_rcl.txt
+ {% if item.cis_distribution_filename is defined %}
+ /var/ossec/etc/shared/{{ item.cis_distribution_filename }}
+ {% else %}
+ {# none specified so install all #}
+ /var/ossec/etc/shared/cis_debian_linux_rcl.txt
+ /var/ossec/etc/shared/cis_rhel_linux_rcl.txt
+ /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
+ /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
+ /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt
+ {% endif %}
+
+
+
+{% endfor %}
diff --git a/ansible-wazuh-server/vars/agentless.yml b/ansible-wazuh-server/vars/agentless.yml
new file mode 100644
index 00000000..48547f0e
--- /dev/null
+++ b/ansible-wazuh-server/vars/agentless.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+65316634333362393962623133616234373639323463366332336331373337313066393962333231
+3931646633633136653736666533346562353435336333360a306161343039363533623766393264
+30323539616462636238393861386463366434636333323361623035393038663263633964353335
+3432363337386631630a313835643062363666356464663130353533386234383430356633303037
+61653338636435626464353031333865646165663635303030396131366565303439353039303831
+37636462383933306138663130353966666162356435323862376635333635303931333765663335
+38336634396236336239636330626638303865373565653262616563613336353838303931316464
+37666634633131343537396565376265633064353835656639303962643735376564623935356466
+66623837356137326635613132383834663436366635396234333965393338383565393938393331
+3062373862333862323138373637653531373262346139323732
diff --git a/ansible-wazuh-server/vars/api-user.yml b/ansible-wazuh-server/vars/api-user.yml
deleted file mode 100644
index 402d6226..00000000
--- a/ansible-wazuh-server/vars/api-user.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36386266366539623939353066643064616263636338323237666633366233373764333432373330
-3463386532373033623136363164386638663066656535620a343863326564396361663265363831
-33333665666364363661366337663761653732323166653564396466346464656238616564636434
-3535626161313834360a636664353431373563383964626463663335643430316235313638663930
-66386530343630613531663434386339366233306663376639333235376365366436663831376161
-64336436303035333234636361303439313237393436373538333862373839366265666438353061
-373032306536613230343261303761663664
diff --git a/ansible-wazuh-server/vars/api_user.yml b/ansible-wazuh-server/vars/api_user.yml
new file mode 100644
index 00000000..69a973c8
--- /dev/null
+++ b/ansible-wazuh-server/vars/api_user.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+30626565633363656662393332653964653565376238633538323230333934613934323231343262
+6130313831653766333463653765643336313864373934620a646139336334346165346163633262
+36333031313434623439663839323036323533623235653536376534636137636334396233636236
+6238653531316136620a633361333130313335393333313861316233623037306131653733623661
+37363163346361366631623530323166373861623366633633396164326331376664666665646236
+64333738326538303063653266623930613130383637663864336664646361663935343231383965
+34303734333031373161376435373538613262373037386430333933383639323965356336383563
+34666431343136376132633632393938653965613236396333626430643538353533313131353338
+37373138396435623230306262303934396164303238346563363230663032316334613262336235
+3235313265333561366130393966643632333735623761643261
diff --git a/ansible-wazuh-server/vars/main.yml b/ansible-wazuh-server/vars/main.yml
index de8f74b5..ab842e29 100644
--- a/ansible-wazuh-server/vars/main.yml
+++ b/ansible-wazuh-server/vars/main.yml
@@ -26,6 +26,21 @@ ossec_server_config:
dirs: /etc,/usr/bin,/usr/sbin
- check_all: 'yes'
dirs: /bin,/sbin
+ agentless:
+ - type: ssh_integrity_check_linux
+ frequency: 36000
+ host: root@example.net
+ state: periodic
+ arguments: '/bin /etc/ /sbin'
+ - type: ssh_integrity_check_linux
+ frequency: 36000
+ host: root@example.net
+ state: periodic
+ arguments: '/bin /etc/ /sbin'
+ - type: ssh_integrity_check_linux
+ frequency: 36000
+ host: root@example.net
+ state: periodic
localfiles:
- format: 'syslog'
location: '/var/log/messages'
@@ -79,3 +94,32 @@ ossec_server_config:
location: 'local'
level: 6
timeout: 600
+
+ossec_agent_configs:
+ - type: os
+ type_value: linux
+ frequency_check: 79200
+ ignore_files:
+ - /etc/mtab
+ - /etc/mnttab
+ - /etc/hosts.deny
+ - /etc/mail/statistics
+ - /etc/svc/volatile
+ directories:
+ - check_all: yes
+ dirs: /etc,/usr/bin,/usr/sbin
+ - check_all: yes
+ dirs: /bin,/sbin
+ localfiles:
+ - format: 'syslog'
+ location: '/var/log/messages'
+ - format: 'syslog'
+ location: '/var/log/secure'
+ - format: 'syslog'
+ location: '/var/log/maillog'
+ - format: 'apache'
+ location: '/var/log/httpd/error_log'
+ - format: 'apache'
+ location: '/var/log/httpd/access_log'
+ - format: 'apache'
+ location: '/var/ossec/logs/active-responses.log'
diff --git a/passwd b/passwd
deleted file mode 100644
index 9daeafb9..00000000
--- a/passwd
+++ /dev/null
@@ -1 +0,0 @@
-test
diff --git a/user.yml b/user.yml
deleted file mode 100644
index 88f26781..00000000
--- a/user.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66616434393463353338336137323935333863353166656135643764626431396331383331353339
-3637383166363739306238306465303232623239376263630a613838376432373733633838616632
-35636137636665663039336436363962356533353033386239336362343965656361393738316536
-3838303338383764610a376232313734643737623330396335383062653136656136633934336135
-3336