diff --git a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml
index 46f1097b..f422b85d 100644
--- a/roles/wazuh/ansible-wazuh-manager/handlers/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml
@@ -1,7 +1,4 @@
---
-- name: rebuild cdb_lists
- command: /var/ossec/bin/ossec-makelists
-
- name: restart wazuh-manager
service:
name: wazuh-manager
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 0bb00fef..842d33a6 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -198,11 +198,6 @@
tags:
- config
-- name: Retrieving CDB lists
- include_vars: cdb_lists.yml
- tags:
- - config
-
- name: Check if syslog output is enabled
set_fact: syslog_output=true
when: item.server is not none
@@ -334,27 +329,6 @@
tags:
- config
-- name: CDB Lists
- template:
- src: cdb_lists.j2
- dest: "/var/ossec/etc/lists/{{ item.name }}"
- owner: root
- group: ossec
- mode: 0640
- no_log: true
- register: wazuh_manager_cdb_lists
- until: wazuh_manager_cdb_lists is succeeded
- notify:
- - rebuild cdb_lists
- - restart wazuh-manager
- with_items:
- - "{{ cdb_lists }}"
- when:
- - cdb_lists is defined
- - cdb_lists is iterable
- tags:
- - config
-
- name: Ensure Wazuh Manager, wazuh API service is started and enabled
service:
name: "{{ item }}"
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 94223a94..125f948c 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -360,8 +360,9 @@
{{ rule }}
{% endfor %}
{% endif %}
+ {% if cdb_lists is defined %}
{% for list in cdb_lists %}
- etc/lists/{{ list.name }}
+ etc/lists/{{ list }}
{% endfor %}
{% endif %}
diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
index 8e904e14..44188745 100644
--- a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
+++ b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
@@ -1,87 +1,5 @@
---
cdb_lists:
- - name: 'audit-keys'
- content: |
- audit-wazuh-w:write
- audit-wazuh-r:read
- audit-wazuh-a:attribute
- audit-wazuh-x:execute
- audit-wazuh-c:command
- - name: 'aws-source'
- content: |
- ec2.amazonaws.com:
- elasticloadbalancing.amazonaws.com:
- iam.amazonaws.com:
- signin.amazonaws.com:
- kms.amazonaws.com:
- s3.amazonaws.com:
- - name: 'aws-eventnames'
- content: |
- AddUserToGroup:
- AllocateAddress:
- AssociateAddress:
- AssociateDhcpOptions:
- AssociateRouteTable:
- AttachGroupPolicy:
- AttachNetworkInterface:
- AttachRolePolicy:
- AttachUserPolicy:
- AttachVolume:
- AuthorizeSecurityGroupIngress:
- ConsoleLogin:
- CopySnapshot:
- CreateAccountAlias:
- CreateGroup:
- CreateImage:
- CreateLoadBalancer:
- CreatePlacementGroup:
- CreatePolicy:
- CreateRole:
- CreateRouteTable:
- CreateSecurityGroup:
- CreateSnapshot:
- CreateSubnet:
- CreateTags:
- CreateUser:
- CreateVolume:
- CreateVpc:
- DeleteAccountAlias:
- DeleteLoadBalancer:
- DeletePlacementGroup:
- DeleteSecurityGroup:
- DeleteSnapshot:
- DeleteTags:
- DeleteUser:
- DeleteVolume:
- DeregisterImage:
- DetachGroupPolicy:
- DetachNetworkInterface:
- DetachRolePolicy:
- DetachVolume:
- DisableKey:
- DisassociateAddress:
- DisassociateAddress:
- DisassociateRouteTable:
- GetGroup:
- ListAliases:
- ListGroups:
- ListUsers:
- ModifyImageAttribute:
- ModifyInstanceAttribute:
- ModifyNetworkInterfaceAttribute:
- ModifySnapshotAttribute:
- ModifySubnetAttribute:
- ModifyVolumeAttribute:
- MonitorInstances:
- RebootInstances:
- RegisterImage:
- RemoveUserFromGroup:
- RevokeSecurityGroupIngress:
- RunInstances:
- StartInstances:
- StopInstances:
- TerminateInstances:
- UnmonitorInstances:
- UpdateAccessKey:
- UpdateAccountPasswordPolicy:
- UpdateInstanceAlias:
+ - 'audit-keys'
+ - 'security-eventchannel'
+ - 'amazon/aws-eventnames'