afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1162 from wazuh/1159-update-configuration-to-new-vulnerability-detector-and-indexer

Browse Source 
Updated configuration to new VD and indexer
This commit is contained in:
Gonzalo Acuña 2023-12-19 11:52:05 -03:00 committed by GitHub
commit 2821f87a69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/wazuh/ansible-filebeat-oss/defaults/main.yml
View File

@ -6,7 +6,7 @@ wazuh_template_branch: v4.8.0
filebeat_node_name: node-1 filebeat_node_name: node-1
filebeat_output_indexer_hosts: filebeat_output_indexer_hosts:
- "localhost:9200" - "localhost"
filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz filebeat_module_package_name: wazuh-filebeat-0.4.tar.gz
filebeat_module_package_path: /tmp/ filebeat_module_package_path: /tmp/

82
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -144,69 +144,22 @@ wazuh_manager_sca:
time: '' time: ''
## Vulnerability Detector ## Vulnerability Detector
wazuh_manager_vulnerability_detector: filebeat_node_name: node-1
enabled: 'no' filebeat_output_indexer_hosts:
interval: '5m' - "localhost"
min_full_scan_interval: '6h' filebeat_output_indexer_port: 9200
run_on_start: 'yes' indexer_security_user: admin
providers: indexer_security_password: changeme
- enabled: 'no' filebeat_ssl_dir: /etc/pki/filebeat
os:
- 'trusty' wazuh_manager_vulnerability_detection:
- 'xenial' enabled: 'yes'
- 'bionic' indexer_status: 'yes'
- 'focal' feed_update_interval: '60m'
- 'jammy'
update_interval: '1h' wazuh_manager_indexer:
name: '"canonical"' enabled: 'yes'
- enabled: 'no' hosts: "{{ filebeat_output_indexer_hosts }}"
os:
- 'buster'
- 'bullseye'
- 'bookworm'
update_interval: '1h'
name: '"debian"'
- enabled: 'no'
os:
- '5'
- '6'
- '7'
- '8'
- '9'
update_interval: '1h'
name: '"redhat"'
- enabled: 'no'
os:
- '8'
- '9'
update_interval: '1h'
name: '"almalinux"'
- enabled: 'no'
os:
- 'amazon-linux'
- 'amazon-linux-2'
- 'amazon-linux-2023'
update_interval: '1h'
name: '"alas"'
- enabled: 'no'
os:
- '11-server'
- '11-desktop'
- '12-server'
- '12-desktop'
- '15-server'
- '15-desktop'
update_interval: '1h'
name: '"suse"'
- enabled: 'no'
update_interval: '1h'
name: '"arch"'
- enabled: 'no'
update_interval: '1h'
name: '"msu"'
- enabled: 'no'
update_interval: '1h'
name: '"nvd"'
## Syscheck ## Syscheck
wazuh_manager_syscheck: wazuh_manager_syscheck:
@ -448,7 +401,8 @@ wazuh_manager_config_defaults:
osquery: '{{ wazuh_manager_osquery }}' osquery: '{{ wazuh_manager_osquery }}'
syscollector: '{{ wazuh_manager_syscollector }}' syscollector: '{{ wazuh_manager_syscollector }}'
sca: '{{ wazuh_manager_sca }}' sca: '{{ wazuh_manager_sca }}'
vulnerability_detector: '{{ wazuh_manager_vulnerability_detector }}' vulnerability_detection: '{{ wazuh_manager_vulnerability_detection }}'
indexer: '{{ wazuh_manager_indexer }}'
log_level: '{{ wazuh_manager_log_level }}' log_level: '{{ wazuh_manager_log_level }}'
email_level: '{{ wazuh_manager_email_level }}' email_level: '{{ wazuh_manager_email_level }}'
localfiles: '{{ wazuh_manager_localfiles }}' localfiles: '{{ wazuh_manager_localfiles }}'

53
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -258,37 +258,30 @@
{% endif %} {% endif %}
</sca> </sca>
<vulnerability-detector> <vulnerability-detection>
{% if wazuh_manager_config.vulnerability_detector.enabled is defined %} <enabled>{{ wazuh_manager_config.vulnerability_detection.enabled }}</enabled>
<enabled>{{ wazuh_manager_config.vulnerability_detector.enabled }}</enabled> <indexer-status>{{ wazuh_manager_config.vulnerability_detection.indexer_status }}</indexer-status>
{% endif %} <feed-update-interval>{{ wazuh_manager_config.vulnerability_detection.feed_update_interval }}</feed-update-interval>
{% if wazuh_manager_config.vulnerability_detector.interval is defined %} </vulnerability-detection>
<interval>{{ wazuh_manager_config.vulnerability_detector.interval }}</interval>
{% endif %} <indexer>
{% if wazuh_manager_config.vulnerability_detector.min_full_scan_interval is defined %} <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
<min_full_scan_interval>{{ wazuh_manager_config.vulnerability_detector.min_full_scan_interval }}</min_full_scan_interval> <hosts>
{% endif %} {% for item in wazuh_manager_config.indexer.hosts %}
{% if wazuh_manager_config.vulnerability_detector.run_on_start is defined %} <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>
<run_on_start>{{ wazuh_manager_config.vulnerability_detector.run_on_start }}</run_on_start>
{% endif %}
{% if wazuh_manager_config.vulnerability_detector.providers is defined %}
{% for provider_ in wazuh_manager_config.vulnerability_detector.providers %}
<provider name={{ provider_.name }}>
{% if provider_.enabled is defined %}
<enabled>{{ provider_.enabled }}</enabled>
{% endif %}
{% if provider_.os is defined %}
{% for os_ in provider_.os %}
<os>{{ os_ }}</os>
{% endfor %} {% endfor %}
{% endif %} </hosts>
{% if provider_.update_interval is defined %}
<update_interval>{{ provider_.update_interval }}</update_interval> <username>{{ indexer_security_user }}</username>
{% endif %} <password>{{ indexer_security_password }}</password>
</provider> <ssl>
{% endfor %} <certificate_authorities>
{% endif %} <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca>
</vulnerability-detector> </certificate_authorities>
<certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate>
<key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
</ssl>
</indexer>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>