afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1093 from wazuh/merge-4.8.0-into-master

Browse Source 
Merge 4.8.0 into master
This commit is contained in:
David Correa Rodríguez 2023-10-23 10:43:12 +02:00 committed by GitHub
commit 293040e15b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 339 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -31,6 +31,12 @@ All notable changes to this project will be documented in this file.
- Update to [Wazuh v4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460) - Update to [Wazuh v4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
## [v4.5.4]
### Added
- Update to [Wazuh v4.5.4](https://github.com/wazuh/wazuh/blob/v4.5.4/CHANGELOG.md#v454)
## [v4.5.3] ## [v4.5.3]
### Added ### Added

1
README.md
View File

@ -21,6 +21,7 @@ These playbooks install and configure Wazuh agent, manager and indexer and dashb
| v4.7.1 | | | | v4.7.1 | | |
| v4.7.0 | | | | v4.7.0 | | |
| v4.6.0 | | | | v4.6.0 | | |
| v4.5.4 | | |
| v4.5.3 | | | | v4.5.3 | | |
| v4.5.2 | | | | v4.5.2 | | |
| v4.5.1 | | | | v4.5.1 | | |

4
playbooks/wazuh-agent.yml
View File

@ -10,7 +10,7 @@
port: 1514 port: 1514
protocol: tcp protocol: tcp
api_port: 55000 api_port: 55000
api_proto: 'http' api_proto: 'https'
api_user: ansible api_user: wazuh
max_retries: 5 max_retries: 5
retry_interval: 5 retry_interval: 5

2
roles/wazuh/ansible-wazuh-agent/README.md
View File

@ -12,6 +12,8 @@ This role is compatible with:
* Fedora * Fedora
* Debian * Debian
* Ubuntu * Ubuntu
* Windows
* macOS
Role Variables Role Variables

24
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -16,6 +16,7 @@ authd_pass: ''
wazuh_api_reachable_from_agent: yes wazuh_api_reachable_from_agent: yes
wazuh_profile_centos: 'centos, centos7, centos7.6' wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_profile_macos: 'darwin, darwin21, darwin21.1'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_notify_time: '10' wazuh_notify_time: '10'
@ -30,6 +31,11 @@ wazuh_winagent_config:
auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
check_sha512: True check_sha512: True
# macOS deployment
wazuh_macos_config:
download_dir: /tmp/
install_dir: /Library/Ossec/
wazuh_dir: "/var/ossec" wazuh_dir: "/var/ossec"
# This is deprecated, see: wazuh_agent_address # This is deprecated, see: wazuh_agent_address
@ -76,6 +82,7 @@ wazuh_agent_enrollment:
agent_certificate_path: '' agent_certificate_path: ''
agent_key_path: '' agent_key_path: ''
authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass" authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass"
authorization_pass_path_macos: "/etc/authd.pass"
auto_method: 'no' auto_method: 'no'
delay_after_enrollment: 20 delay_after_enrollment: 20
use_source_ip: 'no' use_source_ip: 'no'
@ -201,6 +208,11 @@ wazuh_agent_syscheck:
checks: '' checks: ''
- dirs: /bin,/sbin,/boot - dirs: /bin,/sbin,/boot
checks: '' checks: ''
macos_directories:
- dirs: /etc,/usr/bin,/usr/sbin
checks: ''
- dirs: /bin,/sbin
checks: ''
win_directories: win_directories:
- dirs: '%WINDIR%' - dirs: '%WINDIR%'
checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"'
@ -303,6 +315,17 @@ wazuh_agent_localfiles:
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
alias: 'netstat listening ports' alias: 'netstat listening ports'
frequency: '360' frequency: '360'
macos:
- format: 'full_command'
command: netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u
alias: 'netstat listening ports'
frequency: '360'
- format: 'macos'
location: 'macos'
query:
type: 'trace,log,activity'
level: 'info'
value: (process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd")
windows: windows:
- format: 'eventlog' - format: 'eventlog'
location: 'Application' location: 'Application'
@ -326,6 +349,7 @@ wazuh_agent_active_response:
ar_disabled: 'no' ar_disabled: 'no'
ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem" ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem"
ca_store_win: 'wpk_root.pem' ca_store_win: 'wpk_root.pem'
ca_store_macos: 'etc/wpk_root.pem'
ca_verification: 'yes' ca_verification: 'yes'
## Logging ## Logging

3
roles/wazuh/ansible-wazuh-agent/handlers/main.yml
View File

@ -4,3 +4,6 @@
- name: Windows | Restart Wazuh Agent - name: Windows | Restart Wazuh Agent
win_service: name=WazuhSvc start_mode=auto state=restarted win_service: name=WazuhSvc start_mode=auto state=restarted
- name: macOS | Restart Wazuh Agent
command: /Library/Ossec/bin/wazuh-control restart

231
roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml Normal file
View File

@ -0,0 +1,231 @@
---
- name: macOS | Check architecture
command: "/usr/bin/uname -m"
register: uname_result
- name: macOS | Set architecture variable
set_fact:
macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"
- name: macOS | Set package name and URL based on architecture
set_fact:
wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"
- name: macOS | Check if Wazuh installer is already downloaded
stat:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
register: wazuh_package_downloaded
- name: macOS | Download Wazuh Agent package
get_url:
url: "{{ wazuh_macos_package_url }}"
dest: "{{ wazuh_macos_config.download_dir }}"
register: download_result
when:
- not wazuh_package_downloaded.stat.exists
- name: macOS | Check if Wazuh Agent is already installed
stat:
path: "{{ wazuh_macos_config.install_dir }}"
register: wazuh_installed
- name: macOS | Install Agent if not already installed
command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
register: install_result
- name: macOS | Check if client.keys exists
stat:
path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys"
register: client_keys_file
tags:
- config
- name: macOS | Agent registration via authd
block:
- name: macOS | Register agent (via authd)
shell: >
{{ wazuh_macos_config.install_dir }}/bin/agent-auth
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
-A {{ wazuh_agent_authd.agent_name }}
{% endif %}
-m {{ wazuh_agent_authd.registration_address }}
-p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_nat %} -I "any" {% endif %}
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
-G "{{ wazuh_agent_authd.groups | join(',') }}"
{% endif %}
register: agent_auth_output
notify: macOS | Restart Wazuh Agent
vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
- name: macOS | Verify agent registration
shell: >
sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
when:
- wazuh_agent_authd.enable | bool
- wazuh_agent_config.enrollment.enabled != 'yes'
tags:
- config
- authd
- name: macOS | Agent registration via rest-API
block:
- name: macOS | Establish target Wazuh Manager for registration task
set_fact:
target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
vars:
manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
manager_fallback: "{{ wazuh_managers | list }}"
- name: macOS | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: POST
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200
return_content: yes
force_basic_auth: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_jwt_result.json.error == 0
register: api_jwt_result
become: no
tags:
- config
- api
- name: macOS | Create the agent key via rest-API
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
method: POST
body_format: json
body:
name: '{{ agent_name }}'
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_agent_post.json.error == 0
register: api_agent_post
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
tags:
- config
- api
- name: macOS | Validate registered agent key matches manager record
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
method: GET
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
register: api_agent_validation
vars:
agent_id: '{{ api_agent_post.json.data.id }}'
agent_key: '{{ api_agent_post.json.data.key }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
when:
- wazuh_agent_api_validate | bool
- api_agent_post.json.error == 0
tags:
- config
- api
- name: macOS | Import Key (via rest-API)
command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents"
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ agent_name }}'
OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
notify: macOS | Restart Wazuh Agent
when:
- not ( wazuh_agent_authd.enable | bool )
- wazuh_agent_config.enrollment.enabled != 'yes'
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
tags:
- config
- api
- name: macOS | Agent registration via auto-enrollment
debug:
msg: Agent registration will be performed through enrollment option in templated ossec.conf
when: wazuh_agent_config.enrollment.enabled == 'yes'
- name: macOS | Ensure group "wazuh" exists
ansible.builtin.group:
name: wazuh
state: present
- name: macOS | Installing agent configuration (ossec.conf)
template:
src: var-ossec-etc-ossec-agent.conf.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf"
owner: root
group: wazuh
mode: 0644
notify: macOS | Restart Wazuh Agent
tags:
- init
- config
- name: macOS | Installing local_internal_options.conf
template:
src: var-ossec-etc-local-internal-options.conf.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf"
owner: root
group: wazuh
mode: 0640
notify: macOS | Restart Wazuh Agent
tags:
- init
- config
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
owner: wazuh
group: wazuh
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
- authd_pass | length > 0
tags:
- config
- name: macOS | Delete downloaded Wazuh agent installer file
file:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
state: absent

3
roles/wazuh/ansible-wazuh-agent/tasks/main.yml
View File

@ -23,3 +23,6 @@
- include_tasks: "Linux.yml" - include_tasks: "Linux.yml"
when: ansible_system == "Linux" when: ansible_system == "Linux"
- include_tasks: "macOS.yml"
when: ansible_system == "Darwin"

59
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -30,6 +30,9 @@
<config-profile>{{ wazuh_profile_ubuntu }}</config-profile> <config-profile>{{ wazuh_profile_ubuntu }}</config-profile>
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if ansible_system == "Darwin" %}
<config-profile>{{ wazuh_profile_macos }}</config-profile>
{% endif %}
{% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
<notify_time>{{ wazuh_notify_time }}</notify_time> <notify_time>{{ wazuh_notify_time }}</notify_time>
<time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect> <time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect>
@ -64,8 +67,10 @@
{% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %}
<agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path> <agent_key_path>{{ wazuh_agent_config.enrollment.agent_key_path }}</agent_key_path>
{% endif %} {% endif %}
{% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 %} {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path> <authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path }}</authorization_pass_path>
{% else %}
<authorization_pass_path>{{ wazuh_agent_config.enrollment.authorization_pass_path_macos }}</authorization_pass_path>
{% endif %} {% endif %}
{% if wazuh_agent_config.enrollment.auto_method | length > 0 %} {% if wazuh_agent_config.enrollment.auto_method | length > 0 %}
<auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method> <auto_method>{{ wazuh_agent_config.enrollment.auto_method }}</auto_method>
@ -91,7 +96,7 @@
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<check_files>yes</check_files> <check_files>yes</check_files>
<check_trojans>yes</check_trojans> <check_trojans>yes</check_trojans>
<check_dev>yes</check_dev> <check_dev>yes</check_dev>
@ -103,10 +108,14 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>
{% if ansible_system == "Darwin" %}
<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
{% else %}
<rootkit_files>{{ wazuh_dir }}/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_files>{{ wazuh_dir }}/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt</rootkit_trojans> <rootkit_trojans>{{ wazuh_dir }}/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
<skip_nfs>yes</skip_nfs>
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
<windows_apps>./shared/win_applications_rcl.txt</windows_apps> <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
<windows_malware>./shared/win_malware_rcl.txt</windows_malware> <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
@ -179,6 +188,7 @@
</wodle> </wodle>
{% endif %} {% endif %}
{% if ansible_system != "Darwin" %}
<wodle name="cis-cat"> <wodle name="cis-cat">
<disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled> <disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled>
<timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout> <timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout>
@ -193,6 +203,7 @@
{% endif %} {% endif %}
<ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path> <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
</wodle> </wodle>
{% endif %}
<!-- Osquery integration --> <!-- Osquery integration -->
<wodle name="osquery"> <wodle name="osquery">
@ -249,13 +260,18 @@
<syscheck> <syscheck>
<disabled>no</disabled> <disabled>no</disabled>
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) --> <!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %} {% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories> <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %} {% endfor %}
{% elif ansible_system == "Darwin" %}
{% for directory in wazuh_agent_config.syscheck.macos_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -267,7 +283,7 @@
{% endif %} {% endif %}
<!-- Files/directories to ignore --> <!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %} {% if wazuh_agent_config.syscheck.ignore is defined and (ansible_system == "Linux" or ansible_system == "Darwin") %}
{% for ignore in wazuh_agent_config.syscheck.ignore %} {% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore> <ignore>{{ ignore }}</ignore>
{% endfor %} {% endfor %}
@ -286,7 +302,7 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" or ansible_system == "Darwin" %}
<!-- Files no diff --> <!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
@ -363,6 +379,27 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_system == "Darwin" %}
{% for localfile in wazuh_agent_config.localfiles.macos %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %}
<location>{{ localfile.location }}</location>
{% if localfile.format == 'macos' %}
<query type="{{ localfile.query.type }}" level="{{ localfile.query.level }}">{{ localfile.query.value }}</query>
{% endif %}
{% endif %}
</localfile>
{% endfor %}
{% endif %}
{% if ansible_os_family == "Debian" %} {% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %} {% for localfile in wazuh_agent_config.localfiles.debian %}
@ -439,7 +476,15 @@
<active-response> <active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled> <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store> <ca_store>
{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}
{% else %}
{% if ansible_system == "Darwin" %}{{ wazuh_agent_config.active_response.ca_store_macos }}
{% else %}
{{ wazuh_agent_config.active_response.ca_store }}
{% endif %}
{% endif %}
</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification> <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response> </active-response>

5
roles/wazuh/vars/repo.yml
View File

@ -7,6 +7,11 @@ wazuh_winagent_config_url: "https://packages.wazuh.com/4.x/windows/wazuh-agent-{
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" wazuh_winagent_sha512_url: "https://packages.wazuh.com/4.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8 certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool

5
roles/wazuh/vars/repo_pre-release.yml
View File

@ -7,6 +7,11 @@ wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/w
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512"
wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/pre-release/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8 certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool

5
roles/wazuh/vars/repo_staging.yml
View File

@ -6,6 +6,11 @@ wazuh_repo:
wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi"
wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}"
certs_gen_tool_version: 4.8 certs_gen_tool_version: 4.8
# Url of certificates generator tool # Url of certificates generator tool