From 7f5d5262e95836d839d042edcd48fd4da7d0d5dd Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Tue, 24 Jul 2018 09:03:18 -0400
Subject: [PATCH 1/6] Support option to disable active-responses. #39

---
 .../templates/var-ossec-etc-ossec-server.conf.j2              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 6ce31f99..bd1010f7 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -309,8 +309,8 @@
   <!-- Active Response Config -->
 {% for response in wazuh_manager_config.active_responses %}
   <active-response>
-    <disabled>no</disabled>
-    <command>{{ response.command }}</command>
+    <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
+    {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
     {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
     {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
     {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}

From b18019c9297c2ab4493dbc4b5c0cc2bff8b2299d Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Tue, 24 Jul 2018 09:43:33 -0400
Subject: [PATCH 2/6] Support all remote connection options. #41

---
 .../var-ossec-etc-ossec-server.conf.j2          | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index bd1010f7..4c79498f 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -118,8 +118,21 @@
   <remote>
   {% for connection in wazuh_manager_config.connection %}
     <connection>{{ connection.type }}</connection>
-    <port>{{ connection.port }}</port>
-    <protocol>{{ connection.protocol }}</protocol>
+    {% if connection.port is defined %}<port>{{ connection.port }}</port>{% endif %}
+    {% if connection.protocol is defined %}<protocol>{{ connection.protocol }}</protocol>{% endif %}
+    {% if connection.allowed_ips is defined %}
+    {% for allowed_ip in connection.allowed_ips %}
+    <allowed-ips>{{ allowed_ip }}</allowed-ips>
+    {% endfor %}
+    {% endif %}
+    {% if connection.denied_ips is defined %}
+    {% for denied_ip in connection.denied_ips %}
+    <denied-ips>{{ denied_ip }}</denied-ips>
+    {% endfor %}
+    {% endif %}
+    {% if connection.local_ip is defined %}<local_ip>{{ connection.local_ip }}</local_ip>{% endif %}
+    {% if connection.ipv6 is defined %}<ipv6>{{ connection.ipv6 }}</ipv6>{% endif %}
+    {% if connection.queue_size is defined %}<queue_size>{{ connection.queue_size }}</queue_size>{% endif %}
   {% endfor %}
   </remote>
 

From 956b56b82b0aa2069161bf183e7642d35da0e188 Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Tue, 24 Jul 2018 15:17:21 -0400
Subject: [PATCH 3/6] Support all localfile options. #43

---
 .../var-ossec-etc-ossec-server.conf.j2        | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 4c79498f..788ecec0 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -340,9 +340,33 @@
      <log_format>{{ localfile.format }}</log_format>
      {% if localfile.format == 'command' or localfile.format == 'full_command' %}
      <command>{{ localfile.command }}</command>
+     {% if localfile.alias is defined %}
+     <alias>{{ localfile.alias }}</alias>
+     {% endif %}
+     {% if localfile.frequency is defined %}
      <frequency>{{ localfile.frequency }}</frequency>
+     {% endif %}
      {% else %}
      <location>{{ localfile.location }}</location>
+     {% if localfile.format == 'eventchannel' %}
+     {% if localfile.only_future_events is defined %}
+     <only-future-events>{{ localfile.only_future_events }}</only_future_events>
+     {% endif %}
+     {% if localfile.query is defined %}
+     <query>{{ localfile.query }}</query>
+     {% endif %}
+     {% endif %}
+     {% endif %}
+     {% if localfile.log_format == 'json' and localfile.labels is defined %}
+     {% for key, value in localfile.labels.iteritems() %}
+     <label key="{{ key }}">{{ value }}</label>
+     {% endfor %}
+     {% endif %}
+     {% if localfile.target is defined %}
+     <target>{{ localfile.target }}</target>
+     {% endif %}
+     {% if localfile.out_format is defined %}
+     <out_format>{{ localfile.out_format }}</out_format>
      {% endif %}
   </localfile>
 {% endfor %}

From 09620d3af67d58a081e7dcaea0769c435e4dec99 Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Wed, 25 Jul 2018 11:35:12 -0400
Subject: [PATCH 4/6] Allow rule exclusions #44

---
 ansible-wazuh-manager/defaults/main.yml                     | 2 ++
 .../templates/var-ossec-etc-ossec-server.conf.j2            | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml
index 93bec74d..67c83c0a 100644
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@@ -167,6 +167,8 @@ wazuh_manager_config:
       executable: 'route-null.cmd'
       expect: 'srcip'
       timeout_allowed: 'yes'
+  rule_exclude:
+    - '0215-policy_rules.xml'
   active_responses:
     - command: 'restart-ossec'
       location: 'local'
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 788ecec0..2476b9d1 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -307,7 +307,11 @@
     <!-- Default ruleset -->
     <decoder_dir>ruleset/decoders</decoder_dir>
     <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    {% if wazuh_manager_config.rule_exclude is defined %}
+    {% for rule in wazuh_manager_config.rule_exclude %}
+    <rule_exclude>{{ rule }}</rule_exclude>
+    {% endfor %}
+    {% endif %}
     {% if cdb_lists is defined %}
     {% for list in cdb_lists %}
     <list>etc/lists/{{ list.name }}</list>

From 4ee82b8212fb3d0c703f677df193a7f43ad0feeb Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Wed, 25 Jul 2018 16:07:58 -0400
Subject: [PATCH 5/6] Fix typo.

---
 .../templates/var-ossec-etc-ossec-server.conf.j2                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 2476b9d1..0b71d8f5 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -361,7 +361,7 @@
      {% endif %}
      {% endif %}
      {% endif %}
-     {% if localfile.log_format == 'json' and localfile.labels is defined %}
+     {% if localfile.format == 'json' and localfile.labels is defined %}
      {% for key, value in localfile.labels.iteritems() %}
      <label key="{{ key }}">{{ value }}</label>
      {% endfor %}

From 318cc9531b98ab7f66e57b23d2b07cf3b7eff844 Mon Sep 17 00:00:00 2001
From: Bob Vincent <pillarsdotnet@gmail.com>
Date: Wed, 25 Jul 2018 16:21:34 -0400
Subject: [PATCH 6/6] Copy localfiles enhancements to agent template.

---
 .../var-ossec-etc-shared-agent.conf.j2        | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 48c617d2..6b40451d 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -46,9 +46,33 @@
        <log_format>{{ localfile.format }}</log_format>
        {% if localfile.format == 'command' or localfile.format == 'full_command' %}
        <command>{{ localfile.command }}</command>
+       {% if localfile.alias is defined %}
+       <alias>{{ localfile.alias }}</alias>
+       {% endif %}
+       {% if localfile.frequency is defined %}
        <frequency>{{ localfile.frequency }}</frequency>
+       {% endif %}
        {% else %}
        <location>{{ localfile.location }}</location>
+       {% if localfile.format == 'eventchannel' %}
+       {% if localfile.only_future_events is defined %}
+       <only-future-events>{{ localfile.only_future_events }}</only_future_events>
+       {% endif %}
+       {% if localfile.query is defined %}
+       <query>{{ localfile.query }}</query>
+       {% endif %}
+       {% endif %}
+       {% endif %}
+       {% if localfile.format == 'json' and localfile.labels is defined %}
+       {% for key, value in localfile.labels.iteritems() %}
+       <label key="{{ key }}">{{ value }}</label>
+       {% endfor %}
+       {% endif %}
+       {% if localfile.target is defined %}
+       <target>{{ localfile.target }}</target>
+       {% endif %}
+       {% if localfile.out_format is defined %}
+       <out_format>{{ localfile.out_format }}</out_format>
        {% endif %}
     </localfile>
   {% endfor %}