From ed7b24ff96da34431b969d01e165fb87835ab4cc Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 12:36:50 +0100 Subject: [PATCH 1/5] roles/wazuh-agent: set enrollment to enabled by default --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 21ccb4f7..be48deb6 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -89,7 +89,7 @@ wazuh_managers: ## Enrollment wazuh_agent_enrollment: - enabled: '' + enabled: 'yes' manager_address: '' port: 1515 agent_name: 'testname' From ff78ce7d76ffaaf8b06529624ef6d61bce56f4d6 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:08:25 +0100 Subject: [PATCH 2/5] roles/wazuh-agent: Fix authd registration verify task. Use authd pass only if size > 0 --- roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml | 6 +++--- roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 54b370f8..ce92b033 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -47,7 +47,7 @@ - name: Linux | Check if client.keys exists stat: path=/var/ossec/etc/client.keys register: check_keys - when: wazuh_agent_config.enrollment.enabled == 'yes' + when: wazuh_agent_config.enrollment.enabled == 'no' tags: - config @@ -86,7 +86,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_nat %} -I "any" {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }} {% endif %} + {% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" {% endif %} @@ -109,7 +109,7 @@ - wazuh_agent_authd.registration_address is not none - name: Linux | Verify agent registration - shell: echo {{ agent_auth_output }} | grep "Valid key created" + shell: echo {{ agent_auth_output }} | grep "Valid key received" when: - not check_keys.stat.exists or check_keys.stat.size == 0 - wazuh_agent_authd.registration_address is not none diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml index c778933c..3a7756ca 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml @@ -65,7 +65,7 @@ -m {{ wazuh_agent_authd.registration_address }} -p {{ wazuh_agent_authd.port }} {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} - {% if authd_pass is defined %} -P {{ authd_pass }}{% endif %} + {% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %} register: agent_auth_output notify: Windows | Restart Wazuh Agent when: From 5f91c3d4c0da5bec26011ff35907537f6b4c2bbb Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:48:49 +0100 Subject: [PATCH 3/5] roles/wazuh-agent: remove agent auth configuration for centos7 agent --- .../host_vars/wazuh_agent_centos7.yml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml deleted file mode 100644 index b4b37153..00000000 --- a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -wazuh_agent_authd: - registration_address: '{{ manager_addresses | random }}' - enable: true - port: 1515 - ssl_agent_ca: null - ssl_auto_negotiate: 'no' \ No newline at end of file From c7882bf53241226193401ace5f536c04680da8b7 Mon Sep 17 00:00:00 2001 From: zenidd Date: Fri, 20 Nov 2020 14:54:29 +0100 Subject: [PATCH 4/5] Revert "roles/wazuh-agent: remove agent auth configuration for centos7 agent" This reverts commit 5f91c3d4c0da5bec26011ff35907537f6b4c2bbb. --- .../host_vars/wazuh_agent_centos7.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml diff --git a/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml new file mode 100644 index 00000000..b4b37153 --- /dev/null +++ b/molecule/distributed-wazuh-elk/host_vars/wazuh_agent_centos7.yml @@ -0,0 +1,7 @@ +--- +wazuh_agent_authd: + registration_address: '{{ manager_addresses | random }}' + enable: true + port: 1515 + ssl_agent_ca: null + ssl_auto_negotiate: 'no' \ No newline at end of file From ec831975bb9119781c2e5d237e84c4b489a57541 Mon Sep 17 00:00:00 2001 From: zenidd Date: Mon, 23 Nov 2020 17:44:59 +0100 Subject: [PATCH 5/5] roles/wazuh-agent: remove default agent_name --- roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 10301cfc..4f587c86 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -98,7 +98,7 @@ wazuh_agent_enrollment: enabled: 'yes' manager_address: '' port: 1515 - agent_name: 'testname' + agent_name: '' groups: '' agent_address: '' ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH