From 3ec7f354f4f1e6e570c53219b9a0b71fbd627206 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Wed, 23 Aug 2017 15:37:41 -0400 Subject: [PATCH] Adding windows support. --- ansible-wazuh-agent/defaults/main.yml | 5 ++ ansible-wazuh-agent/handlers/main.yml | 3 ++ ansible-wazuh-agent/tasks/Linux.yml | 59 ++++++++++++++++++++++ ansible-wazuh-agent/tasks/Windows.yml | 70 +++++++++++++++++++++++++++ ansible-wazuh-agent/tasks/main.yml | 61 ++--------------------- 5 files changed, 141 insertions(+), 57 deletions(-) create mode 100644 ansible-wazuh-agent/tasks/Linux.yml create mode 100644 ansible-wazuh-agent/tasks/Windows.yml diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml index b49e02ff..62716bab 100644 --- a/ansible-wazuh-agent/defaults/main.yml +++ b/ansible-wazuh-agent/defaults/main.yml @@ -6,6 +6,11 @@ wazuh_manager_proto: tcp wazuh_register_client: false wazuh_notify_time: null wazuh_time_reconnect: null +wazuh_winagent_config: + install_dir: 'C:\wazuh-agent\' + version: '2.1.0' + url: https://packages.wazuh.com/windows/wazuh-winagent-v2.1.0-1.exe + md5: 715fbd55f670c2cecc607f2cbd0b2310 wazuh_agent_config: log_format: 'plain' syscheck: diff --git a/ansible-wazuh-agent/handlers/main.yml b/ansible-wazuh-agent/handlers/main.yml index f778a145..bb84954e 100644 --- a/ansible-wazuh-agent/handlers/main.yml +++ b/ansible-wazuh-agent/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart wazuh-agent service: name=wazuh-agent state=restarted enabled=yes + +- name: restart wazuh-agent windows + win_service: name=OssecSvc start_mode=auto state=restarted diff --git a/ansible-wazuh-agent/tasks/Linux.yml b/ansible-wazuh-agent/tasks/Linux.yml new file mode 100644 index 00000000..74db22d3 --- /dev/null +++ b/ansible-wazuh-agent/tasks/Linux.yml @@ -0,0 +1,59 @@ +--- +- include: "RedHat.yml" + when: ansible_os_family == "RedHat" + +- include: "Debian.yml" + when: ansible_os_family == "Debian" + +- name: Linux | Install wazuh-agent + package: name=wazuh-agent state=latest + tags: + - init + +- name: Linux | Check if client.keys exists + stat: path=/var/ossec/etc/client.keys + register: check_keys + tags: + - config + +- name: Linux | Register agent + shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }} + register: agent_auth_output + when: + - wazuh_register_client == true + - check_keys.stat.size == 0 + - wazuh_manager_ip is not none + tags: + - config + +- name: Linux | Verify agent registration + shell: echo {{ agent_auth_output }} | grep "Valid key created" + when: + - wazuh_register_client == true + - check_keys.stat.size == 0 + - wazuh_manager_ip is not none + tags: + - config + +- name: Linux | Installing agent configuration (ossec.conf) + template: src=var-ossec-etc-ossec-agent.conf.j2 + dest=/var/ossec/etc/ossec.conf + owner=root + group=ossec + mode=0644 + notify: restart wazuh-agent + tags: + - init + - config + +- name: Linux | Ensure Wazuh Agent service is started and enabled + service: + name: wazuh-agent + enabled: yes + state: started + +- include: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- include: "RMDebian.yml" + when: ansible_os_family == "Debian" diff --git a/ansible-wazuh-agent/tasks/Windows.yml b/ansible-wazuh-agent/tasks/Windows.yml new file mode 100644 index 00000000..abad7728 --- /dev/null +++ b/ansible-wazuh-agent/tasks/Windows.yml @@ -0,0 +1,70 @@ +--- +- name: Windows | Get current installed version + win_shell: "{{ wazuh_winagent_config.install_dir }}ossec-agent.exe -h" + args: + removes: "{{ wazuh_winagent_config.install_dir }}ossec-agent.exe" + register: agent_version + failed_when: False + changed_when: False + +- name: Windows | Check Wazuh agent version installed + set_fact: correct_version=true + when: + - agent_version.stdout is defined + - wazuh_winagent_config.version in agent_version.stdout + +- name: Windows | Downloading windows Wazuh agent installer + win_get_url: + dest: C:\wazuh-agent-installer.exe + url: "{{ wazuh_winagent_config.url }}" + when: + - correct_version is not defined + +- name: Windows | Verify the downloaded Wazuh agent installer + win_stat: + path: C:\wazuh-agent-installer.exe + get_checksum: yes + checksum_algorithm: md5 + register: installer_md5 + when: + - correct_version is not defined + failed_when: + - installer_md5.stat.checksum != wazuh_winagent_config.md5 + +- name: Windows | Install Wazuh agent + win_shell: C:\wazuh-agent-installer.exe /S /D={{ wazuh_winagent_config.install_dir }} + when: + - correct_version is not defined + +- name: Windows | Check if client.keys exists + win_stat: path="{{ wazuh_winagent_config.install_dir }}client.keys" + register: check_windows_key + notify: restart wazuh-agent windows + tags: + - config + +- name: Windows | Register agent + win_shell: "{{ wazuh_winagent_config.install_dir }}agent-auth.exe -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}" + args: + chdir: "{{ wazuh_winagent_config.install_dir }}" + register: agent_auth_output + notify: restart wazuh-agent windows + when: + - wazuh_register_client == true + - check_windows_key.stat.exists == false + - wazuh_manager_ip is not none + tags: + - config + +- name: Windows | Installing agent configuration (ossec.conf) + win_template: + src: var-ossec-etc-ossec-agent.conf.j2 + dest: "{{ wazuh_winagent_config.install_dir }}ossec.conf" + notify: restart wazuh-agent windows + tags: + - config + +- name: Windows | Delete downloaded Wazuh agent installer file + win_file: + path: C:\wazuh-agent-installer.exe + state: absent diff --git a/ansible-wazuh-agent/tasks/main.yml b/ansible-wazuh-agent/tasks/main.yml index 2b8868b6..ade60835 100644 --- a/ansible-wazuh-agent/tasks/main.yml +++ b/ansible-wazuh-agent/tasks/main.yml @@ -1,59 +1,6 @@ --- -- include: "RedHat.yml" - when: ansible_os_family == "RedHat" +- include: "Windows.yml" + when: ansible_os_family == "Windows" -- include: "Debian.yml" - when: ansible_os_family == "Debian" - -- name: Install wazuh-agent - package: name=wazuh-agent state=latest - tags: - - init - -- name: Check if client.keys exists - stat: path=/var/ossec/etc/client.keys - register: check_keys - tags: - - config - -- name: Register agent - shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }} - register: agent_auth_output - when: - - wazuh_register_client == true - - check_keys.stat.size == 0 - - wazuh_manager_ip is not none - tags: - - config - -- name: Verify agent registration - shell: echo {{ agent_auth_output }} | grep "Valid key created" - when: - - wazuh_register_client == true - - check_keys.stat.size == 0 - - wazuh_manager_ip is not none - tags: - - config - -- name: Installing agent configuration (ossec.conf) - template: src=var-ossec-etc-ossec-agent.conf.j2 - dest=/var/ossec/etc/ossec.conf - owner=root - group=ossec - mode=0644 - notify: restart wazuh-agent - tags: - - init - - config - -- name: Ensure Wazuh Agent service is started and enabled - service: - name: wazuh-agent - enabled: yes - state: started - -- include: "RMRedHat.yml" - when: ansible_os_family == "RedHat" - -- include: "RMDebian.yml" - when: ansible_os_family == "Debian" +- include: "Linux.yml" + when: ansible_system == "Linux"