From 3ef34f1c28d2ecabd25edc55ce8fa480eaad43df Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Mon, 24 Jul 2017 23:23:39 -0400
Subject: [PATCH] Wazuh manager: control more syscheck options.

---
 ansible-wazuh-manager/defaults/main.yml       | 26 +++++++++++++++++--
 .../var-ossec-etc-ossec-server.conf.j2        | 22 +++++++++-------
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml
index b598c053..047ebcb2 100644
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@@ -7,8 +7,30 @@ wazuh_manager_config:
     - admin@example.net
   mail_smtp_server: localhost
   mail_from: wazuh-server@example.com
-  frequency_check: 43200
-  syscheck_scan_on_start: 'yes'
+  syscheck:
+    frequency: 43200
+    scan_on_start: 'yes'
+    ignore:
+      - /etc/mtab
+      - /etc/mnttab
+      - /etc/hosts.deny
+      - /etc/mail/statistics
+      - /etc/random-seed
+      - /etc/random.seed
+      - /etc/adjtime
+      - /etc/httpd/logs
+      - /etc/utmpx
+      - /etc/wtmpx
+      - /etc/cups/certs
+      - /etc/dumpdates
+      - /etc/svc/volatile
+    no_diff:
+      - /etc/ssl/private.key
+    directories:
+      - dirs: /etc,/usr/bin,/usr/sbin
+        checks: 'check_all="yes"'
+      - dirs: /bin,/sbin
+        checks: 'check_all="yes"'
   log_level: 1
   email_level: 12
   ignore_files:
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 348c9cf1..9dbc023e 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -89,23 +89,27 @@
 
   <syscheck>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ wazuh_manager_config.frequency_check }}</frequency>
-    <scan_on_start>{{ wazuh_manager_config.syscheck_scan_on_start }}</scan_on_start>
+    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
+    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
 
     <!-- Directories to check  (perform all possible verifications) -->
-{% for directory in wazuh_manager_config.directories %}
-   <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
-{% endfor %}
+    {% if wazuh_manager_config.syscheck.directories is defined %}
+    {% for directory in wazuh_manager_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
+    {% endfor %}
+    {% endif %}
 
     <!-- Files/directories to ignore -->
-    {% for ignore_file in wazuh_manager_config.ignore_files %}
-    <ignore>{{ ignore_file }}</ignore>
+    {% if wazuh_manager_config.syscheck.ignore is defined %}
+    {% for ignore in wazuh_manager_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
     {% endfor %}
+    {% endif %}
 
     <!-- Files no diff -->
-    {% for no_diff in wazuh_manager_config.no_diff %}
+{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
-    {% endfor %}
+{% endfor %}
   </syscheck>
 
   {% if ansible_distribution == 'Ubuntu'  and ansible_distribution_release == 'xenial' %}