Wazuh manager: control more syscheck options.

2017-07-24 23:23:39 -04:00 · 2017-07-24 23:23:39 -04:00 · 3ef34f1c28
commit 3ef34f1c28
parent 9bdf32ba2a
2 changed files with 37 additions and 11 deletions
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@ -7,8 +7,30 @@ wazuh_manager_config:
    - admin@example.net
  mail_smtp_server: localhost
  mail_from: wazuh-server@example.com
-  frequency_check: 43200
-  syscheck_scan_on_start: 'yes'
+  syscheck:
+    frequency: 43200
+    scan_on_start: 'yes'
+    ignore:
+      - /etc/mtab
+      - /etc/mnttab
+      - /etc/hosts.deny
+      - /etc/mail/statistics
+      - /etc/random-seed
+      - /etc/random.seed
+      - /etc/adjtime
+      - /etc/httpd/logs
+      - /etc/utmpx
+      - /etc/wtmpx
+      - /etc/cups/certs
+      - /etc/dumpdates
+      - /etc/svc/volatile
+    no_diff:
+      - /etc/ssl/private.key
+    directories:
+      - dirs: /etc,/usr/bin,/usr/sbin
+        checks: 'check_all="yes"'
+      - dirs: /bin,/sbin
+        checks: 'check_all="yes"'
  log_level: 1
  email_level: 12
  ignore_files:
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -89,21 +89,25 @@

  <syscheck>
    <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ wazuh_manager_config.frequency_check }}</frequency>
-    <scan_on_start>{{ wazuh_manager_config.syscheck_scan_on_start }}</scan_on_start>
+    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
+    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>

    <!-- Directories to check  (perform all possible verifications) -->
-{% for directory in wazuh_manager_config.directories %}
-   <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
+    {% if wazuh_manager_config.syscheck.directories is defined %}
+    {% for directory in wazuh_manager_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
    {% endfor %}
+    {% endif %}

    <!-- Files/directories to ignore -->
-    {% for ignore_file in wazuh_manager_config.ignore_files %}
-    <ignore>{{ ignore_file }}</ignore>
+    {% if wazuh_manager_config.syscheck.ignore is defined %}
+    {% for ignore in wazuh_manager_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
    {% endfor %}
+    {% endif %}

    <!-- Files no diff -->
-    {% for no_diff in wazuh_manager_config.no_diff %}
+{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
    <nodiff>{{ no_diff }}</nodiff>
 {% endfor %}
  </syscheck>