roles/agent: reduce depth of wazuh_agent_config by extracting internal dicts to outside variables
This commit is contained in:
neonmei
parent
389a3a2ed5
commit
53fbc82931
@ -32,19 +32,11 @@ wazuh_agent_sources_installation:
|
||||
user_agent_config_profile: null
|
||||
user_ca_store: "/var/ossec/wpk_root.pem"
|
||||
|
||||
wazuh_managers:
|
||||
- address: 127.0.0.1
|
||||
port: 1514
|
||||
protocol: tcp
|
||||
api_port: 55000
|
||||
api_proto: 'http'
|
||||
api_user: null
|
||||
max_retries: 5
|
||||
retry_interval: 5
|
||||
wazuh_api_reachable_from_agent: false
|
||||
wazuh_profile_centos: 'centos, centos7, centos7.6'
|
||||
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
|
||||
wazuh_auto_restart: 'yes'
|
||||
|
||||
wazuh_agent_authd:
|
||||
registration_address: 127.0.0.1
|
||||
enable: false
|
||||
@ -69,23 +61,110 @@ wazuh_winagent_config:
|
||||
md5: f9737cbd7df7104c1bee9f3e8b9ca26e
|
||||
wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi
|
||||
wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi
|
||||
wazuh_agent_config:
|
||||
repo:
|
||||
|
||||
wazuh_agent_repo:
|
||||
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
|
||||
yum: 'https://packages.wazuh.com/4.x/yum/'
|
||||
gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
|
||||
key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
|
||||
active_response:
|
||||
ar_disabled: 'no'
|
||||
ca_store: '/var/ossec/etc/wpk_root.pem'
|
||||
ca_store_win: 'wpk_root.pem'
|
||||
ca_verification: 'yes'
|
||||
log_format: 'plain'
|
||||
client_buffer:
|
||||
|
||||
wazuh_agent_nat: false
|
||||
|
||||
##########################################
|
||||
### Wazuh-OSSEC
|
||||
##########################################
|
||||
|
||||
wazuh_agent_config_overlay: yes
|
||||
|
||||
## Client
|
||||
wazuh_managers:
|
||||
- address: 127.0.0.1
|
||||
port: 1514
|
||||
protocol: tcp
|
||||
api_port: 55000
|
||||
api_proto: 'http'
|
||||
api_user: null
|
||||
max_retries: 5
|
||||
retry_interval: 5
|
||||
|
||||
## Enrollment
|
||||
wazuh_agent_enrollment:
|
||||
enabled: ''
|
||||
manager_address: ''
|
||||
port: 1515
|
||||
agent_name: 'testname'
|
||||
groups: ''
|
||||
agent_address: ''
|
||||
ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
|
||||
server_ca_path: ''
|
||||
agent_certificate_path: ''
|
||||
agent_key_path: ''
|
||||
authorization_pass_path: /var/ossec/etc/authd.pass
|
||||
auto_method: 'no'
|
||||
delay_after_enrollment: 20
|
||||
use_source_ip: 'no'
|
||||
|
||||
## Client buffer
|
||||
wazuh_agent_client_buffer:
|
||||
disable: 'no'
|
||||
queue_size: '5000'
|
||||
events_per_sec: '500'
|
||||
syscheck:
|
||||
|
||||
## Rootcheck
|
||||
wazuh_agent_rootcheck:
|
||||
frequency: 43200
|
||||
|
||||
## Wodles
|
||||
wazuh_agent_openscap:
|
||||
disable: 'yes'
|
||||
timeout: 1800
|
||||
interval: '1d'
|
||||
scan_on_start: 'yes'
|
||||
|
||||
wazuh_agent_cis_cat:
|
||||
disable: 'yes'
|
||||
install_java: 'no'
|
||||
timeout: 1800
|
||||
interval: '1d'
|
||||
scan_on_start: 'yes'
|
||||
java_path: 'wodles/java'
|
||||
java_path_win: '\\server\jre\bin\java.exe'
|
||||
ciscat_path: 'wodles/ciscat'
|
||||
ciscat_path_win: 'C:\cis-cat'
|
||||
|
||||
wazuh_agent_osquery:
|
||||
disable: 'yes'
|
||||
run_daemon: 'yes'
|
||||
bin_path_win: 'C:\Program Files\osquery\osqueryd'
|
||||
log_path: '/var/log/osquery/osqueryd.results.log'
|
||||
log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
|
||||
config_path: '/etc/osquery/osquery.conf'
|
||||
config_path_win: 'C:\Program Files\osquery\osquery.conf'
|
||||
add_labels: 'yes'
|
||||
|
||||
wazuh_agent_syscollector:
|
||||
disable: 'no'
|
||||
interval: '1h'
|
||||
scan_on_start: 'yes'
|
||||
hardware: 'yes'
|
||||
os: 'yes'
|
||||
network: 'yes'
|
||||
packages: 'yes'
|
||||
ports_no: 'yes'
|
||||
processes: 'yes'
|
||||
|
||||
## SCA
|
||||
wazuh_agent_sca:
|
||||
enabled: 'yes'
|
||||
scan_on_start: 'yes'
|
||||
interval: '12h'
|
||||
skip_nfs: 'yes'
|
||||
day: ''
|
||||
wday: ''
|
||||
time: ''
|
||||
|
||||
## Syscheck
|
||||
wazuh_agent_syscheck:
|
||||
frequency: 43200
|
||||
scan_on_start: 'yes'
|
||||
auto_ignore: 'no'
|
||||
@ -153,7 +232,6 @@ wazuh_agent_config:
|
||||
checks: 'recursion_level="0" restrict="winrm.vbs$"'
|
||||
- dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
|
||||
checks: 'realtime="yes"'
|
||||
|
||||
windows_registry:
|
||||
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
|
||||
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'
|
||||
@ -193,51 +271,9 @@ wazuh_agent_config:
|
||||
- key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users'
|
||||
- key: '\Enum$'
|
||||
type: "sregex"
|
||||
rootcheck:
|
||||
frequency: 43200
|
||||
openscap:
|
||||
disable: 'yes'
|
||||
timeout: 1800
|
||||
interval: '1d'
|
||||
scan_on_start: 'yes'
|
||||
osquery:
|
||||
disable: 'yes'
|
||||
run_daemon: 'yes'
|
||||
bin_path_win: 'C:\Program Files\osquery\osqueryd'
|
||||
log_path: '/var/log/osquery/osqueryd.results.log'
|
||||
log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
|
||||
config_path: '/etc/osquery/osquery.conf'
|
||||
config_path_win: 'C:\Program Files\osquery\osquery.conf'
|
||||
add_labels: 'yes'
|
||||
syscollector:
|
||||
disable: 'no'
|
||||
interval: '1h'
|
||||
scan_on_start: 'yes'
|
||||
hardware: 'yes'
|
||||
os: 'yes'
|
||||
network: 'yes'
|
||||
packages: 'yes'
|
||||
ports_no: 'yes'
|
||||
processes: 'yes'
|
||||
sca:
|
||||
enabled: 'yes'
|
||||
scan_on_start: 'yes'
|
||||
interval: '12h'
|
||||
skip_nfs: 'yes'
|
||||
day: ''
|
||||
wday: ''
|
||||
time: ''
|
||||
cis_cat:
|
||||
disable: 'yes'
|
||||
install_java: 'no'
|
||||
timeout: 1800
|
||||
interval: '1d'
|
||||
scan_on_start: 'yes'
|
||||
java_path: 'wodles/java'
|
||||
java_path_win: '\\server\jre\bin\java.exe'
|
||||
ciscat_path: 'wodles/ciscat'
|
||||
ciscat_path_win: 'C:\cis-cat'
|
||||
localfiles:
|
||||
|
||||
## Localfile
|
||||
wazuh_agent_localfiles:
|
||||
debian:
|
||||
- format: 'syslog'
|
||||
location: '/var/log/auth.log'
|
||||
@ -279,24 +315,40 @@ wazuh_agent_config:
|
||||
location: 'System'
|
||||
- format: 'syslog'
|
||||
location: 'active-response\active-responses.log'
|
||||
labels:
|
||||
|
||||
## Labels
|
||||
wazuh_agent_labels:
|
||||
enable: false
|
||||
list:
|
||||
- key: Env
|
||||
value: Production
|
||||
enrollment:
|
||||
enabled: ''
|
||||
manager_address: ''
|
||||
port: 1515
|
||||
agent_name: 'testname'
|
||||
groups: ''
|
||||
agent_address: ''
|
||||
ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
|
||||
server_ca_path: ''
|
||||
agent_certificate_path: ''
|
||||
agent_key_path: ''
|
||||
authorization_pass_path : /var/ossec/etc/authd.pass
|
||||
auto_method: 'no'
|
||||
delay_after_enrollment: 20
|
||||
use_source_ip: 'no'
|
||||
wazuh_agent_nat: false
|
||||
|
||||
## Active response
|
||||
wazuh_agent_active_response:
|
||||
ar_disabled: 'no'
|
||||
ca_store: '/var/ossec/etc/wpk_root.pem'
|
||||
ca_store_win: 'wpk_root.pem'
|
||||
ca_verification: 'yes'
|
||||
|
||||
## Logging
|
||||
wazuh_agent_log_format: 'plain'
|
||||
|
||||
# wazuh_agent_config
|
||||
wazuh_agent_config_defaults:
|
||||
repo: '{{ wazuh_agent_repo }}'
|
||||
active_response: '{{ wazuh_agent_active_response }}'
|
||||
log_format: '{{ wazuh_agent_log_format }}'
|
||||
client_buffer: '{{ wazuh_agent_client_buffer }}'
|
||||
syscheck: '{{ wazuh_agent_syscheck }}'
|
||||
|
||||
rootcheck: '{{ wazuh_agent_rootcheck }}'
|
||||
openscap: '{{ wazuh_agent_openscap }}'
|
||||
|
||||
osquery: '{{ wazuh_agent_osquery }}'
|
||||
syscollector: '{{ wazuh_agent_syscollector }}'
|
||||
sca: '{{ wazuh_agent_sca }}'
|
||||
cis_cat: '{{ wazuh_agent_cis_cat }}'
|
||||
localfiles: '{{ wazuh_agent_localfiles }}'
|
||||
|
||||
labels: '{{ wazuh_agent_labels }}'
|
||||
enrollment: '{{ wazuh_agent_enrollment }}'
|
||||
|
||||
Loading…
Reference in New Issue
Block a user