afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define config_profile for CentOS and Ubuntu

Browse Source
This commit is contained in:
Rshad Zhran 2020-01-10 13:36:12 +01:00
parent 8ba493ed24
commit 5aa0f2e6c4
2 changed files with 101 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -30,7 +30,8 @@ wazuh_managers:
api_port: 55000 api_port: 55000
api_proto: 'http' api_proto: 'http'
api_user: null api_user: null
wazuh_profile: null wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_agent_authd: wazuh_agent_authd:
enable: false enable: false
@ -102,7 +103,7 @@ wazuh_agent_config:
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: 'check_all="yes"'
- dirs: /bin,/sbin - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: 'check_all="yes"'
win_directories: win_directories:
- dirs: '%WINDIR%\regedit.exe' - dirs: '%WINDIR%\regedit.exe'

193
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -19,8 +19,12 @@
{% endif %} {% endif %}
</server> </server>
{% endfor %} {% endfor %}
{% if wazuh_profile is not none %} {% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %}
<config-profile>{{ wazuh_profile }}</config-profile> {% if ansible_distribution == 'CentOS' %}
<config-profile>{{ wazuh_profile_centos }}</config-profile>
{% elif ansible_distribution == "Ubuntu" %}
<config-profile>{{ wazuh_profile_ubuntu }}</config-profile>
{% endif %}
{% endif %} {% endif %}
{% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
<notify_time>{{ wazuh_notify_time }}</notify_time> <notify_time>{{ wazuh_notify_time }}</notify_time>
@ -37,16 +41,6 @@
<events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second> <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
</client_buffer> </client_buffer>
<logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging>
<active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response>
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
@ -75,89 +69,6 @@
</rootcheck> </rootcheck>
{% endif %} {% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck is defined %}
<syscheck>
<disabled>no</disabled>
<!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %}
<!-- <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- File types to ignore -->
{% if wazuh_agent_config.syscheck.ignore_linux_type is defined %}
{% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
{% for ignore in wazuh_agent_config.syscheck.ignore_win %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if ansible_system == "Linux" %}
<!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %}
<windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
{% else %}
<windows_registry>{{ registry_key.key }}</windows_registry>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
{% if registry_key.type is defined %}
<registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
{% else %}
<registry_ignore>{{ registry_key.key }}</registry_ignore>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
<!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %}
</syscheck>
{% endif %}
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
<wodle name="open-scap"> <wodle name="open-scap">
@ -276,6 +187,88 @@
{% endif %} {% endif %}
</sca> </sca>
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck is defined %}
<syscheck>
<disabled>no</disabled>
<!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- File types to ignore -->
{% if wazuh_agent_config.syscheck.ignore_linux_type is defined %}
{% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
{% for ignore in wazuh_agent_config.syscheck.ignore_win %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if ansible_system == "Linux" %}
<!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %}
<windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
{% else %}
<windows_registry>{{ registry_key.key }}</windows_registry>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
{% if registry_key.type is defined %}
<registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
{% else %}
<registry_ignore>{{ registry_key.key }}</registry_ignore>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
<!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %}
</syscheck>
{% endif %}
{% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
<disabled>no</disabled> <disabled>no</disabled>
@ -365,4 +358,14 @@
</labels> </labels>
{% endif %} {% endif %}
<active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response>
<logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging>
</ossec_config> </ossec_config>