afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #260 from wazuh/feature-256-add-sca-template

Browse Source 
Add sca to Wazuh Agent and Manager installation
This commit is contained in:
Manuel J. Bernal 2019-10-08 12:20:55 +02:00 committed by GitHub
commit 5bfb3e0503
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -236,6 +236,14 @@ wazuh_agent_config:
packages: 'yes' packages: 'yes'
ports_no: 'yes' ports_no: 'yes'
processes: 'yes' processes: 'yes'
sca:
enabled: 'yes'
scan_on_start: 'yes'
interval: '12h'
skip_nfs: 'yes'
day: ''
wday: ''
time: ''
cis_cat: cis_cat:
disable: 'yes' disable: 'yes'
install_java: 'yes' install_java: 'yes'

24
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -270,7 +270,29 @@
<processes>{{ wazuh_agent_config.syscollector.processes }}</processes> <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
</wodle> </wodle>
<sca>
{% if wazuh_agent_config.sca.enabled | length > 0 %}
<enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
{% endif %}
{% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
<scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
{% endif %}
{% if wazuh_agent_config.sca.interval | length > 0 %}
<interval>{{ wazuh_agent_config.sca.interval }}</interval>
{% endif %}
{% if wazuh_agent_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs>
{% endif %}
{% if wazuh_agent_config.sca.day | length > 0 %}
<day>yes</day>
{% endif %}
{% if wazuh_agent_config.sca.wday | length > 0 %}
<wday>yes</wday>
{% endif %}
{% if wazuh_agent_config.sca.time | length > 0 %}
<time>yes</time>
{% endif %}
</sca>
{% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">

8
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -154,6 +154,14 @@ wazuh_manager_config:
packages: 'yes' packages: 'yes'
ports_no: 'yes' ports_no: 'yes'
processes: 'yes' processes: 'yes'
sca:
enabled: 'yes'
scan_on_start: 'yes'
interval: '12h'
skip_nfs: 'yes'
day: ''
wday: ''
time: ''
vul_detector: vul_detector:
disable: 'yes' disable: 'yes'
interval: '5m' interval: '5m'

24
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -222,6 +222,30 @@
<processes>{{ wazuh_manager_config.syscollector.processes }}</processes> <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
</wodle> </wodle>
<sca>
{% if wazuh_manager_config.sca.enabled | length > 0 %}
<enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
{% endif %}
{% if wazuh_manager_config.sca.scan_on_start | length > 0 %}
<scan_on_start>{{ wazuh_manager_config.sca.scan_on_start }}</scan_on_start>
{% endif %}
{% if wazuh_manager_config.sca.interval | length > 0 %}
<interval>{{ wazuh_manager_config.sca.interval }}</interval>
{% endif %}
{% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs>
{% endif %}
{% if wazuh_manager_config.sca.day | length > 0 %}
<day>yes</day>
{% endif %}
{% if wazuh_manager_config.sca.wday | length > 0 %}
<wday>yes</wday>
{% endif %}
{% if wazuh_manager_config.sca.time | length > 0 %}
<time>yes</time>
{% endif %}
</sca>
<wodle name="vulnerability-detector"> <wodle name="vulnerability-detector">
<disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled> <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
<interval>{{ wazuh_manager_config.vul_detector.interval }}</interval> <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>