diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml index a5b7f1ee..5a0d7b67 100644 --- a/ansible-wazuh-manager/defaults/main.yml +++ b/ansible-wazuh-manager/defaults/main.yml @@ -2,6 +2,7 @@ wazuh_manager_fqdn: "wazuh-server" wazuh_manager_config: + enable_authd: false email_notification: no mail_to: - admin@example.net diff --git a/ansible-wazuh-manager/tasks/main.yml b/ansible-wazuh-manager/tasks/main.yml index ebc5341d..5e000f40 100644 --- a/ansible-wazuh-manager/tasks/main.yml +++ b/ansible-wazuh-manager/tasks/main.yml @@ -106,7 +106,10 @@ owner=root group=root mode=0755 - when: ansible_service_mgr == "upstart" and ansible_os_family != "CoreOS" + when: + - ansible_service_mgr == "upstart" + - ansible_os_family != "CoreOS" + - wazuh_manager_config.enable_authd == true tags: - init - config @@ -115,11 +118,20 @@ template: src: ossec-authd.service dest: /lib/systemd/system/ossec-authd.service - when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS" + when: + - ansible_service_mgr == "systemd" + - ansible_os_family != "CoreOS" + - wazuh_manager_config.enable_authd == true tags: - init - config +- name: Ensure ossec-authd service is started and enabled + service: name=ossec-authd enabled=yes state=started + when: wazuh_manager_config.enable_authd == true + tags: + - config + - name: Wazuh-api User template: src: api_user.j2 @@ -145,7 +157,7 @@ shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp when: agentless_creeds is defined -- name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled +- name: Ensure Wazuh Manager, wazuh api service is started and enabled service: name: "{{ item }}" enabled: yes @@ -153,7 +165,8 @@ with_items: - wazuh-manager - wazuh-api - - ossec-authd + tags: + - config - include: "RMRedHat.yml" when: ansible_os_family == "RedHat"