Implement Linux agent registration via restapi

ansible-wazuh-agent/defaults/main.yml

@@ -3,6 +3,10 @@ wazuh_managers:
   - address: 127.0.0.1
     port: 1514
     protocol: tcp
+    api_port: 55000
+    api_proto: 'https'
+    api_user: null
+    api_password: null
 wazuh_profile: null
 wazuh_auto_restart: 'yes'
 wazuh_agent_authd:

ansible-wazuh-agent/tasks/Linux.yml

@@ -10,60 +10,127 @@
   tags:
     - init
 
-- name: Retrieving authd Credentials
-  include_vars: authd_pass.yml
-  tags:
-    - config
-
-- name: Copy CA, SSL key and cert for authd
-  copy:
-    src: "{{ item }}"
-    dest: "/var/ossec/etc/{{ item | basename }}"
-    mode: 0644
-  with_items:
-    - "{{ wazuh_agent_authd.ssl_agent_ca }}"
-    - "{{ wazuh_agent_authd.ssl_agent_cert }}"
-    - "{{ wazuh_agent_authd.ssl_agent_key }}"
-  tags:
-    - config
-  when:
-    - wazuh_agent_authd.ssl_agent_ca is not none
-    - wazuh_agent_authd.enable == true
-
 - name: Linux | Check if client.keys exists
   stat: path=/var/ossec/etc/client.keys
   register: check_keys
   tags:
     - config
 
-- name: Linux | Register agent
+- name: Linux | Agent registration via authd
-  shell: >
+  block:
-    /var/ossec/bin/agent-auth
-    -m {{ wazuh_managers.0.address }}
-    -p {{ wazuh_agent_authd.port }}
-    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
-    {% if wazuh_agent_authd.ssl_agent_ca is not none %}
-    -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
-    -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
-    -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
-    {% endif %}
-    {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
-  register: agent_auth_output
-  when:
-    - wazuh_agent_authd.enable == true
-    - check_keys.stat.size == 0
-    - wazuh_managers.0.address is not none
-  tags:
-    - config
 
-- name: Linux | Verify agent registration
+    - name: Retrieving authd Credentials
-  shell: echo {{ agent_auth_output }} | grep "Valid key created"
+      include_vars: authd_pass.yml
-  when:
+      tags:
-    - wazuh_agent_authd.enable == true
+        - config
-    - check_keys.stat.size == 0
+
-    - wazuh_managers.0.address is not none
+    - name: Copy CA, SSL key and cert for authd
-  tags:
+      copy:
-    - config
+        src: "{{ item }}"
+        dest: "/var/ossec/etc/{{ item | basename }}"
+        mode: 0644
+      with_items:
+        - "{{ wazuh_agent_authd.ssl_agent_ca }}"
+        - "{{ wazuh_agent_authd.ssl_agent_cert }}"
+        - "{{ wazuh_agent_authd.ssl_agent_key }}"
+      tags:
+        - config
+      when:
+        - wazuh_agent_authd.ssl_agent_ca is not none
+
+    - name: Linux | Register agent (via authd)
+      shell: >
+        /var/ossec/bin/agent-auth
+        -m {{ wazuh_managers.0.address }}
+        -p {{ wazuh_agent_authd.port }}
+        {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
+        {% if wazuh_agent_authd.ssl_agent_ca is not none %}
+        -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+        -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
+        -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
+        {% endif %}
+        {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
+      register: agent_auth_output
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+      tags:
+        - config
+
+    - name: Linux | Verify agent registration
+      shell: echo {{ agent_auth_output }} | grep "Valid key created"
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+      tags:
+        - config
+
+  when: wazuh_agent_authd.enable == true
+
+- name: Linux | Agent registration via rest-API
+  block:
+
+    - name: Linux | Create the agent key via rest-API
+      uri:
+        url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/"
+        validate_certs: no
+        method: POST
+        body: {"name":"{{ inventory_hostname }}","ip":"{{ ansible_default_ipv4.address }}"}
+        body_format: json
+        status_code: 200
+        headers:
+          Content-Type: "application/json"
+        user: "{{ wazuh_managers.0.api_user }}"
+        password: "{{ wazuh_managers.0.api_password }}"
+      register: newagent_api
+      changed_when: newagent_api.json.error == 0
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+      delegate_to: localhost
+      become: no
+      tags:
+        - config
+        - api
+
+    - name: Linux | Retieve the client key via rest-API
+      uri:
+        url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}/key"
+        validate_certs: no
+        method: GET
+        return_content: yes
+        user: "{{ wazuh_managers.0.api_user }}"
+        password: "{{ wazuh_managers.0.api_password }}"
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+        - newagent_api.json.error == 0
+      register: newagentkey_api
+      delegate_to: localhost
+      become: no
+      tags:
+        - config
+        - api
+
+    - name: Linux | Register agent (via rest-API)
+      command: /var/ossec/bin/manage_agents
+      environment:
+        OSSEC_ACTION: i
+        OSSEC_AGENT_NAME: '{{ inventory_hostname }}'
+        OSSEC_AGENT_IP: '{{ ansible_default_ipv4.address }}'
+        OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}'
+        OSSEC_AGENT_KEY: '{{ newagentkey_api.json.data }}'
+        OSSEC_ACTION_CONFIRMED: y
+      register: manage_agents_output
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+        - newagent_api.changed
+      tags:
+        - config
+      notify: restart wazuh-agent
+
+  when: wazuh_agent_authd.enable == false
 
 - name: Linux | Vuls integration deploy (runs in background, can take a while)
   command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}

ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -1,4 +1,5 @@
 #jinja2: trim_blocks: False
+<!-- {{ ansible_managed }} -->
 <!--
   Wazuh - Agent
   More info at: https://documentation.wazuh.com

wazuh-agent.yml

@@ -6,6 +6,10 @@
       - address: 127.0.0.1
         port: 1514
         protocol: udp
+        api_port: 55000
+        api_proto: 'https'
+        api_user: ansible
+        api_password: changeme
     wazuh_agent_authd:
       enable: true
       port: 1515