Adding some changes from Wazuh manager

2017-07-28 13:40:32 -04:00 · 2017-07-28 13:40:32 -04:00 · 7e2cd943bd
commit 7e2cd943bd
parent 731e902c46
3 changed files with 118 additions and 91 deletions
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/ansible-wazuh-agent/defaults/main.yml
@ -1,31 +1,38 @@
 ---
 wazuh_manager_ip: 127.0.0.1
 wazuh_authd_port: 1515
-wazuh_register_client: true
+wazuh_register_client: false
 wazuh_agent_config:
-  frequency_check: 43200
-  syscheck_scan_on_start: 'yes'
-  ignore_files:
-    - /etc/mtab
-    - /etc/mnttab
-    - /etc/hosts.deny
-    - /etc/mail/statistics
-    - /etc/random-seed
-    - /etc/random.seed
-    - /etc/adjtime
-    - /etc/httpd/logs
-    - /etc/utmpx
-    - /etc/wtmpx
-    - /etc/cups/certs
-    - /etc/dumpdates
-    - /etc/svc/volatile
-  no_diff:
-    - /etc/ssl/private.key
-  directories:
-    - check_all: 'yes'
-      dirs: /etc,/usr/bin,/usr/sbin
-    - check_all: 'yes'
-      dirs: /bin,/sbin
+  syscheck:
+    frequency: 43200
+    scan_on_start: 'yes'
+    ignore:
+      - /etc/mtab
+      - /etc/mnttab
+      - /etc/hosts.deny
+      - /etc/mail/statistics
+      - /etc/random-seed
+      - /etc/random.seed
+      - /etc/adjtime
+      - /etc/httpd/logs
+      - /etc/utmpx
+      - /etc/wtmpx
+      - /etc/cups/certs
+      - /etc/dumpdates
+      - /etc/svc/volatile
+    no_diff:
+      - /etc/ssl/private.key
+    directories:
+      - dirs: /etc,/usr/bin,/usr/sbin
+        checks: 'check_all="yes"'
+      - dirs: /bin,/sbin
+        checks: 'check_all="yes"'
+  rootcheck:
+    frequency: 43200
+  openscap:
+    timeout: 1800
+    interval: '1d'
+    scan_on_start: 'yes'
  localfiles:
    - format: 'syslog'
      location: '/var/log/messages'
--- a/ansible-wazuh-agent/tasks/Debian.yml
+++ b/ansible-wazuh-agent/tasks/Debian.yml
@ -3,9 +3,10 @@
  apt: name="{{ item }}" state=present update_cache=yes
  with_items:
    - apt-transport-https
+    - ca-certificates

 - name: Debian/Ubuntu | Installing repository key
-  shell: curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+  apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH

 - name: Debian/Ubuntu | Add Wazuh repositories
  apt_repository:
@ -13,7 +14,29 @@
    state: present
    update_cache: yes

- name: Set Distribution CIS filename for debian
+- name: Debian/Ubuntu | Set Distribution CIS filename for debian
  set_fact:
    cis_distribution_filename: cis_debian_linux_rcl.txt
  when: ansible_os_family == "Debian"
+
+- name: Debian/Ubuntu | Install OpenScap
+  package: name={{ item }} state=present
+  with_items:
+    - libopenscap8
+    - xsltproc
+  tags:
+    - init
+
+- name: Debian/Ubuntu | Get OpenScap installed version
+  shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
+  register: openscap_version
+  changed_when: true
+  tags:
+    - config
+
+- name: Debian/Ubuntu | Check OpenScap version
+  shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
+  register: openscap_version_valid
+  changed_when: true
+  tags:
+    - config
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@ -25,8 +25,8 @@
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>

-    <!-- Rootcheck scan frequency -->
-    <frequency>43200</frequency>
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>

    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
@ -40,26 +40,77 @@
  </rootcheck>

  <syscheck>
-    <!-- Syscgeck scan frequency -->
-    <frequency>{{ wazuh_agent_config.frequency_check }}</frequency>
-    <scan_on_start>{{ wazuh_agent_config.syscheck_scan_on_start }}</scan_on_start>
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
+    <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>

-    <!-- Directories to monitor -->
-    {% for directory in wazuh_agent_config.directories %}
-    <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if wazuh_agent_config.syscheck.directories is defined %}
+    {% for directory in wazuh_agent_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
    {% endfor %}
+    {% endif %}

    <!-- Files/directories to ignore -->
-    {% for ignore_file in wazuh_agent_config.ignore_files %}
-    <ignore>{{ ignore_file }}</ignore>
+    {% if wazuh_agent_config.syscheck.ignore is defined %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
    {% endfor %}
+    {% endif %}

    <!-- Files no diff -->
-    {% for no_diff in wazuh_agent_config.no_diff %}
+    {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
    <nodiff>{{ no_diff }}</nodiff>
    {% endfor %}
  </syscheck>

+  <wodle name="open-scap">
+    <disabled>no</disabled>
+    <timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
+    <interval>{{ wazuh_agent_config.openscap.interval }}</interval>
+    <scan-on-start>{{ wazuh_agent_config.openscap.scan_on_start }}</scan-on-start>
+    {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
+    <content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+    {% elif ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' %}
+    {% if openscap_version_valid.stdout == "0" %}
+    <content type="xccdf" path="ssg-debian-8-ds.xml">
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+    {% endif %}
+    <content type="oval" path="cve-debian-oval.xml"/>
+    {% elif ansible_distribution == 'CentOS' %}
+      {% if ansible_distribution_major_version == '7' %}
+      <content type="xccdf" path="ssg-centos-7-ds.xml">
+      {% elif ansible_distribution_major_version == '6' %}
+      <content type="xccdf" path="ssg-centos-6-ds.xml">
+      {% endif %}
+        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+        <profile>xccdf_org.ssgproject.content_profile_common</profile>
+      </content>
+    {% elif ansible_distribution == 'RedHat' %}
+      {% if ansible_distribution_major_version == '7' %}
+      <content type="xccdf" path="ssg-rhel-7-ds.xml">
+      {% elif ansible_distribution_major_version == '6' %}
+      <content type="xccdf" path="ssg-rhel-6-ds.xml">
+      {% endif %}
+        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+        <profile>xccdf_org.ssgproject.content_profile_common</profile>
+      </content>
+      {% if ansible_distribution_major_version == '7' %}
+      <content type="oval" path="cve-redhat-7-ds.xml"/>
+      {% elif ansible_distribution_major_version == '6' %}
+      <content type="oval" path="cve-redhat-6-ds.xml"/>
+      {% endif %}
+    {% elif ansible_distribution == 'Fedora' %}
+      <content type="xccdf" path="ssg-fedora-ds.xml">
+        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+        <profile>xccdf_org.ssgproject.content_profile_common</profile>
+      </content>
+    {% endif %}
+  </wodle>
+
  <!-- Files to monitor (localfiles) -->
    {% for localfile in wazuh_agent_config.localfiles %}
    <localfile>
@ -73,58 +124,4 @@
    </localfile>
  {% endfor %}

-  {% if ansible_distribution == 'Ubuntu'  and ansible_distribution_release == 'xenial' %}
-  <wodle name="open-scap">
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
-      <profile>xccdf_org.ssgproject.content_profile_common</profile>
-    </content>
-  </wodle>
-  {% elif ansible_distribution == 'CentOS' %}
-  <wodle name="open-scap">
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    {% if ansible_distribution_major_version == '7' %}
-    <content type="xccdf" path="ssg-centos-7-ds.xml">
-    {% elif ansible_distribution_major_version == '6' %}
-    <content type="xccdf" path="ssg-centos-6-ds.xml">
-    {% endif %}
-      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
-      <profile>xccdf_org.ssgproject.content_profile_common</profile>
-    </content>
-  </wodle>
-  {% elif ansible_distribution == 'RedHat' %} 
-  <wodle name="open-scap">
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    {% if ansible_distribution_major_version == '7' %}
-    <content type="xccdf" path="ssg-rhel-7-ds.xml">
-    {% elif ansible_distribution_major_version == '6' %}
-    <content type="xccdf" path="ssg-rhel-6-ds.xml">
-    {% endif %}
-      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
-      <profile>xccdf_org.ssgproject.content_profile_common</profile>
-    </content>
-  </wodle>
-  {% elif ansible_distribution == 'Fedora' %}
-  <wodle name="open-scap">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <content type="xccdf" path="ssg-fedora-ds.xml">
-        <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
-        <profile>xccdf_org.ssgproject.content_profile_common</profile>
-    </content>
-  </wodle>
-  {% endif %}
-
 </ossec_config>