afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding some changes from Wazuh manager

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-07-28 13:40:32 -04:00
parent 731e902c46
commit 7e2cd943bd
3 changed files with 118 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
ansible-wazuh-agent/defaults/main.yml
View File

@ -1,31 +1,38 @@
--- ---
wazuh_manager_ip: 127.0.0.1 wazuh_manager_ip: 127.0.0.1
wazuh_authd_port: 1515 wazuh_authd_port: 1515
wazuh_register_client: true wazuh_register_client: false
wazuh_agent_config: wazuh_agent_config:
frequency_check: 43200 syscheck:
syscheck_scan_on_start: 'yes' frequency: 43200
ignore_files: scan_on_start: 'yes'
- /etc/mtab ignore:
- /etc/mnttab - /etc/mtab
- /etc/hosts.deny - /etc/mnttab
- /etc/mail/statistics - /etc/hosts.deny
- /etc/random-seed - /etc/mail/statistics
- /etc/random.seed - /etc/random-seed
- /etc/adjtime - /etc/random.seed
- /etc/httpd/logs - /etc/adjtime
- /etc/utmpx - /etc/httpd/logs
- /etc/wtmpx - /etc/utmpx
- /etc/cups/certs - /etc/wtmpx
- /etc/dumpdates - /etc/cups/certs
- /etc/svc/volatile - /etc/dumpdates
no_diff: - /etc/svc/volatile
- /etc/ssl/private.key no_diff:
directories: - /etc/ssl/private.key
- check_all: 'yes' directories:
dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
- check_all: 'yes' checks: 'check_all="yes"'
dirs: /bin,/sbin - dirs: /bin,/sbin
checks: 'check_all="yes"'
rootcheck:
frequency: 43200
openscap:
timeout: 1800
interval: '1d'
scan_on_start: 'yes'
localfiles: localfiles:
- format: 'syslog' - format: 'syslog'
location: '/var/log/messages' location: '/var/log/messages'

27
ansible-wazuh-agent/tasks/Debian.yml
View File

@ -3,9 +3,10 @@
apt: name="{{ item }}" state=present update_cache=yes apt: name="{{ item }}" state=present update_cache=yes
with_items: with_items:
- apt-transport-https - apt-transport-https
- ca-certificates
- name: Debian/Ubuntu | Installing repository key - name: Debian/Ubuntu | Installing repository key
shell: curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
- name: Debian/Ubuntu | Add Wazuh repositories - name: Debian/Ubuntu | Add Wazuh repositories
apt_repository: apt_repository:
@ -13,7 +14,29 @@
state: present state: present
update_cache: yes update_cache: yes
- name: Set Distribution CIS filename for debian - name: Debian/Ubuntu | Set Distribution CIS filename for debian
set_fact: set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt cis_distribution_filename: cis_debian_linux_rcl.txt
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Debian/Ubuntu | Install OpenScap
package: name={{ item }} state=present
with_items:
- libopenscap8
- xsltproc
tags:
- init
- name: Debian/Ubuntu | Get OpenScap installed version
shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
register: openscap_version
changed_when: true
tags:
- config
- name: Debian/Ubuntu | Check OpenScap version
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
register: openscap_version_valid
changed_when: true
tags:
- config

127
ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -25,8 +25,8 @@
<check_ports>yes</check_ports> <check_ports>yes</check_ports>
<check_if>yes</check_if> <check_if>yes</check_if>
<!-- Rootcheck scan frequency --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency> <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
@ -40,26 +40,77 @@
</rootcheck> </rootcheck>
<syscheck> <syscheck>
<!-- Syscgeck scan frequency --> <!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.frequency_check }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ wazuh_agent_config.syscheck_scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to monitor --> <!-- Directories to check (perform all possible verifications) -->
{% for directory in wazuh_agent_config.directories %} {% if wazuh_agent_config.syscheck.directories is defined %}
<directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories> {% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %} {% endfor %}
{% endif %}
<!-- Files/directories to ignore --> <!-- Files/directories to ignore -->
{% for ignore_file in wazuh_agent_config.ignore_files %} {% if wazuh_agent_config.syscheck.ignore is defined %}
<ignore>{{ ignore_file }}</ignore> {% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %} {% endfor %}
{% endif %}
<!-- Files no diff --> <!-- Files no diff -->
{% for no_diff in wazuh_agent_config.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
{% endfor %} {% endfor %}
</syscheck> </syscheck>
<wodle name="open-scap">
<disabled>no</disabled>
<timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
<interval>{{ wazuh_agent_config.openscap.interval }}</interval>
<scan-on-start>{{ wazuh_agent_config.openscap.scan_on_start }}</scan-on-start>
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
<content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
{% elif ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' %}
{% if openscap_version_valid.stdout == "0" %}
<content type="xccdf" path="ssg-debian-8-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
{% endif %}
<content type="oval" path="cve-debian-oval.xml"/>
{% elif ansible_distribution == 'CentOS' %}
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-centos-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-centos-6-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
{% elif ansible_distribution == 'RedHat' %}
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-6-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
{% if ansible_distribution_major_version == '7' %}
<content type="oval" path="cve-redhat-7-ds.xml"/>
{% elif ansible_distribution_major_version == '6' %}
<content type="oval" path="cve-redhat-6-ds.xml"/>
{% endif %}
{% elif ansible_distribution == 'Fedora' %}
<content type="xccdf" path="ssg-fedora-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
{% endif %}
</wodle>
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_agent_config.localfiles %} {% for localfile in wazuh_agent_config.localfiles %}
<localfile> <localfile>
@ -73,58 +124,4 @@
</localfile> </localfile>
{% endfor %} {% endfor %}
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'CentOS' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-centos-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-centos-6-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'RedHat' %}
<wodle name="open-scap">
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
{% if ansible_distribution_major_version == '7' %}
<content type="xccdf" path="ssg-rhel-7-ds.xml">
{% elif ansible_distribution_major_version == '6' %}
<content type="xccdf" path="ssg-rhel-6-ds.xml">
{% endif %}
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% elif ansible_distribution == 'Fedora' %}
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-fedora-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
{% endif %}
</ossec_config> </ossec_config>