afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Agent playbook - Refactor

Browse Source
This commit is contained in:
Pedro Sanchez 2017-07-11 17:31:39 -07:00
parent bf1bd87d5b
commit 801340edb0
6 changed files with 93 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -65,7 +65,7 @@ cp -pr wazuh-playbook/* /etc/ansible/roles/
Create in your home o preferred folder the file agent.yml with the content: Create in your home o preferred folder the file agent.yml with the content:
``` ```
- hosts: all:!wazuh-agents - hosts: all:!wazuh-manager
roles: roles:
- { role: ansible-wazuh-agent, ossec_server_ip: 10.0.0.51 } - { role: ansible-wazuh-agent, ossec_server_ip: 10.0.0.51 }
``` ```

7
ansible-wazuh-agent/defaults/main.yml
View File

@ -1,7 +1,8 @@
--- ---
ossec_server_ip: 127.0.0.1 wazuh_manager_ip: 127.0.0.1
ossec_register_client: false wazuh_authd_port: 1515
ossec_agent_config: wazuh_register_client: true
wazuh_agent_config:
frequency_check: 43200 frequency_check: 43200
syscheck_scan_on_start: 'yes' syscheck_scan_on_start: 'yes'
ignore_files: ignore_files:

4
ansible-wazuh-agent/meta/main.yml
View File

@ -1,7 +1,7 @@
--- ---
galaxy_info: galaxy_info:
author: Jose Luis Ruiz author: Wazuh
description: Installing and maintaining the wazuh-agent. description: Installing, deploying and configuring Wazuh Agent.
company: wazuh.com company: wazuh.com
license: license (GPLv3) license: license (GPLv3)
min_ansible_version: 2.0 min_ansible_version: 2.0

17
ansible-wazuh-agent/tasks/main.yml
View File

@ -10,19 +10,20 @@
tags: tags:
- init - init
- name: "Check if client.keys exists" - name: "Register agent"
stat: path=/var/ossec/etc/client.keys shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}
register: check_keys register: agent_auth_output
when: wazuh_register_client == true
tags: tags:
- config - config
- name: "Register client" - name: "Verify agent registration"
shell: /var/ossec/bin/agent-auth -m {{ ossec_server_ip }} -p 1515 shell: echo {{ agent_auth_output }} | grep "Valid key created"
when: ossec_register_client == true and check_keys.stat.size == 0 when: wazuh_register_client == true
tags: tags:
- config - config
- name: "Installing the ossec.conf" - name: "Installing agent configuration (ossec.conf)"
template: src=var-ossec-etc-ossec-agent.conf.j2 template: src=var-ossec-etc-ossec-agent.conf.j2
dest=/var/ossec/etc/ossec.conf dest=/var/ossec/etc/ossec.conf
owner=root owner=root
@ -33,7 +34,7 @@
- init - init
- config - config
- name: Ensure Wazuh Manager service is started and enabled - name: Ensure Wazuh Agent service is started and enabled
service: service:
name: wazuh-agent name: wazuh-agent
enabled: yes enabled: yes

131
ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -1,14 +1,78 @@
<!-- OSSEC example config --> #jinja2: lstrip_blocks: True
<!--
Wazuh - Agent
More info at: https://documentation.wazuh.com
Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->
<ossec_config> <ossec_config>
<client> <client>
<server-ip>{{ ossec_server_ip }}</server-ip> <server-ip>{{ wazuh_manager_ip }}</server-ip>
{% if ossec_profile is defined %} {% if wazuh_profile is defined %}
<config-profile>{{ ossec_profile }}</config-profile> <config-profile>{{ wazuh_profile }}</config-profile>
{% endif %} {% endif %}
<protocol>udp</protocol> <protocol>udp</protocol>
</client> </client>
<rootcheck>
<disabled>no</disabled>
<check_unixaudit>yes</check_unixaudit>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Rootcheck scan frequency -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
{% if cis_distribution_filename is defined %}
<system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
{% endif %}
<skip_nfs>yes</skip_nfs>
</rootcheck>
<syscheck>
<!-- Syscgeck scan frequency -->
<frequency>{{ wazuh_agent_config.frequency_check }}</frequency>
<scan_on_start>{{ wazuh_agent_config.syscheck_scan_on_start }}</scan_on_start>
<!-- Directories to monitor -->
{% for directory in wazuh_agent_config.directories %}
<directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
{% endfor %}
<!-- Files/directories to ignore -->
{% for ignore_file in wazuh_agent_config.ignore_files %}
<ignore>{{ ignore_file }}</ignore>
{% endfor %}
<!-- Files no diff -->
{% for no_diff in wazuh_agent_config.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
</syscheck>
<!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_agent_config.localfiles %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% else %}
<location>{{ localfile.location }}</location>
{% endif %}
</localfile>
{% endfor %}
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %} {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
<wodle name="open-scap"> <wodle name="open-scap">
<timeout>1800</timeout> <timeout>1800</timeout>
@ -63,63 +127,4 @@
</wodle> </wodle>
{% endif %} {% endif %}
<rootcheck>
<disabled>no</disabled>
<check_unixaudit>yes</check_unixaudit>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
{% if cis_distribution_filename is defined %}
<system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
{% endif %}
<skip_nfs>yes</skip_nfs>
</rootcheck>
<syscheck>
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ ossec_agent_config.frequency_check }}</frequency>
<scan_on_start>{{ ossec_agent_config.syscheck_scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
{% for directory in ossec_agent_config.directories %}
<directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
{% endfor %}
<!-- Files/directories to ignore -->
{% for ignore_file in ossec_agent_config.ignore_files %}
<ignore>{{ ignore_file }}</ignore>
{% endfor %}
<!-- Files no diff -->
{% for no_diff in ossec_agent_config.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
</syscheck>
<!-- Files to monitor (localfiles) -->
{% for localfile in ossec_agent_config.localfiles %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% else %}
<location>{{ localfile.location }}</location>
{% endif %}
</localfile>
{% endfor %}
</ossec_config> </ossec_config>

3
wazuh-agent.yml
View File

@ -1,3 +1,4 @@
- hosts: all:!wazuh-manager - hosts: all:!wazuh-manager
roles: roles:
- { role: ansible-wazuh-agent, ossec_server_ip: 192.168.33.169 } - { role: ansible-wazuh-agent, wazuh_manager_ip: 127.0.0.1 }