afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tempate for ossec.conf (Agent)

Browse Source
This commit is contained in:
Jose M 2019-10-25 16:59:14 +02:00
parent f980cd679f
commit 88d3ea22dd
1 changed files with 81 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -1,4 +1,4 @@
#jinja2: trim_blocks: False #jinja2: lstrip_blocks: True
<!-- {{ ansible_managed }} --> <!-- {{ ansible_managed }} -->
<!-- <!--
Wazuh - Agent Wazuh - Agent
@ -8,7 +8,6 @@
<ossec_config> <ossec_config>
<client> <client>
{% for manager in wazuh_managers %} {% for manager in wazuh_managers %}
<server> <server>
<address>{{ manager.address }}</address> <address>{{ manager.address }}</address>
@ -20,7 +19,6 @@
{% endif %} {% endif %}
</server> </server>
{% endfor %} {% endfor %}
{% if wazuh_profile is not none %} {% if wazuh_profile is not none %}
<config-profile>{{ wazuh_profile }}</config-profile> <config-profile>{{ wazuh_profile }}</config-profile>
{% endif %} {% endif %}
@ -31,12 +29,14 @@
<auto_restart>{{ wazuh_auto_restart }}</auto_restart> <auto_restart>{{ wazuh_auto_restart }}</auto_restart>
<crypto_method>{{ wazuh_crypto_method }}</crypto_method> <crypto_method>{{ wazuh_crypto_method }}</crypto_method>
</client> </client>
<client_buffer> <client_buffer>
<!-- Agent buffer options --> <!-- Agent buffer options -->
<disabled>{{ wazuh_agent_config.client_buffer.disable }}</disabled> <disabled>{{ wazuh_agent_config.client_buffer.disable }}</disabled>
<queue_size>{{ wazuh_agent_config.client_buffer.queue_size }}</queue_size> <queue_size>{{ wazuh_agent_config.client_buffer.queue_size }}</queue_size>
<events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second> <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
</client_buffer> </client_buffer>
<logging> <logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format> <log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging> </logging>
@ -72,7 +72,6 @@
{% endif %} {% endif %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
<windows_audit>./shared/win_audit_rcl.txt</windows_audit> <windows_audit>./shared/win_audit_rcl.txt</windows_audit>
<windows_apps>./shared/win_applications_rcl.txt</windows_apps> <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
@ -86,11 +85,11 @@
{% if wazuh_agent_config.syscheck is defined %} {% if wazuh_agent_config.syscheck is defined %}
<syscheck> <syscheck>
<disabled>no</disabled> <disabled>no</disabled>
<!-- #<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> --> <!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours --> <!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
<!-- #<directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> --> <!-- <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories> <directories check_all="yes">/bin,/sbin,/boot</directories>
@ -130,7 +129,7 @@
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
{% endfor %} {% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs> <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %} {% endif %}
<!-- Remove not monitored files --> <!-- Remove not monitored files -->
@ -270,29 +269,29 @@
<processes>{{ wazuh_agent_config.syscollector.processes }}</processes> <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
</wodle> </wodle>
<sca> <sca>
{% if wazuh_agent_config.sca.enabled | length > 0 %} {% if wazuh_agent_config.sca.enabled | length > 0 %}
<enabled>{{ wazuh_agent_config.sca.enabled }}</enabled> <enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.scan_on_start | length > 0 %} {% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
<scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.interval | length > 0 %} {% if wazuh_agent_config.sca.interval | length > 0 %}
<interval>{{ wazuh_agent_config.sca.interval }}</interval> <interval>{{ wazuh_agent_config.sca.interval }}</interval>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.skip_nfs | length > 0 %} {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.day | length > 0 %} {% if wazuh_agent_config.sca.day | length > 0 %}
<day>yes</day> <day>yes</day>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.wday | length > 0 %} {% if wazuh_agent_config.sca.wday | length > 0 %}
<wday>yes</wday> <wday>yes</wday>
{% endif %} {% endif %}
{% if wazuh_agent_config.sca.time | length > 0 %} {% if wazuh_agent_config.sca.time | length > 0 %}
<time>yes</time> <time>yes</time>
{% endif %} {% endif %}
</sca> </sca>
{% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
@ -306,68 +305,72 @@
{% endif %} {% endif %}
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
{% for localfile in wazuh_agent_config.localfiles.linux %} {% for localfile in wazuh_agent_config.localfiles.linux %}
<localfile>
<log_format>{{ localfile.format }}</log_format> <localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %} {% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias> <alias>{{ localfile.alias }}</alias>
{% endif %}
{% else %}
<location>{{ localfile.location }}</location>
{% endif %} {% endif %}
</localfile> {% else %}
<location>{{ localfile.location }}</location>
{% endif %}
</localfile>
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_os_family == "Debian" %} {% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %} {% for localfile in wazuh_agent_config.localfiles.debian %}
<localfile>
<log_format>{{ localfile.format }}</log_format> <localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %} {% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias> <alias>{{ localfile.alias }}</alias>
{% endif %} {% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
</localfile> </localfile>
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_os_family == "RedHat" %} {% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_agent_config.localfiles.centos %} {% for localfile in wazuh_agent_config.localfiles.centos %}
<localfile>
<log_format>{{ localfile.format }}</log_format> <localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command> <command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency> <frequency>{{ localfile.frequency }}</frequency>
{% if localfile.alias is defined %} {% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias> <alias>{{ localfile.alias }}</alias>
{% endif %} {% endif %}
{% else %} {% else %}
<location>{{ localfile.location }}</location> <location>{{ localfile.location }}</location>
{% endif %} {% endif %}
</localfile> </localfile>
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
{% for localfile in wazuh_agent_config.localfiles.windows %} {% for localfile in wazuh_agent_config.localfiles.windows %}
<localfile>
<log_format>{{ localfile.format }}</log_format> <localfile>
{% if localfile.format == 'eventchannel' %} <log_format>{{ localfile.format }}</log_format>
<location>{{ localfile.location }}</location> {% if localfile.format == 'eventchannel' %}
<query>{{ localfile.query}}</query> <location>{{ localfile.location }}</location>
{% else %} <query>{{ localfile.query}}</query>
<location>{{ localfile.location }}</location> {% else %}
{% endif %} <location>{{ localfile.location }}</location>
</localfile> {% endif %}
</localfile>
{% endfor %} {% endfor %}
{% endif %} {% endif %}