From 972ffee9a9aa61a3db2b0d239d706f314413e1f1 Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Tue, 25 Jul 2017 20:04:45 -0400
Subject: [PATCH] Wazuh manager: check openscap version.

---
 ansible-wazuh-manager/tasks/Debian.yml             | 14 ++++++++++++++
 .../templates/var-ossec-etc-ossec-server.conf.j2   | 10 ++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/ansible-wazuh-manager/tasks/Debian.yml b/ansible-wazuh-manager/tasks/Debian.yml
index da7d916e..b051acd3 100644
--- a/ansible-wazuh-manager/tasks/Debian.yml
+++ b/ansible-wazuh-manager/tasks/Debian.yml
@@ -34,3 +34,17 @@
     - xsltproc
   tags:
     - init
+
+- name: Debian/Ubuntu | Get OpenScap installed version
+  shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
+  register: openscap_version
+  changed_when: true
+  tags:
+    - config
+
+- name: Debian/Ubuntu | Check OpenScap version
+  shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
+  register: openscap_version_valid
+  changed_when: true
+  tags:
+    - config
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 4c19e0ab..6a421309 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -125,9 +125,9 @@
     {% endif %}
 
     <!-- Files no diff -->
-{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
+    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
-{% endfor %}
+    {% endfor %}
   </syscheck>
 
   <wodle name="open-scap">
@@ -135,14 +135,16 @@
     <timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout>
     <interval>{{ wazuh_manager_config.openscap.interval }}</interval>
     <scan-on-start>{{ wazuh_manager_config.openscap.scan_on_start }}</scan-on-start>
-    {% if ansible_distribution == 'Ubuntu'  and ansible_distribution_release == 'xenial' %}
+    {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
     <content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
       <profile>xccdf_org.ssgproject.content_profile_common</profile>
     </content>
     {% elif ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' %}
+    {% if openscap_version_valid.stdout == "0" %}
     <content type="xccdf" path="ssg-debian-8-ds.xml">
       <profile>xccdf_org.ssgproject.content_profile_common</profile>
-      </content>
+    </content>
+    {% endif %}
     <content type="oval" path="cve-debian-oval.xml"/>
     {% elif ansible_distribution == 'CentOS' %}
       {% if ansible_distribution_major_version == '7' %}