Updating tasks and meta.yml

ansible-role-elasticsearch/meta/main.yml

@@ -1,14 +1,23 @@
 ---
 galaxy_info:
   author: Jose Luis Ruiz
-  description: Elasticsearch for Linux.
+  description: Installing and maintaining Elasticsearch.
-  company: "Wazuh"
+  company: wazuh.com
-  license: "license (BSD, MIT)"
+  license: license (GPLv3)
-  min_ansible_version: 1.8
+  min_ansible_version: 2.0
   platforms:
   - name: EL
     versions:
     - all
+  - name: Ubuntu
+    versions:
+    - all
+  - name: Debian
+    versions:
+    - all
+  - name: Fedora
+    versions:
+    - all
   galaxy_tags:
     - web
     - system

ansible-role-elasticsearch/tasks/Debian.yml

@@ -1,20 +1,14 @@
 ---
-- name: Debian/Ubuntu | apt-transport-https
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
-  apt:
+  apt: name="{{ item }}" state=present update_cache=yes
-    name: apt-transport-https
+  with_items:
-    state: present
+    - apt-transport-https
-    update_cache: yes
+    - ca-certificates
-
-- name: Debian/Ubuntu | ca-certificates
-  apt:
-    name: ca-certificates
-    state: present
 
 - name: Debian/Ubuntu | Setting webupd8 repository
   apt_repository:
     repo: 'ppa:webupd8team/java'
     codename: 'xenial'
-    update_cache: yes
 
 - name: Debian/Ubuntu | Accept Oracle Java 8 license
   debconf:
@@ -24,9 +18,7 @@
     vtype: boolean
 
 - name: Debian/Ubuntu | Oracle Java 8 installer
-  apt:
+  apt: name=oracle-java8-installer state=present update_cache=yes
-    name: oracle-java8-installer
-    state: present
   tags: install
 
 - name: Debian/Ubuntu | Add Elasticsearch GPG key.
@@ -39,10 +31,7 @@
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: present
     filename: 'elk_repo'
-    update_cache: yes
 
 - name: Debian/Ubuntu | Install Elasticsarch
-  apt:
+  apt: name=elasticsearch={{ elk_stack_version }} state=present update_cache=yes
-    name: elasticsearch={{ elk_stack_version }}
-    state: present
   tags: install

ansible-role-elasticsearch/tasks/RMDebian.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Debian/Ubuntu | Removing Elasticsearch repository
   apt_repository:
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

ansible-role-elasticsearch/tasks/RMRedHat.yml

@@ -1,6 +1,5 @@
 ---
-# Remove logstash repository
+- name: RedHat/CentOS/Fedora | Remove Elasticsearch repository (and clean up left-over metadata)
-- name: Remove Elasticsearch repository (and clean up left-over metadata)
   yum_repository:
     name: elk_repo
     state: absent

ansible-role-elasticsearch/tasks/RedHat.yml

@@ -1,24 +1,23 @@
 ---
-- name: RedHat | download Oracle Java RPM
+- name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:
     url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
     dest: /tmp/jdk-8-linux-x64.rpm
     headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
   register: oracle_java_task_rpm_download
-  become: yes
 
-- name: RedHat | Install Oracle Java RPM
+- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
-  action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
+  package: name=/tmp/jdk-8-linux-x64.rpm state=present
-  when: not oracle_java_task_rpm_download|skipped
+  when: oracle_java_task_rpm_download is defined
-  become: yes
+  register: oracle_java_task_rpm_installed
   tags: install
 
-- name: RedHat | Add Elasticsearch GPG key
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Elastic repo
+- name: RedHat/CentOS/Fedora | Install Elastic repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages
@@ -26,6 +25,7 @@
     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     gpgcheck: yes
 
-- name: RedHat | Install Elasticsarch
+- name: RedHat/CentOS/Fedora | Install Elasticsarch
-  yum: pkg=elasticsearch-{{ elk_stack_version }} state=present
+  package: name=elasticsearch-{{ elk_stack_version }} state=present
+  when: oracle_java_task_rpm_installed is defined
   tags: install

ansible-role-elasticsearch/tasks/main.yml

@@ -31,10 +31,8 @@
     enabled: yes
     state: started
 
-- name: Remove the correct repository
+- include: "RMRedHat.yml"
-  include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Remove the correct repository
+- include: "RMDebian.yml"
-  include: "RMDebian.yml"
   when: ansible_os_family == "Debian"

ansible-role-filebeat/meta/main.yml

@@ -12,6 +12,9 @@ galaxy_info:
     versions:
     - 6
     - 7
+  - name: Fedora
+    versions:
+    - all
   - name: Debian
     versions:
     - jessie

ansible-role-filebeat/tasks/Debian.yml

@@ -1,13 +1,16 @@
 ---
-- name: Ensure depdency is installed (Ubuntu).
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
-  apt: name=apt-transport-https state=present
+  apt: name="{{ item }}" state=present update_cache=yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
 
-- name: Add Elasticsearch apt key.
+- name: Debian/Ubuntu | Add Elasticsearch apt key.
   apt_key:
     url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: Add Filebeat repository.
+- name: Debian/Ubuntu | Add Filebeat repository.
   apt_repository:
     repo: 'deb https://artifacts.elastic.co/packages/5.x/apt stable main'
     state: present

ansible-role-filebeat/tasks/RMDebian.yml

@@ -1,6 +1,5 @@
 ---
-# Remove ELK REPOSITORY and Wazuh repositories from sources list.
+- name: Debian/Ubuntu | Remove Filebeat repository (and clean up left-over metadata)
-- name: Remove Filebeat repository (and clean up left-over metadata)
   apt_repository:
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: absent

ansible-role-filebeat/tasks/RMRedHat.yml

@@ -1,6 +1,5 @@
 ---
-# Remove repositories
+- name: RedHat/CentOS/Fedora | Remove Filebeat repository (and clean up left-over metadata)
-- name: Remove Filebeat repository (and clean up left-over metadata)
   yum_repository:
     name: elk_repo
     state: absent

ansible-role-filebeat/tasks/RedHat.yml

@@ -1,10 +1,10 @@
 ---
-- name: Add Elasticsearch GPG key.
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Filebeats repo
+- name: RedHat/CentOS/Fedora | Install Filebeats repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages

ansible-role-filebeat/tasks/main.yml

@@ -19,10 +19,8 @@
     state: started
     enabled: yes
 
-- name: Remove the correct repository
+- include: "RMRedHat.yml"
-  include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Remove the correct repository
+- include: "RMDebian.yml"
-  include: "RMDebian.yml"
   when: ansible_os_family == "Debian"

ansible-role-kibana/meta/main.yml

@@ -1,14 +1,17 @@
 ---
 galaxy_info:
   author: Jose Luis Ruiz
-  description: Elasticsearch Logstash and Kibana for Linux.
+  description: Kibana for Linux.
-  company: "Wazuh"
+  company: wazuh.com
-  license: "license (BSD, MIT)"
+  license: license (GPLv3)
-  min_ansible_version: 1.8
+  min_ansible_version: 2.0
   platforms:
   - name: EL
     versions:
     - all
+  - name: Fedora
+    versions:
+    - all
   - name: Debian
     versions:
     - all

ansible-role-kibana/tasks/Debian.yml

@@ -1,4 +1,10 @@
 ---
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+  apt: name="{{ item }}" state=present update_cache=yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+
 - name: Debian/Ubuntu | Add Elasticsearch GPG key
   apt_key:
     url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
@@ -9,10 +15,7 @@
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: present
     filename: 'elk_repo'
-    update_cache: yes
 
 - name: Debian/Ubuntu | Install Kibana
-  apt:
+  apt: name=kibana={{ elk_stack_version }} state=present update_cache=yes
-    name: kibana={{ elk_stack_version }}
-    state: present
   tags: install

ansible-role-kibana/tasks/RMDebian.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Debian/Ubuntu | Removing Elasticsearch repository
   apt_repository:
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

ansible-role-kibana/tasks/RMRedHat.yml

@@ -1,5 +1,4 @@
 ---
-# Remove logstash repository
 - name: Remove Elasticsearch repository (and clean up left-over metadata)
   yum_repository:
     name: elk_repo

ansible-role-kibana/tasks/RedHat.yml

@@ -1,10 +1,10 @@
 ---
-- name: RedHat | Add Elasticsearch GPG key
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Elastic repo
+- name: RedHat/CentOS/Fedora | Install Elastic repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages
@@ -12,6 +12,6 @@
     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     gpgcheck: yes
 
-- name: RedHat | Install Kibana
+- name: RedHat/CentOS/Fedora | Install Kibana
-  yum: pkg=kibana-{{ elk_stack_version }} state=present
+  package: name=kibana-{{ elk_stack_version }} state=present
   tags: install

ansible-role-kibana/tasks/main.yml

@@ -20,21 +20,21 @@
   tags: configure
 
 - name: Checking Wazuh-APP version compatibility
-  shell: grep -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json
+  shell: "grep -c -E 'version.*{{ elk_stack_version }}' /usr/share/kibana/plugins/wazuh/package.json | xargs echo"
-    removes=/usr/share/kibana/plugins/wazuh/package.json
+  args:
-  register: wazuh_app_notok
+    removes: /usr/share/kibana/plugins/wazuh/package.json
-  ignore_errors: yes
+  register: wazuh_app_verify
-  changed_when: "wazuh_app_notok.rc != 0"
   tags: install
 
 - name: Removing Wazuh-APP by compatibility issues
   shell: /usr/share/kibana/bin/kibana-plugin remove wazuh
-  when: wazuh_app_notok.rc != 0
+  when: wazuh_app_verify.stdout == "0"
   tags: install
 
 - name: Install Wazuh-APP (can take a while)
-  shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip
+  shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elk_stack_version }}.zip"
-    creates=/usr/share/kibana/plugins/wazuh/package.json
+  args:
+    creates: /usr/share/kibana/plugins/wazuh/package.json
   notify: restart kibana
   tags: install
 

ansible-role-logstash/meta/main.yml

@@ -2,13 +2,22 @@
 galaxy_info:
   author: Jose Luis Ruiz
   description: Logstash for Linux.
-  company: "Wazuh"
+  company: wazuh.com
-  license: "license (BSD, MIT)"
+  license: license (GPLv3)
-  min_ansible_version: 1.8
+  min_ansible_version: 2.0
   platforms:
   - name: EL
     versions:
     - all
+  - name: Fedora
+    versions:
+    - all
+  - name: Debian
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
   galaxy_tags:
     - web
     - system

ansible-role-logstash/tasks/Debian.yml

@@ -1,20 +1,14 @@
 ---
-- name: Debian/Ubuntu | apt-transport-https
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
-  apt:
+  apt: name="{{ item }}" state=present update_cache=yes
-    name: apt-transport-https
+  with_items:
-    state: present
+    - apt-transport-https
-    update_cache: yes
+    - ca-certificates
-
-- name: Debian/Ubuntu | ca-certificates
-  apt:
-    name: ca-certificates
-    state: present
 
 - name: Debian/Ubuntu | Setting webupd8 repository
   apt_repository:
     repo: 'ppa:webupd8team/java'
     codename: 'xenial'
-    update_cache: yes
 
 - name: Debian/Ubuntu | Accept Oracle Java 8 license
   debconf:
@@ -40,10 +34,7 @@
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main
     state: present
     filename: 'elk_repo'
-    update_cache: yes
 
 - name: Debian/Ubuntu | Install Logstash
-  apt:
+  apt: name=logstash=1:{{ elk_stack_version }}-1 state=present update_cache=yes
-    name: logstash=1:{{ elk_stack_version }}-1
-    state: present
   tags: install

ansible-role-logstash/tasks/RMDebian.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Debian/Ubuntu | Removing Elasticsearch repository
   apt_repository:
     repo: deb https://artifacts.elastic.co/packages/5.x/apt stable main

ansible-role-logstash/tasks/RMRedHat.yml

@@ -1,6 +1,5 @@
 ---
-# Remove logstash repository
+- name: RedHat/CentOS/Fedora | Remove logstash repository (and clean up left-over metadata)
-- name: RedHat | Remove logstash repository (and clean up left-over metadata)
   yum_repository:
     name: elk_repo
     state: absent

ansible-role-logstash/tasks/RedHat.yml

@@ -1,23 +1,23 @@
 ---
-- name: RedHat | Download Java RPM
+- name: RedHat/CentOS/Fedora | download Oracle Java RPM
   get_url:
     url: http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
     dest: /tmp/jdk-8-linux-x64.rpm
     headers: 'Cookie:oraclelicense=accept-securebackup-cookie'
   register: oracle_java_task_rpm_download
-  become: yes
 
-- name: RedHat | Install Oracle Java RPM
+- name: RedHat/CentOS/Fedora | Install Oracle Java RPM
-  action: "yum name=/tmp/jdk-8-linux-x64.rpm state=present"
+  package: name=/tmp/jdk-8-linux-x64.rpm state=present
-  when: not oracle_java_task_rpm_download|skipped
+  when: oracle_java_task_rpm_download is defined
-  become: yes
+  register: oracle_java_task_rpm_installed
+  tags: install
 
-- name: RedHat | Add Elasticsearch GPG key.
+- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key.
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
 
-- name: RedHat | Install Logstash repo
+- name: RedHat/CentOS/Fedora | Install Logstash repo
   yum_repository:
     name: elk_repo
     description: Elastic repository for 5.x packages
@@ -25,6 +25,7 @@
     gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     gpgcheck: yes
 
-- name: RedHat | Install Logstash
+- name: RedHat/CentOS/Fedora | Install Logstash
-  yum: pkg=logstash-{{ elk_stack_version }} state=present
+  package: name=logstash-{{ elk_stack_version }} state=present
+  when: oracle_java_task_rpm_installed is defined
   tags: install

ansible-role-logstash/tasks/main.yml

@@ -29,10 +29,8 @@
     enabled: yes
     state: started
 
-- name: Remove the correct repository
+- include: "RMRedHat.yml"
-  include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Remove the correct repository
+- include: "RMDebian.yml"
-  include: "RMDebian.yml"
   when: ansible_os_family == "Debian"

ansible-wazuh-agent/defaults/main.yml

@@ -1,7 +1,6 @@
 ---
 ossec_server_ip: 127.0.0.1
-ossec_server_name: ""
+ossec_register_client: false
-ossec_managed_server: true
 ossec_agent_config:
   frequency_check: 43200
   syscheck_scan_on_start: 'yes'
@@ -40,6 +39,3 @@ ossec_agent_config:
     - format: 'full_command'
       command: 'last -n 20'
       frequency: '360'
-  globals:
-    - '127.0.0.1'
-    - '192.168.2.1'

ansible-wazuh-agent/handlers/main.yml

@@ -1,7 +1,3 @@
 ---
-# handlers file for ossec-agent
-
 - name: restart wazuh-agent
-  service: name=wazuh-agent
+  service: name=wazuh-agent state=restarted enabled=yes
-           state=restarted
-           enabled=yes

ansible-wazuh-agent/meta/main.yml

@@ -1,47 +1,23 @@
 ---
 galaxy_info:
-  author: Werner Dijkerman
+  author: Jose Luis Ruiz
-  description: INstalling and maintaining the ossec-agent.
+  description: Installing and maintaining the wazuh-agent.
-  company: myCompany.Dotcom
+  company: wazuh.com
   license: license (GPLv3)
-  min_ansible_version: 1.4
+  min_ansible_version: 2.0
   platforms:
   - name: EL
     versions:
-    - 5
+    - all
-    - 6
+  - name: Ubuntu
-    - 7
-  - name: Fedora
     versions:
     - all
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
   - name: Debian
     versions:
     - all
+  - name: Fedora
+    versions:
+    - all
   categories:
   - monitoring
 dependencies: []
-  # List your role dependencies here, one per line. Only
-  # dependencies available via galaxy should be listed here.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
-  

ansible-wazuh-agent/tasks/Debian.yml

@@ -1,17 +1,17 @@
 ---
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
+  apt: name="{{ item }}" state=present update_cache=yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+
 - name: Debian/Ubuntu | Installing repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 
-- name: Debian/Ubuntu | Install apt-transport-https
-  apt: pkg=apt-transport-https
-       state=present
-       update_cache=yes
-       cache_valid_time=3600
-
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 
-- name: Add Wazuh epositories.
+- name: Debian/Ubuntu | Add Wazuh repositories.
   apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: present
@@ -21,13 +21,3 @@
   set_fact:
     cis_distribution_filename: cis_debian_linux_rcl.txt
   when: ansible_os_family == "Debian"
-
-- name: Debian/Ubuntu | Install wazuh-agent
-  apt: pkg={{ item }}
-       state=present
-       update_cache=yes
-       cache_valid_time=3600
-  with_items:
-    - wazuh-agent
-  tags:
-    - init

ansible-wazuh-agent/tasks/RMDebian.yml

@@ -1,5 +1,4 @@
 ---
-# Remove Nodejs and Wazuh repositories from sources list.
 - apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: absent

ansible-wazuh-agent/tasks/RMRedHat.yml

@@ -1,5 +1,4 @@
 ---
-# Remove repositories
 - name: Remove Wazuh repository (and clean up left-over metadata)
   yum_repository:
     name: wazuh_repo

ansible-wazuh-agent/tasks/RedHat.yml

@@ -1,6 +1,5 @@
 ---
-# Tasks specific for RedHat/CentOS systems
+- name: CentOS | Install Wazuh repo
-- name: RedHat | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
     description: CentOS-$releasever - Wazuh
@@ -9,7 +8,15 @@
     gpgcheck: yes
   when: ansible_distribution == 'CentOS'
 
-# Tasks specific for RedHat systems
+- name: Fedora | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: Fedora-$releasever - Wazuh
+    baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
+    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    gpgcheck: yes
+  when: ansible_distribution == 'Fedora'
+
 - name: RedHat | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
@@ -34,17 +41,7 @@
     cis_distribution_filename: cis_rhel7_linux_rcl.txt
   when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
 
-- name: RedHat | Install openscap
+- name: RedHat/CentOS/RedHat | Install openscap
-  yum: pkg=openscap-scanner
+  package: name=openscap-scanner state=present
-       state=present
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
-  tags:
-    - init
-
-- name: RedHat | Install Wazuh Agent
-  yum: pkg={{ item }}
-       state=present
-  with_items:
-    - wazuh-agent
   tags:
     - init

ansible-wazuh-agent/tasks/main.yml

@@ -1,14 +1,15 @@
 ---
-# tasks file for ossec-agent
+- include: "RedHat.yml"
-
-- name: "Install the correct repository"
-  include: "RedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Install the correct repository
+- include: "Debian.yml"
-  include: "Debian.yml"
   when: ansible_os_family == "Debian"
 
+- name: Install wazuh-agent
+  package: name=wazuh-agent state=present
+  tags:
+    - init
+
 - name: "Check if client.keys exists"
   stat: path=/var/ossec/etc/client.keys
   register: check_keys
@@ -17,7 +18,7 @@
 
 - name: "Register client"
   shell: /var/ossec/bin/agent-auth -m {{ ossec_server_ip }} -p 1515
-  when: ossec_server_ip and check_keys.stat.size == 0
+  when: ossec_register_client == true and check_keys.stat.size == 0
   tags:
     - config
 
@@ -25,7 +26,7 @@
   template: src=var-ossec-etc-ossec-agent.conf.j2
             dest=/var/ossec/etc/ossec.conf
             owner=root
-            group=root
+            group=ossec
             mode=0644
   notify: restart wazuh-agent
   tags:
@@ -34,17 +35,12 @@
 
 - name: Ensure Wazuh Manager service is started and enabled
   service:
-    name: "{{ item }}"
+    name: wazuh-agent
     enabled: yes
     state: started
-  with_items:
-    - wazuh-agent
 
-
+- include: "RMRedHat.yml"
-- name: Remove the correct repository
-  include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Remove the correct repository
+- include: "RMDebian.yml"
-  include: "RMDebian.yml"
   when: ansible_os_family == "Debian"

ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -6,7 +6,7 @@
     {% if ossec_profile is defined %}
     <config-profile>{{ ossec_profile }}</config-profile>
     {% endif %}
-    <protocol>tcp</protocol>
+    <protocol>udp</protocol>
   </client>
 
   {% if ansible_distribution == 'Ubuntu'  and ansible_distribution_release == 'xenial' %}
@@ -34,22 +34,34 @@
       <profile>xccdf_org.ssgproject.content_profile_common</profile>
     </content>
   </wodle>
-{% elif ansible_distribution == 'RedHat' %}
+  {% elif ansible_distribution == 'RedHat' %}
-   <wodle name="open-scap">
+     <wodle name="open-scap">
-  <timeout>1800</timeout>
+    <timeout>1800</timeout>
-  <interval>1d</interval>
+    <interval>1d</interval>
-  <scan-on-start>yes</scan-on-start>
+    <scan-on-start>yes</scan-on-start>
 
-  {% if ansible_distribution_major_version == '7' %}
+    {% if ansible_distribution_major_version == '7' %}
-  <content type="xccdf" path="ssg-rhel-7-ds.xml">
+    <content type="xccdf" path="ssg-rhel-7-ds.xml">
-  {% elif ansible_distribution_major_version == '6' %}
+    {% elif ansible_distribution_major_version == '6' %}
-  <content type="xccdf" path="ssg-rhel-6-ds.xml">
+    <content type="xccdf" path="ssg-rhel-6-ds.xml">
+    {% endif %}
+    <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+  </wodle>
+  {% elif ansible_distribution == 'Fedora' %}
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <content type="xccdf" path="ssg-fedora-ds.xml">
+      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+  </wodle>
   {% endif %}
-  <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
-    <profile>xccdf_org.ssgproject.content_profile_common</profile>
-  </content>
-</wodle>
-{% endif %}
 
 <rootcheck>
   <disabled>no</disabled>
@@ -68,7 +80,10 @@
   <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
   <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
   <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+  <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
+  {% if cis_distribution_filename is defined %}
   <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
+  {% endif %}
 
   <skip_nfs>yes</skip_nfs>
 </rootcheck>

ansible-wazuh-server/handlers/main.yml

@@ -1,6 +1,4 @@
 ---
-# handlers file for wazuh-manager
-
 - name: restart wazuh-manager
   service: name=wazuh-manager
            state=restarted

ansible-wazuh-server/meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   description: Installing and maintaining the wazuh-manager.
   company: wazuh.com
   license: license (GPLv3)
-  min_ansible_version: 1.4
+  min_ansible_version: 2.0
   platforms:
   - name: EL
     versions:
@@ -15,6 +15,9 @@ galaxy_info:
   - name: Debian
     versions:
     - all
+  - name: Fedora
+    versions:
+    - all
   categories:
   - monitoring
 dependencies: []

ansible-wazuh-server/tasks/Debian.yml

@@ -1,13 +1,14 @@
 ---
-- name: Debian/Ubuntu | Install apt-transport-https
+- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
-  apt: pkg=apt-transport-https
+  apt: name="{{ item }}" state=present update_cache=yes
-       state=present
+  with_items:
-       update_cache=yes
+    - apt-transport-https
+    - ca-certificates
 
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key: url=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 
-- name: Add Wazuh repositories.
+- name: Debian/Ubuntu | Add Wazuh repositories
   apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: present
@@ -16,25 +17,12 @@
 - name: Debian/Ubuntu | Installing NodeJS repository key
   apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
 
-- name: Add NodeSource repositories for Node.js.
+- name: Debian/Ubuntu | Add NodeSource repositories for Node.js
   apt_repository:
     repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
     state: present
     update_cache: yes
 
-- name: Debian/Ubuntu | Install wazuh-manager
+- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
-  apt: pkg={{ item }}
-       state=present
-       update_cache=yes
-       cache_valid_time=3600
-  with_items:
-    - wazuh-manager
-    - wazuh-api
-    - expect
-  tags:
-    - init
-
-- name: Set Distribution CIS filename for Debian/Ubuntu
   set_fact:
     cis_distribution_filename: cis_debian_linux_rcl.txt
-  when: ansible_os_family == "Debian"

ansible-wazuh-server/tasks/RMDebian.yml

@@ -1,11 +1,10 @@
 ---
-# Remove Nodejs and Wazuh repositories from sources list.
+- name: Debian/Ubuntu | Remove Wazuh repository.
-- name: Remove Wazuh repository.
   apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: absent
 
-- name: Remove Nodejs repository.
+- name: Debian/Ubuntu | Remove Nodejs repository.
   apt_repository:
     repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
     state: absent

ansible-wazuh-server/tasks/RMRedHat.yml

@@ -1,12 +1,10 @@
 ---
-# Remove repositories
+- name: RedHat/CentOS/Fedora | Remove NodeJS repository (and clean up left-over metadata)
-- name: Remove NodeJS repository (and clean up left-over metadata)
   yum_repository:
     name: NodeJS
     state: absent
 
-
+- name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
-- name: Remove Wazuh repository (and clean up left-over metadata)
   yum_repository:
     name: wazuh_repo
     state: absent

ansible-wazuh-server/tasks/RedHat.yml

@@ -1,12 +1,21 @@
 ---
-# Tasks specific for RedHat systems
+- name: RedHat/CentOS | Install Nodejs repo
-- name: RedHat | Install Nodejs repo
   yum_repository:
     name: NodeJS
     description: NodeJS-$releasever
     baseurl: https://rpm.nodesource.com/pub_6.x/el/$releasever/x86_64
     gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
     gpgcheck: yes
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
+
+- name: Fedora | Install Nodejs repo
+  yum_repository:
+    name: NodeJS
+    description: NodeJS-$releasever
+    baseurl: https://rpm.nodesource.com/pub_6.x/fc/$releasever/x86_64
+    gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
+    gpgcheck: yes
+  when: ansible_distribution == 'Fedora'
 
 - name: CentOS | Install Wazuh repo
   yum_repository:
@@ -17,7 +26,15 @@
     gpgcheck: yes
   when: ansible_distribution == 'CentOS'
 
-# Tasks specific for RedHat systems
+- name: Fedora | Install Wazuh repo
+  yum_repository:
+    name: wazuh_repo
+    description: Fedora-$releasever - Wazuh
+    baseurl: https://packages.wazuh.com/yum/fc/$releasever/$basearch
+    gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    gpgcheck: yes
+  when: ansible_distribution == 'Fedora'
+
 - name: RedHat | Install Wazuh repo
   yum_repository:
     name: wazuh_repo
@@ -27,20 +44,8 @@
     gpgcheck: yes
   when: ansible_distribution == 'RedHat'
 
-- name: RedHat | Install Wazuh Manager and Wazuh Api
+- name: RedHat/CentOS/Fedora | Install openscap
-  yum: pkg={{ item }}
+  package: name=openscap-scanner state=present
-       state=present
-  with_items:
-    - wazuh-manager
-    - wazuh-api
-    - expect
-  tags:
-    - init
-
-- name: RedHat | Install openscap
-  yum: pkg=openscap-scanner
-       state=present
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 6
   tags:
     - init
 

ansible-wazuh-server/tasks/main.yml

@@ -1,13 +1,19 @@
 ---
-# tasks file for wazuh-manager
+- include: "RedHat.yml"
-- name: Install the correct repository
-  include: "RedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Install the correct repository
+- include: "Debian.yml"
-  include: "Debian.yml"
   when: ansible_os_family == "Debian"
 
+- name: Install wazuh-manager, wazuh-api and expect
+  package: pkg={{ item }} state=present
+  with_items:
+    - wazuh-manager
+    - wazuh-api
+    - expect
+  tags:
+    - init
+
 - name: Generate SSL files
   command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
   args:
@@ -43,7 +49,7 @@
 - name: Configure the shared-agent.conf
   template: src=var-ossec-etc-shared-agent.conf.j2
             dest=/var/ossec/etc/shared/agent.conf
-            owner=ossec
+            owner=root
             group=ossec
             mode=0640
   notify: restart wazuh-manager
@@ -56,11 +62,11 @@
   register: csyslog_running
   changed_when: False
 
-- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Enable client-syslog
   command: /var/ossec/bin/ossec-control enable client-syslog
   when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
 
-- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Start client-syslog
   command: /var/ossec/bin/ossec-control start client-syslog
   when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
 
@@ -71,11 +77,11 @@
 
 - name: Enable ossec-agentlessd
   command: /var/ossec/bin/ossec-control enable agentless
-  when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+  when: agentless_running.stdout == '0' and agentless_creeds is defined
 
-- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
+- name: Start client-syslog
   command: /var/ossec/bin/ossec-control start agentless
-  when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
+  when: agentless_running.stdout == '0' and agentless_creeds is defined
 
 - name: Retrieving Agentless Credentials
   include_vars: agentless_creeds.yml
@@ -87,7 +93,7 @@
   template: src=var-ossec-etc-ossec-server.conf.j2
             dest=/var/ossec/etc/ossec.conf
             owner=root
-            group=root
+            group=ossec
             mode=0644
   notify: restart wazuh-manager
   tags:
@@ -149,10 +155,8 @@
     - wazuh-api
     - ossec-authd
 
-- name: Remove the correct repository
+- include: "RMRedHat.yml"
-  include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
-- name: Remove the correct repository
+- include: "RMDebian.yml"
-  include: "RMDebian.yml"
   when: ansible_os_family == "Debian"

ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2

@@ -79,7 +79,10 @@
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
+    {% if cis_distribution_filename is defined %}
     <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
+    {% endif %}
 
     <skip_nfs>yes</skip_nfs>
   </rootcheck>
@@ -130,22 +133,34 @@
       <profile>xccdf_org.ssgproject.content_profile_common</profile>
     </content>
   </wodle>
-{% elif ansible_distribution == 'RedHat' %}
+  {% elif ansible_distribution == 'RedHat' %}
    <wodle name="open-scap">
-  <timeout>1800</timeout>
+    <timeout>1800</timeout>
-  <interval>1d</interval>
+    <interval>1d</interval>
-  <scan-on-start>yes</scan-on-start>
+    <scan-on-start>yes</scan-on-start>
 
-  {% if ansible_distribution_major_version == '7' %}
+    {% if ansible_distribution_major_version == '7' %}
-  <content type="xccdf" path="ssg-rhel-7-ds.xml">
+    <content type="xccdf" path="ssg-rhel-7-ds.xml">
-  {% elif ansible_distribution_major_version == '6' %}
+    {% elif ansible_distribution_major_version == '6' %}
-  <content type="xccdf" path="ssg-rhel-7-ds.xml">
+    <content type="xccdf" path="ssg-rhel-7-ds.xml">
+    {% endif %}
+      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+  </wodle>
+  {% elif ansible_distribution == 'Fedora' %}
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <content type="xccdf" path="ssg-fedora-ds.xml">
+      <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
+      <profile>xccdf_org.ssgproject.content_profile_common</profile>
+    </content>
+  </wodle>
   {% endif %}
-  <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
-    <profile>xccdf_org.ssgproject.content_profile_common</profile>
-  </content>
-</wodle>
-{% endif %}
 
 {% if agentless_creeds is defined %}
 {% for agentless in agentless_creeds %}