Merge pull request #485 from wazuh/feature-agent-unnest

Feature agent default vars depth reduction

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -32,19 +32,11 @@ wazuh_agent_sources_installation:
   user_agent_config_profile: null
   user_ca_store: "/var/ossec/wpk_root.pem"
 
-wazuh_managers:
-  - address: 127.0.0.1
-    port: 1514
-    protocol: tcp
-    api_port: 55000
-    api_proto: 'http'
-    api_user: null
-    max_retries: 5
-    retry_interval: 5
 wazuh_api_reachable_from_agent: false
 wazuh_profile_centos: 'centos, centos7, centos7.6'
 wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
 wazuh_auto_restart: 'yes'
+
 wazuh_agent_authd:
   registration_address: 127.0.0.1
   enable: false
@@ -69,23 +61,110 @@ wazuh_winagent_config:
   md5: f9737cbd7df7104c1bee9f3e8b9ca26e
 wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.0-1.msi
 wazuh_winagent_package_name: wazuh-agent-4.0.0-1.msi
-wazuh_agent_config:
+
-  repo:
+wazuh_agent_repo:
   apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
   yum: 'https://packages.wazuh.com/4.x/yum/'
   gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
   key_id: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
-  active_response:
+
-    ar_disabled: 'no'
+wazuh_agent_nat: false
-    ca_store: '/var/ossec/etc/wpk_root.pem'
+
-    ca_store_win: 'wpk_root.pem'
+##########################################
-    ca_verification: 'yes'
+### Wazuh
-  log_format: 'plain'
+##########################################
-  client_buffer:
+
+wazuh_agent_config_overlay: yes
+
+## Client
+wazuh_managers:
+  - address: 127.0.0.1
+    port: 1514
+    protocol: tcp
+    api_port: 55000
+    api_proto: 'http'
+    api_user: null
+    max_retries: 5
+    retry_interval: 5
+
+## Enrollment
+wazuh_agent_enrollment:
+  enabled: ''
+  manager_address: ''
+  port: 1515
+  agent_name: 'testname'
+  groups: ''
+  agent_address: ''
+  ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+  server_ca_path: ''
+  agent_certificate_path: ''
+  agent_key_path: ''
+  authorization_pass_path: /var/ossec/etc/authd.pass
+  auto_method: 'no'
+  delay_after_enrollment: 20
+  use_source_ip: 'no'
+
+## Client buffer
+wazuh_agent_client_buffer:
   disable: 'no'
   queue_size: '5000'
   events_per_sec: '500'
-  syscheck:
+
+## Rootcheck
+wazuh_agent_rootcheck:
+  frequency: 43200
+
+## Wodles
+wazuh_agent_openscap:
+  disable: 'yes'
+  timeout: 1800
+  interval: '1d'
+  scan_on_start: 'yes'
+
+wazuh_agent_cis_cat:
+  disable: 'yes'
+  install_java: 'no'
+  timeout: 1800
+  interval: '1d'
+  scan_on_start: 'yes'
+  java_path: 'wodles/java'
+  java_path_win: '\\server\jre\bin\java.exe'
+  ciscat_path: 'wodles/ciscat'
+  ciscat_path_win: 'C:\cis-cat'
+
+wazuh_agent_osquery:
+  disable: 'yes'
+  run_daemon: 'yes'
+  bin_path_win: 'C:\Program Files\osquery\osqueryd'
+  log_path: '/var/log/osquery/osqueryd.results.log'
+  log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
+  config_path: '/etc/osquery/osquery.conf'
+  config_path_win: 'C:\Program Files\osquery\osquery.conf'
+  add_labels: 'yes'
+
+wazuh_agent_syscollector:
+  disable: 'no'
+  interval: '1h'
+  scan_on_start: 'yes'
+  hardware: 'yes'
+  os: 'yes'
+  network: 'yes'
+  packages: 'yes'
+  ports_no: 'yes'
+  processes: 'yes'
+
+## SCA
+wazuh_agent_sca:
+  enabled: 'yes'
+  scan_on_start: 'yes'
+  interval: '12h'
+  skip_nfs: 'yes'
+  day: ''
+  wday: ''
+  time: ''
+
+## Syscheck
+wazuh_agent_syscheck:
   frequency: 43200
   scan_on_start: 'yes'
   auto_ignore: 'no'
@@ -153,7 +232,6 @@ wazuh_agent_config:
       checks: 'recursion_level="0" restrict="winrm.vbs$"'
     - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
       checks: 'realtime="yes"'
-
   windows_registry:
     - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
     - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'
@@ -193,51 +271,9 @@ wazuh_agent_config:
     - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users'
     - key: '\Enum$'
       type: "sregex"
-  rootcheck:
+
-    frequency: 43200
+## Localfile
-  openscap:
+wazuh_agent_localfiles:
-    disable: 'yes'
-    timeout: 1800
-    interval: '1d'
-    scan_on_start: 'yes'
-  osquery:
-    disable: 'yes'
-    run_daemon: 'yes'
-    bin_path_win: 'C:\Program Files\osquery\osqueryd'
-    log_path: '/var/log/osquery/osqueryd.results.log'
-    log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
-    config_path: '/etc/osquery/osquery.conf'
-    config_path_win: 'C:\Program Files\osquery\osquery.conf'
-    add_labels: 'yes'
-  syscollector:
-    disable: 'no'
-    interval: '1h'
-    scan_on_start: 'yes'
-    hardware: 'yes'
-    os: 'yes'
-    network: 'yes'
-    packages: 'yes'
-    ports_no: 'yes'
-    processes: 'yes'
-  sca:
-    enabled: 'yes'
-    scan_on_start: 'yes'
-    interval: '12h'
-    skip_nfs: 'yes'
-    day: ''
-    wday: ''
-    time: ''
-  cis_cat:
-    disable: 'yes'
-    install_java: 'no'
-    timeout: 1800
-    interval: '1d'
-    scan_on_start: 'yes'
-    java_path: 'wodles/java'
-    java_path_win: '\\server\jre\bin\java.exe'
-    ciscat_path: 'wodles/ciscat'
-    ciscat_path_win: 'C:\cis-cat'
-  localfiles:
   debian:
     - format: 'syslog'
       location: '/var/log/auth.log'
@@ -279,24 +315,40 @@ wazuh_agent_config:
       location: 'System'
     - format: 'syslog'
       location: 'active-response\active-responses.log'
-  labels:
+
+## Labels
+wazuh_agent_labels:
   enable: false
   list:
     - key: Env
       value: Production
-  enrollment:
+
-    enabled: ''
+## Active response
-    manager_address: ''
+wazuh_agent_active_response:
-    port: 1515
+  ar_disabled: 'no'
-    agent_name: 'testname'
+  ca_store: '/var/ossec/etc/wpk_root.pem'
-    groups: ''
+  ca_store_win: 'wpk_root.pem'
-    agent_address: ''
+  ca_verification: 'yes'
-    ssl_cipher: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
-    server_ca_path: ''
+## Logging
-    agent_certificate_path: ''
+wazuh_agent_log_format: 'plain'
-    agent_key_path: ''
+
-    authorization_pass_path : /var/ossec/etc/authd.pass
+# wazuh_agent_config
-    auto_method: 'no'
+wazuh_agent_config_defaults:
-    delay_after_enrollment: 20
+  repo: '{{ wazuh_agent_repo }}'
-    use_source_ip: 'no'
+  active_response: '{{ wazuh_agent_active_response }}'
-wazuh_agent_nat: false
+  log_format: '{{ wazuh_agent_log_format }}'
+  client_buffer: '{{ wazuh_agent_client_buffer }}'
+  syscheck: '{{ wazuh_agent_syscheck }}'
+
+  rootcheck: '{{ wazuh_agent_rootcheck }}'
+  openscap: '{{ wazuh_agent_openscap }}'
+
+  osquery: '{{ wazuh_agent_osquery }}'
+  syscollector: '{{ wazuh_agent_syscollector }}'
+  sca: '{{ wazuh_agent_sca }}'
+  cis_cat: '{{ wazuh_agent_cis_cat }}'
+  localfiles: '{{ wazuh_agent_localfiles }}'
+
+  labels: '{{ wazuh_agent_labels }}'
+  enrollment: '{{ wazuh_agent_enrollment }}'

roles/wazuh/ansible-wazuh-agent/tasks/main.yml

@@ -1,4 +1,12 @@
 ---
+
+- name: Overlay wazuh_agent_config on top of defaults
+  set_fact:
+    wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}'
+  vars:
+    config_layer: '{{ wazuh_agent_config | default({}) }}'
+  when: wazuh_agent_config_overlay | bool
+
 - include_tasks: "Windows.yml"
   when: ansible_os_family == "Windows"