Wazuh agent: disable or not the openscap install & scan
This commit is contained in:
Miguelangel Freitas
parent
0f72f5f606
commit
a19d3d99f6
@ -31,6 +31,7 @@ wazuh_agent_config:
|
||||
rootcheck:
|
||||
frequency: 43200
|
||||
openscap:
|
||||
disable: 'yes'
|
||||
timeout: 1800
|
||||
interval: '1d'
|
||||
scan_on_start: 'yes'
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
|
||||
- name: Debian/Ubuntu | Install OpenScap
|
||||
package: name={{ item }} state=present
|
||||
when: wazuh_agent_config.openscap.disable == 'no'
|
||||
with_items:
|
||||
- libopenscap8
|
||||
- xsltproc
|
||||
@ -30,6 +31,7 @@
|
||||
- name: Debian/Ubuntu | Get OpenScap installed version
|
||||
shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
|
||||
register: openscap_version
|
||||
when: wazuh_agent_config.openscap.disable == 'no'
|
||||
changed_when: true
|
||||
tags:
|
||||
- config
|
||||
@ -37,6 +39,7 @@
|
||||
- name: Debian/Ubuntu | Check OpenScap version
|
||||
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
|
||||
register: openscap_version_valid
|
||||
when: wazuh_agent_config.openscap.disable == 'no'
|
||||
changed_when: true
|
||||
tags:
|
||||
- config
|
||||
|
||||
@ -43,5 +43,6 @@
|
||||
|
||||
- name: RedHat/CentOS/RedHat | Install openscap
|
||||
package: name=openscap-scanner state=present
|
||||
when: wazuh_agent_config.openscap.disable == 'no'
|
||||
tags:
|
||||
- init
|
||||
|
||||
@ -71,6 +71,7 @@
|
||||
{% endfor %}
|
||||
</syscheck>
|
||||
|
||||
{% if wazuh_agent_config.openscap.disable == 'no' %}
|
||||
<wodle name="open-scap">
|
||||
<disabled>no</disabled>
|
||||
<timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
|
||||
@ -117,6 +118,7 @@
|
||||
</content>
|
||||
{% endif %}
|
||||
</wodle>
|
||||
{% endif %}
|
||||
|
||||
<!-- Files to monitor (localfiles) -->
|
||||
{% for localfile in wazuh_agent_config.localfiles %}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user