From a19d3d99f6aaf033f277af7f8853db32493406d4 Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Tue, 1 Aug 2017 00:09:26 -0400
Subject: [PATCH] Wazuh agent: disable or not the openscap install & scan

---
 ansible-wazuh-agent/defaults/main.yml                          | 1 +
 ansible-wazuh-agent/tasks/Debian.yml                           | 3 +++
 ansible-wazuh-agent/tasks/RedHat.yml                           | 1 +
 .../templates/var-ossec-etc-ossec-agent.conf.j2                | 2 ++
 4 files changed, 7 insertions(+)

diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml
index 32b7c719..22682137 100644
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/ansible-wazuh-agent/defaults/main.yml
@@ -31,6 +31,7 @@ wazuh_agent_config:
   rootcheck:
     frequency: 43200
   openscap:
+    disable: 'yes'
     timeout: 1800
     interval: '1d'
     scan_on_start: 'yes'
diff --git a/ansible-wazuh-agent/tasks/Debian.yml b/ansible-wazuh-agent/tasks/Debian.yml
index 10d1be05..a11899e6 100644
--- a/ansible-wazuh-agent/tasks/Debian.yml
+++ b/ansible-wazuh-agent/tasks/Debian.yml
@@ -21,6 +21,7 @@
 
 - name: Debian/Ubuntu | Install OpenScap
   package: name={{ item }} state=present
+  when: wazuh_agent_config.openscap.disable == 'no'
   with_items:
     - libopenscap8
     - xsltproc
@@ -30,6 +31,7 @@
 - name: Debian/Ubuntu | Get OpenScap installed version
   shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
   register: openscap_version
+  when: wazuh_agent_config.openscap.disable == 'no'
   changed_when: true
   tags:
     - config
@@ -37,6 +39,7 @@
 - name: Debian/Ubuntu | Check OpenScap version
   shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
   register: openscap_version_valid
+  when: wazuh_agent_config.openscap.disable == 'no'
   changed_when: true
   tags:
     - config
diff --git a/ansible-wazuh-agent/tasks/RedHat.yml b/ansible-wazuh-agent/tasks/RedHat.yml
index cd74640f..6eb304fc 100644
--- a/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/ansible-wazuh-agent/tasks/RedHat.yml
@@ -43,5 +43,6 @@
 
 - name: RedHat/CentOS/RedHat | Install openscap
   package: name=openscap-scanner state=present
+  when: wazuh_agent_config.openscap.disable == 'no'
   tags:
     - init
diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 5396c904..35c83fbb 100644
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -71,6 +71,7 @@
     {% endfor %}
   </syscheck>
 
+  {% if wazuh_agent_config.openscap.disable  == 'no' %}
   <wodle name="open-scap">
     <disabled>no</disabled>
     <timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
@@ -117,6 +118,7 @@
       </content>
     {% endif %}
   </wodle>
+  {% endif %}
 
   <!-- Files to monitor (localfiles) -->
     {% for localfile in wazuh_agent_config.localfiles %}