From a35c7bceb1f9daeb543cd5e68a9685ab35f3fc81 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 9 Jan 2020 18:05:41 +0100 Subject: [PATCH] Fix rootkit files & trojans paths for manager --- roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++---- .../templates/var-ossec-etc-ossec-server.conf.j2 | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 21faa35c..e4f6a17d 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -95,7 +95,7 @@ wazuh_manager_config: use_source_ip: 'yes' force_insert: 'yes' force_time: 0 - purge: 'no' + purge: 'yes' use_password: 'no' limit_maxagents: 'yes' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' @@ -114,7 +114,7 @@ wazuh_manager_config: email_log_source: 'alerts.log' extra_emails: - enable: false - mail_to: 'recipient@example.wazuh.com' + mail_to: 'admin@example.net' format: full level: 7 event_location: null @@ -174,7 +174,7 @@ wazuh_manager_config: rootcheck: frequency: 43200 openscap: - disable: 'no' + disable: 'yes' timeout: 1800 interval: '1d' scan_on_start: 'yes' @@ -263,6 +263,7 @@ wazuh_manager_config: frequency: '360' - format: 'full_command' command: 'last -n 20' + frequency: '360' - format: 'syslog' location: '/var/ossec/logs/active-responses.log' debian: @@ -295,7 +296,6 @@ wazuh_manager_config: - name: 'restart-ossec' executable: 'restart-ossec.sh' expect: '' - timeout_allowed: 'no' - name: 'firewall-drop' executable: 'firewall-drop.sh' expect: 'srcip' diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 index 99201c29..94223a94 100644 --- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 +++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 @@ -126,8 +126,8 @@ {{ wazuh_manager_config.rootcheck.frequency }} - /var/ossec/etc/shared/default/rootkit_files.txt - /var/ossec/etc/shared/default/rootkit_trojans.txt + /var/ossec/etc/rootcheck/rootkit_files.txt + /var/ossec/etc/rootcheck/rootkit_trojans.txt yes @@ -292,7 +292,6 @@ {{ wazuh_manager_config.syscheck.disable }} - {{ wazuh_manager_config.syscheck.auto_ignore }} {{ wazuh_manager_config.syscheck.alert_new_files }} {{ wazuh_manager_config.syscheck.frequency }} @@ -318,7 +317,7 @@ {% endif %} - {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} + {% if wazuh_manager_config.syscheck.ignore_linux_type is defined %} {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %} {{ ignore }} {% endfor %} @@ -346,7 +345,9 @@ {{ command.name }} {{ command.executable }} {{ command.expect }} - {{ command.timeout_allowed }} + {% if command.timeout_allowed is defined %} + {{ command.timeout_allowed }} + {% endif %} {% endfor %} @@ -359,7 +360,6 @@ {{ rule }} {% endfor %} {% endif %} - {% if cdb_lists is defined %} {% for list in cdb_lists %} etc/lists/{{ list.name }} {% endfor %}