afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1207 from wazuh/merge-4.8.2-into-master

Browse Source 
Merge `4.8.2` into `master`
This commit is contained in:
Gonzalo Acuña 2024-02-07 13:12:09 -03:00 committed by GitHub
commit a8734c8bbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -37,6 +37,22 @@
- include_tasks: "Debian.yml" - include_tasks: "Debian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Generate the wazuh-keystore (username)
shell: >
/var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }}
notify: restart wazuh-manager
tags:
- init
- config
- name: Generate the wazuh-keystore (password)
shell: >
/var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }}
notify: restart wazuh-manager
tags:
- init
- config
- name: Install expect - name: Install expect
package: package:
name: expect name: expect

22
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -267,20 +267,18 @@
<indexer> <indexer>
<enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled> <enabled>{% if wazuh_manager_config.vulnerability_detection.enabled == 'yes' or wazuh_manager_config.indexer.enabled == 'yes' %}yes{% else %}no{% endif %}</enabled>
<hosts> <hosts>
{% for item in wazuh_manager_config.indexer.hosts %} {% for item in wazuh_manager_config.indexer.hosts %}
<host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host> <host>https://{{ item }}:{{ filebeat_output_indexer_port }}</host>
{% endfor %} {% endfor %}
</hosts> </hosts>
<username>{{ indexer_security_user }}</username> <ssl>
<password>{{ indexer_security_password }}</password> <certificate_authorities>
<ssl> <ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca>
<certificate_authorities> </certificate_authorities>
<ca>{{ filebeat_ssl_dir }}/root-ca.pem</ca> <certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate>
</certificate_authorities> <key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
<certificate>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem</certificate> </ssl>
<key>{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem</key>
</ssl>
</indexer> </indexer>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->

3
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -102,7 +102,7 @@
become: yes become: yes
become_user: root become_user: root
run_once: true when: inventory_hostname == ansible_play_hosts[0]
- name: Create custom user - name: Create custom user
uri: uri:
@ -122,5 +122,6 @@
timeout: 4 timeout: 4
when: when:
- indexer_custom_user is defined and indexer_custom_user - indexer_custom_user is defined and indexer_custom_user
- inventory_hostname == ansible_play_hosts[0]