diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 85bd17e1..ca5ea6ac 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -1,8 +1,8 @@ --- -- import_tasks: RedHat.yml +- include_tasks: RedHat.yml when: ansible_os_family == 'RedHat' -- import_tasks: Debian.yml +- include_tasks: Debian.yml when: ansible_os_family == 'Debian' - name: CentOS/RedHat | Install Filebeat. @@ -116,8 +116,8 @@ state: started enabled: true -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml index 698f704f..2ef87f11 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml @@ -1,8 +1,8 @@ --- -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Linux CentOS/RedHat | Install wazuh-agent @@ -191,8 +191,8 @@ state: started tags: config -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml index 4b919bc5..25c7b955 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- -- import_tasks: "Windows.yml" +- include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- import_tasks: "Linux.yml" +- include_tasks: "Linux.yml" when: ansible_system == "Linux" diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 611aa3b6..b7bc7946 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -7,6 +7,7 @@ - gnupg state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_https_packages_installed until: wazuh_manager_https_packages_installed is succeeded @@ -85,16 +86,16 @@ - init - name: Debian/Ubuntu | Install OpenScap - package: - name: "{{ item }}" + apt: + name: + - libopenscap8 + - xsltproc state: present cache_valid_time: 3600 + install_recommends: false register: wazuh_manager_openscap_installed until: wazuh_manager_openscap_installed is succeeded when: wazuh_manager_config.openscap.disable == 'no' - with_items: - - libopenscap8 - - xsltproc tags: - init @@ -113,3 +114,15 @@ changed_when: false tags: - config + +- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api + apt: + name: + - "wazuh-manager={{ wazuh_manager_version }}" + - "wazuh-api={{ wazuh_manager_version }}" + state: present + cache_valid_time: 3600 + install_recommends: false + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + tags: init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml index d64829a9..c8e8a95a 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml @@ -137,3 +137,40 @@ cis_distribution_filename: cis_rhel7_linux_rcl.txt when: - ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA" + +- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api + package: + name: "{{ item }}-{{ wazuh_manager_version }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - wazuh-manager + - wazuh-api + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "redhat" + tags: + - init + +- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 + replace: + path: /etc/init.d/wazuh-manager + regexp: 'echo -n "Starting Wazuh-manager: "' + replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' + when: + - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 + - wazuh_manager_config.cluster.disable != 'yes' + +- name: Install expect (EL5) + package: + name: "{{ item }}" + state: "{{ wazuh_manager_package_state }}" + with_items: + - expect + register: wazuh_manager_main_packages_installed + until: wazuh_manager_main_packages_installed is succeeded + when: + - ansible_os_family|lower == "RedHat" + - ansible_distribution_major_version|int < 6 + tags: + - init diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 2a14fb69..ed4847aa 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -7,40 +7,12 @@ - tar state: present -- import_tasks: "RedHat.yml" +- include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") -- import_tasks: "Debian.yml" +- include_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- name: CentOS/RedHat/Amazon | Install wazuh-manager, wazuh-api - package: - name: "{{ item }}-{{ wazuh_manager_version }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "redhat" - tags: - - init - -- name: Debian/Ubuntu | Install wazuh-manager, wazuh-api - apt: - name: "{{ item }}={{ wazuh_manager_version }}" - state: present - cache_valid_time: 3600 - with_items: - - wazuh-manager - - wazuh-api - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - not (ansible_os_family|lower == "redhat") - tags: init - - name: Install expect package: name: expect @@ -49,29 +21,6 @@ - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init -- name: CentOS/RedHat 6 | Enabling python2.7 and sqlite3 - replace: - path: /etc/init.d/wazuh-manager - regexp: 'echo -n "Starting Wazuh-manager: "' - replace: 'echo -n "Starting Wazuh-manager (EL6): "; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib' - when: - - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6 - - wazuh_manager_config.cluster.disable != 'yes' - -- name: Install expect (EL5) - package: - name: "{{ item }}" - state: "{{ wazuh_manager_package_state }}" - with_items: - - expect - register: wazuh_manager_main_packages_installed - until: wazuh_manager_main_packages_installed is succeeded - when: - - ansible_os_family|lower == "RedHat" - - ansible_distribution_major_version|int < 6 - tags: - - init - - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: @@ -404,8 +353,8 @@ when: - ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int < 6 -- import_tasks: "RMRedHat.yml" +- include_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" or ansible_os_family == "Amazon" -- import_tasks: "RMDebian.yml" +- include_tasks: "RMDebian.yml" when: ansible_os_family == "Debian"