More options on client registration

2017-09-05 12:43:39 -05:00 · 2017-09-05 12:43:39 -05:00 · b141dd4113
commit b141dd4113
parent ff6ea6230a
4 changed files with 53 additions and 7 deletions
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/ansible-wazuh-agent/defaults/main.yml
@ -1,9 +1,14 @@
 ---
 wazuh_manager_ip: null
-wazuh_authd_port: 1515
 wazuh_profile: null
 wazuh_manager_proto: tcp
-wazuh_register_client: false
+wazuh_agent_authd:
+  enable: false
+  port: 1515
+  ssl_agent_ca: null
+  ssl_agent_cert: null
+  ssl_agent_key: null
+  ssl_auto_negotiate: 'no'
 wazuh_notify_time: null
 wazuh_time_reconnect: null
 wazuh_winagent_config:
--- a/ansible-wazuh-agent/tasks/Linux.yml
+++ b/ansible-wazuh-agent/tasks/Linux.yml
@ -10,6 +10,26 @@
  tags:
    - init

+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
+- name: Copy CA, SSL key and cert for authd
+  copy:
+    src: "{{ item }}"
+    dest: "/var/ossec/etc/{{ item | basename }}"
+    mode: 0644
+  with_items:
+    - "{{ wazuh_agent_authd.ssl_agent_ca }}"
+    - "{{ wazuh_agent_authd.ssl_agent_cert }}"
+    - "{{ wazuh_agent_authd.ssl_agent_key }}"
+  tags:
+    - config
+  when:
+    - wazuh_agent_authd.ssl_agent_ca is not none
+    - wazuh_agent_authd.enable == true
+
 - name: Linux | Check if client.keys exists
  stat: path=/var/ossec/etc/client.keys
  register: check_keys
@ -17,10 +37,20 @@
    - config

 - name: Linux | Register agent
-  shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}
+  shell: >
+    /var/ossec/bin/agent-auth
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
+    {% if wazuh_agent_authd.ssl_agent_ca is not none %}
+    -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+    -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
+    -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
+    {% endif %}
+    {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
  register: agent_auth_output
  when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
    - check_keys.stat.size == 0
    - wazuh_manager_ip is not none
  tags:
@ -29,7 +59,7 @@
 - name: Linux | Verify agent registration
  shell: echo {{ agent_auth_output }} | grep "Valid key created"
  when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
    - check_keys.stat.size == 0
    - wazuh_manager_ip is not none
  tags:
--- a/ansible-wazuh-agent/tasks/Windows.yml
+++ b/ansible-wazuh-agent/tasks/Windows.yml
@ -43,14 +43,23 @@
  tags:
    - config

+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
 - name: Windows | Register agent
-  win_shell: "{{ wazuh_winagent_config.install_dir }}agent-auth.exe -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}"
+  win_shell: >
+    {{ wazuh_winagent_config.install_dir }}agent-auth.exe
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
  args:
    chdir: "{{ wazuh_winagent_config.install_dir }}"
  register: agent_auth_output
  notify: restart wazuh-agent windows
  when:
-    - wazuh_register_client == true
+    - wazuh_agent_authd.enable == true
    - check_windows_key.stat.exists == false
    - wazuh_manager_ip is not none
  tags:
--- a/ansible-wazuh-agent/vars/authd_pass.yml
+++ b/ansible-wazuh-agent/vars/authd_pass.yml
@ -0,0 +1,2 @@
+---
+#authd_pass: 'foobar'