afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean code

Browse Source
This commit is contained in:
Jose Luis 2017-04-06 14:57:11 -04:00
parent c3e340433f
commit bad7bbe9be
3 changed files with 48 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
ansible-wazuh-server/README.md
View File

@ -20,12 +20,56 @@ ossec_server_config: []
ossec_agent_configs: [] ossec_agent_configs: []
api_user: [] api_user: []
``` ```
Vault variables Vault variables
---------------- ----------------
### vars/api_user.yml ### vars/agentless.yml
This file has the agenless c.
```
---
agentless_passlist:
- host: wazuh@wazuh.com
passwd: testpasswd
- host: wazuh2@wazuh.com
passwd: test2passwd
```
### templates/agentless.j2
In this template we create the file with the format .passlist that ossec needs.
```
{% for agentless in agentless_passlist %}
{{ agentless.host }}|{{ agentless.passwd }}
{% endfor %}
```
### tasks/main
In the main we import the variables included in the vault file agentless.yml, then we move to a temporal file the folder /var/ossec/agentless/.passlist_tmp and then encode to base64.
```
- name: Import agentless secret variable file
include_vars: "agentless.yml"
no_log: true
- name: Agentless Credentials
template:
src: agentless.j2
dest: "/var/ossec/agentless/.passlist_tmp"
owner: root
group: root
mode: 0644
no_log: true
when: agentless_passlist is defined
- name: Encode the secret
shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
when: agentless_passlist is defined
```
### vars/api_user.yml
This file has user and password created in httpasswd format.
``` ```
--- ---
user: user:
@ -33,6 +77,7 @@ user:
- "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K." - "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
``` ```
### Example setup ### Example setup
Edit the vars file for the host which runs the ossec-server: Edit the vars file for the host which runs the ossec-server:

6
ansible-wazuh-server/tasks/RedHat.yml
View File

@ -57,9 +57,3 @@
set_fact: set_fact:
cis_distribution_filename: cis_rhel7_linux_rcl.txt cis_distribution_filename: cis_rhel7_linux_rcl.txt
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
- name: Set ossec deploy facts for RedHat/CentOS
set_fact:
ossec_server_config_filename: ossec-server.conf
ossec_init_name: wazuh-manager
when: ansible_os_family == "RedHat"

6
ansible-wazuh-server/tasks/main.yml
View File

@ -78,12 +78,6 @@
command: /var/ossec/bin/ossec-control start agentless command: /var/ossec/bin/ossec-control start agentless
when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined when: agentless_running.stdout == '0' and ossec_server_config.agentless is defined
- name: Set ossec deploy facts for Debian
set_fact:
ossec_server_config_filename: ossec.conf
ossec_init_name: ossec
when: ansible_os_family == "Debian"
- name: Configure ossec.conf - name: Configure ossec.conf
template: src=var-ossec-etc-ossec-server.conf.j2 template: src=var-ossec-etc-ossec-server.conf.j2
dest=/var/ossec/etc/ossec.conf dest=/var/ossec/etc/ossec.conf