From ce4665ef3e11fa1a10de33ec6c6a0cda88232232 Mon Sep 17 00:00:00 2001
From: l <luisgguijarro9@gmail.com>
Date: Thu, 4 Apr 2019 10:22:33 +0200
Subject: [PATCH] Fixing default active response

---
 .../ansible-wazuh-manager/defaults/main.yml   | 11 --------
 .../var-ossec-etc-ossec-server.conf.j2        | 28 ++++++++++---------
 2 files changed, 15 insertions(+), 24 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index e55f4848..80b39c06 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -255,17 +255,6 @@ wazuh_manager_config:
       decoders_path: 'custom_ruleset/decoders/'
   rule_exclude:
     - '0215-policy_rules.xml'
-  active_responses:
-    - command: 'restart-ossec'
-      location: 'local'
-      rules_id: '100002'
-    - command: 'win_restart-ossec'
-      location: 'local'
-      rules_id: '100003'
-    - command: 'host-deny'
-      location: 'local'
-      level: 6
-      timeout: 600
   syslog_outputs:
     - server: null
       port: null
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 595279c1..873588cc 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -395,19 +395,21 @@
 
 
   <!-- Active Response Config 
-{% for response in wazuh_manager_config.active_responses %}
-  <active-response>
-    <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
-    {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
-    {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
-    {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
-    {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}
-    {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}
-    {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}
-    {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
-    {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
-  </active-response>
-{% endfor %}
+{% if wazuh_manager_config.active_responses is defined %}
+  {% for response in wazuh_manager_config.active_responses %}
+    <active-response>
+      <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
+      {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
+      {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
+      {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
+      {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}
+      {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}
+      {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}
+      {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
+      {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
+    </active-response>
+  {% endfor %}
+{% endif %}
 -->
 
   <!-- Files to monitor (localfiles) -->