Disable shared config by default. Update occurrences

roles/wazuh/ansible-wazuh-manager/README.md

@@ -20,7 +20,7 @@ This role has some variables which you can or need to override.
 ```
 wazuh_manager_fqdn: ~
 wazuh_manager_config: []
-wazuh_agent_configs: []
+shared_agent_config: []
 ```
 
 Vault variables
@@ -157,7 +157,7 @@ wazuh_manager_config:
       level: 6
       timeout: 600
 
-wazuh_agent_configs:
+shared_agent_config:
   - type: os
     type_value: linux
     frequency_check: 79200

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -356,53 +356,53 @@ wazuh_manager_config:
       - key: Env
         value: Production
 
-wazuh_agent_configs:
+# shared_agent_config:
-  - type: os
+  # - type: os
-    type_value: Linux
+  #   type_value: Linux
-    syscheck:
+  #   syscheck:
-      frequency: 43200
+  #     frequency: 43200
-      scan_on_start: 'yes'
+  #     scan_on_start: 'yes'
-      alert_new_files: 'yes'
+  #     alert_new_files: 'yes'
-      ignore:
+  #     ignore:
-        - /etc/mtab
+  #       - /etc/mtab
-        - /etc/mnttab
+  #       - /etc/mnttab
-        - /etc/hosts.deny
+  #       - /etc/hosts.deny
-        - /etc/mail/statistics
+  #       - /etc/mail/statistics
-        - /etc/svc/volatile
+  #       - /etc/svc/volatile
-      no_diff:
+  #     no_diff:
-        - /etc/ssl/private.key
+  #       - /etc/ssl/private.key
-    rootcheck:
+  #   rootcheck:
-      frequency: 43200
+  #     frequency: 43200
-      cis_distribution_filename: null
+  #     cis_distribution_filename: null
-    localfiles:
+  #   localfiles:
-      - format: 'syslog'
+  #     - format: 'syslog'
-        location: '/var/log/messages'
+  #       location: '/var/log/messages'
-      - format: 'syslog'
+  #     - format: 'syslog'
-        location: '/var/log/secure'
+  #       location: '/var/log/secure'
-      - format: 'syslog'
+  #     - format: 'syslog'
-        location: '/var/log/maillog'
+  #       location: '/var/log/maillog'
-      - format: 'apache'
+  #     - format: 'apache'
-        location: '/var/log/httpd/error_log'
+  #       location: '/var/log/httpd/error_log'
-      - format: 'apache'
+  #     - format: 'apache'
-        location: '/var/log/httpd/access_log'
+  #       location: '/var/log/httpd/access_log'
-      - format: 'apache'
+  #     - format: 'apache'
-        location: '/var/ossec/logs/active-responses.log'
+  #       location: '/var/ossec/logs/active-responses.log'
-  - type: os
+  # - type: os
-    type_value: Windows
+  #   type_value: Windows
-    syscheck:
+  #   syscheck:
-      frequency: 43200
+  #     frequency: 43200
-      scan_on_start: 'yes'
+  #     scan_on_start: 'yes'
-      auto_ignore: 'no'
+  #     auto_ignore: 'no'
-      alert_new_files: 'yes'
+  #     alert_new_files: 'yes'
-      windows_registry:
+  #     windows_registry:
-        - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
+  #       - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
-          arch: 'both'
+  #         arch: 'both'
-        - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
+  #       - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
-    localfiles:
+  #   localfiles:
-      - location: 'Security'
+  #     - location: 'Security'
-        format: 'eventchannel'
+  #       format: 'eventchannel'
-      - location: 'System'
+  #     - location: 'System'
-        format: 'eventlog'
+  #       format: 'eventlog'
 
 nodejs:
   repo_dict:

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -158,6 +158,8 @@
   tags:
     - init
     - config
+  when:
+    - shared_agent_config is defined
 
 - name: Installing the config.js (api configuration)
   template: src=var-ossec-api-configuration-config.js.j2

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2

@@ -1,6 +1,6 @@
 #jinja2: trim_blocks: False
-{% if wazuh_agent_configs is defined %}
+{% if shared_agent_config is defined %}
-{% for agent_config in wazuh_agent_configs %}
+{% for agent_config in shared_agent_config %}
 <agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
   {% if agent_config.syscheck is defined %}
   <syscheck>