Merge pull request #27 from angystardust/linux-restapi-register

Implement Linux agent registration via restapi

ansible-wazuh-agent/README.md

@@ -33,12 +33,16 @@ The following is an example how this role can be used:
            - address: 127.0.0.1
              port: 1514
              protocol: udp
+             api_port: 55000
+             api_proto: 'http'
+             api_user: 'ansible'
          wazuh_agent_authd:
            enable: true
            port: 1515
            ssl_agent_ca: null
            ssl_auto_negotiate: 'no'
      
+
 License and copyright
 ---------------------
 

ansible-wazuh-agent/defaults/main.yml

@@ -3,6 +3,9 @@ wazuh_managers:
   - address: 127.0.0.1
     port: 1514
     protocol: tcp
+    api_port: 55000
+    api_proto: 'http'
+    api_user: null
 wazuh_profile: null
 wazuh_auto_restart: 'yes'
 wazuh_agent_authd:

ansible-wazuh-agent/tasks/Linux.yml

@@ -10,12 +10,22 @@
   tags:
     - init
 
-- name: Retrieving authd Credentials
+- name: Linux | Check if client.keys exists
-  include_vars: authd_pass.yml
+  stat: path=/var/ossec/etc/client.keys
+  register: check_keys
   tags:
     - config
 
-- name: Copy CA, SSL key and cert for authd
+- name: Linux | Agent registration via authd
+  block:
+
+    - name: Retrieving authd Credentials
+      include_vars: authd_pass.yml
+      tags:
+        - config
+        - authd
+
+    - name: Copy CA, SSL key and cert for authd
       copy:
         src: "{{ item }}"
         dest: "/var/ossec/etc/{{ item | basename }}"
@@ -26,17 +36,11 @@
         - "{{ wazuh_agent_authd.ssl_agent_key }}"
       tags:
         - config
+        - authd
       when:
         - wazuh_agent_authd.ssl_agent_ca is not none
-    - wazuh_agent_authd.enable == true
 
-- name: Linux | Check if client.keys exists
+    - name: Linux | Register agent (via authd)
-  stat: path=/var/ossec/etc/client.keys
-  register: check_keys
-  tags:
-    - config
-
-- name: Linux | Register agent
       shell: >
         /var/ossec/bin/agent-auth
         -m {{ wazuh_managers.0.address }}
@@ -50,20 +54,93 @@
         {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
       register: agent_auth_output
       when:
-    - wazuh_agent_authd.enable == true
         - check_keys.stat.size == 0
         - wazuh_managers.0.address is not none
       tags:
         - config
+        - authd
 
-- name: Linux | Verify agent registration
+    - name: Linux | Verify agent registration
       shell: echo {{ agent_auth_output }} | grep "Valid key created"
       when:
-    - wazuh_agent_authd.enable == true
         - check_keys.stat.size == 0
         - wazuh_managers.0.address is not none
       tags:
         - config
+        - authd
+
+  when: wazuh_agent_authd.enable == true
+
+- name: Linux | Agent registration via rest-API
+  block:
+
+    - name: Retrieving rest-API Credentials
+      include_vars: api_pass.yml
+      tags:
+        - config
+        - api
+
+    - name: Linux | Create the agent key via rest-API
+      uri:
+        url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/"
+        validate_certs: no
+        method: POST
+        body: {"name":"{{ inventory_hostname }}"}
+        body_format: json
+        status_code: 200
+        headers:
+          Content-Type: "application/json"
+        user: "{{ wazuh_managers.0.api_user }}"
+        password: "{{ api_pass }}"
+      register: newagent_api
+      changed_when: newagent_api.json.error == 0
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+      become: no
+      tags:
+        - config
+        - api
+
+    - name: Linux | Retieve new agent data via rest-API
+      uri:
+        url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}"
+        validate_certs: no
+        method: GET
+        return_content: yes
+        user: "{{ wazuh_managers.0.api_user }}"
+        password: "{{ api_pass }}"
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+        - newagent_api.json.error == 0
+      register: newagentdata_api
+      delegate_to: localhost
+      become: no
+      tags:
+        - config
+        - api
+
+    - name: Linux | Register agent (via rest-API)
+      command: /var/ossec/bin/manage_agents
+      environment:
+        OSSEC_ACTION: i
+        OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}'
+        OSSEC_AGENT_IP: '{{ newagentdata_api.json.data.ip }}'
+        OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}'
+        OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}'
+        OSSEC_ACTION_CONFIRMED: y
+      register: manage_agents_output
+      when:
+        - check_keys.stat.size == 0
+        - wazuh_managers.0.address is not none
+        - newagent_api.changed
+      tags:
+        - config
+        - api
+      notify: restart wazuh-agent
+
+  when: wazuh_agent_authd.enable == false
 
 - name: Linux | Vuls integration deploy (runs in background, can take a while)
   command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}

ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -1,4 +1,5 @@
 #jinja2: trim_blocks: False
+<!-- {{ ansible_managed }} -->
 <!--
   Wazuh - Agent
   More info at: https://documentation.wazuh.com

ansible-wazuh-agent/vars/api_pass.yml

@@ -0,0 +1,3 @@
+---
+# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
+#api_pass: 'changeme'

ansible-wazuh-agent/vars/authd_pass.yml

@@ -1,2 +1,3 @@
 ---
+# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
 #authd_pass: 'foobar'

wazuh-agent.yml

@@ -6,6 +6,9 @@
       - address: 127.0.0.1
         port: 1514
         protocol: udp
+        api_port: 55000
+        api_proto: 'http'
+        api_user: ansible
     wazuh_agent_authd:
       enable: true
       port: 1515