afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing default active response

Browse Source
This commit is contained in:
l 2019-04-04 10:22:33 +02:00
parent deaffd9c8e
commit ce4665ef3e
2 changed files with 15 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -255,17 +255,6 @@ wazuh_manager_config:
decoders_path: 'custom_ruleset/decoders/' decoders_path: 'custom_ruleset/decoders/'
rule_exclude: rule_exclude:
- '0215-policy_rules.xml' - '0215-policy_rules.xml'
active_responses:
- command: 'restart-ossec'
location: 'local'
rules_id: '100002'
- command: 'win_restart-ossec'
location: 'local'
rules_id: '100003'
- command: 'host-deny'
location: 'local'
level: 6
timeout: 600
syslog_outputs: syslog_outputs:
- server: null - server: null
port: null port: null

2
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -395,6 +395,7 @@
<!-- Active Response Config <!-- Active Response Config
{% if wazuh_manager_config.active_responses is defined %}
{% for response in wazuh_manager_config.active_responses %} {% for response in wazuh_manager_config.active_responses %}
<active-response> <active-response>
<disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled> <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
@ -408,6 +409,7 @@
{%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %} {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
</active-response> </active-response>
{% endfor %} {% endfor %}
{% endif %}
--> -->
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->