Fixing default active response

2019-04-04 10:22:33 +02:00 · 2019-04-04 10:22:33 +02:00 · ce4665ef3e
commit ce4665ef3e
parent deaffd9c8e
2 changed files with 15 additions and 24 deletions
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@ -255,17 +255,6 @@ wazuh_manager_config:
      decoders_path: 'custom_ruleset/decoders/'
  rule_exclude:
    - '0215-policy_rules.xml'
-  active_responses:
-    - command: 'restart-ossec'
-      location: 'local'
-      rules_id: '100002'
-    - command: 'win_restart-ossec'
-      location: 'local'
-      rules_id: '100003'
-    - command: 'host-deny'
-      location: 'local'
-      level: 6
-      timeout: 600
  syslog_outputs:
    - server: null
      port: null
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@ -395,7 +395,8 @@


  <!-- Active Response Config 
-{% for response in wazuh_manager_config.active_responses %}
+{% if wazuh_manager_config.active_responses is defined %}
+  {% for response in wazuh_manager_config.active_responses %}
    <active-response>
      <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
      {%if response.command is defined %}<command>{{ response.command }}</command>{% endif %}
@ -407,7 +408,8 @@
      {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
      {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
    </active-response>
-{% endfor %}
+  {% endfor %}
+{% endif %}
 -->

  <!-- Files to monitor (localfiles) -->