diff --git a/ansible-wazuh-server/.gitignore b/ansible-wazuh-manager/.gitignore
similarity index 100%
rename from ansible-wazuh-server/.gitignore
rename to ansible-wazuh-manager/.gitignore
diff --git a/ansible-wazuh-server/.kitchen.yml b/ansible-wazuh-manager/.kitchen.yml
similarity index 100%
rename from ansible-wazuh-server/.kitchen.yml
rename to ansible-wazuh-manager/.kitchen.yml
diff --git a/ansible-wazuh-server/CHANGELOG.md b/ansible-wazuh-manager/CHANGELOG.md
similarity index 100%
rename from ansible-wazuh-server/CHANGELOG.md
rename to ansible-wazuh-manager/CHANGELOG.md
diff --git a/ansible-wazuh-server/README.md b/ansible-wazuh-manager/README.md
similarity index 54%
rename from ansible-wazuh-server/README.md
rename to ansible-wazuh-manager/README.md
index 737734e0..250933e2 100644
--- a/ansible-wazuh-server/README.md
+++ b/ansible-wazuh-manager/README.md
@@ -1,95 +1,69 @@
-Role Name
-=========
+Ansible Playbook - Wazuh manager
+================================
-This role will install the Wazuh server on a host.
+This role will install the Wazuh manager on a host.
Requirements
------------
This role will work on:
* Red Hat
+ * CentOS
+ * Fedora
* Debian
-
+ * Ubuntu
Role Variables
--------------
This role has some variables which you can or need to override.
```
-ossec_server_config: []
-ossec_agent_configs: []
-api_user: []
+wazuh_manager_fqdn: []
+wazuh_manager_config: []
+wazuh_agent_configs: []
```
+
Vault variables
----------------
-### vars/agentless.yml
-This file has the agenless c.
+### vars/agentless_creeds.yml
+This file has the agenless credentials.
```
---
-agentless_passlist:
- - host: wazuh@wazuh.com
- passwd: testpasswd
- - host: wazuh2@wazuh.com
- passwd: test2passwd
+ agentless_creeds:
+ - type: ssh_integrity_check_linux
+ frequency: 3600
+ host: root@example.net
+ state: periodic
+ arguments: '/bin /etc/ /sbin'
+ passwd: qwerty
```
-
-### templates/agentless.j2
-
-In this template we create the file with the format .passlist that ossec needs.
-
-```
-{% for agentless in agentless_passlist %}
-{{ agentless.host }}|{{ agentless.passwd }}
-{% endfor %}
-```
-
-### tasks/main
-
-In the main we import the variables included in the vault file agentless.yml, then we move to a temporal file the folder /var/ossec/agentless/.passlist_tmp and then encode to base64.
-
-```
-- name: Import agentless secret variable file
- include_vars: "agentless.yml"
- no_log: true
-
-- name: Agentless Credentials
- template:
- src: agentless.j2
- dest: "/var/ossec/agentless/.passlist_tmp"
- owner: root
- group: root
- mode: 0644
- no_log: true
- when: agentless_passlist is defined
-
-- name: Encode the secret
- shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
- when: agentless_passlist is defined
-```
-
-### vars/api_user.yml
+### vars/wazuh_api_creds
This file has user and password created in httpasswd format.
```
---
-user:
- - "wazuh:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
- - "wazuh2:$apr1$XSwG938n$tDxKvaCBx5C/kdU2xXP3K."
+wazuh_api_user:
+ - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
```
+Default config
+--------------
-### Example setup
-
-Edit the vars file for the host which runs the ossec-server:
-### host_vars/ossec-server
+### defaults/main.yml
```
-ossec_server_config:
+---
+wazuh_manager_fqdn: "wazuh-server"
+
+wazuh_manager_config:
+ email_notification: no
mail_to:
- - me@example.com
+ - admin@example.net
mail_smtp_server: localhost
- mail_from: ossec@example.com
+ mail_from: wazuh-server@example.com
frequency_check: 43200
syscheck_scan_on_start: 'yes'
+ log_level: 1
+ email_level: 12
ignore_files:
- /etc/mtab
- /etc/mnttab
@@ -131,9 +105,7 @@ ossec_server_config:
connection:
- type: 'secure'
port: '1514'
- protocol: 'udp'
- log_level: 1
- email_level: 12
+ protocol: 'tcp'
commands:
- name: 'disable-account'
executable: 'disable-account.sh'
@@ -165,7 +137,7 @@ ossec_server_config:
level: 6
timeout: 600
-ossec_agent_configs:
+wazuh_agent_configs:
- type: os
type_value: linux
frequency_check: 79200
@@ -195,24 +167,19 @@ ossec_agent_configs:
location: '/var/ossec/logs/active-responses.log'
```
-####ossec_server_config:
-At first, there is the server configuration. Change it for your needs, as this default setup won't do any good for you. (You don't have access to use the mail.example.com mailhost. :-))
+#### Custom variables:
+You can create a YAML file and change the default variables for this role, to later using it with `-e` option in `ansible-playbooks`, for example:
+```
+---
+wazuh_manager_fqdn: "wazuh-server"
-####ossec_agent_configs:
-http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html
-
-There are 3 "types":
- * os
- * name
- * profile
-
-In the above setup, the type is os. And this configuration is for the "linux" os. You can have several types configured in the host_vars file, so you can create all kind of different configs.
-
-You can find here some more information about the ossec shared agent configuration: http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/
-
-#### <_role_>/vars/main.yml
-nil
+wazuh_manager_config:
+ email_notification: yes
+ mail_to:
+ - myadmin@mydomain.com
+ mail_smtp_server: mysmtp.mydomain.com
+```
Dependencies
------------
@@ -224,22 +191,19 @@ Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- - hosts: ossec-server.example.com
+ - hosts: wazuh-server.example.com
roles:
- - { role: ansible-wazuh-manager }
+ - { role: ansible-wazuh-server }
-License
--------
+License and copyright
+---------------------
-GPLv3
+WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3)
-Author Information
-------------------
+### Based on previous work from dj-wasabi
-Please send suggestion or pull requests to make this role better.
+ - https://github.com/dj-wasabi/ansible-ossec-server
-Github: https://github.com/dj-wasabi/ansible-ossec-server
+### Modified by Wazuh
-mail: ikben [ at ] werner-dijkerman . nl
-
-Modificated by **Wazuh**
+The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
diff --git a/ansible-wazuh-server/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml
similarity index 95%
rename from ansible-wazuh-server/defaults/main.yml
rename to ansible-wazuh-manager/defaults/main.yml
index 7941b5f4..b598c053 100644
--- a/ansible-wazuh-server/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@@ -1,12 +1,12 @@
---
-ossec_server_fqdn: "ossec-server"
+wazuh_manager_fqdn: "wazuh-server"
-ossec_server_config:
+wazuh_manager_config:
email_notification: no
mail_to:
- admin@example.net
mail_smtp_server: localhost
- mail_from: ossec@example.com
+ mail_from: wazuh-server@example.com
frequency_check: 43200
syscheck_scan_on_start: 'yes'
log_level: 1
@@ -84,7 +84,7 @@ ossec_server_config:
level: 6
timeout: 600
-ossec_agent_configs:
+wazuh_agent_configs:
- type: os
type_value: linux
frequency_check: 79200
diff --git a/ansible-wazuh-server/handlers/main.yml b/ansible-wazuh-manager/handlers/main.yml
similarity index 100%
rename from ansible-wazuh-server/handlers/main.yml
rename to ansible-wazuh-manager/handlers/main.yml
diff --git a/ansible-wazuh-server/meta/main.yml b/ansible-wazuh-manager/meta/main.yml
similarity index 78%
rename from ansible-wazuh-server/meta/main.yml
rename to ansible-wazuh-manager/meta/main.yml
index 51eef519..69b6ebec 100644
--- a/ansible-wazuh-server/meta/main.yml
+++ b/ansible-wazuh-manager/meta/main.yml
@@ -1,7 +1,7 @@
---
galaxy_info:
- author: Jose Luis Ruiz
- description: Installing and maintaining the wazuh-manager.
+ author: Wazuh
+ description: Installing, deploying and configuring Wazuh Manager.
company: wazuh.com
license: license (GPLv3)
min_ansible_version: 2.0
diff --git a/ansible-wazuh-server/molecule.yml b/ansible-wazuh-manager/molecule.yml
similarity index 100%
rename from ansible-wazuh-server/molecule.yml
rename to ansible-wazuh-manager/molecule.yml
diff --git a/ansible-wazuh-manager/playbook.yml b/ansible-wazuh-manager/playbook.yml
new file mode 100644
index 00000000..8ad964ec
--- /dev/null
+++ b/ansible-wazuh-manager/playbook.yml
@@ -0,0 +1,3 @@
+- hosts: wazuh-server.example.com
+ roles:
+ - { role: ansible-wazuh-server }
diff --git a/ansible-wazuh-server/tasks/Debian.yml b/ansible-wazuh-manager/tasks/Debian.yml
similarity index 100%
rename from ansible-wazuh-server/tasks/Debian.yml
rename to ansible-wazuh-manager/tasks/Debian.yml
diff --git a/ansible-wazuh-server/tasks/RMDebian.yml b/ansible-wazuh-manager/tasks/RMDebian.yml
similarity index 100%
rename from ansible-wazuh-server/tasks/RMDebian.yml
rename to ansible-wazuh-manager/tasks/RMDebian.yml
diff --git a/ansible-wazuh-server/tasks/RMRedHat.yml b/ansible-wazuh-manager/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-wazuh-server/tasks/RMRedHat.yml
rename to ansible-wazuh-manager/tasks/RMRedHat.yml
diff --git a/ansible-wazuh-server/tasks/RedHat.yml b/ansible-wazuh-manager/tasks/RedHat.yml
similarity index 100%
rename from ansible-wazuh-server/tasks/RedHat.yml
rename to ansible-wazuh-manager/tasks/RedHat.yml
diff --git a/ansible-wazuh-server/tasks/main.yml b/ansible-wazuh-manager/tasks/main.yml
similarity index 95%
rename from ansible-wazuh-server/tasks/main.yml
rename to ansible-wazuh-manager/tasks/main.yml
index 8b89a80c..ebc5341d 100644
--- a/ansible-wazuh-server/tasks/main.yml
+++ b/ansible-wazuh-manager/tasks/main.yml
@@ -15,7 +15,7 @@
- init
- name: Generate SSL files
- command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
+ command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/"
args:
creates: sslmanager.cert
chdir: /var/ossec/etc/
@@ -64,11 +64,11 @@
- name: Enable client-syslog
command: /var/ossec/bin/ossec-control enable client-syslog
- when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
+ when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
- name: Start client-syslog
command: /var/ossec/bin/ossec-control start client-syslog
- when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
+ when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
- name: Check if ossec-agentlessd is enabled
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo"
diff --git a/ansible-wazuh-server/templates/agentless.j2 b/ansible-wazuh-manager/templates/agentless.j2
similarity index 100%
rename from ansible-wazuh-server/templates/agentless.j2
rename to ansible-wazuh-manager/templates/agentless.j2
diff --git a/ansible-wazuh-server/templates/api_user.j2 b/ansible-wazuh-manager/templates/api_user.j2
similarity index 100%
rename from ansible-wazuh-server/templates/api_user.j2
rename to ansible-wazuh-manager/templates/api_user.j2
diff --git a/ansible-wazuh-server/templates/ossec-authd-init.service b/ansible-wazuh-manager/templates/ossec-authd-init.service
similarity index 100%
rename from ansible-wazuh-server/templates/ossec-authd-init.service
rename to ansible-wazuh-manager/templates/ossec-authd-init.service
diff --git a/ansible-wazuh-server/templates/ossec-authd.service b/ansible-wazuh-manager/templates/ossec-authd.service
similarity index 100%
rename from ansible-wazuh-server/templates/ossec-authd.service
rename to ansible-wazuh-manager/templates/ossec-authd.service
diff --git a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
similarity index 78%
rename from ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
rename to ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 5f5dc1db..348c9cf1 100644
--- a/ansible-wazuh-server/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -8,20 +8,20 @@
yes
yes
- {% if ossec_server_config.email_notification | lower == "yes" %}
+ {% if wazuh_manager_config.email_notification | lower == "yes" %}
yes
- {% for to in ossec_server_config.mail_to %}
- {{ to }}
- {% endfor %}
- {{ ossec_server_config.mail_smtp_server }}
- {{ ossec_server_config.mail_from }}
{% else %}
no
{% endif %}
+ {% for to in wazuh_manager_config.mail_to %}
+ {{ to }}
+ {% endfor %}
+ {{ wazuh_manager_config.mail_smtp_server }}
+ {{ wazuh_manager_config.mail_from }}
-{% if ossec_server_config.extra_emails is defined %}
-{% for mail in ossec_server_config.extra_emails %}
+{% if wazuh_manager_config.extra_emails is defined %}
+{% for mail in wazuh_manager_config.extra_emails %}
{{ mail.mail_to }}
{% if mail.format is defined %}
@@ -50,12 +50,12 @@
{% endif %}
- {{ ossec_server_config.log_level }}
- {{ ossec_server_config.email_level }}
+ {{ wazuh_manager_config.log_level }}
+ {{ wazuh_manager_config.email_level }}
-{% for connection in ossec_server_config.connection %}
+{% for connection in wazuh_manager_config.connection %}
{{ connection.type }}
{{ connection.port }}
{{ connection.protocol }}
@@ -89,27 +89,28 @@
- {{ ossec_server_config.frequency_check }}
- {{ ossec_server_config.syscheck_scan_on_start }}
+ {{ wazuh_manager_config.frequency_check }}
+ {{ wazuh_manager_config.syscheck_scan_on_start }}
-{% for directory in ossec_server_config.directories %}
+{% for directory in wazuh_manager_config.directories %}
{{ directory.dirs }}
{% endfor %}
- {% for ignore_file in ossec_server_config.ignore_files %}
+ {% for ignore_file in wazuh_manager_config.ignore_files %}
{{ ignore_file }}
{% endfor %}
- {% for no_diff in ossec_server_config.no_diff %}
+ {% for no_diff in wazuh_manager_config.no_diff %}
{{ no_diff }}
{% endfor %}
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
-
+
+ no
1800
1d
yes
@@ -118,8 +119,20 @@
xccdf_org.ssgproject.content_profile_common
+ {% elif ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' %}
+
+ no
+ 1800
+ 1d
+ yes
+
+
+ xccdf_org.ssgproject.content_profile_common
+
+
{% elif ansible_distribution == 'CentOS' %}
+ no
1800
1d
yes
@@ -134,7 +147,8 @@
{% elif ansible_distribution == 'RedHat' %}
-
+
+ no
1800
1d
yes
@@ -150,7 +164,7 @@
{% elif ansible_distribution == 'Fedora' %}
- yes
+ no
1800
1d
yes
@@ -178,12 +192,12 @@
{% endif %}
-{% for white_list in ossec_server_config.globals %}
+{% for white_list in wazuh_manager_config.globals %}
{{ white_list }}
{% endfor %}
- {% for command in ossec_server_config.commands %}
+ {% for command in wazuh_manager_config.commands %}
{{ command.name }}
{{ command.executable }}
@@ -206,7 +220,7 @@
-{% for response in ossec_server_config.active_responses %}
+{% for response in wazuh_manager_config.active_responses %}
{{ response.command }}
{{ response.location }}
@@ -216,7 +230,7 @@
{% endfor %}
-{% for localfile in ossec_server_config.localfiles %}
+{% for localfile in wazuh_manager_config.localfiles %}
{{ localfile.format }}
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
@@ -228,8 +242,8 @@
{% endfor %}
-{% if ossec_server_config.syslog_outputs is defined %}
-{% for syslog_output in ossec_server_config.syslog_outputs %}
+{% if wazuh_manager_config.syslog_outputs is defined %}
+{% for syslog_output in wazuh_manager_config.syslog_outputs %}
{{ syslog_output.server }}
{{ syslog_output.port }}
diff --git a/ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
similarity index 97%
rename from ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2
rename to ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 607631c9..7f7e75d8 100644
--- a/ansible-wazuh-server/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -1,4 +1,4 @@
-{% for item in ossec_agent_configs %}
+{% for item in wazuh_agent_configs %}
diff --git a/ansible-wazuh-server/templates/var-ossec-rules-local_decoder.xml.j2 b/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2
similarity index 100%
rename from ansible-wazuh-server/templates/var-ossec-rules-local_decoder.xml.j2
rename to ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2
diff --git a/ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2 b/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
similarity index 100%
rename from ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2
rename to ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
diff --git a/ansible-wazuh-server/vars/agentless_creeds.yml b/ansible-wazuh-manager/vars/agentless_creeds.yml
similarity index 77%
rename from ansible-wazuh-server/vars/agentless_creeds.yml
rename to ansible-wazuh-manager/vars/agentless_creeds.yml
index 309b5c0c..0a25988d 100644
--- a/ansible-wazuh-server/vars/agentless_creeds.yml
+++ b/ansible-wazuh-manager/vars/agentless_creeds.yml
@@ -1,4 +1,4 @@
-# Be sure you encrypt this file with ansible-vault.
+---
# agentless_creeds:
# - type: ssh_integrity_check_linux
# frequency: 3600
diff --git a/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/ansible-wazuh-manager/vars/wazuh_api_creds.yml
new file mode 100644
index 00000000..2d5f8c73
--- /dev/null
+++ b/ansible-wazuh-manager/vars/wazuh_api_creds.yml
@@ -0,0 +1,3 @@
+---
+wazuh_api_user:
+ - "foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/"
diff --git a/ansible-wazuh-server/playbook.retry b/ansible-wazuh-server/playbook.retry
deleted file mode 100644
index ebf72921..00000000
--- a/ansible-wazuh-server/playbook.retry
+++ /dev/null
@@ -1 +0,0 @@
-192.168.212.138
diff --git a/ansible-wazuh-server/playbook.yml b/ansible-wazuh-server/playbook.yml
deleted file mode 100644
index fca1c018..00000000
--- a/ansible-wazuh-server/playbook.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- hosts: ossec-manager
- roles:
- - role: ansible-ossec-server
diff --git a/ansible-wazuh-server/vars/wazuh_api_creds.yml b/ansible-wazuh-server/vars/wazuh_api_creds.yml
deleted file mode 100644
index af61d06d..00000000
--- a/ansible-wazuh-server/vars/wazuh_api_creds.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-# Be sure you encrypt this file with ansible-vault
-wazuh_api_user:
- - foo:$apr1$/axqZYWQ$Xo/nz/IG3PdwV82EnfYKh/