afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into devel

Browse Source
This commit is contained in:
Jose M 2020-01-13 11:55:57 +01:00
commit e9c05e8b19
7 changed files with 211 additions and 319 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -30,7 +30,8 @@ wazuh_managers:
api_port: 55000 api_port: 55000
api_proto: 'http' api_proto: 'http'
api_user: null api_user: null
wazuh_profile: null wazuh_profile_centos: 'centos, centos7, centos7.6'
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
wazuh_auto_restart: 'yes' wazuh_auto_restart: 'yes'
wazuh_agent_authd: wazuh_agent_authd:
enable: false enable: false
@ -102,7 +103,7 @@ wazuh_agent_config:
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: 'check_all="yes"'
- dirs: /bin,/sbin - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: 'check_all="yes"'
win_directories: win_directories:
- dirs: '%WINDIR%\regedit.exe' - dirs: '%WINDIR%\regedit.exe'

203
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -19,8 +19,12 @@
{% endif %} {% endif %}
</server> </server>
{% endfor %} {% endfor %}
{% if wazuh_profile is not none %} {% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %}
<config-profile>{{ wazuh_profile }}</config-profile> {% if ansible_distribution == 'CentOS' %}
<config-profile>{{ wazuh_profile_centos }}</config-profile>
{% elif ansible_distribution == "Ubuntu" %}
<config-profile>{{ wazuh_profile_ubuntu }}</config-profile>
{% endif %}
{% endif %} {% endif %}
{% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
<notify_time>{{ wazuh_notify_time }}</notify_time> <notify_time>{{ wazuh_notify_time }}</notify_time>
@ -37,16 +41,6 @@
<events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second> <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
</client_buffer> </client_buffer>
<logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging>
<active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response>
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
@ -75,95 +69,10 @@
</rootcheck> </rootcheck>
{% endif %} {% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck is defined %}
<syscheck>
<disabled>no</disabled>
<!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %}
<!-- <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
<auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore> {% if ansible_system == "Linux" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- File types to ignore -->
{% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
{% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
{% for ignore in wazuh_agent_config.syscheck.ignore_win %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if ansible_system == "Linux" %}
<!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %}
<windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
{% else %}
<windows_registry>{{ registry_key.key }}</windows_registry>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
{% if registry_key.type is defined %}
<registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
{% else %}
<registry_ignore>{{ registry_key.key }}</registry_ignore>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
<!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %}
</syscheck>
{% endif %}
{% if ansible_system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %}
<wodle name="open-scap"> <wodle name="open-scap">
<disabled>no</disabled> <disabled>{{ wazuh_agent_config.openscap.disable }}</disabled>
<timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout> <timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
<interval>{{ wazuh_agent_config.openscap.interval }}</interval> <interval>{{ wazuh_agent_config.openscap.interval }}</interval>
<scan-on-start>{{ wazuh_agent_config.openscap.scan_on_start }}</scan-on-start> <scan-on-start>{{ wazuh_agent_config.openscap.scan_on_start }}</scan-on-start>
@ -214,9 +123,8 @@
</wodle> </wodle>
{% endif %} {% endif %}
{% if wazuh_agent_config.cis_cat.disable == 'no' %}
<wodle name="cis-cat"> <wodle name="cis-cat">
<disabled>no</disabled> <disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled>
<timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout> <timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout>
<interval>{{ wazuh_agent_config.cis_cat.interval }}</interval> <interval>{{ wazuh_agent_config.cis_cat.interval }}</interval>
<scan-on-start>{{ wazuh_agent_config.cis_cat.scan_on_start }}</scan-on-start> <scan-on-start>{{ wazuh_agent_config.cis_cat.scan_on_start }}</scan-on-start>
@ -229,7 +137,6 @@
{% endif %} {% endif %}
<ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path> <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
</wodle> </wodle>
{% endif %}
<!-- Osquery integration --> <!-- Osquery integration -->
<wodle name="osquery"> <wodle name="osquery">
@ -280,6 +187,88 @@
{% endif %} {% endif %}
</sca> </sca>
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck is defined %}
<syscheck>
<disabled>no</disabled>
<!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
{% if ansible_system == "Linux" %}
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
{% for directory in wazuh_agent_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
{% for directory in wazuh_agent_config.syscheck.win_directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
{% for ignore in wazuh_agent_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- File types to ignore -->
{% if wazuh_agent_config.syscheck.ignore_linux_type is defined %}
{% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
{% for ignore in wazuh_agent_config.syscheck.ignore_win %}
<ignore type="sregex">{{ ignore }}</ignore>
{% endfor %}
{% endif %}
{% if ansible_system == "Linux" %}
<!-- Files no diff -->
{% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %}
<windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
{% else %}
<windows_registry>{{ registry_key.key }}</windows_registry>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
{% if registry_key.type is defined %}
<registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
{% else %}
<registry_ignore>{{ registry_key.key }}</registry_ignore>
{% endif %}
{% endfor %}
{% endif %}
{% if ansible_os_family == "Windows" %}
<!-- Frequency for ACL checking (seconds) -->
<windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
{% endif %}
</syscheck>
{% endif %}
{% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
<disabled>no</disabled> <disabled>no</disabled>
@ -369,4 +358,14 @@
</labels> </labels>
{% endif %} {% endif %}
<active-response>
<disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
<ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response>
<logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging>
</ossec_config> </ossec_config>

12
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -95,7 +95,7 @@ wazuh_manager_config:
use_source_ip: 'yes' use_source_ip: 'yes'
force_insert: 'yes' force_insert: 'yes'
force_time: 0 force_time: 0
purge: 'no' purge: 'yes'
use_password: 'no' use_password: 'no'
limit_maxagents: 'yes' limit_maxagents: 'yes'
ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
@ -126,7 +126,7 @@ wazuh_manager_config:
- enable: false - enable: false
category: 'syscheck' category: 'syscheck'
title: 'Daily report: File changes' title: 'Daily report: File changes'
email_to: 'admin@example.net' email_to: 'recipient@example.wazuh.com'
location: null location: null
group: null group: null
rule: null rule: null
@ -174,7 +174,7 @@ wazuh_manager_config:
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:
disable: 'no' disable: 'yes'
timeout: 1800 timeout: 1800
interval: '1d' interval: '1d'
scan_on_start: 'yes' scan_on_start: 'yes'
@ -263,6 +263,7 @@ wazuh_manager_config:
frequency: '360' frequency: '360'
- format: 'full_command' - format: 'full_command'
command: 'last -n 20' command: 'last -n 20'
frequency: '360'
- format: 'syslog' - format: 'syslog'
location: '/var/ossec/logs/active-responses.log' location: '/var/ossec/logs/active-responses.log'
debian: debian:
@ -295,7 +296,6 @@ wazuh_manager_config:
- name: 'restart-ossec' - name: 'restart-ossec'
executable: 'restart-ossec.sh' executable: 'restart-ossec.sh'
expect: '' expect: ''
timeout_allowed: 'no'
- name: 'firewall-drop' - name: 'firewall-drop'
executable: 'firewall-drop.sh' executable: 'firewall-drop.sh'
expect: 'srcip' expect: 'srcip'
@ -327,6 +327,10 @@ wazuh_manager_config:
ruleset: ruleset:
rules_path: 'custom_ruleset/rules/' rules_path: 'custom_ruleset/rules/'
decoders_path: 'custom_ruleset/decoders/' decoders_path: 'custom_ruleset/decoders/'
cdb_lists:
- 'audit-keys'
- 'security-eventchannel'
- 'amazon/aws-eventnames'
rule_exclude: rule_exclude:
- '0215-policy_rules.xml' - '0215-policy_rules.xml'
syslog_outputs: syslog_outputs:

3
roles/wazuh/ansible-wazuh-manager/handlers/main.yml
View File

@ -1,7 +1,4 @@
--- ---
- name: rebuild cdb_lists
command: /var/ossec/bin/ossec-makelists
- name: restart wazuh-manager - name: restart wazuh-manager
service: service:
name: wazuh-manager name: wazuh-manager

26
roles/wazuh/ansible-wazuh-manager/tasks/main.yml
View File

@ -198,11 +198,6 @@
tags: tags:
- config - config
- name: Retrieving CDB lists
include_vars: cdb_lists.yml
tags:
- config
- name: Check if syslog output is enabled - name: Check if syslog output is enabled
set_fact: syslog_output=true set_fact: syslog_output=true
when: item.server is not none when: item.server is not none
@ -334,27 +329,6 @@
tags: tags:
- config - config
- name: CDB Lists
template:
src: cdb_lists.j2
dest: "/var/ossec/etc/lists/{{ item.name }}"
owner: root
group: ossec
mode: 0640
no_log: true
register: wazuh_manager_cdb_lists
until: wazuh_manager_cdb_lists is succeeded
notify:
- rebuild cdb_lists
- restart wazuh-manager
with_items:
- "{{ cdb_lists }}"
when:
- cdb_lists is defined
- cdb_lists is iterable
tags:
- config
- name: Ensure Wazuh Manager, wazuh API service is started and enabled - name: Ensure Wazuh Manager, wazuh API service is started and enabled
service: service:
name: "{{ item }}" name: "{{ item }}"

194
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -26,6 +26,11 @@
<email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level> <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
</alerts> </alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>{{ wazuh_manager_config.log_format }}</log_format>
</logging>
{% if wazuh_manager_config.extra_emails is defined %} {% if wazuh_manager_config.extra_emails is defined %}
{% for mail in wazuh_manager_config.extra_emails %} {% for mail in wazuh_manager_config.extra_emails %}
{% if mail.enable == true %} {% if mail.enable == true %}
@ -57,10 +62,7 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>{{ wazuh_manager_config.log_format }}</log_format>
</logging>
{% for connection in wazuh_manager_config.connection %} {% for connection in wazuh_manager_config.connection %}
<remote> <remote>
@ -126,8 +128,8 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency> <frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>
<rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files> <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans> <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
</rootcheck> </rootcheck>
@ -292,7 +294,6 @@
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>
<disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled> <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
<auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files> <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
<!-- Frequency that syscheck is executed -- default every 20 hours --> <!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
@ -318,7 +319,7 @@
{% endif %} {% endif %}
<!-- File types to ignore --> <!-- File types to ignore -->
{% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %} {% if wazuh_manager_config.syscheck.ignore_linux_type is defined %}
{% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %} {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
<ignore type="sregex">{{ ignore }}</ignore> <ignore type="sregex">{{ ignore }}</ignore>
{% endfor %} {% endfor %}
@ -346,96 +347,12 @@
<name>{{ command.name }}</name> <name>{{ command.name }}</name>
<executable>{{ command.executable }}</executable> <executable>{{ command.executable }}</executable>
<expect>{{ command.expect }}</expect> <expect>{{ command.expect }}</expect>
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed> {% if command.timeout_allowed is defined %}
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
{% endif %}
</command> </command>
{% endfor %} {% endfor %}
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
{% if wazuh_manager_config.rule_exclude is defined %}
{% for rule in wazuh_manager_config.rule_exclude %}
<rule_exclude>{{ rule }}</rule_exclude>
{% endfor %}
{% endif %}
{% if cdb_lists is defined %}
{% for list in cdb_lists %}
<list>etc/lists/{{ list.name }}</list>
{% endfor %}
{% endif %}
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
{% if wazuh_manager_config.authd.enable == true %}
<auth>
<disabled>no</disabled>
{% if wazuh_manager_config.authd.port is not none %}
<port>{{wazuh_manager_config.authd.port}}</port>
{% else %}
<port>1515</port>
{% endif %}
{% if wazuh_manager_config.authd.use_source_ip is not none %}
<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
{% endif %}
{% if wazuh_manager_config.authd.force_insert is not none %}
<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
{% endif %}
{% if wazuh_manager_config.authd.force_time is not none %}
<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
{% endif %}
{% if wazuh_manager_config.authd.purge is not none %}
<purge>{{wazuh_manager_config.authd.purge}}</purge>
{% endif %}
{% if wazuh_manager_config.authd.use_password is not none %}
<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
{% endif %}
{% if wazuh_manager_config.authd.limit_maxagents is not none %}
<limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
{% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
{% endif %}
{% if wazuh_manager_config.authd.ssl_verify_host is not none %}
<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_key is not none %}
<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>
{% endif %}
{% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>
{% endif %}
</auth>
{% endif %}
<cluster>
<disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
<name>{{ wazuh_manager_config.cluster.name }}</name>
<node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
<node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
<key>{{ wazuh_manager_config.cluster.key }}</key>
{% if wazuh_manager_config.cluster.interval is defined %}
<interval>{{ wazuh_manager_config.cluster.interval }}</interval>
{% endif %}
<port>{{ wazuh_manager_config.cluster.port }}</port>
<bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
<nodes>
{% for node in wazuh_manager_config.cluster.nodes %}
<node>{{ node }}</node>
{% endfor %}
</nodes>
<hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
</cluster>
{% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
<disabled>no</disabled> <disabled>no</disabled>
@ -613,4 +530,91 @@
</labels> </labels>
{% endif %} {% endif %}
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
{% if wazuh_manager_config.rule_exclude is defined %}
{% for rule in wazuh_manager_config.rule_exclude %}
<rule_exclude>{{ rule }}</rule_exclude>
{% endfor %}
{% endif %}
{% if wazuh_manager_config.ruleset.cdb_lists is defined %}
{% for list in wazuh_manager_config.ruleset.cdb_lists %}
<list>etc/lists/{{ list }}</list>
{% endfor %}
{% endif %}
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
{% if wazuh_manager_config.authd.enable == true %}
<auth>
<disabled>no</disabled>
{% if wazuh_manager_config.authd.port is not none %}
<port>{{wazuh_manager_config.authd.port}}</port>
{% else %}
<port>1515</port>
{% endif %}
{% if wazuh_manager_config.authd.use_source_ip is not none %}
<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
{% endif %}
{% if wazuh_manager_config.authd.force_insert is not none %}
<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
{% endif %}
{% if wazuh_manager_config.authd.force_time is not none %}
<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
{% endif %}
{% if wazuh_manager_config.authd.purge is not none %}
<purge>{{wazuh_manager_config.authd.purge}}</purge>
{% endif %}
{% if wazuh_manager_config.authd.use_password is not none %}
<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
{% endif %}
{% if wazuh_manager_config.authd.limit_maxagents is not none %}
<limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
{% endif %}
{% if wazuh_manager_config.authd.ciphers is not none %}
<ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
{% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
{% endif %}
{% if wazuh_manager_config.authd.ssl_verify_host is not none %}
<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_key is not none %}
<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>
{% endif %}
{% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>
{% endif %}
</auth>
{% endif %}
<cluster>
<disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
<name>{{ wazuh_manager_config.cluster.name }}</name>
<node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
<node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
<key>{{ wazuh_manager_config.cluster.key }}</key>
{% if wazuh_manager_config.cluster.interval is defined %}
<interval>{{ wazuh_manager_config.cluster.interval }}</interval>
{% endif %}
<port>{{ wazuh_manager_config.cluster.port }}</port>
<bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
<nodes>
{% for node in wazuh_manager_config.cluster.nodes %}
<node>{{ node }}</node>
{% endfor %}
</nodes>
<hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
</cluster>
</ossec_config> </ossec_config>

87
roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
View File

@ -1,87 +0,0 @@
---
cdb_lists:
- name: 'audit-keys'
content: |
audit-wazuh-w:write
audit-wazuh-r:read
audit-wazuh-a:attribute
audit-wazuh-x:execute
audit-wazuh-c:command
- name: 'aws-source'
content: |
ec2.amazonaws.com:
elasticloadbalancing.amazonaws.com:
iam.amazonaws.com:
signin.amazonaws.com:
kms.amazonaws.com:
s3.amazonaws.com:
- name: 'aws-eventnames'
content: |
AddUserToGroup:
AllocateAddress:
AssociateAddress:
AssociateDhcpOptions:
AssociateRouteTable:
AttachGroupPolicy:
AttachNetworkInterface:
AttachRolePolicy:
AttachUserPolicy:
AttachVolume:
AuthorizeSecurityGroupIngress:
ConsoleLogin:
CopySnapshot:
CreateAccountAlias:
CreateGroup:
CreateImage:
CreateLoadBalancer:
CreatePlacementGroup:
CreatePolicy:
CreateRole:
CreateRouteTable:
CreateSecurityGroup:
CreateSnapshot:
CreateSubnet:
CreateTags:
CreateUser:
CreateVolume:
CreateVpc:
DeleteAccountAlias:
DeleteLoadBalancer:
DeletePlacementGroup:
DeleteSecurityGroup:
DeleteSnapshot:
DeleteTags:
DeleteUser:
DeleteVolume:
DeregisterImage:
DetachGroupPolicy:
DetachNetworkInterface:
DetachRolePolicy:
DetachVolume:
DisableKey:
DisassociateAddress:
DisassociateAddress:
DisassociateRouteTable:
GetGroup:
ListAliases:
ListGroups:
ListUsers:
ModifyImageAttribute:
ModifyInstanceAttribute:
ModifyNetworkInterfaceAttribute:
ModifySnapshotAttribute:
ModifySubnetAttribute:
ModifyVolumeAttribute:
MonitorInstances:
RebootInstances:
RegisterImage:
RemoveUserFromGroup:
RevokeSecurityGroupIngress:
RunInstances:
StartInstances:
StopInstances:
TerminateInstances:
UnmonitorInstances:
UpdateAccessKey:
UpdateAccountPasswordPolicy:
UpdateInstanceAlias: