Merge branch 'master' into devel

roles/wazuh/ansible-wazuh-agent/defaults/main.yml

@@ -30,7 +30,8 @@ wazuh_managers:
     api_port: 55000
     api_proto: 'http'
     api_user: null
-wazuh_profile: null
+wazuh_profile_centos: 'centos, centos7, centos7.6'
+wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
 wazuh_auto_restart: 'yes'
 wazuh_agent_authd:
   enable: false
@@ -102,7 +103,7 @@ wazuh_agent_config:
     directories:
       - dirs: /etc,/usr/bin,/usr/sbin
         checks: 'check_all="yes"'
-      - dirs: /bin,/sbin
+      - dirs: /bin,/sbin,/boot
         checks: 'check_all="yes"'
     win_directories:
       - dirs: '%WINDIR%\regedit.exe'

roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2

@@ -19,8 +19,12 @@
       {% endif %}
     </server>
     {% endfor %}
-    {% if wazuh_profile is not none %}
-    <config-profile>{{ wazuh_profile }}</config-profile>
+    {% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %}
+    {% if ansible_distribution == 'CentOS' %}
+    <config-profile>{{ wazuh_profile_centos }}</config-profile>
+    {% elif ansible_distribution == "Ubuntu" %}
+    <config-profile>{{ wazuh_profile_ubuntu }}</config-profile>
+    {% endif %}
     {% endif %}
     {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
     <notify_time>{{ wazuh_notify_time }}</notify_time>
@@ -37,16 +41,6 @@
     <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
   </client_buffer>
 
-  <logging>
-    <log_format>{{ wazuh_agent_config.log_format }}</log_format>
-  </logging>
-
-  <active-response>
-    <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
-    <ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
-    <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
-  </active-response>
-
   {% if wazuh_agent_config.rootcheck is defined %}
   <rootcheck>
     <disabled>no</disabled>
@@ -75,95 +69,10 @@
   </rootcheck>
   {% endif %}
 
-  <!-- Directories to check  (perform all possible verifications) -->
-  {% if wazuh_agent_config.syscheck is defined %}
-  <syscheck>
-    <disabled>no</disabled>
-  <!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
-    <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
-    {% if ansible_system == "Linux" %}
-  <!-- <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
-    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
-    <directories check_all="yes">/bin,/sbin,/boot</directories>
-
-    <auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore>
-    <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
-    {% endif %}
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
-    {% for directory in wazuh_agent_config.syscheck.directories %}
-    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
-    {% endfor %}
-    {% endif %}
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
-    {% for directory in wazuh_agent_config.syscheck.win_directories %}
-    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
-    {% endfor %}
-    {% endif %}
-
-    <!-- Files/directories to ignore -->
-    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
-    {% for ignore in wazuh_agent_config.syscheck.ignore %}
-    <ignore>{{ ignore }}</ignore>
-    {% endfor %}
-    {% endif %}
-
-    <!-- File types to ignore -->
-    {% if wazuh_agent_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
-    {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
-    <ignore type="sregex">{{ ignore }}</ignore>
-    {% endfor %}
-    {% endif %}
-
-    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
-    {% for ignore in wazuh_agent_config.syscheck.ignore_win %}
-    <ignore type="sregex">{{ ignore }}</ignore>
-    {% endfor %}
-    {% endif %}
 
   {% if ansible_system == "Linux" %}
-    <!-- Files no diff -->
-    {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
-    <nodiff>{{ no_diff }}</nodiff>
-    {% endfor %}
-    
-    <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
-    {% endif %}
-
-    {% if ansible_os_family == "Windows" %}
-    {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
-    {% if registry_key.arch is defined %}
-    <windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
-    {% else %}
-    <windows_registry>{{ registry_key.key }}</windows_registry>
-    {% endif %}
-    {% endfor %}
-    {% endif %}
-
-    {% if ansible_os_family == "Windows" %}
-    {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
-    {% if registry_key.type is defined %}
-    <registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
-    {% else %}
-    <registry_ignore>{{ registry_key.key }}</registry_ignore>
-    {% endif %}
-    {% endfor %}
-    {% endif %}
-
-    {% if ansible_os_family == "Windows" %}
-    <!-- Frequency for ACL checking (seconds) -->
-    <windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
-    {% endif %}
-  </syscheck>
-  {% endif %}
-
-  {% if ansible_system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %}
   <wodle name="open-scap">
-    <disabled>no</disabled>
+    <disabled>{{ wazuh_agent_config.openscap.disable }}</disabled>
     <timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
     <interval>{{ wazuh_agent_config.openscap.interval }}</interval>
     <scan-on-start>{{ wazuh_agent_config.openscap.scan_on_start }}</scan-on-start>
@@ -214,9 +123,8 @@
   </wodle>
   {% endif %}
 
-  {% if wazuh_agent_config.cis_cat.disable == 'no' %}
   <wodle name="cis-cat">
-    <disabled>no</disabled>
+    <disabled>{{ wazuh_agent_config.cis_cat.disable }}</disabled>
     <timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout>
     <interval>{{ wazuh_agent_config.cis_cat.interval }}</interval>
     <scan-on-start>{{ wazuh_agent_config.cis_cat.scan_on_start }}</scan-on-start>
@@ -229,7 +137,6 @@
     {% endif %}
     <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
   </wodle>
-  {% endif %}
 
   <!-- Osquery integration -->
   <wodle name="osquery">
@@ -280,6 +187,88 @@
   {% endif %}
   </sca>
 
+
+  <!-- Directories to check  (perform all possible verifications) -->
+  {% if wazuh_agent_config.syscheck is defined %}
+  <syscheck>
+    <disabled>no</disabled>
+  <!-- <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
+    {% if ansible_system == "Linux" %}
+    <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %}
+    {% for directory in wazuh_agent_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
+    {% endfor %}
+    {% endif %}
+    {% endif %}
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_system == "Windows" %}
+    {% for directory in wazuh_agent_config.syscheck.win_directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
+    {% endfor %}
+    {% endif %}
+
+    <!-- Files/directories to ignore -->
+    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    <!-- File types to ignore -->
+    {% if wazuh_agent_config.syscheck.ignore_linux_type is defined %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %}
+    <ignore type="sregex">{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore_win %}
+    <ignore type="sregex">{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    {% if ansible_system == "Linux" %}
+    <!-- Files no diff -->
+    {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
+    <nodiff>{{ no_diff }}</nodiff>
+    {% endfor %}
+    
+    <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
+    {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
+    {% if registry_key.arch is defined %}
+    <windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
+    {% else %}
+    <windows_registry>{{ registry_key.key }}</windows_registry>
+    {% endif %}
+    {% endfor %}
+    {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
+    {% if registry_key.type is defined %}
+    <registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
+    {% else %}
+    <registry_ignore>{{ registry_key.key }}</registry_ignore>
+    {% endif %}
+    {% endfor %}
+    {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    <!-- Frequency for ACL checking (seconds) -->
+    <windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
+    {% endif %}
+  </syscheck>
+  {% endif %}
+
+
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">
     <disabled>no</disabled>
@@ -369,4 +358,14 @@
   </labels>
 {% endif %}
 
+  <active-response>
+    <disabled>{{ wazuh_agent_config.active_response.ar_disabled|default('no') }}</disabled>
+    <ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
+    <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
+  </active-response>
+
+  <logging>
+    <log_format>{{ wazuh_agent_config.log_format }}</log_format>
+  </logging>
+
 </ossec_config>

roles/wazuh/ansible-wazuh-manager/defaults/main.yml

@@ -95,7 +95,7 @@ wazuh_manager_config:
     use_source_ip: 'yes'
     force_insert: 'yes'
     force_time: 0
-    purge: 'no'
+    purge: 'yes'
     use_password: 'no'
     limit_maxagents: 'yes'
     ciphers: 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
@@ -126,7 +126,7 @@ wazuh_manager_config:
     - enable: false
       category: 'syscheck'
       title: 'Daily report: File changes'
-      email_to: 'admin@example.net'
+      email_to: 'recipient@example.wazuh.com'
       location: null
       group: null
       rule: null
@@ -174,7 +174,7 @@ wazuh_manager_config:
   rootcheck:
     frequency: 43200
   openscap:
-    disable: 'no'
+    disable: 'yes'
     timeout: 1800
     interval: '1d'
     scan_on_start: 'yes'
@@ -263,6 +263,7 @@ wazuh_manager_config:
         frequency: '360'
       - format: 'full_command'
         command: 'last -n 20'
+        frequency: '360'
       - format: 'syslog'
         location: '/var/ossec/logs/active-responses.log'
     debian:
@@ -295,7 +296,6 @@ wazuh_manager_config:
     - name: 'restart-ossec'
       executable: 'restart-ossec.sh'
       expect: ''
-      timeout_allowed: 'no'
     - name: 'firewall-drop'
       executable: 'firewall-drop.sh'
       expect: 'srcip'
@@ -327,6 +327,10 @@ wazuh_manager_config:
   ruleset:
     rules_path: 'custom_ruleset/rules/'
     decoders_path: 'custom_ruleset/decoders/'
+    cdb_lists:
+      - 'audit-keys'
+      - 'security-eventchannel'
+      - 'amazon/aws-eventnames'
   rule_exclude:
     - '0215-policy_rules.xml'
   syslog_outputs:

roles/wazuh/ansible-wazuh-manager/handlers/main.yml

@@ -1,7 +1,4 @@
 ---
-- name: rebuild cdb_lists
-  command: /var/ossec/bin/ossec-makelists
-
 - name: restart wazuh-manager
   service:
     name: wazuh-manager

roles/wazuh/ansible-wazuh-manager/tasks/main.yml

@@ -198,11 +198,6 @@
   tags:
     - config
 
-- name: Retrieving CDB lists
-  include_vars: cdb_lists.yml
-  tags:
-    - config
-
 - name: Check if syslog output is enabled
   set_fact: syslog_output=true
   when: item.server is not none
@@ -334,27 +329,6 @@
   tags:
     - config
 
-- name: CDB Lists
-  template:
-    src: cdb_lists.j2
-    dest: "/var/ossec/etc/lists/{{ item.name }}"
-    owner: root
-    group: ossec
-    mode: 0640
-  no_log: true
-  register: wazuh_manager_cdb_lists
-  until: wazuh_manager_cdb_lists is succeeded
-  notify:
-    - rebuild cdb_lists
-    - restart wazuh-manager
-  with_items:
-    - "{{ cdb_lists }}"
-  when:
-    - cdb_lists is defined
-    - cdb_lists is iterable
-  tags:
-    - config
-
 - name: Ensure Wazuh Manager, wazuh API service is started and enabled
   service:
     name: "{{ item }}"

roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -26,6 +26,11 @@
     <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
   </alerts>
 
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
+  </logging>
+
 {% if wazuh_manager_config.extra_emails is defined %}
 {% for mail in wazuh_manager_config.extra_emails %}
 {% if mail.enable == true %}
@@ -57,10 +62,7 @@
 {% endfor %}
 {% endif %}
 
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
-  </logging>
+
 
 {% for connection in wazuh_manager_config.connection %}
   <remote>
@@ -126,8 +128,8 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>{{ wazuh_manager_config.rootcheck.frequency }}</frequency>
 
-    <rootkit_files>/var/ossec/etc/shared/default/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>/var/ossec/etc/shared/default/rootkit_trojans.txt</rootkit_trojans>
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
 
     <skip_nfs>yes</skip_nfs>
   </rootcheck>
@@ -292,7 +294,6 @@
   <!-- File integrity monitoring -->
   <syscheck>
     <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
-    <auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
     <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
     <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
@@ -318,7 +319,7 @@
     {% endif %}
 
     <!-- File types to ignore -->
-    {% if wazuh_manager_config.syscheck.ignore_linux_type is defined and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' %}
+    {% if wazuh_manager_config.syscheck.ignore_linux_type is defined %}
     {% for ignore in wazuh_manager_config.syscheck.ignore_linux_type %}
     <ignore type="sregex">{{ ignore }}</ignore>
     {% endfor %}
@@ -346,96 +347,12 @@
     <name>{{ command.name }}</name>
     <executable>{{ command.executable }}</executable>
     <expect>{{ command.expect }}</expect>
+    {% if command.timeout_allowed is defined %}
         <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
+    {% endif %}
   </command>
 {% endfor %}
 
-  <ruleset>
-  <!-- Default ruleset -->
-  <decoder_dir>ruleset/decoders</decoder_dir>
-  <rule_dir>ruleset/rules</rule_dir>
-  {% if wazuh_manager_config.rule_exclude is defined %}
-  {% for rule in wazuh_manager_config.rule_exclude %}
-  <rule_exclude>{{ rule }}</rule_exclude>
-  {% endfor %}
-  {% endif %}
-  {% if cdb_lists is defined %}
-  {% for list in cdb_lists %}
-  <list>etc/lists/{{ list.name }}</list>
-  {% endfor %}
-  {% endif %}
-
-  <!-- User-defined ruleset -->
-  <decoder_dir>etc/decoders</decoder_dir>
-  <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-{% if wazuh_manager_config.authd.enable == true %}
-  <auth>
-    <disabled>no</disabled>
-    {% if wazuh_manager_config.authd.port is not none %}
-    <port>{{wazuh_manager_config.authd.port}}</port>
-    {% else %}
-    <port>1515</port>
-    {% endif %}
-    {% if wazuh_manager_config.authd.use_source_ip is not none %}
-    <use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
-    {% endif %}
-    {% if wazuh_manager_config.authd.force_insert is not none %}
-    <force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
-    {% endif %}
-    {% if wazuh_manager_config.authd.force_time is not none %}
-    <force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
-    {% endif %}
-    {% if wazuh_manager_config.authd.purge is not none %}
-    <purge>{{wazuh_manager_config.authd.purge}}</purge>
-    {% endif %}
-    {% if wazuh_manager_config.authd.use_password is not none %}
-    <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
-    {% endif %}
-    {% if wazuh_manager_config.authd.limit_maxagents is not none %}
-    <limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
-    {% endif %}
-    {% if wazuh_manager_config.authd.ciphers is not none %}
-    <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
-    {% endif %}    
-    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
-    <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
-    {% endif %}
-    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}
-    <ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>
-    {% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
-    <ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>
-    {% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}
-    <ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>
-    {% endif %}
-    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
-    <ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>
-    {% endif %}
-  </auth>
-{% endif %}
-
-  <cluster>
-    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
-    <name>{{ wazuh_manager_config.cluster.name }}</name>
-    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
-    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
-    <key>{{ wazuh_manager_config.cluster.key }}</key>
-    {% if wazuh_manager_config.cluster.interval is defined %}
-    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>
-    {% endif %}
-    <port>{{ wazuh_manager_config.cluster.port }}</port>
-    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
-    <nodes>
-    {% for node in wazuh_manager_config.cluster.nodes %}
-      <node>{{ node }}</node>
-    {% endfor %}
-    </nodes>
-    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
-  </cluster>
-
 {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %}
   <wodle name="command">
     <disabled>no</disabled>
@@ -613,4 +530,91 @@
   </labels>
 {% endif %}
 
+
+  <ruleset>
+  <!-- Default ruleset -->
+  <decoder_dir>ruleset/decoders</decoder_dir>
+  <rule_dir>ruleset/rules</rule_dir>
+  {% if wazuh_manager_config.rule_exclude is defined %}
+  {% for rule in wazuh_manager_config.rule_exclude %}
+  <rule_exclude>{{ rule }}</rule_exclude>
+  {% endfor %}
+  {% endif %}
+  {% if wazuh_manager_config.ruleset.cdb_lists is defined %}
+  {% for list in wazuh_manager_config.ruleset.cdb_lists %}
+  <list>etc/lists/{{ list }}</list>
+  {% endfor %}
+  {% endif %}
+
+  <!-- User-defined ruleset -->
+  <decoder_dir>etc/decoders</decoder_dir>
+  <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+{% if wazuh_manager_config.authd.enable == true %}
+  <auth>
+    <disabled>no</disabled>
+    {% if wazuh_manager_config.authd.port is not none %}
+    <port>{{wazuh_manager_config.authd.port}}</port>
+    {% else %}
+    <port>1515</port>
+    {% endif %}
+    {% if wazuh_manager_config.authd.use_source_ip is not none %}
+    <use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>
+    {% endif %}
+    {% if wazuh_manager_config.authd.force_insert is not none %}
+    <force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>
+    {% endif %}
+    {% if wazuh_manager_config.authd.force_time is not none %}
+    <force_time>{{wazuh_manager_config.authd.force_time}}</force_time>
+    {% endif %}
+    {% if wazuh_manager_config.authd.purge is not none %}
+    <purge>{{wazuh_manager_config.authd.purge}}</purge>
+    {% endif %}
+    {% if wazuh_manager_config.authd.use_password is not none %}
+    <use_password>{{wazuh_manager_config.authd.use_password}}</use_password>
+    {% endif %}
+    {% if wazuh_manager_config.authd.limit_maxagents is not none %}
+    <limit_maxagents>{{wazuh_manager_config.authd.limit_maxagents}}</limit_maxagents>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ciphers is not none %}
+    <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
+    {% endif %}    
+    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
+    <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}
+    <ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
+    <ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}
+    <ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>
+    {% endif %}
+    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
+    <ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>
+    {% endif %}
+  </auth>
+{% endif %}
+
+  <cluster>
+    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
+    <name>{{ wazuh_manager_config.cluster.name }}</name>
+    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
+    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
+    <key>{{ wazuh_manager_config.cluster.key }}</key>
+    {% if wazuh_manager_config.cluster.interval is defined %}
+    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>
+    {% endif %}
+    <port>{{ wazuh_manager_config.cluster.port }}</port>
+    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
+    <nodes>
+    {% for node in wazuh_manager_config.cluster.nodes %}
+      <node>{{ node }}</node>
+    {% endfor %}
+    </nodes>
+    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
+  </cluster>
+
 </ossec_config>

roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml

@@ -1,87 +0,0 @@
----
-cdb_lists:
-  - name: 'audit-keys'
-    content: |
-      audit-wazuh-w:write
-      audit-wazuh-r:read
-      audit-wazuh-a:attribute
-      audit-wazuh-x:execute
-      audit-wazuh-c:command
-  - name: 'aws-source'
-    content: |
-      ec2.amazonaws.com:
-      elasticloadbalancing.amazonaws.com:
-      iam.amazonaws.com:
-      signin.amazonaws.com:
-      kms.amazonaws.com:
-      s3.amazonaws.com:
-  - name: 'aws-eventnames'
-    content: |
-      AddUserToGroup:
-      AllocateAddress:
-      AssociateAddress:
-      AssociateDhcpOptions:
-      AssociateRouteTable:
-      AttachGroupPolicy:
-      AttachNetworkInterface:
-      AttachRolePolicy:
-      AttachUserPolicy:
-      AttachVolume:
-      AuthorizeSecurityGroupIngress:
-      ConsoleLogin:
-      CopySnapshot:
-      CreateAccountAlias:
-      CreateGroup:
-      CreateImage:
-      CreateLoadBalancer:
-      CreatePlacementGroup:
-      CreatePolicy:
-      CreateRole:
-      CreateRouteTable:
-      CreateSecurityGroup:
-      CreateSnapshot:
-      CreateSubnet:
-      CreateTags:
-      CreateUser:
-      CreateVolume:
-      CreateVpc:
-      DeleteAccountAlias:
-      DeleteLoadBalancer:
-      DeletePlacementGroup:
-      DeleteSecurityGroup:
-      DeleteSnapshot:
-      DeleteTags:
-      DeleteUser:
-      DeleteVolume:
-      DeregisterImage:
-      DetachGroupPolicy:
-      DetachNetworkInterface:
-      DetachRolePolicy:
-      DetachVolume:
-      DisableKey:
-      DisassociateAddress:
-      DisassociateAddress:
-      DisassociateRouteTable:
-      GetGroup:
-      ListAliases:
-      ListGroups:
-      ListUsers:
-      ModifyImageAttribute:
-      ModifyInstanceAttribute:
-      ModifyNetworkInterfaceAttribute:
-      ModifySnapshotAttribute:
-      ModifySubnetAttribute:
-      ModifyVolumeAttribute:
-      MonitorInstances:
-      RebootInstances:
-      RegisterImage:
-      RemoveUserFromGroup:
-      RevokeSecurityGroupIngress:
-      RunInstances:
-      StartInstances:
-      StopInstances:
-      TerminateInstances:
-      UnmonitorInstances:
-      UpdateAccessKey:
-      UpdateAccountPasswordPolicy:
-      UpdateInstanceAlias: