Merge master changes
This commit is contained in:
zenidd
commit
ee1124b7dd
@ -32,6 +32,12 @@ wazuh_agent_sources_installation:
|
|||||||
user_agent_config_profile: null
|
user_agent_config_profile: null
|
||||||
user_ca_store: "/var/ossec/wpk_root.pem"
|
user_ca_store: "/var/ossec/wpk_root.pem"
|
||||||
|
|
||||||
|
wazuh_agent_yum_lock_timeout: 30
|
||||||
|
|
||||||
|
# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials.
|
||||||
|
api_pass: wazuh
|
||||||
|
authd_pass: ''
|
||||||
|
|
||||||
wazuh_api_reachable_from_agent: false
|
wazuh_api_reachable_from_agent: false
|
||||||
wazuh_profile_centos: 'centos, centos7, centos7.6'
|
wazuh_profile_centos: 'centos, centos7, centos7.6'
|
||||||
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
|
wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04'
|
||||||
@ -83,7 +89,7 @@ wazuh_managers:
|
|||||||
protocol: tcp
|
protocol: tcp
|
||||||
api_port: 55000
|
api_port: 55000
|
||||||
api_proto: 'http'
|
api_proto: 'http'
|
||||||
api_user: null
|
api_user: wazuh
|
||||||
max_retries: 5
|
max_retries: 5
|
||||||
retry_interval: 5
|
retry_interval: 5
|
||||||
|
|
||||||
|
|||||||
@ -1,9 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: Retrieving authd Credentials
|
|
||||||
include_vars: authd_pass.yml
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
|
|
||||||
- include_tasks: "RedHat.yml"
|
- include_tasks: "RedHat.yml"
|
||||||
when: ansible_os_family == "RedHat"
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
||||||
@ -19,11 +14,10 @@
|
|||||||
- wazuh_custom_packages_installation_agent_enabled
|
- wazuh_custom_packages_installation_agent_enabled
|
||||||
|
|
||||||
- name: Linux CentOS/RedHat | Install wazuh-agent
|
- name: Linux CentOS/RedHat | Install wazuh-agent
|
||||||
package:
|
yum:
|
||||||
name: wazuh-agent-{{ wazuh_agent_version }}
|
name: wazuh-agent-{{ wazuh_agent_version }}
|
||||||
state: present
|
state: present
|
||||||
async: 90
|
lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}'
|
||||||
poll: 30
|
|
||||||
when:
|
when:
|
||||||
- ansible_os_family|lower == "redhat"
|
- ansible_os_family|lower == "redhat"
|
||||||
- not wazuh_agent_sources_installation.enabled
|
- not wazuh_agent_sources_installation.enabled
|
||||||
@ -45,7 +39,8 @@
|
|||||||
- init
|
- init
|
||||||
|
|
||||||
- name: Linux | Check if client.keys exists
|
- name: Linux | Check if client.keys exists
|
||||||
stat: path=/var/ossec/etc/client.keys
|
stat:
|
||||||
|
path: /var/ossec/etc/client.keys
|
||||||
register: check_keys
|
register: check_keys
|
||||||
when: wazuh_agent_config.enrollment.enabled == 'no'
|
when: wazuh_agent_config.enrollment.enabled == 'no'
|
||||||
tags:
|
tags:
|
||||||
@ -54,9 +49,6 @@
|
|||||||
- name: Linux | Agent registration via authd
|
- name: Linux | Agent registration via authd
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Retrieving authd Credentials
|
|
||||||
include_vars: authd_pass.yml
|
|
||||||
|
|
||||||
- name: Copy CA root certificate to verify authd
|
- name: Copy CA root certificate to verify authd
|
||||||
copy:
|
copy:
|
||||||
src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
|
src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
|
||||||
@ -86,7 +78,7 @@
|
|||||||
-m {{ wazuh_agent_authd.registration_address }}
|
-m {{ wazuh_agent_authd.registration_address }}
|
||||||
-p {{ wazuh_agent_authd.port }}
|
-p {{ wazuh_agent_authd.port }}
|
||||||
{% if wazuh_agent_nat %} -I "any" {% endif %}
|
{% if wazuh_agent_nat %} -I "any" {% endif %}
|
||||||
{% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
|
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
|
||||||
{% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
|
{% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
|
||||||
-v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
|
-v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -124,9 +116,6 @@
|
|||||||
- name: Linux | Agent registration via rest-API
|
- name: Linux | Agent registration via rest-API
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Retrieving rest-API Credentials
|
|
||||||
include_vars: api_pass.yml
|
|
||||||
|
|
||||||
- name: Linux | Create the agent key via rest-API
|
- name: Linux | Create the agent key via rest-API
|
||||||
uri:
|
uri:
|
||||||
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/"
|
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_agent_authd.registration_address }}:{{ wazuh_managers.0.api_port }}/agents/"
|
||||||
@ -195,22 +184,24 @@
|
|||||||
- api
|
- api
|
||||||
|
|
||||||
- name: Linux | Installing agent configuration (ossec.conf)
|
- name: Linux | Installing agent configuration (ossec.conf)
|
||||||
template: src=var-ossec-etc-ossec-agent.conf.j2
|
template:
|
||||||
dest=/var/ossec/etc/ossec.conf
|
src: var-ossec-etc-ossec-agent.conf.j2
|
||||||
owner=root
|
dest: /var/ossec/etc/ossec.conf
|
||||||
group=ossec
|
owner: root
|
||||||
mode=0644
|
group: ossec
|
||||||
|
mode: 0644
|
||||||
notify: restart wazuh-agent
|
notify: restart wazuh-agent
|
||||||
tags:
|
tags:
|
||||||
- init
|
- init
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: Linux | Installing local_internal_options.conf
|
- name: Linux | Installing local_internal_options.conf
|
||||||
template: src=var-ossec-etc-local-internal-options.conf.j2
|
template:
|
||||||
dest=/var/ossec/etc/local_internal_options.conf
|
src: var-ossec-etc-local-internal-options.conf.j2
|
||||||
owner=root
|
dest: /var/ossec/etc/local_internal_options.conf
|
||||||
group=ossec
|
owner: root
|
||||||
mode=0640
|
group: ossec
|
||||||
|
mode: 0640
|
||||||
notify: restart wazuh-agent
|
notify: restart wazuh-agent
|
||||||
tags:
|
tags:
|
||||||
- init
|
- init
|
||||||
@ -226,7 +217,7 @@
|
|||||||
when:
|
when:
|
||||||
- wazuh_agent_config.enrollment.enabled == 'yes'
|
- wazuh_agent_config.enrollment.enabled == 'yes'
|
||||||
- wazuh_agent_config.enrollment.authorization_pass_path | length > 0
|
- wazuh_agent_config.enrollment.authorization_pass_path | length > 0
|
||||||
- ( authd_pass is defined) and ( authd_pass|length > 0)
|
- authd_pass | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
|||||||
@ -54,18 +54,13 @@
|
|||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: Retrieving authd Credentials
|
|
||||||
include_vars: authd_pass.yml
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
|
|
||||||
- name: Windows | Register agent
|
- name: Windows | Register agent
|
||||||
win_shell: >
|
win_shell: >
|
||||||
{{ wazuh_agent_win_auth_path }}
|
{{ wazuh_agent_win_auth_path }}
|
||||||
-m {{ wazuh_agent_authd.registration_address }}
|
-m {{ wazuh_agent_authd.registration_address }}
|
||||||
-p {{ wazuh_agent_authd.port }}
|
-p {{ wazuh_agent_authd.port }}
|
||||||
{% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %}
|
{% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %}
|
||||||
{% if authd_pass is defined and authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %}
|
{% if authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %}
|
||||||
register: agent_auth_output
|
register: agent_auth_output
|
||||||
notify: Windows | Restart Wazuh Agent
|
notify: Windows | Restart Wazuh Agent
|
||||||
when:
|
when:
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
---
|
|
||||||
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
|
|
||||||
# api_pass: 'changeme'
|
|
||||||
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
# We recommend the use of Ansible Vault to protect Wazuh, api, agentless and authd credentials.
|
|
||||||
# authd_pass: 'foobar'
|
|
||||||
authd_pass: ''
|
|
||||||
Loading…
Reference in New Issue
Block a user