diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index c9dad259..20ead54f 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -16,7 +16,6 @@ wazuh_agent_sources_installation:
user_language: "y"
user_no_stop: "y"
user_install_type: "agent"
- user_dir: "/var/ossec"
user_delete_dir: "y"
user_enable_active_response: "y"
user_enable_syscheck: "y"
@@ -30,7 +29,7 @@ wazuh_agent_sources_installation:
user_agent_server_ip: "YOUR_MANAGER_IP"
user_agent_server_name: null
user_agent_config_profile: null
- user_ca_store: "{{ wazuh_manager_sources_installation.user_dir }}/wpk_root.pem"
+ user_ca_store: "{{ wazuh_dir }}/wpk_root.pem"
wazuh_agent_yum_lock_timeout: 30
@@ -58,6 +57,8 @@ wazuh_winagent_config:
wazuh_winagent_config_url: https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi
wazuh_winagent_package_name: wazuh-agent-4.0.4-1.msi
+wazuh_dir: "/var/ossec"
+
wazuh_agent_repo:
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/'
@@ -107,7 +108,7 @@ wazuh_agent_enrollment:
server_ca_path: ''
agent_certificate_path: ''
agent_key_path: ''
- authorization_pass_path: "{{ wazuh_manager_sources_installation.user_dir }}/etc/authd.pass"
+ authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass"
auto_method: 'no'
delay_after_enrollment: 20
use_source_ip: 'no'
@@ -324,7 +325,7 @@ wazuh_agent_localfiles:
location: '/var/log/audit/audit.log'
linux:
- format: 'syslog'
- location: "{{ wazuh_manager_sources_installation.user_dir }}/logs/active-responses.log"
+ location: "{{ wazuh_dir }}/logs/active-responses.log"
- format: 'full_command'
command: 'last -n 20'
frequency: '360'
@@ -356,7 +357,7 @@ wazuh_agent_labels:
## Active response
wazuh_agent_active_response:
ar_disabled: 'no'
- ca_store: "{{ wazuh_manager_sources_installation.user_dir }}/etc/wpk_root.pem"
+ ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem"
ca_store_win: 'wpk_root.pem'
ca_verification: 'yes'
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index a4618cbc..ee628416 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -40,7 +40,7 @@
- name: Linux | Check if client.keys exists
stat:
- path: "{{ wazuh_manager_sources_installation.user_dir }}/etc/client.keys"
+ path: "{{ wazuh_dir }}/etc/client.keys"
register: client_keys_file
tags:
- config
@@ -51,7 +51,7 @@
- name: Copy CA root certificate to verify authd
copy:
src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+ dest: "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
mode: 0644
when:
- wazuh_agent_authd.ssl_agent_ca is not none
@@ -59,7 +59,7 @@
- name: Copy TLS/SSL certificate for agent verification
copy:
src: "{{ item }}"
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ item | basename }}"
+ dest: "{{ wazuh_dir }}/etc/{{ item | basename }}"
mode: 0644
with_items:
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
@@ -70,7 +70,7 @@
- name: Linux | Register agent (via authd)
shell: >
- {{ wazuh_manager_sources_installation.user_dir }}/bin/agent-auth
+ {{ wazuh_dir }}/bin/agent-auth
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
-A {{ wazuh_agent_authd.agent_name }}
{% endif %}
@@ -79,13 +79,13 @@
{% if wazuh_agent_nat %} -I "any" {% endif %}
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
{% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
- -v "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+ -v "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %}
- -x "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
+ -x "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %}
- -k "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
+ -k "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
@@ -193,7 +193,7 @@
- api
- name: Linux | Import Key (via rest-API)
- command: "{{ wazuh_manager_sources_installation.user_dir }}/bin/manage_agents"
+ command: "{{ wazuh_dir }}/bin/manage_agents"
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ agent_name }}'
@@ -221,7 +221,7 @@
- name: Linux | Installing agent configuration (ossec.conf)
template:
src: var-ossec-etc-ossec-agent.conf.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/ossec.conf"
+ dest: "{{ wazuh_dir }}/etc/ossec.conf"
owner: root
group: ossec
mode: 0644
@@ -233,7 +233,7 @@
- name: Linux | Installing local_internal_options.conf
template:
src: var-ossec-etc-local-internal-options.conf.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/local_internal_options.conf"
+ dest: "{{ wazuh_dir }}/etc/local_internal_options.conf"
owner: root
group: ossec
mode: 0640
@@ -245,7 +245,7 @@
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/authd.pass"
+ dest: "{{ wazuh_dir }}/etc/authd.pass"
owner: ossec
group: ossec
mode: 0640
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 8dd30c0a..b7d492b5 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -103,8 +103,8 @@
{{ wazuh_agent_config.rootcheck.frequency }}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/shared/rootkit_files.txt
- {{ wazuh_manager_sources_installation.user_dir }}/etc/shared/rootkit_trojans.txt
+ {{ wazuh_dir }}/etc/shared/rootkit_files.txt
+ {{ wazuh_dir }}/etc/shared/rootkit_trojans.txt
yes
{% endif %}
{% if ansible_os_family == "Windows" %}
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 614d6493..ec9545ee 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -16,7 +16,6 @@ wazuh_manager_sources_installation:
user_language: "en"
user_no_stop: "y"
user_install_type: "server"
- user_dir: "/var/ossec"
user_delete_dir: null
user_enable_active_response: null
user_enable_syscheck: "y"
@@ -35,6 +34,7 @@ wazuh_manager_sources_installation:
user_ca_store: null
threads: "2"
+wazuh_dir: "/var/ossec"
wazuh_manager_repo:
apt: 'deb https://packages.wazuh.com/4.x/apt/ stable main'
yum: 'https://packages.wazuh.com/4.x/yum/'
@@ -297,7 +297,7 @@ wazuh_manager_localfiles:
command: 'last -n 20'
frequency: '360'
- format: 'syslog'
- location: "{{ wazuh_manager_sources_installation.user_dir }}/logs/active-responses.log"
+ location: "{{ wazuh_dir }}/logs/active-responses.log"
debian:
- format: 'syslog'
location: '/var/log/auth.log'
@@ -500,7 +500,7 @@ wazuh_manager_config_defaults:
# - format: 'apache'
# location: '/var/log/httpd/access_log'
# - format: 'apache'
-# location: "{{ wazuh_manager_sources_installation.user_dir }}/logs/active-responses.log"
+# location: "{{ wazuh_dir }}/logs/active-responses.log"
# - type: os
# type_value: Windows
# syscheck:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index b86b0b63..ebbf08c9 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -117,7 +117,7 @@
replace:
path: /etc/init.d/wazuh-manager
regexp: 'echo -n "Starting Wazuh-manager: "'
- replace: "echo -n \"Starting Wazuh-manager (EL6): \"; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:{{ wazuh_manager_sources_installation.user_dir }}/framework/lib"
+ replace: "echo -n \"Starting Wazuh-manager (EL6): \"; source /opt/rh/python27/enable; export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:{{ wazuh_dir }}/framework/lib"
when:
- ansible_distribution in ['CentOS', 'RedHat', 'Amazon'] and ansible_distribution_major_version|int == 6
- wazuh_manager_config.cluster.disable != 'yes'
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
index e5e6591a..c382bc0e 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml
@@ -2,7 +2,7 @@
# Wazuh Manager
- name: Check if Wazuh Manager is already installed
stat:
- path: "{{ wazuh_manager_sources_installation.user_dir }}/bin/ossec-control"
+ path: "{{ wazuh_dir }}/bin/ossec-control"
register: wazuh_ossec_control
- name: Installing Wazuh Manager from sources
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 261e67fb..159f875d 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -33,7 +33,7 @@
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/"
args:
creates: sslmanager.cert
- chdir: "{{ wazuh_manager_sources_installation.user_dir }}/etc/"
+ chdir: "{{ wazuh_dir }}/etc/"
tags:
- config
when: wazuh_manager_config.authd.ssl_agent_ca is not none
@@ -41,7 +41,7 @@
- name: Copy CA, SSL key and cert for authd
copy:
src: "{{ item }}"
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/{{ item }}"
+ dest: "{{ wazuh_dir }}/etc/{{ item }}"
mode: 0644
with_items:
- "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
@@ -80,7 +80,7 @@
- name: Installing the local_rules.xml (default local_rules.xml)
template: src=var-ossec-rules-local_rules.xml.j2
- dest="{{ wazuh_manager_sources_installation.user_dir }}/etc/rules/local_rules.xml"
+ dest="{{ wazuh_dir }}/etc/rules/local_rules.xml"
owner=ossec
group=ossec
mode=0640
@@ -92,7 +92,7 @@
- name: Adding local rules files
copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
- dest="{{ wazuh_manager_sources_installation.user_dir }}/etc/rules/"
+ dest="{{ wazuh_dir }}/etc/rules/"
owner=ossec
group=ossec
mode=0640
@@ -104,7 +104,7 @@
- name: Installing the local_decoder.xml
template: src=var-ossec-rules-local_decoder.xml.j2
- dest="{{ wazuh_manager_sources_installation.user_dir }}/etc/decoders/local_decoder.xml"
+ dest="{{ wazuh_dir }}/etc/decoders/local_decoder.xml"
owner=ossec
group=ossec
mode=0640
@@ -116,7 +116,7 @@
- name: Adding local decoders files
copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
- dest="{{ wazuh_manager_sources_installation.user_dir }}/etc/decoders/"
+ dest="{{ wazuh_dir }}/etc/decoders/"
owner=ossec
group=ossec
mode=0640
@@ -129,11 +129,11 @@
- name: Configure the shared-agent.conf
template:
src: var-ossec-etc-shared-agent.conf.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/shared/default/agent.conf"
+ dest: "{{ wazuh_dir }}/etc/shared/default/agent.conf"
owner: ossec
group: ossec
mode: 0640
- validate: "{{ wazuh_manager_sources_installation.user_dir }}/bin/verify-agent-conf -f %s"
+ validate: "{{ wazuh_dir }}/bin/verify-agent-conf -f %s"
notify: restart wazuh-manager
tags:
- init
@@ -143,7 +143,7 @@
- name: Installing the api.yaml (api configuration)
template: src=api.yaml.j2
- dest="{{ wazuh_manager_sources_installation.user_dir }}/api/configuration/api.yaml"
+ dest="{{ wazuh_dir }}/api/configuration/api.yaml"
owner=root
group=ossec
mode=0640
@@ -156,7 +156,7 @@
- name: Installing the local_internal_options.conf
template: src=var-ossec-etc-local-internal-options.conf.j2
- dest="{{ wazuh_manager_sources_installation.user_dir }}/etc/local_internal_options.conf"
+ dest="{{ wazuh_dir }}/etc/local_internal_options.conf"
owner=root
group=ossec
mode=0640
@@ -186,9 +186,9 @@
- name: Check if client-syslog is enabled
shell: |
set -o pipefail
- "grep -c 'ossec-csyslogd' {{ wazuh_manager_sources_installation.user_dir }}/bin/.process_list | xargs echo"
+ "grep -c 'ossec-csyslogd' {{ wazuh_dir }}/bin/.process_list | xargs echo"
args:
- removes: "{{ wazuh_manager_sources_installation.user_dir }}/bin/.process_list"
+ removes: "{{ wazuh_dir }}/bin/.process_list"
executable: /bin/bash
changed_when: false
check_mode: false
@@ -197,7 +197,7 @@
- config
- name: Enable client-syslog
- command: "{{ wazuh_manager_sources_installation.user_dir }}/bin/ossec-control enable client-syslog"
+ command: "{{ wazuh_dir }}/bin/ossec-control enable client-syslog"
notify: restart wazuh-manager
when:
- csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
@@ -208,9 +208,9 @@
- name: Check if ossec-agentlessd is enabled
shell: |
set -o pipefail
- "grep -c 'ossec-agentlessd' {{ wazuh_manager_sources_installation.user_dir }}/bin/.process_list | xargs echo"
+ "grep -c 'ossec-agentlessd' {{ wazuh_dir }}/bin/.process_list | xargs echo"
args:
- removes: "{{ wazuh_manager_sources_installation.user_dir }}/bin/.process_list"
+ removes: "{{ wazuh_dir }}/bin/.process_list"
executable: /bin/bash
changed_when: false
check_mode: false
@@ -219,7 +219,7 @@
- config
- name: Enable ossec-agentlessd
- command: "{{ wazuh_manager_sources_installation.user_dir }}/bin/ossec-control enable agentless"
+ command: "{{ wazuh_dir }}/bin/ossec-control enable agentless"
notify: restart wazuh-manager
when:
- agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout
@@ -239,7 +239,7 @@
- name: Configure ossec.conf
template:
src: var-ossec-etc-ossec-server.conf.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/ossec.conf"
+ dest: "{{ wazuh_dir }}/etc/ossec.conf"
owner: root
group: ossec
mode: 0644
@@ -251,7 +251,7 @@
- name: Ossec-authd password
template:
src: authd_pass.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/etc/authd.pass"
+ dest: "{{ wazuh_dir }}/etc/authd.pass"
owner: ossec
group: ossec
mode: 0640
@@ -268,16 +268,16 @@
- name: Copy create_user script
copy:
src: create_user.py
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/framework/scripts/create_user.py"
+ dest: "{{ wazuh_dir }}/framework/scripts/create_user.py"
owner: root
group: ossec
mode: 0644
- name: Execute create_user script
script:
- chdir: "{{ wazuh_manager_sources_installation.user_dir }}/framework/scripts/"
+ chdir: "{{ wazuh_dir }}/framework/scripts/"
cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}"
- executable: "{{ wazuh_manager_sources_installation.user_dir }}/framework/python/bin/python3"
+ executable: "{{ wazuh_dir }}/framework/python/bin/python3"
with_items:
- "{{ wazuh_api_users }}"
@@ -290,7 +290,7 @@
- name: Agentless Hosts & Passwd
template:
src: agentless.j2
- dest: "{{ wazuh_manager_sources_installation.user_dir }}/agentless/.passlist_tmp"
+ dest: "{{ wazuh_dir }}/agentless/.passlist_tmp"
owner: root
group: root
mode: 0644
@@ -300,7 +300,7 @@
- config
- name: Encode the secret
- shell: "/usr/bin/base64 {{ wazuh_manager_sources_installation.user_dir }}/agentless/.passlist_tmp > {{ wazuh_manager_sources_installation.user_dir }}/agentless/.passlist && rm {{ wazuh_manager_sources_installation.user_dir }}/agentless/.passlist_tmp"
+ shell: "/usr/bin/base64 {{ wazuh_dir }}/agentless/.passlist_tmp > {{ wazuh_dir }}/agentless/.passlist && rm {{ wazuh_dir }}/agentless/.passlist_tmp"
when: agentless_creds is defined
tags:
- config
@@ -314,7 +314,7 @@
- config
- name: Create agent groups
- command: "{{ wazuh_manager_sources_installation.user_dir }}/bin/agent_groups -a -g {{ item }} -q"
+ command: "{{ wazuh_dir }}/bin/agent_groups -a -g {{ item }} -q"
with_items:
- "{{ agent_groups }}"
when:
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 85f04fb2..0f5764cf 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -128,8 +128,8 @@
{{ wazuh_manager_config.rootcheck.frequency }}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/rootcheck/rootkit_files.txt
- {{ wazuh_manager_sources_installation.user_dir }}/etc/rootcheck/rootkit_trojans.txt
+ {{ wazuh_dir }}/etc/rootcheck/rootkit_files.txt
+ {{ wazuh_dir }}/etc/rootcheck/rootkit_trojans.txt
yes
@@ -640,16 +640,16 @@
{{wazuh_manager_config.authd.ciphers}}
{% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}
+ {{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}
{% endif %}
{% if wazuh_manager_config.authd.ssl_verify_host is not none %}
{{wazuh_manager_config.authd.ssl_verify_host}}
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_cert is not none %}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}
+ {{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}
{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_key is not none %}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}
+ {{ wazuh_dir }}/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}
{% endif %}
{% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}
{{wazuh_manager_config.authd.ssl_auto_negotiate}}
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 53e66510..6f46fed9 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -94,7 +94,7 @@
{{ agent_config.rootcheck.frequency }}
{% if agent_config.rootcheck.cis_distribution_filename is defined %}
- {{ wazuh_manager_sources_installation.user_dir }}/etc/shared/default/{{ agent_config.rootcheck.cis_distribution_filename }}
+ {{ wazuh_dir }}/etc/shared/default/{{ agent_config.rootcheck.cis_distribution_filename }}
{% endif %}
yes