From f625f0b310fe3a15d11a970535121d8de3426f34 Mon Sep 17 00:00:00 2001
From: Zenidd <jpsaezgutierrez@gmail.com>
Date: Wed, 25 Mar 2020 12:49:49 +0100
Subject: [PATCH] Updating manager configuration templates and vars

---
 .../ansible-wazuh-agent/defaults/main.yml     |  4 ---
 .../ansible-wazuh-manager/defaults/main.yml   | 19 +++++++----
 .../var-ossec-etc-ossec-server.conf.j2        | 33 ++++++++++++++++---
 3 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 2e5bf4f0..7df27cc9 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -111,11 +111,7 @@ wazuh_agent_config:
       - /etc/cups/certs
       - /etc/dumpdates
       - /etc/svc/volatile
-      - /sys/kernel/security
-      - /sys/kernel/debug
-      - /dev/core
     ignore_linux_type:
-      - '^/proc'
       - '.log$|.swp$'
     ignore_win:
       - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 8b4151de..ffd2925c 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -105,7 +105,7 @@ wazuh_manager_config:
   authd:
     enable: true
     port: 1515
-    use_source_ip: 'yes'
+    use_source_ip: 'no'
     force_insert: 'yes'
     force_time: 0
     purge: 'yes'
@@ -166,24 +166,29 @@ wazuh_manager_config:
       - /etc/cups/certs
       - /etc/dumpdates
       - /etc/svc/volatile
-      - /sys/kernel/security
-      - /sys/kernel/debug
-      - /dev/core
     ignore_linux_type:
-      - '^/proc'
       - '.log$|.swp$'
     no_diff:
       - /etc/ssl/private.key
     directories:
       - dirs: /etc,/usr/bin,/usr/sbin
-        checks: 'check_all="yes"'
+        checks: ''
       - dirs: /bin,/sbin,/boot
-        checks: 'check_all="yes"'
+        checks: ''
     auto_ignore_frequency:
       frequency: 'frequency="10"'
       timeframe: 'timeframe="3600"'
       value: 'no'
     skip_nfs: 'yes'
+    skip_dev: 'yes'
+    skip_proc: 'yes'
+    skip_sys: 'yes'
+    process_priority: 10
+    max_eps: 100
+    sync_enabled: 'yes'
+    sync_interval: '5m'
+    sync_max_interval: '1h'
+    sync_max_eps: 10
   rootcheck:
     frequency: 43200
   openscap:
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index d4340c9b..1a6b59c7 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -245,13 +245,13 @@
   {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}
     <skip_nfs>yes</skip_nfs>
   {% endif %}
-  {% if wazuh_manager_config.sca.day | length > 0 %}  
+  {% if wazuh_manager_config.sca.day | length > 0 %}
     <day>yes</day>
   {% endif %}
-  {% if wazuh_manager_config.sca.wday | length > 0 %}  
+  {% if wazuh_manager_config.sca.wday | length > 0 %}
     <wday>yes</wday>
   {% endif %}
-  {% if wazuh_manager_config.sca.time | length > 0 %}  
+  {% if wazuh_manager_config.sca.time | length > 0 %}
     <time>yes</time>
   {% endif %}
   </sca>
@@ -332,6 +332,29 @@
     {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
     <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
     {% endif %}
+    {% if wazuh_manager_config.syscheck.skip_dev is defined %}
+    <skip_dev>{{ wazuh_manager_config.syscheck.skip_dev }}</skip_dev>
+    {% endif %}
+    {% if wazuh_manager_config.syscheck.skip_proc is defined %}
+    <skip_proc>{{ wazuh_manager_config.syscheck.skip_proc }}</skip_proc>
+    {% endif %}
+    {% if wazuh_manager_config.syscheck.skip_sys is defined %}
+    <skip_sys>{{ wazuh_manager_config.syscheck.skip_sys }}</skip_sys>
+    {% endif %}
+
+    <!-- Nice value for Syscheck module -->
+    <process_priority>{{ wazuh_agent_config.syscheck.process_priority }}</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>{{ wazuh_agent_config.syscheck.sync_enabled }}</enabled>
+      <interval>{{ wazuh_agent_config.syscheck.interval }}</interval>
+      <max_interval>{{ wazuh_agent_config.syscheck.max_interval }}</max_interval>
+      <max_eps>{{ wazuh_agent_config.syscheck.max_eps }}</max_eps>
+    </synchronization>
   </syscheck>
 
   <global>
@@ -470,7 +493,7 @@
 {% endfor %}
 {% endif -%}
 
-{% if ansible_os_family == "RedHat" %}  
+{% if ansible_os_family == "RedHat" %}
 {% for localfile in wazuh_manager_config.localfiles.centos %}
 
   <localfile>
@@ -578,7 +601,7 @@
     {% endif %}
     {% if wazuh_manager_config.authd.ciphers is not none %}
     <ciphers>{{wazuh_manager_config.authd.ciphers}}</ciphers>
-    {% endif %}    
+    {% endif %}
     {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}
     <ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>
     {% endif %}