From ff6ea6230a038dfc6a794eeaedf072d00d434e9d Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Wed, 30 Aug 2017 15:30:04 -0500
Subject: [PATCH] Add support to generate CDB lists

---
 ansible-wazuh-manager/handlers/main.yml       |  3 +++
 ansible-wazuh-manager/tasks/main.yml          | 22 +++++++++++++++++++
 ansible-wazuh-manager/templates/cdb_lists.j2  |  1 +
 .../var-ossec-etc-ossec-server.conf.j2        |  6 ++++-
 ansible-wazuh-manager/vars/cdb_lists.yml      |  9 ++++++++
 5 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 ansible-wazuh-manager/templates/cdb_lists.j2
 create mode 100644 ansible-wazuh-manager/vars/cdb_lists.yml

diff --git a/ansible-wazuh-manager/handlers/main.yml b/ansible-wazuh-manager/handlers/main.yml
index 2d799c45..924ee738 100644
--- a/ansible-wazuh-manager/handlers/main.yml
+++ b/ansible-wazuh-manager/handlers/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: rebuild cdb_lists
+  shell: /var/ossec/bin/ossec-makelists
+
 - name: restart wazuh-manager
   service: name=wazuh-manager
            state=restarted
diff --git a/ansible-wazuh-manager/tasks/main.yml b/ansible-wazuh-manager/tasks/main.yml
index 974fdb6a..43dc9e3e 100644
--- a/ansible-wazuh-manager/tasks/main.yml
+++ b/ansible-wazuh-manager/tasks/main.yml
@@ -86,6 +86,11 @@
   tags:
     - config
 
+- name: Retrieving CDB lists
+  include_vars: cdb_lists.yml
+  tags:
+    - config
+
 - name: Check if syslog output is enabled
   set_fact: syslog_output=true
   when: item.server is not none
@@ -214,6 +219,23 @@
   tags:
     - config
 
+- name: CDB Lists
+  template:
+    src: cdb_lists.j2
+    dest: "/var/ossec/etc/lists/{{ item.name }}"
+    owner: root
+    group: ossec
+    mode: 0640
+  no_log: true
+  notify:
+    - rebuild cdb_lists
+    - restart wazuh-manager
+  with_items:
+    - "{{ cdb_lists }}"
+  when: cdb_lists is defined
+  tags:
+    - config
+
 - name: Ensure Wazuh Manager, wazuh api service is started and enabled
   service:
     name: "{{ item }}"
diff --git a/ansible-wazuh-manager/templates/cdb_lists.j2 b/ansible-wazuh-manager/templates/cdb_lists.j2
new file mode 100644
index 00000000..37774b9c
--- /dev/null
+++ b/ansible-wazuh-manager/templates/cdb_lists.j2
@@ -0,0 +1 @@
+{{ item.content }}
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 62eaa282..98d13b2a 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -241,7 +241,11 @@
     <decoder_dir>ruleset/decoders</decoder_dir>
     <rule_dir>ruleset/rules</rule_dir>
     <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
+    {% if cdb_lists is defined %}
+    {% for list in cdb_lists %}
+    <list>etc/lists/{{ list.name }}</list>
+    {% endfor %}
+    {% endif %}
 
     <!-- User-defined ruleset -->
     <decoder_dir>etc/decoders</decoder_dir>
diff --git a/ansible-wazuh-manager/vars/cdb_lists.yml b/ansible-wazuh-manager/vars/cdb_lists.yml
new file mode 100644
index 00000000..4dd651c5
--- /dev/null
+++ b/ansible-wazuh-manager/vars/cdb_lists.yml
@@ -0,0 +1,9 @@
+---
+cdb_lists:
+  - name: 'audit-keys'
+    content: |
+      audit-wazuh-w:write
+      audit-wazuh-r:read
+      audit-wazuh-a:attribute
+      audit-wazuh-x:execute
+      audit-wazuh-c:command