Add support to generate CDB lists

ansible-wazuh-manager/handlers/main.yml

@@ -1,4 +1,7 @@
 ---
+- name: rebuild cdb_lists
+  shell: /var/ossec/bin/ossec-makelists
+
 - name: restart wazuh-manager
   service: name=wazuh-manager
            state=restarted

ansible-wazuh-manager/tasks/main.yml

@@ -86,6 +86,11 @@
   tags:
     - config
 
+- name: Retrieving CDB lists
+  include_vars: cdb_lists.yml
+  tags:
+    - config
+
 - name: Check if syslog output is enabled
   set_fact: syslog_output=true
   when: item.server is not none
@@ -214,6 +219,23 @@
   tags:
     - config
 
+- name: CDB Lists
+  template:
+    src: cdb_lists.j2
+    dest: "/var/ossec/etc/lists/{{ item.name }}"
+    owner: root
+    group: ossec
+    mode: 0640
+  no_log: true
+  notify:
+    - rebuild cdb_lists
+    - restart wazuh-manager
+  with_items:
+    - "{{ cdb_lists }}"
+  when: cdb_lists is defined
+  tags:
+    - config
+
 - name: Ensure Wazuh Manager, wazuh api service is started and enabled
   service:
     name: "{{ item }}"

ansible-wazuh-manager/templates/cdb_lists.j2

@@ -0,0 +1 @@
+{{ item.content }}

ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2

@@ -241,7 +241,11 @@
     <decoder_dir>ruleset/decoders</decoder_dir>
     <rule_dir>ruleset/rules</rule_dir>
     <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
+    {% if cdb_lists is defined %}
+    {% for list in cdb_lists %}
+    <list>etc/lists/{{ list.name }}</list>
+    {% endfor %}
+    {% endif %}
 
     <!-- User-defined ruleset -->
     <decoder_dir>etc/decoders</decoder_dir>

ansible-wazuh-manager/vars/cdb_lists.yml

@@ -0,0 +1,9 @@
+---
+cdb_lists:
+  - name: 'audit-keys'
+    content: |
+      audit-wazuh-w:write
+      audit-wazuh-r:read
+      audit-wazuh-a:attribute
+      audit-wazuh-x:execute
+      audit-wazuh-c:command