--- - name: "Install dependencies" package: name: - unzip - openssl - tar state: present - name: Check if NodeJS service exists stat: path: /usr/bin/node register: node_service_status - name: Install NodeJS repository block: - name: Download NodeJS repository script get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: 0775 changed_when: false - name: Run NodeJS bash script command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 when: - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" - name: Installing NodeJS package: name: nodejs state: present register: nodejs_service_is_installed until: nodejs_service_is_installed is succeeded when: - wazuh_manager_config.cluster.node_type == "master" tags: init - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect package: name: expect state: "{{ wazuh_manager_package_state }}" when: - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: creates: sslmanager.cert chdir: /var/ossec/etc/ tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" dest: "/var/ossec/etc/{{ item }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - "{{ wazuh_manager_config.authd.ssl_manager_key }}" tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Verifying for old init authd service stat: path=/etc/init.d/ossec-authd register: old_authd_service tags: - config - name: Verifying for old systemd authd service stat: path=/lib/systemd/system/ossec-authd.service register: old_authd_service tags: - config - name: Ensure ossec-authd service is disabled service: name=ossec-authd enabled=no state=stopped when: old_authd_service.stat.exists tags: - config - name: Removing old init authd services file: path="{{ item }}" state=absent with_items: - "/etc/init.d/ossec-authd" - "/lib/systemd/system/ossec-authd.service" when: old_authd_service.stat.exists tags: - config - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest=/var/ossec/etc/rules/local_rules.xml owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local rules files copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" dest=/var/ossec/etc/rules/ owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest=/var/ossec/etc/decoders/local_decoder.xml owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local decoders files copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" dest=/var/ossec/etc/decoders/ owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Configure the shared-agent.conf template: src: var-ossec-etc-shared-agent.conf.j2 dest: /var/ossec/etc/shared/default/agent.conf owner: ossec group: ossec mode: 0640 validate: '/var/ossec/bin/verify-agent-conf -f %s' notify: restart wazuh-manager tags: - init - config when: - shared_agent_config is defined - name: Installing the api.yaml (api configuration) template: src=api.yaml.j2 dest=/var/ossec/api/configuration/api.yaml owner=root group=ossec mode=0640 notify: restart wazuh-api when: - wazuh_manager_config.cluster.node_type == "master" tags: - init - config - name: Installing the local_internal_options.conf template: src=var-ossec-etc-local-internal-options.conf.j2 dest=/var/ossec/etc/local_internal_options.conf owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - name: Retrieving Agentless Credentials include_vars: agentless_creds.yml tags: - config - name: Retrieving authd Credentials include_vars: authd_pass.yml tags: - config - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none with_items: - "{{ wazuh_manager_config.syslog_outputs }}" tags: - config - name: Check if client-syslog is enabled shell: | set -o pipefail "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" args: removes: /var/ossec/bin/.process_list executable: /bin/bash changed_when: false check_mode: false register: csyslog_enabled tags: - config - name: Enable client-syslog command: /var/ossec/bin/ossec-control enable client-syslog notify: restart wazuh-manager when: - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - syslog_output is defined and syslog_output tags: - config - name: Check if ossec-agentlessd is enabled shell: | set -o pipefail "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" args: removes: /var/ossec/bin/.process_list executable: /bin/bash changed_when: false check_mode: false register: agentlessd_enabled tags: - config - name: Enable ossec-agentlessd command: /var/ossec/bin/ossec-control enable agentless notify: restart wazuh-manager when: - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - agentless_creds is defined tags: - config - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: - wazuh_manager_config.json_output == 'no' - wazuh_manager_config.alerts_log == 'no' tags: - init - config - name: Linux | Vuls integration deploy (runs in background, can take a while) command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }} args: creates: /var/ossec/wodles/vuls/config.toml async: 3600 poll: 0 when: - wazuh_manager_config.vuls.disable != 'yes' - ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle', 'Amazon'] - not ansible_check_mode tags: - init - name: Configure ossec.conf template: src=var-ossec-etc-ossec-server.conf.j2 dest=/var/ossec/etc/ossec.conf owner=root group=ossec mode=0644 notify: restart wazuh-manager tags: - init - config - name: Ossec-authd password template: src: authd_pass.j2 dest: "/var/ossec/etc/authd.pass" owner: ossec group: ossec mode: 0640 no_log: true notify: restart wazuh-manager when: - wazuh_manager_config.authd.use_password is defined - wazuh_manager_config.authd.use_password == 'yes' tags: - config # - name: Get API auth token # uri: # url: "https://{{ inventory_hostname }}:55000/security/user/authenticate?raw=true" # method: GET # user: wazuh # password: wazuh # validate_certs: no # force_basic_auth: yes # return_content: yes # status_code: 200 # retries: 10 # delay: 5 # until: token.status == 200 # register: token # tags: # - config_api_users # when: # - wazuh_api_users is defined # - wazuh_manager_config.cluster.node_type == "master" # - name: Create Wazuh-API Users # block: # - name: Create new user # uri: # url: "https://{{ inventory_hostname }}:55000/security/users" # method: POST # body_format: json # body: # username: "{{ item.username }}" # password: "{{ item.password }}" # validate_certs: no # status_code: 200 # headers: # Authorization: "Bearer {{ token.content }}" # with_items: # - "{{ wazuh_api_users }}" # register: user_creation # when: # - wazuh_api_users is defined # - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: src: agentless.j2 dest: "/var/ossec/agentless/.passlist_tmp" owner: root group: root mode: 0644 no_log: true when: agentless_creds is defined tags: - config - name: Encode the secret shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp when: agentless_creds is defined tags: - config - name: Ensure Wazuh Manager service is started and enabled. service: name: "wazuh-manager" enabled: true state: started tags: - config - name: Ensure Wazuh API service is started and enabled. service: name: "wazuh-api" enabled: true state: started when: wazuh_manager_config.cluster.node_type == "master" tags: - config - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - "{{ agent_groups }}" when: - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - not wazuh_manager_sources_installation.enabled