--- - name: "Install dependencies" package: name: - unzip - openssl - tar - curl state: present register: package_status until: "package_status is not failed" retries: 10 delay: 10 - include_vars: ../../vars/repo_vars.yml - include_vars: ../../vars/repo.yml when: packages_repository == 'production' - include_vars: ../../vars/repo_pre-release.yml when: packages_repository == 'pre-release' - include_vars: ../../vars/repo_staging.yml when: packages_repository == 'staging' - name: Overlay wazuh_manager_config on top of defaults set_fact: wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' vars: config_layer: '{{ wazuh_manager_config | default({}) }}' when: wazuh_manager_config_overlay | bool - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect package: name: expect state: "{{ wazuh_manager_package_state }}" when: - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) and not (ansible_distribution|lower == "centos" and ansible_distribution_major_version|int == 8) tags: init - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: creates: sslmanager.cert chdir: "{{ wazuh_dir }}/etc/" tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" dest: "{{ wazuh_dir }}/etc/{{ item }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - "{{ wazuh_manager_config.authd.ssl_manager_key }}" tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Verifying for old init authd service stat: path=/etc/init.d/ossec-authd register: old_authd_service tags: - config - name: Verifying for old systemd authd service stat: path=/lib/systemd/system/ossec-authd.service register: old_authd_service tags: - config - name: Ensure ossec-authd service is disabled service: name=ossec-authd enabled=no state=stopped when: old_authd_service.stat.exists tags: - config - name: Removing old init authd services file: path="{{ item }}" state=absent with_items: - "/etc/init.d/ossec-authd" - "/lib/systemd/system/ossec-authd.service" when: old_authd_service.stat.exists tags: - config - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest="{{ wazuh_dir }}/etc/rules/local_rules.xml" owner=wazuh group=wazuh mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local rules files copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" dest="{{ wazuh_dir }}/etc/rules/" owner=wazuh group=wazuh mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest="{{ wazuh_dir }}/etc/decoders/local_decoder.xml" owner=wazuh group=wazuh mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local decoders files copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" dest="{{ wazuh_dir }}/etc/decoders/" owner=wazuh group=wazuh mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Configure the shared-agent.conf template: src: var-ossec-etc-shared-agent.conf.j2 dest: "{{ wazuh_dir }}/etc/shared/default/agent.conf" owner: wazuh group: wazuh mode: 0640 validate: "{{ wazuh_dir }}/bin/verify-agent-conf -f %s" notify: restart wazuh-manager tags: - init - config when: - shared_agent_config is defined - name: Installing the local_internal_options.conf template: src=var-ossec-etc-local-internal-options.conf.j2 dest="{{ wazuh_dir }}/etc/local_internal_options.conf" owner=root group=wazuh mode=0640 notify: restart wazuh-manager tags: - init - config - name: Retrieving Agentless Credentials include_vars: agentless_creds.yml tags: - config - name: Retrieving authd Credentials include_vars: authd_pass.yml tags: - config - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none with_items: - "{{ wazuh_manager_config.syslog_outputs }}" tags: - config - name: Check if client-syslog is enabled shell: | set -o pipefail "grep -c 'ossec-csyslogd' {{ wazuh_dir }}/bin/.process_list | xargs echo" args: removes: "{{ wazuh_dir }}/bin/.process_list" executable: /bin/bash changed_when: false check_mode: false register: csyslog_enabled tags: - config - name: Enable client-syslog command: "{{ wazuh_dir }}/bin/wazuh-control enable client-syslog" notify: restart wazuh-manager when: - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - syslog_output is defined and syslog_output tags: - config - name: Check if ossec-agentlessd is enabled shell: | set -o pipefail "grep -c 'ossec-agentlessd' {{ wazuh_dir }}/bin/.process_list | xargs echo" args: removes: "{{ wazuh_dir }}/bin/.process_list" executable: /bin/bash changed_when: false check_mode: false register: agentlessd_enabled tags: - config - name: Enable ossec-agentlessd command: "{{ wazuh_dir }}/bin/wazuh-control enable agentless" notify: restart wazuh-manager when: - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - agentless_creds is defined tags: - config - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: - wazuh_manager_config.json_output == 'no' - wazuh_manager_config.alerts_log == 'no' tags: - init - config - name: Configure ossec.conf template: src: var-ossec-etc-ossec-server.conf.j2 dest: "{{ wazuh_dir }}/etc/ossec.conf" owner: root group: wazuh mode: 0644 notify: restart wazuh-manager tags: - init - config - name: Generate the wazuh-keystore shell: > /var/ossec/bin/wazuh-keystore -f indexer -k username -v {{ indexer_security_user }} /var/ossec/bin/wazuh-keystore -f indexer -k password -v {{ indexer_security_password }} notify: restart wazuh-manager tags: - init - config - name: Ossec-authd password template: src: authd_pass.j2 dest: "{{ wazuh_dir }}/etc/authd.pass" owner: wazuh group: wazuh mode: 0640 no_log: true notify: restart wazuh-manager when: - wazuh_manager_config.authd.use_password is defined - wazuh_manager_config.authd.use_password == 'yes' tags: - config - name: Create custom API user block: - name: Copy create_user script copy: src: create_user.py dest: "{{ wazuh_dir }}/framework/scripts/create_user.py" owner: root group: wazuh mode: 0644 - name: Create admin.json template: src: templates/admin.json.j2 dest: "{{ wazuh_dir }}/api/configuration/admin.json" owner: wazuh group: wazuh mode: 0644 no_log: true - name: Execute create_user script script: chdir: "{{ wazuh_dir }}/framework/scripts/" cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}" executable: "{{ wazuh_dir }}/framework/python/bin/python3" with_items: - "{{ wazuh_api_users }}" tags: - config_api_users when: - wazuh_api_users is defined - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: src: agentless.j2 dest: "{{ wazuh_dir }}/agentless/.passlist_tmp" owner: root group: root mode: 0644 no_log: true when: agentless_creds is defined tags: - config - name: Encode the secret shell: "/usr/bin/base64 {{ wazuh_dir }}/agentless/.passlist_tmp > {{ wazuh_dir }}/agentless/.passlist && rm {{ wazuh_dir }}/agentless/.passlist_tmp" when: agentless_creds is defined tags: - config - name: Ensure Wazuh Manager service is started and enabled. service: name: "wazuh-manager" enabled: true state: started tags: - config - name: Create agent groups command: "{{ wazuh_dir }}/bin/agent_groups -a -g {{ item }} -q" with_items: - "{{ agent_groups }}" when: - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest - name: Run uninstall tasks include_tasks: uninstall.yml