--- - include: "RedHat.yml" when: ansible_os_family == "RedHat" - include: "Debian.yml" when: ansible_os_family == "Debian" - name: Install wazuh-manager, wazuh-api and expect package: pkg={{ item }} state=present with_items: - wazuh-manager - wazuh-api - expect tags: - init - name: Generate SSL files command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" args: creates: sslmanager.cert chdir: /var/ossec/etc/ tags: - config - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest=/var/ossec/etc/rules/local_rules.xml owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest=/var/ossec/etc/decoders/local_decoder.xml owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Configure the shared-agent.conf template: src=var-ossec-etc-shared-agent.conf.j2 dest=/var/ossec/etc/shared/agent.conf owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - name: Check if client-syslog is enabled shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo" register: csyslog_running changed_when: False - name: Enable client-syslog command: /var/ossec/bin/ossec-control enable client-syslog when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined - name: Start client-syslog command: /var/ossec/bin/ossec-control start client-syslog when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined - name: Check if ossec-agentlessd is enabled shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo" register: agentless_running changed_when: False - name: Enable ossec-agentlessd command: /var/ossec/bin/ossec-control enable agentless when: agentless_running.stdout == '0' and agentless_creeds is defined - name: Start client-syslog command: /var/ossec/bin/ossec-control start agentless when: agentless_running.stdout == '0' and agentless_creeds is defined - name: Retrieving Agentless Credentials include_vars: agentless_creeds.yml - name: Retrieving Wazuh-api User Credentials include_vars: wazuh_api_creds.yml - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: - wazuh_manager_config.json_output == 'no' - wazuh_manager_config.alerts_log == 'no' tags: - init - config - name: Configure ossec.conf template: src=var-ossec-etc-ossec-server.conf.j2 dest=/var/ossec/etc/ossec.conf owner=root group=ossec mode=0644 notify: restart wazuh-manager tags: - init - config - name: Write ossec-authd init file template: src=ossec-authd-init.service dest=/etc/init.d/ossec-authd owner=root group=root mode=0755 when: - ansible_service_mgr == "upstart" - ansible_os_family != "CoreOS" - wazuh_manager_config.enable_authd == true tags: - init - config - name: Write ossec-authd systemd file template: src: ossec-authd.service dest: /lib/systemd/system/ossec-authd.service when: - ansible_service_mgr == "systemd" - ansible_os_family != "CoreOS" - wazuh_manager_config.enable_authd == true tags: - init - config - name: Ensure ossec-authd service is started and enabled service: name=ossec-authd enabled=yes state=started when: wazuh_manager_config.enable_authd == true tags: - config - name: Wazuh-api User template: src: api_user.j2 dest: "/var/ossec/api/configuration/auth/user" owner: root group: root mode: 0750 no_log: true notify: restart wazuh-api when: wazuh_api_user is defined - name: Agentless Hosts & Passwd template: src: agentless.j2 dest: "/var/ossec/agentless/.passlist_tmp" owner: root group: root mode: 0644 no_log: true when: agentless_creeds is defined - name: Encode the secret shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp when: agentless_creeds is defined - name: Ensure Wazuh Manager, wazuh api service is started and enabled service: name: "{{ item }}" enabled: yes state: started with_items: - wazuh-manager - wazuh-api tags: - config - include: "RMRedHat.yml" when: ansible_os_family == "RedHat" - include: "RMDebian.yml" when: ansible_os_family == "Debian"