--- - name: Overlay wazuh_manager_config on top of defaults set_fact: wazuh_manager_config: '{{ wazuh_manager_config_defaults | combine(config_layer, recursive=True) }}' vars: config_layer: '{{ wazuh_manager_config | default({}) }}' when: wazuh_manager_config_overlay | bool - name: "Install dependencies" package: name: - unzip - openssl - tar state: present - name: Check if NodeJS service exists stat: path: /usr/bin/node register: node_service_status - name: Install NodeJS repository block: - name: Download NodeJS repository script get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh mode: 0775 changed_when: false - name: Run NodeJS bash script command: sh /etc/nodejs.sh register: nodejs_script changed_when: nodejs_script.rc == 0 when: - not node_service_status.stat.exists - wazuh_manager_config.cluster.node_type == "master" - include_tasks: "RedHat.yml" when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int > 5) or (ansible_os_family == "RedHat" and ansible_distribution == "Amazon") - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" - name: Install expect package: name: expect state: "{{ wazuh_manager_package_state }}" when: - not (ansible_os_family|lower == "redhat" and ansible_distribution_major_version|int < 6) tags: init - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ wazuh_manager_fqdn }}/" args: creates: sslmanager.cert chdir: /var/ossec/etc/ tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" dest: "/var/ossec/etc/{{ item }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - "{{ wazuh_manager_config.authd.ssl_manager_key }}" tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Verifying for old init authd service stat: path=/etc/init.d/ossec-authd register: old_authd_service tags: - config - name: Verifying for old systemd authd service stat: path=/lib/systemd/system/ossec-authd.service register: old_authd_service tags: - config - name: Ensure ossec-authd service is disabled service: name=ossec-authd enabled=no state=stopped when: old_authd_service.stat.exists tags: - config - name: Removing old init authd services file: path="{{ item }}" state=absent with_items: - "/etc/init.d/ossec-authd" - "/lib/systemd/system/ossec-authd.service" when: old_authd_service.stat.exists tags: - config - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest=/var/ossec/etc/rules/local_rules.xml owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local rules files copy: src="{{ wazuh_manager_config.ruleset.rules_path }}" dest=/var/ossec/etc/rules/ owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest=/var/ossec/etc/decoders/local_decoder.xml owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Adding local decoders files copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}" dest=/var/ossec/etc/decoders/ owner=ossec group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Configure the shared-agent.conf template: src: var-ossec-etc-shared-agent.conf.j2 dest: /var/ossec/etc/shared/default/agent.conf owner: ossec group: ossec mode: 0640 validate: '/var/ossec/bin/verify-agent-conf -f %s' notify: restart wazuh-manager tags: - init - config when: - shared_agent_config is defined - name: Installing the api.yaml (api configuration) template: src=api.yaml.j2 dest=/var/ossec/api/configuration/api.yaml owner=root group=ossec mode=0640 notify: restart wazuh-manager when: - wazuh_manager_config.cluster.node_type == "master" tags: - init - config - name: Installing the local_internal_options.conf template: src=var-ossec-etc-local-internal-options.conf.j2 dest=/var/ossec/etc/local_internal_options.conf owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - name: Retrieving Agentless Credentials include_vars: agentless_creds.yml tags: - config - name: Retrieving authd Credentials include_vars: authd_pass.yml tags: - config - name: Check if syslog output is enabled set_fact: syslog_output=true when: item.server is not none with_items: - "{{ wazuh_manager_config.syslog_outputs }}" tags: - config - name: Check if client-syslog is enabled shell: | set -o pipefail "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo" args: removes: /var/ossec/bin/.process_list executable: /bin/bash changed_when: false check_mode: false register: csyslog_enabled tags: - config - name: Enable client-syslog command: /var/ossec/bin/ossec-control enable client-syslog notify: restart wazuh-manager when: - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout - syslog_output is defined and syslog_output tags: - config - name: Check if ossec-agentlessd is enabled shell: | set -o pipefail "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo" args: removes: /var/ossec/bin/.process_list executable: /bin/bash changed_when: false check_mode: false register: agentlessd_enabled tags: - config - name: Enable ossec-agentlessd command: /var/ossec/bin/ossec-control enable agentless notify: restart wazuh-manager when: - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout - agentless_creds is defined tags: - config - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: - wazuh_manager_config.json_output == 'no' - wazuh_manager_config.alerts_log == 'no' tags: - init - config - name: Configure ossec.conf template: src: var-ossec-etc-ossec-server.conf.j2 dest: /var/ossec/etc/ossec.conf owner: root group: ossec mode: 0644 notify: restart wazuh-manager tags: - init - config - name: Ossec-authd password template: src: authd_pass.j2 dest: "/var/ossec/etc/authd.pass" owner: ossec group: ossec mode: 0640 no_log: true notify: restart wazuh-manager when: - wazuh_manager_config.authd.use_password is defined - wazuh_manager_config.authd.use_password == 'yes' tags: - config - name: Create custom API user block: - name: Copy create_user script copy: src: create_user.py dest: /var/ossec/framework/scripts/create_user.py owner: root group: ossec mode: 0644 - name: Execute create_user script script: chdir: /var/ossec/framework/scripts/ cmd: create_user.py --username "{{ item.username }}" --password "{{ item.password }}" executable: /var/ossec/framework/python/bin/python3 with_items: - "{{ wazuh_api_users }}" tags: - config_api_users when: - wazuh_api_users is defined - wazuh_manager_config.cluster.node_type == "master" - name: Agentless Hosts & Passwd template: src: agentless.j2 dest: "/var/ossec/agentless/.passlist_tmp" owner: root group: root mode: 0644 no_log: true when: agentless_creds is defined tags: - config - name: Encode the secret shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp when: agentless_creds is defined tags: - config - name: Ensure Wazuh Manager service is started and enabled. service: name: "wazuh-manager" enabled: true state: started tags: - config - name: Create agent groups command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q" with_items: - "{{ agent_groups }}" when: - ( agent_groups is defined) and ( agent_groups|length > 0) tags: molecule-idempotence-notest - include_tasks: "RMRedHat.yml" when: - ansible_os_family == "RedHat" or ansible_os_family == "Amazon" - not wazuh_manager_sources_installation.enabled - include_tasks: "RMDebian.yml" when: - ansible_os_family == "Debian" - not wazuh_manager_sources_installation.enabled