--- - include: "RedHat.yml" when: ansible_os_family == "RedHat" - include: "Debian.yml" when: ansible_os_family == "Debian" - name: Install wazuh-manager, wazuh-api and expect package: pkg={{ item }} state=present with_items: - wazuh-manager - wazuh-api - expect tags: - init - name: Generate SSL files for authd command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/" args: creates: sslmanager.cert chdir: /var/ossec/etc/ tags: - config when: not wazuh_manager_config.authd.ssl_agent_ca is not none - name: Copy CA, SSL key and cert for authd copy: src: "{{ item }}" dest: "/var/ossec/etc/{{ item | basename }}" mode: 0644 with_items: - "{{ wazuh_manager_config.authd.ssl_agent_ca }}" - "{{ wazuh_manager_config.authd.ssl_manager_cert }}" - "{{ wazuh_manager_config.authd.ssl_manager_key }}" tags: - config when: wazuh_manager_config.authd.ssl_agent_ca is not none - name: Installing the local_rules.xml (default local_rules.xml) template: src=var-ossec-rules-local_rules.xml.j2 dest=/var/ossec/etc/rules/local_rules.xml owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Installing the local_decoder.xml template: src=var-ossec-rules-local_decoder.xml.j2 dest=/var/ossec/etc/decoders/local_decoder.xml owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - rules - name: Configure the shared-agent.conf template: src=var-ossec-etc-shared-agent.conf.j2 dest=/var/ossec/etc/shared/agent.conf owner=root group=ossec mode=0640 notify: restart wazuh-manager tags: - init - config - name: Check if client-syslog is enabled shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo" register: csyslog_running changed_when: False - name: Enable client-syslog command: /var/ossec/bin/ossec-control enable client-syslog when: - csyslog_running.stdout == '0' - wazuh_manager_config.syslog_outputs.server is not none - name: Start client-syslog command: /var/ossec/bin/ossec-control start client-syslog when: - csyslog_running.stdout == '0' - wazuh_manager_config.syslog_outputs.server is not none - name: Check if ossec-agentlessd is enabled shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo" register: agentless_running changed_when: False - name: Enable ossec-agentlessd command: /var/ossec/bin/ossec-control enable agentless when: agentless_running.stdout == '0' and agentless_creeds is defined - name: Start ossec-agentlessd command: /var/ossec/bin/ossec-control start agentless when: agentless_running.stdout == '0' and agentless_creeds is defined - name: Check if ossec-authd is enabled shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-authd is running' | xargs echo" register: authd_running changed_when: False - name: Enable ossec-authd command: /var/ossec/bin/ossec-control enable auth when: - authd_running.stdout == '0' - wazuh_manager_config.authd.enable == true - name: Start ossec-authd command: /var/ossec/bin/ossec-control start auth when: - authd_running.stdout == '0' - wazuh_manager_config.authd.enable == true - name: Retrieving authd Credentials include_vars: authd_pass.yml tags: - config - name: Retrieving Agentless Credentials include_vars: agentless_creeds.yml tags: - config - name: Retrieving Wazuh-api User Credentials include_vars: wazuh_api_creds.yml tags: - config - name: Checking alert log output settings fail: msg="Please enable json_output or alerts_log options." when: - wazuh_manager_config.json_output == 'no' - wazuh_manager_config.alerts_log == 'no' tags: - init - config - name: Configure ossec.conf template: src=var-ossec-etc-ossec-server.conf.j2 dest=/var/ossec/etc/ossec.conf owner=root group=ossec mode=0644 notify: restart wazuh-manager tags: - init - config - name: Ossec-authd password template: src: authd_pass.j2 dest: "/var/ossec/etc/authd.pass" owner: ossec group: ossec mode: 0640 no_log: true notify: restart wazuh-manager when: - wazuh_manager_config.authd.use_password is defined - wazuh_manager_config.authd.use_password == true tags: - config - name: Wazuh-api User template: src: api_user.j2 dest: "/var/ossec/api/configuration/auth/user" owner: root group: root mode: 0750 no_log: true notify: restart wazuh-api when: wazuh_api_user is defined - name: Agentless Hosts & Passwd template: src: agentless.j2 dest: "/var/ossec/agentless/.passlist_tmp" owner: root group: root mode: 0644 no_log: true when: agentless_creeds is defined - name: Encode the secret shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp when: agentless_creeds is defined - name: Ensure Wazuh Manager, wazuh api service is started and enabled service: name: "{{ item }}" enabled: yes state: started with_items: - wazuh-manager - wazuh-api tags: - config - include: "RMRedHat.yml" when: ansible_os_family == "RedHat" - include: "RMDebian.yml" when: ansible_os_family == "Debian"