131 lines
4.3 KiB
Django/Jinja
131 lines
4.3 KiB
Django/Jinja
#jinja2: lstrip_blocks: True
|
|
<!--
|
|
Wazuh - Agent
|
|
More info at: https://documentation.wazuh.com
|
|
Mailing list: https://groups.google.com/forum/#!forum/wazuh
|
|
-->
|
|
|
|
<ossec_config>
|
|
<client>
|
|
<server-ip>{{ wazuh_manager_ip }}</server-ip>
|
|
{% if wazuh_profile is defined %}
|
|
<config-profile>{{ wazuh_profile }}</config-profile>
|
|
{% endif %}
|
|
<protocol>udp</protocol>
|
|
</client>
|
|
|
|
<rootcheck>
|
|
<disabled>no</disabled>
|
|
<check_unixaudit>yes</check_unixaudit>
|
|
<check_files>yes</check_files>
|
|
<check_trojans>yes</check_trojans>
|
|
<check_dev>yes</check_dev>
|
|
<check_sys>yes</check_sys>
|
|
<check_pids>yes</check_pids>
|
|
<check_ports>yes</check_ports>
|
|
<check_if>yes</check_if>
|
|
|
|
<!-- Rootcheck scan frequency -->
|
|
<frequency>43200</frequency>
|
|
|
|
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
|
|
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
|
|
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
|
|
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
|
|
{% if cis_distribution_filename is defined %}
|
|
<system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
|
|
{% endif %}
|
|
|
|
<skip_nfs>yes</skip_nfs>
|
|
</rootcheck>
|
|
|
|
<syscheck>
|
|
<!-- Syscgeck scan frequency -->
|
|
<frequency>{{ wazuh_agent_config.frequency_check }}</frequency>
|
|
<scan_on_start>{{ wazuh_agent_config.syscheck_scan_on_start }}</scan_on_start>
|
|
|
|
<!-- Directories to monitor -->
|
|
{% for directory in wazuh_agent_config.directories %}
|
|
<directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
|
|
{% endfor %}
|
|
|
|
<!-- Files/directories to ignore -->
|
|
{% for ignore_file in wazuh_agent_config.ignore_files %}
|
|
<ignore>{{ ignore_file }}</ignore>
|
|
{% endfor %}
|
|
|
|
<!-- Files no diff -->
|
|
{% for no_diff in wazuh_agent_config.no_diff %}
|
|
<nodiff>{{ no_diff }}</nodiff>
|
|
{% endfor %}
|
|
</syscheck>
|
|
|
|
<!-- Files to monitor (localfiles) -->
|
|
{% for localfile in wazuh_agent_config.localfiles %}
|
|
<localfile>
|
|
<log_format>{{ localfile.format }}</log_format>
|
|
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
|
|
<command>{{ localfile.command }}</command>
|
|
<frequency>{{ localfile.frequency }}</frequency>
|
|
{% else %}
|
|
<location>{{ localfile.location }}</location>
|
|
{% endif %}
|
|
</localfile>
|
|
{% endfor %}
|
|
|
|
{% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %}
|
|
<wodle name="open-scap">
|
|
<timeout>1800</timeout>
|
|
<interval>1d</interval>
|
|
<scan-on-start>yes</scan-on-start>
|
|
|
|
<content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
|
|
<profile>xccdf_org.ssgproject.content_profile_common</profile>
|
|
</content>
|
|
</wodle>
|
|
{% elif ansible_distribution == 'CentOS' %}
|
|
<wodle name="open-scap">
|
|
<timeout>1800</timeout>
|
|
<interval>1d</interval>
|
|
<scan-on-start>yes</scan-on-start>
|
|
|
|
{% if ansible_distribution_major_version == '7' %}
|
|
<content type="xccdf" path="ssg-centos-7-ds.xml">
|
|
{% elif ansible_distribution_major_version == '6' %}
|
|
<content type="xccdf" path="ssg-centos-6-ds.xml">
|
|
{% endif %}
|
|
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
|
|
<profile>xccdf_org.ssgproject.content_profile_common</profile>
|
|
</content>
|
|
</wodle>
|
|
{% elif ansible_distribution == 'RedHat' %}
|
|
<wodle name="open-scap">
|
|
<timeout>1800</timeout>
|
|
<interval>1d</interval>
|
|
<scan-on-start>yes</scan-on-start>
|
|
|
|
{% if ansible_distribution_major_version == '7' %}
|
|
<content type="xccdf" path="ssg-rhel-7-ds.xml">
|
|
{% elif ansible_distribution_major_version == '6' %}
|
|
<content type="xccdf" path="ssg-rhel-6-ds.xml">
|
|
{% endif %}
|
|
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
|
|
<profile>xccdf_org.ssgproject.content_profile_common</profile>
|
|
</content>
|
|
</wodle>
|
|
{% elif ansible_distribution == 'Fedora' %}
|
|
<wodle name="open-scap">
|
|
<disabled>yes</disabled>
|
|
<timeout>1800</timeout>
|
|
<interval>1d</interval>
|
|
<scan-on-start>yes</scan-on-start>
|
|
|
|
<content type="xccdf" path="ssg-fedora-ds.xml">
|
|
<profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
|
|
<profile>xccdf_org.ssgproject.content_profile_common</profile>
|
|
</content>
|
|
</wodle>
|
|
{% endif %}
|
|
|
|
</ossec_config>
|