116 lines
3.4 KiB
YAML
116 lines
3.4 KiB
YAML
---
|
|
- name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
state: present
|
|
cache_valid_time: 3600
|
|
register: wazuh_manager_https_packages_installed
|
|
until: wazuh_manager_https_packages_installed is succeeded
|
|
|
|
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
|
|
become: true
|
|
shell: |
|
|
set -o pipefail
|
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
|
|
args:
|
|
warn: false
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
|
|
- name: Debian/Ubuntu | Installing Wazuh repository key
|
|
apt_key:
|
|
url: "{{ wazuh_manager_config.repo.gpg }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- name: Debian/Ubuntu | Add Wazuh repositories
|
|
apt_repository:
|
|
filename: wazuh_repo
|
|
repo: "{{ wazuh_manager_config.repo.apt }}"
|
|
state: present
|
|
update_cache: true
|
|
changed_when: false
|
|
|
|
- name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14)
|
|
become: true
|
|
shell: |
|
|
set -o pipefail
|
|
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
|
|
args:
|
|
warn: false
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
|
|
- name: Debian/Ubuntu | Installing NodeJS repository key
|
|
apt_key:
|
|
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- name: Debian/Ubuntu | Add NodeSource repositories for Node.js
|
|
apt_repository:
|
|
repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
|
|
state: present
|
|
update_cache: true
|
|
changed_when: false
|
|
|
|
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
|
|
set_fact:
|
|
cis_distribution_filename: cis_debian_linux_rcl.txt
|
|
|
|
- name: Debian/Ubuntu | Install OpenJDK-8 repo
|
|
apt_repository:
|
|
repo: 'ppa:openjdk-r/ppa'
|
|
state: present
|
|
update_cache: true
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- when:
|
|
- wazuh_manager_config.cis_cat.disable == 'no'
|
|
- wazuh_manager_config.cis_cat.install_java == 'yes'
|
|
block:
|
|
- name: Debian/Ubuntu | Install OpenJDK 1.8
|
|
apt: name=openjdk-8-jre state=present cache_valid_time=3600
|
|
tags:
|
|
- init
|
|
|
|
- name: Debian/Ubuntu | Install OpenScap
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
cache_valid_time: 3600
|
|
register: wazuh_manager_openscap_installed
|
|
until: wazuh_manager_openscap_installed is succeeded
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
with_items:
|
|
- libopenscap8
|
|
- xsltproc
|
|
tags:
|
|
- init
|
|
|
|
- name: Debian/Ubuntu | Get OpenScap installed version
|
|
shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
register: openscap_version
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Check OpenScap version
|
|
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
register: openscap_version_valid
|
|
changed_when: false
|
|
tags:
|
|
- config
|