118 lines
3.3 KiB
YAML
118 lines
3.3 KiB
YAML
---
|
|
# tasks file for ossec-server
|
|
|
|
- name: Install the correct repository
|
|
include: "RedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Install the correct repository
|
|
include: "Debian.yml"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
|
|
- name: Generate SSL files
|
|
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
|
|
args:
|
|
creates: sslmanager.cert
|
|
chdir: /var/ossec/etc/
|
|
tags:
|
|
- config
|
|
|
|
- name: Configure the shared-agent.conf
|
|
template: src=var-ossec-etc-shared-agent.conf.j2
|
|
dest=/var/ossec/etc/shared/agent.conf
|
|
owner=ossec
|
|
group=ossec
|
|
mode=0644
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Installing custom local_rules.xml
|
|
template:
|
|
src: "{{ playbook_dir }}/{{ ossec_server_config.local_rules_template }}"
|
|
dest: /var/ossec/rules/local_rules.xml
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ossec_server_config.local_rules_template is defined
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Installing the local_rules.xml (default local_rules.xml)
|
|
template: src=var-ossec-rules-local_rules.xml.j2
|
|
dest=/var/ossec/etc/rules/local_rules.xml
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
when: ossec_server_config.local_rules_template is not defined
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Check if client-syslog is enabled
|
|
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
|
|
register: csyslog_running
|
|
changed_when: False
|
|
|
|
- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
|
|
command: /var/ossec/bin/ossec-control enable client-syslog
|
|
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
|
|
|
|
- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
|
|
command: /var/ossec/bin/ossec-control start client-syslog
|
|
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
|
|
|
|
- name: Set ossec deploy facts for Debian
|
|
set_fact:
|
|
ossec_server_config_filename: ossec.conf
|
|
ossec_init_name: ossec
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Configure ossec.conf
|
|
template: src=var-ossec-etc-ossec-server.conf.j2
|
|
dest=/var/ossec/etc/ossec.conf
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Write ossec-authd init file
|
|
template: src=ossec-authd-init.service
|
|
dest=/etc/init.d/ossec-authd
|
|
owner=root
|
|
group=root
|
|
mode=0755
|
|
when: ansible_service_mgr == "upstart" and ansible_os_family != "CoreOS"
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Write ossec-authd systemd file
|
|
template:
|
|
src: ossec-authd.service
|
|
dest: /lib/systemd/system/ossec-authd.service
|
|
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- wazuh-manager
|
|
- wazuh-api
|
|
- ossec-authd
|