afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5af556b72c
wazuh-ansible-4.8.1/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml

195 lines
6.2 KiB
YAML
Raw Blame History

---
- import_tasks: "RedHat.yml"
when: ansible_os_family == "RedHat"
- import_tasks: "Debian.yml"
when: ansible_os_family == "Debian"
- name: Linux CentOS/RedHat | Install wazuh-agent
package: name=wazuh-agent-{{ wazuh_agent_version }}-1 state=present
async: 90
poll: 30
when:
- ansible_distribution in ['CentOS','RedHat']
tags:
- init
- name: Linux Debian | Install wazuh-agent
apt:
name: "wazuh-agent={{ wazuh_agent_version }}-1"
state: present
cache_valid_time: 3600
when:
- not (ansible_distribution in ['CentOS','RedHat'])
tags:
- init
- name: Linux | Check if client.keys exists
stat: path=/var/ossec/etc/client.keys
register: check_keys
tags:
- config
- name: Linux | Agent registration via authd
block:
- name: Retrieving authd Credentials
include_vars: authd_pass.yml
- name: Copy CA, SSL key and cert for authd
copy:
src: "{{ item }}"
dest: "/var/ossec/etc/{{ item | basename }}"
mode: 0644
with_items:
- "{{ wazuh_agent_authd.ssl_agent_ca }}"
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
- "{{ wazuh_agent_authd.ssl_agent_key }}"
when:
- wazuh_agent_authd.ssl_agent_ca is not none
- name: Linux | Register agent (via authd)
shell: >
/var/ossec/bin/agent-auth
{% if wazuh_agent_authd.agent_name is not none %}-A {{ agent_name }} {% endif %}
-m {{ wazuh_managers.0.address }}
-p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_nat %}-I "any" {% endif %}
{% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
{% if wazuh_agent_authd.ssl_agent_ca is not none %}
-v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
-x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
-k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
register: agent_auth_output
vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when:
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- name: Linux | Verify agent registration
shell: echo {{ agent_auth_output }} | grep "Valid key created"
when:
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
when: wazuh_agent_authd.enable
tags:
- config
- authd
- name: Linux | Agent registration via rest-API
block:
- name: Retrieving rest-API Credentials
include_vars: api_pass.yml
- name: Linux | Create the agent key via rest-API
uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/"
validate_certs: false
method: POST
body: '{"name":"{{ agent_name }}"}'
body_format: json
status_code: 200
headers:
Content-Type: "application/json"
user: "{{ wazuh_managers.0.api_user }}"
password: "{{ api_pass }}"
register: newagent_api
# changed_when: newagent_api.json.error == 0
vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ inventory_hostname }}{% endif %}"
when:
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
become: false
ignore_errors: true
- name: Linux | Retieve new agent data via rest-API
uri:
url: "{{ wazuh_managers.0.api_proto }}://{{ wazuh_managers.0.address }}:{{ wazuh_managers.0.api_port }}/agents/{{ newagent_api.json.data.id }}"
validate_certs: false
method: GET
return_content: true
user: "{{ wazuh_managers.0.api_user }}"
password: "{{ api_pass }}"
when:
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.json.error == 0
register: newagentdata_api
delegate_to: localhost
become: false
- name: Linux | Register agent (via rest-API)
command: /var/ossec/bin/manage_agents
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ newagentdata_api.json.data.name }}'
OSSEC_AGENT_IP: '{% if wazuh_agent_nat %}any{% else %}{{ newagentdata_api.json.data.ip }}{% endif %}'
OSSEC_AGENT_ID: '{{ newagent_api.json.data.id }}'
OSSEC_AGENT_KEY: '{{ newagent_api.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
when:
- not check_keys.stat.exists or check_keys.stat.size == 0
- wazuh_managers.0.address is not none
- newagent_api.changed
notify: restart wazuh-agent
when:
- not wazuh_agent_authd.enable
tags:
- config
- api
- name: Linux | Vuls integration deploy (runs in background, can take a while)
command: /var/ossec/wodles/vuls/deploy_vuls.sh {{ ansible_distribution|lower }} {{ ansible_distribution_major_version|int }}
args:
creates: /var/ossec/wodles/vuls/config.toml
async: 3600
poll: 0
when:
- wazuh_agent_config.vuls.disable != 'yes'
- ansible_distribution in ['Redhat', 'CentOS', 'Ubuntu', 'Debian', 'Oracle']
tags:
- init
- name: Linux | Installing agent configuration (ossec.conf)
template: src=var-ossec-etc-ossec-agent.conf.j2
dest=/var/ossec/etc/ossec.conf
owner=root
group=ossec
mode=0644
notify: restart wazuh-agent
tags:
- init
- config
- name: Linux | Installing local_internal_options.conf
template: src=var-ossec-etc-local-internal-options.conf.j2
dest=/var/ossec/etc/local_internal_options.conf
owner=root
group=ossec
mode=0640
notify: restart wazuh-agent
tags:
- init
- config
- name: Linux | Ensure Wazuh Agent service is started and enabled
service:
name: wazuh-agent
enabled: true
state: started
tags: config
- import_tasks: "RMRedHat.yml"
when: ansible_os_family == "RedHat"
- import_tasks: "RMDebian.yml"
when: ansible_os_family == "Debian"
Reference in New Issue View Git Blame Copy Permalink