afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7cce8e9490
wazuh-ansible-4.8.1/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
singuliere 7cce8e9490
make agent registration delegate_to configurable 
Registering to the API requires the port 55000 of the wazuh manager is
open. Depending on the firewall policy, it may be true from the
ansible controller, reason why it was delegated to localhost in the
original implementation at 6cb6d3bda8

The role should be more flexible and allow for the API call to be made
from the ansible controller or the host.

Implementation note: although it would be more elegant to use omit
instead of inventory_hostname, it is not possible because of an
ansible bug at this time https://github.com/ansible/ansible/issues/26009

Fixes: https://github.com/wazuh/wazuh-ansible/issues/126

Signed-off-by: singuliere <singuliere@autistici.org>
2019-01-10 17:24:23 +01:00

150 lines
3.9 KiB
YAML
Raw Blame History

---
wazuh_managers:
- address: 127.0.0.1
port: 1514
protocol: tcp
api_port: 55000
api_proto: 'http'
api_user: null
wazuh_api_reachable_from_agent: false
wazuh_profile: null
wazuh_auto_restart: 'yes'
wazuh_agent_authd:
enable: false
port: 1515
ssl_agent_ca: null
ssl_agent_cert: null
ssl_agent_key: null
ssl_auto_negotiate: 'no'
wazuh_notify_time: '10'
wazuh_time_reconnect: '60'
wazuh_crypto_method: 'aes'
wazuh_winagent_config:
install_dir: 'C:\wazuh-agent\'
version: '3.7.0'
revision: '1'
repo: https://packages.wazuh.com/3.x/windows/
md5: 43936e7bc7eb51bd186f47dac4a6f477
wazuh_agent_config:
active_response:
ar_disabled: 'no'
ca_store: '/var/ossec/etc/wpk_root.pem'
ca_verification: 'yes'
log_format: 'plain'
client_buffer:
disable: 'no'
queue_size: '5000'
events_per_sec: '500'
syscheck:
frequency: 43200
scan_on_start: 'yes'
auto_ignore: 'no'
alert_new_files: 'yes'
remove_old_diff: 'yes'
restart_audit: 'yes'
skip_nfs: 'yes'
ignore:
- /etc/mtab
#- /etc/mnttab
- /etc/hosts.deny
- /etc/mail/statistics
- /etc/random-seed
- /etc/random.seed
- /etc/adjtime
- /etc/httpd/logs
- /etc/utmpx
- /etc/wtmpx
- /etc/cups/certs
- /etc/dumpdates
- /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
no_diff:
- /etc/ssl/private.key
directories:
- dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"'
- dirs: /bin,/sbin
checks: 'check_all="yes"'
windows_registry:
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
arch: 'both'
- key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
rootcheck:
frequency: 43200
openscap:
disable: 'no'
timeout: 1800
interval: '1d'
scan_on_start: 'yes'
osquery:
disable: 'yes'
run_daemon: 'yes'
log_path: '/var/log/osquery/osqueryd.results.log'
config_path: '/etc/osquery/osquery.conf'
ad_labels: 'yes'
syscollector:
disable: 'no'
interval: '1h'
scan_on_start: 'yes'
hardware: 'yes'
os: 'yes'
network: 'yes'
packages: 'yes'
ports_no: 'yes'
processes: 'yes'
cis_cat:
disable: 'yes'
install_java: 'yes'
timeout: 1800
interval: '1d'
scan_on_start: 'yes'
java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
ciscat_path: '/var/ossec/wodles/ciscat'
content:
- type: 'xccdf'
path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
vuls:
disable: 'yes'
interval: '1d'
run_on_start: 'yes'
args:
- 'mincvss 5'
- 'antiquity-limit 20'
- 'updatenvd'
- 'nvd-year 2016'
- 'autoupdate'
localfiles:
debian:
- format: 'syslog'
location: '/var/log/auth.log'
- format: 'syslog'
location: '/var/log/syslog'
- format: 'syslog'
location: '/var/log/dpkg.log'
- format: 'syslog'
location: '/var/log/kern.log'
centos:
- format: 'syslog'
location: '/var/log/messages'
- format: 'syslog'
location: '/var/log/secure'
- format: 'syslog'
location: '/var/log/maillog'
- format: 'audit'
location: '/var/log/audit/audit.log'
common:
- format: 'syslog'
location: '/var/ossec/logs/active-responses.log'
- format: 'command'
command: 'df -P'
frequency: '360'
- format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
alias: 'netstat listening ports'
frequency: '360'
- format: 'full_command'
command: 'last -n 20'
frequency: '360'
Reference in New Issue View Git Blame Copy Permalink