a263a27e0c
* ossec-authd now could be configured from ossec.conf. * Switching from generating the SSL certs and using a CA. * Adding authd password template (intended to be used with vault).
208 lines
5.5 KiB
YAML
208 lines
5.5 KiB
YAML
---
|
|
- include: "RedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- include: "Debian.yml"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Install wazuh-manager, wazuh-api and expect
|
|
package: pkg={{ item }} state=present
|
|
with_items:
|
|
- wazuh-manager
|
|
- wazuh-api
|
|
- expect
|
|
tags:
|
|
- init
|
|
|
|
- name: Generate SSL files for authd
|
|
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{wazuh_manager_fqdn}}/"
|
|
args:
|
|
creates: sslmanager.cert
|
|
chdir: /var/ossec/etc/
|
|
tags:
|
|
- config
|
|
when: wazuh_manager_config.authd.ssl_agent_ca is not defined
|
|
|
|
- name: Copy CA, SSL key and cert for authd
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/var/ossec/etc/{{ item | basename }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "{{ wazuh_manager_config.authd.ssl_agent_ca }}"
|
|
- "{{ wazuh_manager_config.authd.ssl_manager_cert }}"
|
|
- "{{ wazuh_manager_config.authd.ssl_manager_key }}"
|
|
tags:
|
|
- config
|
|
when: wazuh_manager_config.authd.ssl_agent_ca is defined
|
|
|
|
- name: Installing the local_rules.xml (default local_rules.xml)
|
|
template: src=var-ossec-rules-local_rules.xml.j2
|
|
dest=/var/ossec/etc/rules/local_rules.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Installing the local_decoder.xml
|
|
template: src=var-ossec-rules-local_decoder.xml.j2
|
|
dest=/var/ossec/etc/decoders/local_decoder.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Configure the shared-agent.conf
|
|
template: src=var-ossec-etc-shared-agent.conf.j2
|
|
dest=/var/ossec/etc/shared/agent.conf
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Check if client-syslog is enabled
|
|
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
|
|
register: csyslog_running
|
|
changed_when: False
|
|
|
|
- name: Enable client-syslog
|
|
command: /var/ossec/bin/ossec-control enable client-syslog
|
|
when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
|
|
|
|
- name: Start client-syslog
|
|
command: /var/ossec/bin/ossec-control start client-syslog
|
|
when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
|
|
|
|
- name: Check if ossec-agentlessd is enabled
|
|
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo"
|
|
register: agentless_running
|
|
changed_when: False
|
|
|
|
- name: Enable ossec-agentlessd
|
|
command: /var/ossec/bin/ossec-control enable agentless
|
|
when: agentless_running.stdout == '0' and agentless_creeds is defined
|
|
|
|
- name: Start ossec-agentlessd
|
|
command: /var/ossec/bin/ossec-control start agentless
|
|
when: agentless_running.stdout == '0' and agentless_creeds is defined
|
|
|
|
- name: Check if ossec-authd is enabled
|
|
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-authd is running' | xargs echo"
|
|
register: authd_running
|
|
changed_when: False
|
|
|
|
- name: Enable ossec-authd
|
|
command: /var/ossec/bin/ossec-control enable auth
|
|
when:
|
|
- authd_running.stdout == '0'
|
|
- wazuh_manager_config.authd.enable == true
|
|
|
|
- name: Start ossec-authd
|
|
command: /var/ossec/bin/ossec-control start auth
|
|
when:
|
|
- authd_running.stdout == '0'
|
|
- wazuh_manager_config.authd.enable == true
|
|
|
|
- name: Retrieving authd Credentials
|
|
include_vars: authd_pass.yml
|
|
tags:
|
|
- config
|
|
|
|
- name: Retrieving Agentless Credentials
|
|
include_vars: agentless_creeds.yml
|
|
tags:
|
|
- config
|
|
|
|
- name: Retrieving Wazuh-api User Credentials
|
|
include_vars: wazuh_api_creds.yml
|
|
tags:
|
|
- config
|
|
|
|
- name: Checking alert log output settings
|
|
fail: msg="Please enable json_output or alerts_log options."
|
|
when:
|
|
- wazuh_manager_config.json_output == 'no'
|
|
- wazuh_manager_config.alerts_log == 'no'
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Configure ossec.conf
|
|
template: src=var-ossec-etc-ossec-server.conf.j2
|
|
dest=/var/ossec/etc/ossec.conf
|
|
owner=root
|
|
group=ossec
|
|
mode=0644
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Ossec-authd password
|
|
template:
|
|
src: authd_pass.j2
|
|
dest: "/var/ossec/etc/authd.pass"
|
|
owner: ossec
|
|
group: ossec
|
|
mode: 0640
|
|
no_log: true
|
|
notify: restart wazuh-manager
|
|
when:
|
|
- wazuh_manager_config.authd.use_password is defined
|
|
- wazuh_manager_config.authd.use_password == true
|
|
tags:
|
|
- config
|
|
|
|
- name: Wazuh-api User
|
|
template:
|
|
src: api_user.j2
|
|
dest: "/var/ossec/api/configuration/auth/user"
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
no_log: true
|
|
notify: restart wazuh-api
|
|
when: wazuh_api_user is defined
|
|
|
|
- name: Agentless Hosts & Passwd
|
|
template:
|
|
src: agentless.j2
|
|
dest: "/var/ossec/agentless/.passlist_tmp"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
no_log: true
|
|
when: agentless_creeds is defined
|
|
|
|
- name: Encode the secret
|
|
shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
|
|
when: agentless_creeds is defined
|
|
|
|
- name: Ensure Wazuh Manager, wazuh api service is started and enabled
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- wazuh-manager
|
|
- wazuh-api
|
|
tags:
|
|
- config
|
|
|
|
- include: "RMRedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- include: "RMDebian.yml"
|
|
when: ansible_os_family == "Debian"
|