125 lines
3.4 KiB
YAML
125 lines
3.4 KiB
YAML
---
|
|
# tasks file for wazuh-manager
|
|
- name: Install the correct repository
|
|
include: "RedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Install the correct repository
|
|
include: "Debian.yml"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
|
|
- name: Generate SSL files
|
|
command: "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:1825 -keyout sslmanager.key -out sslmanager.cert -subj /CN={{ossec_server_fqdn}}/"
|
|
args:
|
|
creates: sslmanager.cert
|
|
chdir: /var/ossec/etc/
|
|
tags:
|
|
- config
|
|
|
|
- name: Installing the local_rules.xml (default local_rules.xml)
|
|
template: src=var-ossec-rules-local_rules.xml.j2
|
|
dest=/var/ossec/etc/rules/local_rules.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Installing the local_decoder.xml
|
|
template: src=var-ossec-rules-local_decoder.xml.j2
|
|
dest=/var/ossec/etc/decoders/local_decoder.xml
|
|
owner=root
|
|
group=ossec
|
|
mode=0640
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
- rules
|
|
|
|
- name: Check if client-syslog is enabled
|
|
shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
|
|
register: csyslog_running
|
|
changed_when: False
|
|
|
|
- name: Enable client-syslog if not running and ossec_server_config.syslog_outputs is given
|
|
command: /var/ossec/bin/ossec-control enable client-syslog
|
|
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
|
|
|
|
- name: Start client-syslog if not running and ossec_server_config.syslog_outputs is given
|
|
command: /var/ossec/bin/ossec-control start client-syslog
|
|
when: csyslog_running.stdout == '0' and ossec_server_config.syslog_outputs is defined
|
|
|
|
- name: Set ossec deploy facts for Debian
|
|
set_fact:
|
|
ossec_server_config_filename: ossec.conf
|
|
ossec_init_name: ossec
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Configure ossec.conf
|
|
template: src=var-ossec-etc-ossec-server.conf.j2
|
|
dest=/var/ossec/etc/ossec.conf
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
notify: restart wazuh-manager
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Write ossec-authd init file
|
|
template: src=ossec-authd-init.service
|
|
dest=/etc/init.d/ossec-authd
|
|
owner=root
|
|
group=root
|
|
mode=0755
|
|
when: ansible_service_mgr == "upstart" and ansible_os_family != "CoreOS"
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Write ossec-authd systemd file
|
|
template:
|
|
src: ossec-authd.service
|
|
dest: /lib/systemd/system/ossec-authd.service
|
|
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: Import secret variable file
|
|
include_vars: "api-user.yml"
|
|
no_log: true
|
|
|
|
- name: Wazuh-api User
|
|
copy:
|
|
content: "{{user}}"
|
|
dest: "/var/ossec/api/configuration/auth/user"
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
no_log: true
|
|
notify: restart wazuh-api
|
|
|
|
- name: Ensure Wazuh Manager, wazuh api and ossec-authd service is started and enabled
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- wazuh-manager
|
|
- wazuh-api
|
|
- ossec-authd
|
|
|
|
- name: Remove the correct repository
|
|
include: "RMRedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Remove the correct repository
|
|
include: "RMDebian.yml"
|
|
when: ansible_os_family == "Debian"
|