137 lines
5.2 KiB
YAML
137 lines
5.2 KiB
YAML
---
|
|
- name: macOS | Check architecture
|
|
command: "/usr/bin/uname -m"
|
|
register: uname_result
|
|
|
|
- name: macOS | Set architecture variable
|
|
set_fact:
|
|
macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"
|
|
|
|
- name: macOS | Set package name and URL based on architecture
|
|
set_fact:
|
|
wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
|
|
wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"
|
|
|
|
- name: macOS | Check if Wazuh installer is already downloaded
|
|
stat:
|
|
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
|
|
register: wazuh_package_downloaded
|
|
|
|
- name: macOS | Download Wazuh Agent package
|
|
get_url:
|
|
url: "{{ wazuh_macos_package_url }}"
|
|
dest: "{{ wazuh_macos_config.download_dir }}"
|
|
register: download_result
|
|
when:
|
|
- not wazuh_package_downloaded.stat.exists
|
|
|
|
- name: macOS | Check if Wazuh Agent is already installed
|
|
stat:
|
|
path: "{{ wazuh_macos_config.install_dir }}"
|
|
register: wazuh_installed
|
|
|
|
- name: macOS | Install Agent if not already installed
|
|
command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
|
|
register: install_result
|
|
|
|
- name: macOS | Check if client.keys exists
|
|
stat:
|
|
path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys"
|
|
register: client_keys_file
|
|
tags:
|
|
- config
|
|
|
|
- name: macOS | Agent registration via authd
|
|
block:
|
|
|
|
- name: Copy CA root certificate to verify authd
|
|
copy:
|
|
src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
|
|
dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
|
|
mode: 0644
|
|
when:
|
|
- wazuh_agent_authd.ssl_agent_ca is not none
|
|
|
|
- name: Copy TLS/SSL certificate for agent verification
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ item | basename }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
|
|
- "{{ wazuh_agent_authd.ssl_agent_key }}"
|
|
when:
|
|
- wazuh_agent_authd.ssl_agent_cert is not none
|
|
- wazuh_agent_authd.ssl_agent_key is not none
|
|
- name: macOS | Register agent (via authd)
|
|
shell: >
|
|
{{ wazuh_macos_config.install_dir }}/bin/agent-auth
|
|
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
|
|
-A {{ wazuh_agent_authd.agent_name }}
|
|
{% endif %}
|
|
-m {{ wazuh_agent_authd.registration_address }}
|
|
-p {{ wazuh_agent_authd.port }}
|
|
{% if wazuh_agent_nat %} -I "any" {% endif %}
|
|
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
|
|
{% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
|
|
-v "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
|
|
{% endif %}
|
|
{% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %}
|
|
-x "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
|
|
{% endif %}
|
|
{% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %}
|
|
-k "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
|
|
{% endif %}
|
|
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
|
|
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
|
|
-G "{{ wazuh_agent_authd.groups | join(',') }}"
|
|
{% endif %}
|
|
register: agent_auth_output
|
|
notify: macOS | Restart Wazuh Agent
|
|
vars:
|
|
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
|
|
when:
|
|
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
|
|
- wazuh_agent_authd.registration_address is not none
|
|
|
|
- name: macOS | Verify agent registration
|
|
shell: >
|
|
sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
|
|
when:
|
|
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
|
|
- wazuh_agent_authd.registration_address is not none
|
|
when:
|
|
- wazuh_agent_authd.enable | bool
|
|
- wazuh_agent_config.enrollment.enabled != 'yes'
|
|
tags:
|
|
- config
|
|
- authd
|
|
|
|
- name: macOS | Installing agent configuration (ossec.conf)
|
|
template:
|
|
src: var-ossec-etc-ossec-agent.conf.j2
|
|
dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf"
|
|
owner: root
|
|
group: wazuh
|
|
mode: 0644
|
|
notify: macOS | Restart Wazuh Agent
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: macOS | Installing local_internal_options.conf
|
|
template:
|
|
src: var-ossec-etc-local-internal-options.conf.j2
|
|
dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf"
|
|
owner: root
|
|
group: wazuh
|
|
mode: 0640
|
|
notify: macOS | Restart Wazuh Agent
|
|
tags:
|
|
- init
|
|
- config
|
|
|
|
- name: macOS | Delete downloaded Wazuh agent installer file
|
|
file:
|
|
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
|
|
state: absent |