132 lines
4.1 KiB
YAML
132 lines
4.1 KiB
YAML
---
|
|
- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
- acl
|
|
state: present
|
|
cache_valid_time: 3600
|
|
install_recommends: false
|
|
register: wazuh_manager_https_packages_installed
|
|
until: wazuh_manager_https_packages_installed is succeeded
|
|
|
|
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
|
|
become: true
|
|
shell: |
|
|
set -o pipefail
|
|
curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add -
|
|
args:
|
|
warn: false
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Download Wazuh repository key
|
|
get_url:
|
|
url: "{{ wazuh_manager_config.repo.gpg }}"
|
|
dest: "{{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Import Wazuh GPG key
|
|
command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
args:
|
|
creates: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
|
|
- name: Debian/Ubuntu | Set permissions for Wazuh GPG key
|
|
file:
|
|
path: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
mode: '0644'
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Add Wazuh repositories
|
|
apt_repository:
|
|
filename: wazuh_repo
|
|
repo: "{{ wazuh_manager_config.repo.apt }}"
|
|
state: present
|
|
update_cache: true
|
|
changed_when: false
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
|
|
set_fact:
|
|
cis_distribution_filename: cis_debian_linux_rcl.txt
|
|
|
|
- name: Debian/Ubuntu | Install OpenJDK-8 repo
|
|
apt_repository:
|
|
repo: 'ppa:openjdk-r/ppa'
|
|
state: present
|
|
update_cache: true
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- when:
|
|
- wazuh_manager_config.cis_cat.disable == 'no'
|
|
- wazuh_manager_config.cis_cat.install_java == 'yes'
|
|
block:
|
|
- name: Debian/Ubuntu | Install OpenJDK 1.8
|
|
apt: name=openjdk-8-jre state=present cache_valid_time=3600
|
|
tags:
|
|
- init
|
|
|
|
- name: Debian/Ubuntu | Install OpenSCAP
|
|
apt:
|
|
name:
|
|
- "{{ 'openscap-scanner' if ansible_distribution_version >= '24.04' else 'libopenscap8' }}"
|
|
- xsltproc
|
|
state: present
|
|
cache_valid_time: 3600
|
|
update_cache: yes
|
|
install_recommends: false
|
|
register: wazuh_manager_openscap_installed
|
|
until: wazuh_manager_openscap_installed is succeeded
|
|
retries: 3
|
|
delay: 10
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
tags:
|
|
- init
|
|
|
|
- name: Debian/Ubuntu | Get OpenSCAP installed version
|
|
shell: "dpkg-query --showformat='${Version}' --show {{ 'openscap-scanner' if ansible_distribution_version >= '24.04' else 'libopenscap8' }}"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
register: openscap_version
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Check if OpenSCAP version is >= 1.2
|
|
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
|
|
when:
|
|
- wazuh_manager_config.openscap.disable == 'no'
|
|
- openscap_version.stdout != "Not Installed"
|
|
register: openscap_version_valid
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Install wazuh-manager
|
|
apt:
|
|
name:
|
|
- "wazuh-manager={{ wazuh_manager_version }}-*"
|
|
state: present
|
|
tags: init
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- include_tasks: "installation_from_custom_packages.yml"
|
|
when:
|
|
- wazuh_custom_packages_installation_manager_enabled
|
|
|