Andrés Felipe Marulanda Hernández
eaa5d47ecf
Se corrige la linea 25, el problema era la apertura y cierre de las "{{ }}"
127 lines
6.8 KiB
YAML
127 lines
6.8 KiB
YAML
---
|
|
- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
- acl
|
|
state: present
|
|
cache_valid_time: 3600
|
|
install_recommends: false
|
|
register: wazuh_manager_https_packages_installed
|
|
until: wazuh_manager_https_packages_installed is succeeded
|
|
|
|
- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)
|
|
become: true
|
|
shell: |
|
|
set -o pipefail
|
|
curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add -
|
|
args:
|
|
warn: false
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Download Wazuh repository key
|
|
get_url:
|
|
url: "{{ wazuh_manager_config.repo.gpg }}"
|
|
dest: "{{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Import Wazuh GPG key
|
|
command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_manager_config.repo.keyring_path }} --import {{ wazuh_manager_config.repo.path }}"
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
args:
|
|
creates: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
|
|
- name: Debian/Ubuntu | Set permissions for Wazuh GPG key
|
|
file:
|
|
path: "{{ wazuh_manager_config.repo.keyring_path }}"
|
|
mode: '0644'
|
|
when:
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Add Wazuh repositories
|
|
apt_repository:
|
|
filename: wazuh_repo
|
|
repo: "{{ wazuh_manager_config.repo.apt }}"
|
|
state: present
|
|
update_cache: true
|
|
changed_when: false
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
|
|
set_fact:
|
|
cis_distribution_filename: cis_debian_linux_rcl.txt
|
|
|
|
- name: Debian/Ubuntu | Install OpenJDK-8 repo
|
|
apt_repository:
|
|
repo: 'ppa:openjdk-r/ppa'
|
|
state: present
|
|
update_cache: true
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
|
|
|
|
- when:
|
|
- wazuh_manager_config.cis_cat.disable == 'no'
|
|
- wazuh_manager_config.cis_cat.install_java == 'yes'
|
|
block:
|
|
- name: Debian/Ubuntu | Install OpenJDK 1.8
|
|
apt: name=openjdk-8-jre state=present cache_valid_time=3600
|
|
tags:
|
|
- init
|
|
|
|
- name: Debian/Ubuntu | Install OpenScap
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ openscap_packages }}"
|
|
when: wazuh_agent_config.openscap.disable == 'no'
|
|
tags:
|
|
- init
|
|
register: wazuh_agent_OpenScap_package_install
|
|
until: wazuh_agent_OpenScap_package_install is succeeded
|
|
vars:
|
|
openscap_packages: "{{(ansible_distribution_version is version('24.04', '>=')) | ternary(['openscap-scanner', 'xsltproc'], ['libopenscap8', 'xsltproc']) }}"
|
|
|
|
- name: Debian/Ubuntu | Get OpenScap installed version
|
|
shell: "dpkg-query --showformat='${Version}' --show {{ openscap_package_name }}"
|
|
register: openscap_version
|
|
changed_when: false
|
|
when: wazuh_agent_config.openscap.disable == 'no'
|
|
vars:
|
|
openscap_package_name: "{{ (ansible_distribution_version is version('24.04', '>=')) | ternary('openscap-scanner', 'libopenscap8') }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Check OpenScap version
|
|
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
|
|
when: wazuh_manager_config.openscap.disable == 'no'
|
|
register: openscap_version_valid
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
|
|
- name: Debian/Ubuntu | Install wazuh-manager
|
|
apt:
|
|
name:
|
|
- "wazuh-manager={{ wazuh_manager_version }}-*"
|
|
state: present
|
|
tags: init
|
|
when:
|
|
- not wazuh_custom_packages_installation_manager_enabled
|
|
|
|
- include_tasks: "installation_from_custom_packages.yml"
|
|
when:
|
|
- wazuh_custom_packages_installation_manager_enabled
|