From 608111288f75da11f8b9f3cf4268c744bf891c67 Mon Sep 17 00:00:00 2001 From: Jesus Garcia Date: Wed, 29 Jan 2025 08:01:26 -0500 Subject: [PATCH 1/2] Add refactor for wazuh agent role and tasks configurations (rhel, debian, macos and windows) --- CHANGELOG.md | 1 + roles/vars/main.yml | 6 + roles/vars/repo.yml | 20 - roles/vars/repo_pre-release.yml | 20 - roles/vars/repo_staging.yml | 21 - roles/vars/repo_vars.yml | 1 - roles/vars/urls.yml | 7 + roles/wazuh-agent/defaults/main.yml | 377 +------------ roles/wazuh-agent/meta/main.yml | 23 - roles/wazuh-agent/tasks/Debian.yml | 127 +---- roles/wazuh-agent/tasks/Linux.yml | 336 +++--------- roles/wazuh-agent/tasks/RMDebian.yml | 6 - roles/wazuh-agent/tasks/RMRedHat.yml | 6 - roles/wazuh-agent/tasks/RedHat.yml | 73 +-- roles/wazuh-agent/tasks/Windows.yml | 126 +---- .../installation_from_custom_packages.yml | 28 - roles/wazuh-agent/tasks/macOS.yml | 274 ++-------- roles/wazuh-agent/tasks/main.yml | 24 +- roles/wazuh-agent/templates/authd_pass.j2 | 1 - ...r-ossec-etc-local-internal-options.conf.j2 | 16 - .../var-ossec-etc-ossec-agent.conf.j2 | 500 ------------------ 21 files changed, 203 insertions(+), 1790 deletions(-) create mode 100644 roles/vars/main.yml delete mode 100644 roles/vars/repo.yml delete mode 100644 roles/vars/repo_pre-release.yml delete mode 100644 roles/vars/repo_staging.yml delete mode 100644 roles/vars/repo_vars.yml create mode 100644 roles/vars/urls.yml delete mode 100644 roles/wazuh-agent/meta/main.yml delete mode 100644 roles/wazuh-agent/tasks/RMDebian.yml delete mode 100644 roles/wazuh-agent/tasks/RMRedHat.yml delete mode 100644 roles/wazuh-agent/tasks/installation_from_custom_packages.yml delete mode 100644 roles/wazuh-agent/templates/authd_pass.j2 delete mode 100644 roles/wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 delete mode 100644 roles/wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 772804599..593c6350c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file. - Update AWS credentials actions in GHA workflows to use 'v4' instead of 'v3' ([#1492](https://github.com/wazuh/wazuh-ansible/pull/1492)) \- (Workflows) - Refactor Ansible playbook for Wazuh agent ([#1492](https://github.com/wazuh/wazuh-ansible/pull/1492)) +- Refactor of the wazuh-agent ansible role ([#1517](https://github.com/wazuh/wazuh-ansible/pull/1517)) ## Deleted diff --git a/roles/vars/main.yml b/roles/vars/main.yml new file mode 100644 index 000000000..a6ab0da60 --- /dev/null +++ b/roles/vars/main.yml @@ -0,0 +1,6 @@ +wazuh_full_version: 5.0.0 +wazuh_major_minor_version: "5.0" +wazuh_major_version: "5.x" +wazuh_package_revision: 1 + +urls_file: "urls.yml" diff --git a/roles/vars/repo.yml b/roles/vars/repo.yml deleted file mode 100644 index d6e6ad1a7..000000000 --- a/roles/vars/repo.yml +++ /dev/null @@ -1,20 +0,0 @@ -wazuh_repo: - keyring_path: '/usr/share/keyrings/wazuh.gpg' - apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/5.x/apt/ stable main' - yum: 'https://packages.wazuh.com/5.x/yum/' - gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - path: '/tmp/WAZUH-GPG-KEY' -wazuh_winagent_config_url: "https://packages.wazuh.com/5.x/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_sha512_url: "https://packages.wazuh.com/5.x/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" -filebeat_module_package_url: https://packages.wazuh.com/5.x/filebeat - -wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" -wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" -wazuh_macos_intel_package_url: "https://packages.wazuh.com/5.x/macos/{{ wazuh_macos_intel_package_name }}" -wazuh_macos_arm_package_url: "https://packages.wazuh.com/5.x/macos/{{ wazuh_macos_arm_package_name }}" - -certs_gen_tool_version: "5.0" - -# Url of certificates generator tool -certs_gen_tool_url: "https://packages.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" diff --git a/roles/vars/repo_pre-release.yml b/roles/vars/repo_pre-release.yml deleted file mode 100644 index b8d5bbbd5..000000000 --- a/roles/vars/repo_pre-release.yml +++ /dev/null @@ -1,20 +0,0 @@ -wazuh_repo: - keyring_path: '/usr/share/keyrings/wazuh.gpg' - apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main' - yum: 'https://packages-dev.wazuh.com/pre-release/yum/' - gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' - path: '/tmp/WAZUH-GPG-KEY' -wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" -filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat - -wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" -wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" -wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/pre-release/{{ wazuh_macos_intel_package_name }}" -wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}" - -certs_gen_tool_version: "5.0" - -# Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" diff --git a/roles/vars/repo_staging.yml b/roles/vars/repo_staging.yml deleted file mode 100644 index 68e66d786..000000000 --- a/roles/vars/repo_staging.yml +++ /dev/null @@ -1,21 +0,0 @@ -wazuh_repo: - keyring_path: '/usr/share/keyrings/wazuh.gpg' - apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main' - yum: 'https://packages-dev.wazuh.com/staging/yum/' - gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' - path: '/tmp/WAZUH-GPG-KEY' -wazuh_winagent_config_url: "https://packages-dev.wazuh.com/staging/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/staging/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" -check_sha512: False -filebeat_module_package_url: https://packages-dev.wazuh.com/staging/filebeat - -wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" -wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" -wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_intel_package_name }}" -wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/staging/macos/{{ wazuh_macos_arm_package_name }}" - -certs_gen_tool_version: "5.0" - -# Url of certificates generator tool -certs_gen_tool_url: "https://packages-dev.wazuh.com/{{ certs_gen_tool_version }}/wazuh-certs-tool.sh" diff --git a/roles/vars/repo_vars.yml b/roles/vars/repo_vars.yml deleted file mode 100644 index 53157764f..000000000 --- a/roles/vars/repo_vars.yml +++ /dev/null @@ -1 +0,0 @@ -packages_repository: production \ No newline at end of file diff --git a/roles/vars/urls.yml b/roles/vars/urls.yml new file mode 100644 index 000000000..b7fc6f6ac --- /dev/null +++ b/roles/vars/urls.yml @@ -0,0 +1,7 @@ +wazuh_agent_url_amd64_deb: "" +wazuh_agent_url_arm64_deb: "" +wazuh_agent_url_amd64_rpm: "" +wazuh_agent_url_arm64_rpm: "" +wazuh_agent_url_amd64_macos: "" +wazuh_agent_url_arm64_macos: "" +wazuh_agent_url_win: "" \ No newline at end of file diff --git a/roles/wazuh-agent/defaults/main.yml b/roles/wazuh-agent/defaults/main.yml index 3adcb2063..cc184ceb9 100644 --- a/roles/wazuh-agent/defaults/main.yml +++ b/roles/wazuh-agent/defaults/main.yml @@ -1,376 +1,5 @@ --- -wazuh_agent_version: 5.0.0 -# Custom packages installation - -wazuh_custom_packages_installation_agent_enabled: false -wazuh_custom_packages_installation_agent_deb_url: "" -wazuh_custom_packages_installation_agent_rpm_url: "" - -wazuh_agent_yum_lock_timeout: 30 - -# We recommend the use of ansible-vault to protect Wazuh, api, agentless and authd credentials. -api_pass: wazuh -authd_pass: '' - -wazuh_api_reachable_from_agent: yes -wazuh_profile_centos: 'centos, centos7, centos7.6' -wazuh_profile_ubuntu: 'ubuntu, ubuntu18, ubuntu18.04' -wazuh_profile_macos: 'darwin, darwin21, darwin21.1' -wazuh_auto_restart: 'yes' - -wazuh_notify_time: '10' -wazuh_time_reconnect: '60' -wazuh_crypto_method: 'aes' -wazuh_winagent_config: - download_dir: C:\ - install_dir: C:\Program Files\ossec-agent\ - install_dir_x86: C:\Program Files (x86)\ossec-agent\ - auth_path: C:\Program Files\ossec-agent\agent-auth.exe - # Adding quotes to auth_path_x86 since win_shell outputs error otherwise - auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe - check_sha512: True - -# macOS deployment -wazuh_macos_config: - download_dir: /tmp/ - install_dir: /Library/Ossec/ - -wazuh_dir: "/var/ossec" - -# This is deprecated, see: wazuh_agent_address -wazuh_agent_nat: false - -########################################## -### Wazuh -########################################## - -wazuh_agent_nolog_sensible: yes -wazuh_agent_config_overlay: yes - -# This is a middle ground between breaking existing uses of wazuh_agent_nat -# and allow working with agents having several network interfaces -wazuh_agent_address: '{{ "any" if wazuh_agent_nat else ansible_default_ipv4.address }}' - -# List of managers. The first one with register variable declared *and* set to true -# is the one used to register the agent. Otherwise, the first one in the list will be used. -wazuh_managers: - - address: 127.0.0.1 - port: 1514 - protocol: tcp - api_port: 55000 - api_proto: https - api_user: wazuh - max_retries: 5 - retry_interval: 5 - register: yes - -## Authentication Method: Enrollment section (5.x) - -# For more information see: -# * https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#enrollment - -wazuh_agent_enrollment: - enabled: 'yes' - manager_address: '' - port: 1515 - agent_name: '' - groups: '' - agent_address: '' - ssl_ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - server_ca_path: '' - agent_certificate_path: '' - agent_key_path: '' - authorization_pass_path: "{{ wazuh_dir }}/etc/authd.pass" - authorization_pass_path_macos: "/etc/authd.pass" - auto_method: 'no' - delay_after_enrollment: 20 - use_source_ip: 'no' - -## Authentication Method: invoking agent-auth - -# For more information see: -# * https://documentation.wazuh.com/current/user-manual/registering/password-authorization-registration.html - -wazuh_agent_authd: - registration_address: 127.0.0.1 - enable: false - port: 1515 - agent_name: null - groups: [] - ssl_agent_ca: null - ssl_agent_cert: null - ssl_agent_key: null - ssl_auto_negotiate: 'no' - -## Authentication Method: REST API - -# For more information see: -# * https://documentation.wazuh.com/current/user-manual/registering/restful-api-registration.html -wazuh_agent_api_validate: yes - -## Client buffer -wazuh_agent_client_buffer: - disable: 'no' - queue_size: '5000' - events_per_sec: '500' - -## Rootcheck -wazuh_agent_rootcheck: - frequency: 43200 - -## Wodles -wazuh_agent_openscap: - disable: 'yes' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - -wazuh_agent_cis_cat: - disable: 'yes' - install_java: 'no' - timeout: 1800 - interval: '1d' - scan_on_start: 'yes' - java_path: 'wodles/java' - java_path_win: '\\server\jre\bin\java.exe' - ciscat_path: 'wodles/ciscat' - ciscat_path_win: 'C:\cis-cat' - -wazuh_agent_osquery: - disable: 'yes' - run_daemon: 'yes' - bin_path_win: 'C:\Program Files\osquery\osqueryd' - log_path: '/var/log/osquery/osqueryd.results.log' - log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log' - config_path: '/etc/osquery/osquery.conf' - config_path_win: 'C:\Program Files\osquery\osquery.conf' - add_labels: 'yes' - -wazuh_agent_syscollector: - disable: 'no' - interval: '1h' - scan_on_start: 'yes' - hardware: 'yes' - os: 'yes' - network: 'yes' - packages: 'yes' - ports_no: 'yes' - processes: 'yes' - -## SCA -wazuh_agent_sca: - enabled: 'yes' - scan_on_start: 'yes' - interval: '12h' - skip_nfs: 'yes' - day: '' - wday: '' - time: '' - -## Syscheck -wazuh_agent_syscheck: - frequency: 43200 - scan_on_start: 'yes' - auto_ignore: 'no' - win_audit_interval: 60 - skip_nfs: 'yes' - skip_dev: 'yes' - skip_proc: 'yes' - skip_sys: 'yes' - process_priority: 10 - max_eps: 100 - sync_enabled: 'yes' - sync_interval: '5m' - sync_max_interval: '1h' - sync_max_eps: 10 - ignore: - - /etc/mtab - - /etc/hosts.deny - - /etc/mail/statistics - - /etc/random-seed - - /etc/random.seed - - /etc/adjtime - - /etc/httpd/logs - - /etc/utmpx - - /etc/wtmpx - - /etc/cups/certs - - /etc/dumpdates - - /etc/svc/volatile - ignore_linux_type: - - '.log$|.swp$' - ignore_win: - - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$' - no_diff: - - /etc/ssl/private.key - directories: - - dirs: /etc,/usr/bin,/usr/sbin - checks: '' - - dirs: /bin,/sbin,/boot - checks: '' - macos_directories: - - dirs: /etc,/usr/bin,/usr/sbin - checks: '' - - dirs: /bin,/sbin - checks: '' - win_directories: - - dirs: '%WINDIR%' - checks: 'recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$"' - - dirs: '%WINDIR%\SysNative' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$| - net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$" - - dirs: '%WINDIR%\SysNative\drivers\etc%' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\SysNative\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\SysNative' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%WINDIR%\System32' - checks: >- - recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$| - netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$" - - dirs: '%WINDIR%\System32\drivers\etc' - checks: 'recursion_level="0"' - - dirs: '%WINDIR%\System32\wbem' - checks: 'recursion_level="0" restrict="WMIC.exe$"' - - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0' - checks: 'recursion_level="0" restrict="powershell.exe$"' - - dirs: '%WINDIR%\System32' - checks: 'recursion_level="0" restrict="winrm.vbs$"' - - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup' - checks: 'realtime="yes"' - windows_registry: - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder' - - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Security' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs' - - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx' - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' - arch: "both" - - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components' - arch: "both" - windows_registry_ignore: - - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets' - - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users' - - key: '\Enum$' - type: "sregex" - -## Localfile -wazuh_agent_localfiles: - debian: - - format: 'syslog' - location: '/var/log/auth.log' - - format: 'syslog' - location: '/var/log/syslog' - - format: 'syslog' - location: '/var/log/dpkg.log' - - format: 'syslog' - location: '/var/log/kern.log' - centos: - - format: 'syslog' - location: '/var/log/messages' - - format: 'syslog' - location: '/var/log/secure' - - format: 'syslog' - location: '/var/log/maillog' - - format: 'audit' - location: '/var/log/audit/audit.log' - linux: - - format: 'syslog' - location: "{{ wazuh_dir }}/logs/active-responses.log" - - format: 'full_command' - command: 'last -n 20' - frequency: '360' - - format: 'command' - command: df -P - frequency: '360' - - format: 'full_command' - command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - alias: 'netstat listening ports' - frequency: '360' - macos: - - format: 'full_command' - command: netstat -an | awk '{if ((/^(tcp|udp)/) && ($4 != "*.*") && ($5 == "*.*")) {print $1" "$4" "$5}}' | sort -u - alias: 'netstat listening ports' - frequency: '360' - - format: 'macos' - location: 'macos' - query: - type: 'trace,log,activity' - level: 'info' - value: (process == "sudo") or (process == "sessionlogoutd" and message contains "logout is complete.") or (process == "sshd") or (process == "tccd" and message contains "Update Access Record") or (message contains "SessionAgentNotificationCenter") or (process == "screensharingd" and message contains "Authentication") or (process == "securityd" and eventMessage contains "Session" and subsystem == "com.apple.securityd") - windows: - - format: 'eventlog' - location: 'Application' - - format: 'eventchannel' - location: 'Security' - query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]' - - format: 'eventlog' - location: 'System' - - format: 'syslog' - location: 'active-response\active-responses.log' - -## Labels -wazuh_agent_labels: - enable: false - list: - - key: Env - value: Production - -## Active response -wazuh_agent_active_response: - ar_disabled: 'no' - ca_store: "{{ wazuh_dir }}/etc/wpk_root.pem" - ca_store_win: 'wpk_root.pem' - ca_store_macos: 'etc/wpk_root.pem' - ca_verification: 'yes' - -## Logging -wazuh_agent_log_format: 'plain' - -# wazuh_agent_config -wazuh_agent_config_defaults: - repo: '{{ wazuh_repo }}' - active_response: '{{ wazuh_agent_active_response }}' - log_format: '{{ wazuh_agent_log_format }}' - client_buffer: '{{ wazuh_agent_client_buffer }}' - syscheck: '{{ wazuh_agent_syscheck }}' - - rootcheck: '{{ wazuh_agent_rootcheck }}' - openscap: '{{ wazuh_agent_openscap }}' - - osquery: '{{ wazuh_agent_osquery }}' - syscollector: '{{ wazuh_agent_syscollector }}' - sca: '{{ wazuh_agent_sca }}' - cis_cat: '{{ wazuh_agent_cis_cat }}' - localfiles: '{{ wazuh_agent_localfiles }}' - - labels: '{{ wazuh_agent_labels }}' - enrollment: '{{ wazuh_agent_enrollment }}' +wazuh_agent_package_download_path: "/tmp/wazuh-agent" +wazuh_agent_win_package_download_path: "C:\\Temp\\wazuh-agent" +wazuh_agent_package_name: "wazuh-agent-package" diff --git a/roles/wazuh-agent/meta/main.yml b/roles/wazuh-agent/meta/main.yml deleted file mode 100644 index 7cd460c47..000000000 --- a/roles/wazuh-agent/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -galaxy_info: - author: Wazuh - description: Installing, deploying and configuring Wazuh Agent. - company: wazuh.com - license: license (GPLv3) - min_ansible_version: 2.0 - platforms: - - name: EL - versions: - - all - - name: Ubuntu - versions: - - all - - name: Debian - versions: - - all - - name: Fedora - versions: - - all - galaxy_tags: - - monitoring -dependencies: [] diff --git a/roles/wazuh-agent/tasks/Debian.yml b/roles/wazuh-agent/tasks/Debian.yml index 479d340d9..f4aeae865 100644 --- a/roles/wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh-agent/tasks/Debian.yml @@ -1,122 +1,17 @@ --- -- name: Update apt-get repo and cache - apt: - update_cache: yes - force_apt_get: yes - cache_valid_time: 3600 -- name: Debian/Ubuntu | Install ca-certificates and gnupg - apt: - name: - - ca-certificates - - gnupg - state: present - register: wazuh_agent_ca_package_install - until: wazuh_agent_ca_package_install is succeeded - -- name: Debian/Ubuntu | Install apt-transport-https and acl - apt: - name: - - apt-transport-https - - acl - state: present - register: wazuh_agent_ca_package_install - until: wazuh_agent_ca_package_install is succeeded - when: not (ansible_distribution == "Debian" and ansible_distribution_major_version in ['11']) - -- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14) - become: true - shell: | - set -o pipefail - curl -s {{ wazuh_agent_config.repo.gpg }} | apt-key add - - args: - # warn: false - executable: /bin/bash - changed_when: false - when: - - ansible_distribution == "Ubuntu" - - ansible_distribution_major_version | int == 14 - - not wazuh_custom_packages_installation_agent_enabled - -- name: Debian/Ubuntu | Download Wazuh repository key +- name: Linux Debian (AMD64) | Download wazuh-agent package get_url: - url: "{{ wazuh_agent_config.repo.gpg }}" - dest: "{{ wazuh_agent_config.repo.path }}" - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_custom_packages_installation_agent_enabled - -- name: Debian/Ubuntu | Import Wazuh GPG key - command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_agent_config.repo.keyring_path }} --import {{ wazuh_agent_config.repo.path }}" - when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_custom_packages_installation_agent_enabled - args: - creates: "{{ wazuh_agent_config.repo.keyring_path }}" - -- name: Debian/Ubuntu | Set permissions for Wazuh GPG key - file: - path: "{{ wazuh_agent_config.repo.keyring_path }}" - mode: '0644' + url: "{{ wazuh_agent_url_amd64_deb }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" when: - - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - - not wazuh_custom_packages_installation_agent_enabled + - ansible_os_family|lower != "redhat" + - ansible_architecture == "x86_64" -- name: Debian/Ubuntu | Add Wazuh repositories - apt_repository: - filename: wazuh_repo - repo: "{{ wazuh_agent_config.repo.apt }}" - state: present - update_cache: true - when: - - not wazuh_custom_packages_installation_agent_enabled - -- name: Debian/Ubuntu | Set Distribution CIS filename for debian - set_fact: - cis_distribution_filename: cis_debian_linux_rcl.txt - when: ansible_os_family == "Debian" - -- name: Debian/Ubuntu | Install OpenJDK-8 repo - apt_repository: - repo: 'ppa:openjdk-r/ppa' - state: present - update_cache: true +- name: Linux Debian (ARM64) | Download wazuh-agent package + get_url: + url: "{{ wazuh_agent_url_arm64_deb }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14) - -- when: - - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' - block: - - name: Debian/Ubuntu | Install OpenJDK 1.8 - apt: name=openjdk-8-jre state=present cache_valid_time=3600 - tags: - - init - -- name: Debian/Ubuntu | Install OpenScap - apt: - name: - - libopenscap8 - - xsltproc - state: present - when: wazuh_agent_config.openscap.disable == 'no' - tags: - - init - register: wazuh_agent_OpenScap_package_install - until: wazuh_agent_OpenScap_package_install is succeeded - -- name: Debian/Ubuntu | Get OpenScap installed version - shell: "dpkg-query --showformat='${Version}' --show libopenscap8" - register: openscap_version - changed_when: false - when: wazuh_agent_config.openscap.disable == 'no' - tags: - - config - -- name: Debian/Ubuntu | Check OpenScap version - shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?" - register: openscap_version_valid - changed_when: false - when: wazuh_agent_config.openscap.disable == 'no' - tags: - - config + - ansible_os_family|lower != "redhat" + - ansible_architecture == "aarch64" diff --git a/roles/wazuh-agent/tasks/Linux.yml b/roles/wazuh-agent/tasks/Linux.yml index 64ac34001..720b940d0 100644 --- a/roles/wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh-agent/tasks/Linux.yml @@ -1,271 +1,99 @@ --- + +- name: Linux | Create directory for wazuh-agent package + ansible.builtin.file: + path: "{{ wazuh_agent_package_download_path }}" + state: directory + mode: '0755' + +# Download package tasks + - include_tasks: "RedHat.yml" when: ansible_os_family == "RedHat" - include_tasks: "Debian.yml" when: ansible_os_family == "Debian" -- include_tasks: "installation_from_custom_packages.yml" - when: - - wazuh_custom_packages_installation_agent_enabled +# Installation tasks + +- name: Linux | Create file for storing Wazuh Server IPs in environment variable(s) + ansible.builtin.copy: + dest: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" + content: "" + mode: '0644' -- name: Linux CentOS/RedHat | Install wazuh-agent +- name: Linux | Handle Wazuh Server IPs + block: + - name: Linux | Create environment variable for Wazuh Server IP [1/3] (Cluster failover mode) + ansible.builtin.lineinfile: + path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" + line: "WAZUH_MANAGER=\"{{ wazuh_server_addresses | join(',') }}\"" + create: yes + state: present + when: wazuh_server_addresses | length > 1 + + - name: Linux | Create environment variable for Wazuh Server IP [2/3] (Cluster failover mode) + ansible.builtin.lineinfile: + path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" + line: "WAZUH_REGISTRATION_SERVER=\"{{ wazuh_server_addresses[0] }}\"" + create: yes + state: present + when: wazuh_server_addresses | length > 1 + + - name: Linux | Create environment variable for Wazuh Server IP [3/3] (Single server mode) + ansible.builtin.lineinfile: + path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" + line: "WAZUH_MANAGER=\"{{ wazuh_server_addresses[0] }}\"" + create: yes + state: present + when: wazuh_server_addresses | length == 1 + +- name: Reload environment variables + shell: | + source {{ wazuh_agent_package_download_path }}/wazuh-agent-addresses + args: + executable: /bin/bash + +- name: Linux CentOS/RedHat | Install wazuh-agent using yum yum: - name: wazuh-agent-{{ wazuh_agent_version }} + name: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" state: present - lock_timeout: '{{ wazuh_agent_yum_lock_timeout }}' + disable_gpg_check: yes when: - ansible_os_family|lower == "redhat" - - not wazuh_custom_packages_installation_agent_enabled - tags: - - init -- name: Linux Debian | Install wazuh-agent - apt: - name: "wazuh-agent={{ wazuh_agent_version }}-*" - state: present - cache_valid_time: 3600 +- name: Linux Debian | Install wazuh-agent using dpkg + shell: | + dpkg -i {{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }} when: - ansible_os_family|lower != "redhat" - - not wazuh_custom_packages_installation_agent_enabled - - not ansible_check_mode - tags: - - init -- name: Linux | Check if client.keys exists - stat: - path: "{{ wazuh_dir }}/etc/client.keys" - register: client_keys_file - tags: - - config - -- name: Linux | Agent registration via authd +- name: Linux | Start and enable Wazuh Agent service block: - - - name: Copy CA root certificate to verify authd - copy: - src: "{{ wazuh_agent_authd.ssl_agent_ca }}" - dest: "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" - mode: 0644 - when: - - wazuh_agent_authd.ssl_agent_ca is not none - - - name: Copy TLS/SSL certificate for agent verification - copy: - src: "{{ item }}" - dest: "{{ wazuh_dir }}/etc/{{ item | basename }}" - mode: 0644 - with_items: - - "{{ wazuh_agent_authd.ssl_agent_cert }}" - - "{{ wazuh_agent_authd.ssl_agent_key }}" - when: - - wazuh_agent_authd.ssl_agent_cert is not none - - wazuh_agent_authd.ssl_agent_key is not none - - - name: Linux | Register agent (via authd) - shell: > - {{ wazuh_dir }}/bin/agent-auth - {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} - -A {{ wazuh_agent_authd.agent_name }} - {% endif %} - -m {{ wazuh_agent_authd.registration_address }} - -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %} -I "any" {% endif %} - {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} - {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %} - -v "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}" - {% endif %} - {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %} - -x "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}" - {% endif %} - {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %} - -k "{{ wazuh_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}" - {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} - -G "{{ wazuh_agent_authd.groups | join(',') }}" - {% endif %} - register: agent_auth_output - notify: restart wazuh-agent - vars: - agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" - when: - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - - wazuh_agent_authd.registration_address is not none - - - name: Linux | Verify agent registration - shell: echo {{ agent_auth_output }} | grep "Valid key received" - when: - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - - wazuh_agent_authd.registration_address is not none - - when: - - wazuh_agent_authd.enable | bool - - wazuh_agent_config.enrollment.enabled != 'yes' - tags: - - config - - authd - -- name: Linux | Agent registration via rest-API - block: - - - name: Establish target Wazuh Manager for registration task - set_fact: - target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}' - vars: - manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}" - manager_fallback: "{{ wazuh_managers | list }}" - - - name: Linux | Obtain JWT Token - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' - method: POST - url_username: '{{ target_manager.api_user }}' - url_password: '{{ api_pass }}' - status_code: 200 - return_content: yes - force_basic_auth: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - changed_when: api_jwt_result.json.error == 0 - register: api_jwt_result - become: no - tags: - - config - - api - - - name: Linux | Create the agent key via rest-API - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents' - method: POST - body_format: json - body: - name: '{{ agent_name }}' - ip: '{{ wazuh_agent_address }}' - force_time: 1 - headers: - Authorization: 'Bearer {{ jwt_token }}' - status_code: 200 - return_content: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - become: no - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - changed_when: api_agent_post.json.error == 0 - register: api_agent_post - vars: - agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' - jwt_token: '{{ api_jwt_result.json.data.token }}' - tags: - - config - - api - - - name: Linux | Validate registered agent key matches manager record - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key' - method: GET - headers: - Authorization: 'Bearer {{ jwt_token }}' - status_code: 200 - return_content: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - become: no - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - register: api_agent_validation - vars: - agent_id: '{{ api_agent_post.json.data.id }}' - agent_key: '{{ api_agent_post.json.data.key }}' - jwt_token: '{{ api_jwt_result.json.data.token }}' - failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key - when: - - wazuh_agent_api_validate | bool - - api_agent_post.json.error == 0 - tags: - - config - - api - - - name: Linux | Import Key (via rest-API) - command: "{{ wazuh_dir }}/bin/manage_agents" - environment: - OSSEC_ACTION: i - OSSEC_AGENT_NAME: '{{ agent_name }}' - OSSEC_AGENT_IP: '{{ wazuh_agent_address }}' - OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}' - OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}' - OSSEC_ACTION_CONFIRMED: y - register: manage_agents_output - vars: - agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' - notify: restart wazuh-agent - when: - - not ( wazuh_agent_authd.enable | bool ) - - wazuh_agent_config.enrollment.enabled != 'yes' - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - tags: - - config - - api - -- name: Linux | Agent registration via auto-enrollment - debug: - msg: Agent registration will be performed through enrollment option in templated ossec.conf - when: wazuh_agent_config.enrollment.enabled == 'yes' - -- name: Linux | Ensure group "wazuh" exists - ansible.builtin.group: - name: wazuh - state: present - -- name: Linux | Installing agent configuration (ossec.conf) - template: - src: var-ossec-etc-ossec-agent.conf.j2 - dest: "{{ wazuh_dir }}/etc/ossec.conf" - owner: root - group: wazuh - mode: 0644 - notify: restart wazuh-agent - tags: - - init - - config - -- name: Linux | Installing local_internal_options.conf - template: - src: var-ossec-etc-local-internal-options.conf.j2 - dest: "{{ wazuh_dir }}/etc/local_internal_options.conf" - owner: root - group: wazuh - mode: 0640 - notify: restart wazuh-agent - tags: - - init - - config - -- name: Create auto-enrollment password file - template: - src: authd_pass.j2 - dest: "{{ wazuh_dir }}/etc/authd.pass" - owner: wazuh - group: wazuh - mode: 0640 - when: - - wazuh_agent_config.enrollment.enabled == 'yes' - - wazuh_agent_config.enrollment.authorization_pass_path | length > 0 - - authd_pass | length > 0 - tags: - - config - -- name: Linux | Ensure Wazuh Agent service is started and enabled - service: - name: wazuh-agent - enabled: true - state: started - tags: config - -- include_tasks: "RMRedHat.yml" - when: - - ansible_os_family == "RedHat" - -- include_tasks: "RMDebian.yml" - when: - - ansible_os_family == "Debian" + - name: Linux | Reload systemd daemon + ansible.builtin.command: + cmd: systemctl daemon-reload + + - name: Linux | Ensure Wazuh Agent service is stopped [1/3] + service: + name: wazuh-agent + state: stopped + ignore_errors: yes + + - name: Linux | Ensure Wazuh Agent service is disabled [2/3] + service: + name: wazuh-agent + enabled: false + ignore_errors: yes + + - name: Linux | Ensure Wazuh Agent service is started and enabled [3/3] + service: + name: wazuh-agent + enabled: true + state: started + +- name: Linux | Remove leftover wazuh-agent installation directory + ansible.builtin.file: + path: "{{ wazuh_agent_package_download_path }}" + state: absent + recurse: yes diff --git a/roles/wazuh-agent/tasks/RMDebian.yml b/roles/wazuh-agent/tasks/RMDebian.yml deleted file mode 100644 index 9999a7d38..000000000 --- a/roles/wazuh-agent/tasks/RMDebian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Remove Wazuh repository (and clean up left-over metadata) - apt_repository: - repo: "{{ wazuh_agent_config.repo.apt }}" - state: absent - changed_when: false diff --git a/roles/wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh-agent/tasks/RMRedHat.yml deleted file mode 100644 index 32bc6fce4..000000000 --- a/roles/wazuh-agent/tasks/RMRedHat.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Remove Wazuh repository (and clean up left-over metadata) - yum_repository: - name: wazuh_repo - state: absent - changed_when: false diff --git a/roles/wazuh-agent/tasks/RedHat.yml b/roles/wazuh-agent/tasks/RedHat.yml index 5c053542b..04384d76f 100644 --- a/roles/wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh-agent/tasks/RedHat.yml @@ -1,66 +1,17 @@ --- -- name: RedHat/CentOS 5 | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}5/" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}-5" - gpgcheck: true - changed_when: false - when: - - (ansible_facts['os_family']|lower == 'redhat') and (ansible_distribution|lower != 'amazon') - - (ansible_distribution_major_version|int <= 5) - - not wazuh_custom_packages_installation_agent_enabled - register: repo_v5_installed - -- name: RedHat/CentOS/Fedora | Install Wazuh repo - yum_repository: - name: wazuh_repo - description: Wazuh repository - baseurl: "{{ wazuh_agent_config.repo.yum }}" - gpgkey: "{{ wazuh_agent_config.repo.gpg }}" - gpgcheck: true - changed_when: false - when: - - repo_v5_installed is skipped - - not wazuh_custom_packages_installation_agent_enabled - -- name: RedHat/CentOS/Fedora | Install OpenJDK 1.8 - yum: name=java-1.8.0-openjdk state=present - when: - - wazuh_agent_config.cis_cat.disable == 'no' - - wazuh_agent_config.cis_cat.install_java == 'yes' - tags: - - init - -- name: Set Distribution CIS filename for RHEL5 - set_fact: - cis_distribution_filename: cis_rhel5_linux_rcl.txt - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5" -- name: Set Distribution CIS filename for RHEL6 - set_fact: - cis_distribution_filename: cis_rhel6_linux_rcl.txt - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6" - -- name: Set Distribution CIS filename for RHEL7 - set_fact: - cis_distribution_filename: cis_rhel7_linux_rcl.txt +- name: Linux CentOS/RedHat (x86_64) | Download wazuh-agent package + get_url: + url: "{{ wazuh_agent_url_amd64_rpm }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "7" + - ansible_os_family|lower == "redhat" + - ansible_architecture == "x86_64" -- name: Set Distribution CIS filename for RHEL7 (Amazon) - set_fact: - cis_distribution_filename: cis_rhel7_linux_rcl.txt +- name: Linux CentOS/RedHat (aarch64) | Download wazuh-agent package + get_url: + url: "{{ wazuh_agent_url_arm64_rpm }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" when: - - ansible_distribution == "Amazon" - - ansible_distribution_major_version == "NA" - -- name: RedHat/CentOS/RedHat | Install openscap - package: name=openscap-scanner state=present - register: wazuh_agent_openscap_package_install - until: wazuh_agent_openscap_package_install is succeeded - when: wazuh_agent_config.openscap.disable == 'no' - tags: - - init + - ansible_os_family|lower == "redhat" + - ansible_architecture == "aarch64" diff --git a/roles/wazuh-agent/tasks/Windows.yml b/roles/wazuh-agent/tasks/Windows.yml index f312253df..9635551c8 100644 --- a/roles/wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh-agent/tasks/Windows.yml @@ -1,114 +1,36 @@ --- -- name: Windows | Check if Program Files (x86) exists - win_stat: - path: C:\Program Files (x86) - register: check_path -- name: Windows | Set Win Path (x86) - set_fact: - wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir_x86 }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path_x86 }}" - when: - - check_path.stat.exists - -- name: Windows | Set Win Path (x64) - set_fact: - wazuh_agent_win_path: "{{ wazuh_winagent_config.install_dir }}" - wazuh_agent_win_auth_path: "{{ wazuh_winagent_config.auth_path }}" - when: - - not check_path.stat.exists - -- name: Windows | Check if Wazuh installer is already downloaded - win_stat: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - register: wazuh_package_downloaded - -- name: Windows | Download Wazuh Agent package - win_get_url: - url: "{{ wazuh_winagent_config_url }}" - dest: "{{ wazuh_winagent_config.download_dir }}" - when: - - not wazuh_package_downloaded.stat.exists +- name: Windows | Ensure Wazuh agent download directory exists + win_file: + path: "{{ wazuh_agent_win_package_download_path }}" + state: directory -- name: Windows | Download SHA512 checksum file +- name: Windows | Download Wazuh agent installer win_get_url: - url: "{{ wazuh_winagent_sha512_url }}" - dest: "{{ wazuh_winagent_config.download_dir }}" - when: - - wazuh_winagent_config.check_sha512 - -- name: Extract checksum from SHA512 file - win_shell: Get-Content "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" | ForEach-Object { $_.Split(' ')[0] } - register: extracted_checksum - when: - - wazuh_winagent_config.check_sha512 - -- name: Windows | Verify the Wazuh Agent installer - win_stat: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - get_checksum: true - checksum_algorithm: sha512 - register: wazuh_agent_status - failed_when: - - wazuh_agent_status.stat.checksum != extracted_checksum.stdout_lines[0] - when: - - wazuh_winagent_config.check_sha512 + url: "{{ wazuh_agent_url_win }}" + dest: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi" -- name: Windows | Install Agent if not already installed +- name: Windows | Install Wazuh agent (Single server mode) win_package: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" + path: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi" + arguments: '/q WAZUH_MANAGER="{{ wazuh_server_addresses[0] }}"' state: present + when: wazuh_server_addresses | length == 1 -- name: Windows | Check if client.keys exists - win_stat: - path: "{{ wazuh_agent_win_path }}client.keys" - register: check_windows_key - tags: - - config - -- name: Windows | Register agent - win_shell: > - {{ wazuh_agent_win_auth_path }} - -m {{ wazuh_agent_authd.registration_address }} - -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_authd.agent_name is not none %}-A {{ wazuh_agent_authd.agent_name }} {% endif %} - {% if authd_pass | length > 0 %} -P {{ authd_pass }}{% endif %} - register: agent_auth_output - notify: Windows | Restart Wazuh Agent - when: - - wazuh_agent_authd.enable | bool - - not check_windows_key.stat.exists or check_windows_key.stat.size == 0 - - wazuh_agent_authd.registration_address is not none - tags: - - config - -- name: Windows | Check if ossec folder is accessible - win_file: - path: "{{ wazuh_agent_win_path }}" - state: directory - -- name: Windows | Installing agent configuration (ossec.conf) - template: # noqa 208 - src: var-ossec-etc-ossec-agent.conf.j2 - dest: "{{ wazuh_agent_win_path }}ossec.conf" - notify: Windows | Restart Wazuh Agent - tags: - - config - -- name: Windows | Installing local_internal_options.conf - template: - src: var-ossec-etc-local-internal-options.conf.j2 - dest: "{{ wazuh_agent_win_path }}local_internal_options.conf" - notify: Windows | Restart Wazuh Agent - tags: - - config +- name: Windows | Install Wazuh agent (Cluster failover mode) + win_package: + path: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi" + arguments: "/q WAZUH_MANAGER=\"{{ wazuh_server_addresses | join(',') }}\" WAZUH_REGISTRATION_SERVER=\"{{ wazuh_server_addresses[0] }}\"" + state: present + when: wazuh_server_addresses | length > 1 -- name: Windows | Delete downloaded Wazuh agent installer file - win_file: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}" - state: absent +- name: Windows | Start Wazuh agent service + win_service: + name: Wazuh + start_mode: auto + state: started -- name: Windows | Delete downloaded checksum file +- name: Windows | Delete Wazuh agent download directory win_file: - path: "{{ wazuh_winagent_config.download_dir }}{{ wazuh_winagent_package_name }}.sha512" + path: "{{ wazuh_agent_win_package_download_path }}" state: absent diff --git a/roles/wazuh-agent/tasks/installation_from_custom_packages.yml b/roles/wazuh-agent/tasks/installation_from_custom_packages.yml deleted file mode 100644 index aa50004f6..000000000 --- a/roles/wazuh-agent/tasks/installation_from_custom_packages.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - - name: Install Wazuh Agent from .deb packages - apt: - deb: "{{ wazuh_custom_packages_installation_agent_deb_url }}" - state: present - when: - - ansible_os_family|lower == "debian" - - wazuh_custom_packages_installation_agent_enabled - - - name: Install Wazuh Agent from .rpm packages | yum - yum: - name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" - state: present - when: - - ansible_os_family|lower == "redhat" - - wazuh_custom_packages_installation_agent_enabled - - not (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") - - not (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") - - - name: Install Wazuh Agent from .rpm packages | dnf - dnf: - name: "{{ wazuh_custom_packages_installation_agent_rpm_url }}" - state: present - when: - - ansible_os_family|lower == "redhat" - - wazuh_custom_packages_installation_agent_enabled - - (ansible_distribution|lower == "centos" and ansible_distribution_major_version >= "8") or - (ansible_distribution|lower == "redhat" and ansible_distribution_major_version >= "8") \ No newline at end of file diff --git a/roles/wazuh-agent/tasks/macOS.yml b/roles/wazuh-agent/tasks/macOS.yml index 9c1f6ce74..ef1889e0e 100644 --- a/roles/wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh-agent/tasks/macOS.yml @@ -1,231 +1,61 @@ --- -- name: macOS | Check architecture - command: "/usr/bin/uname -m" - register: uname_result -- name: macOS | Set architecture variable - set_fact: - macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}" +- name: MacOS | Create directory for Wazuh agent package + ansible.builtin.file: + path: "{{ wazuh_agent_package_download_path }}" + state: directory + mode: '0755' -- name: macOS | Set package name and URL based on architecture - set_fact: - wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}" - wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}" - -- name: macOS | Check if Wazuh installer is already downloaded - stat: - path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" - register: wazuh_package_downloaded - -- name: macOS | Download Wazuh Agent package +- name: MacOS (Intel) | Download Wazuh agent package get_url: - url: "{{ wazuh_macos_package_url }}" - dest: "{{ wazuh_macos_config.download_dir }}" - register: download_result + url: "{{ wazuh_agent_url_amd64_macos }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}.pkg" when: - - not wazuh_package_downloaded.stat.exists - -- name: macOS | Check if Wazuh Agent is already installed - stat: - path: "{{ wazuh_macos_config.install_dir }}" - register: wazuh_installed - -- name: macOS | Install Agent if not already installed - command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /" - register: install_result - -- name: macOS | Check if client.keys exists - stat: - path: "{{ wazuh_macos_config.install_dir }}/etc/client.keys" - register: client_keys_file - tags: - - config - -- name: macOS | Agent registration via authd - block: - - name: macOS | Register agent (via authd) - shell: > - {{ wazuh_macos_config.install_dir }}/bin/agent-auth - {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %} - -A {{ wazuh_agent_authd.agent_name }} - {% endif %} - -m {{ wazuh_agent_authd.registration_address }} - -p {{ wazuh_agent_authd.port }} - {% if wazuh_agent_nat %} -I "any" {% endif %} - {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %} - {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %} - {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %} - -G "{{ wazuh_agent_authd.groups | join(',') }}" - {% endif %} - register: agent_auth_output - notify: macOS | Restart Wazuh Agent - vars: - agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}" - when: - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - - wazuh_agent_authd.registration_address is not none + - ansible_architecture == "x86_64" - - name: macOS | Verify agent registration - shell: > - sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'" - when: - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - - wazuh_agent_authd.registration_address is not none +- name: MacOS (ARM) | Download Wazuh agent package + get_url: + url: "{{ wazuh_agent_url_arm64_macos }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}.pkg" when: - - wazuh_agent_authd.enable | bool - - wazuh_agent_config.enrollment.enabled != 'yes' - tags: - - config - - authd + - ansible_architecture == "aarch64" -- name: macOS | Agent registration via rest-API +- name: MacOS | Set deployment variables for Wazuh agent enrollment block: - - - name: macOS | Establish target Wazuh Manager for registration task - set_fact: - target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}' - vars: - manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}" - manager_fallback: "{{ wazuh_managers | list }}" - - - name: macOS | Obtain JWT Token - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate' - method: POST - url_username: '{{ target_manager.api_user }}' - url_password: '{{ api_pass }}' - status_code: 200 - return_content: yes - force_basic_auth: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - changed_when: api_jwt_result.json.error == 0 - register: api_jwt_result - become: no - tags: - - config - - api - - - name: macOS | Create the agent key via rest-API - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents' - method: POST - body_format: json - body: - name: '{{ agent_name }}' - headers: - Authorization: 'Bearer {{ jwt_token }}' - status_code: 200 - return_content: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - become: no - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - changed_when: api_agent_post.json.error == 0 - register: api_agent_post - vars: - agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' - jwt_token: '{{ api_jwt_result.json.data.token }}' - tags: - - config - - api - - - name: macOS | Validate registered agent key matches manager record - uri: - url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key' - method: GET - headers: - Authorization: 'Bearer {{ jwt_token }}' - status_code: 200 - return_content: yes - validate_certs: '{{ target_manager.validate_certs | default(false) }}' - become: no - no_log: '{{ wazuh_agent_nolog_sensible | bool }}' - delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}' - register: api_agent_validation - vars: - agent_id: '{{ api_agent_post.json.data.id }}' - agent_key: '{{ api_agent_post.json.data.key }}' - jwt_token: '{{ api_jwt_result.json.data.token }}' - failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key - when: - - wazuh_agent_api_validate | bool - - api_agent_post.json.error == 0 - tags: - - config - - api - - - name: macOS | Import Key (via rest-API) - command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents" - environment: - OSSEC_ACTION: i - OSSEC_AGENT_NAME: '{{ agent_name }}' - OSSEC_AGENT_IP: '{{ wazuh_agent_address }}' - OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}' - OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}' - OSSEC_ACTION_CONFIRMED: y - register: manage_agents_output - vars: - agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}' - notify: macOS | Restart Wazuh Agent - when: - - not ( wazuh_agent_authd.enable | bool ) - - wazuh_agent_config.enrollment.enabled != 'yes' - - not client_keys_file.stat.exists or client_keys_file.stat.size == 0 - tags: - - config - - api - -- name: macOS | Agent registration via auto-enrollment - debug: - msg: Agent registration will be performed through enrollment option in templated ossec.conf - when: wazuh_agent_config.enrollment.enabled == 'yes' - -- name: macOS | Ensure group "wazuh" exists - ansible.builtin.group: - name: wazuh - state: present - -- name: macOS | Installing agent configuration (ossec.conf) - template: - src: var-ossec-etc-ossec-agent.conf.j2 - dest: "{{ wazuh_macos_config.install_dir }}/etc/ossec.conf" - owner: root - group: wazuh - mode: 0644 - notify: macOS | Restart Wazuh Agent - tags: - - init - - config - -- name: macOS | Installing local_internal_options.conf - template: - src: var-ossec-etc-local-internal-options.conf.j2 - dest: "{{ wazuh_macos_config.install_dir }}/etc/local_internal_options.conf" - owner: root - group: wazuh - mode: 0640 - notify: macOS | Restart Wazuh Agent - tags: - - init - - config - -- name: Create auto-enrollment password file - template: - src: authd_pass.j2 - dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass" - owner: wazuh - group: wazuh - mode: 0640 - when: - - wazuh_agent_config.enrollment.enabled == 'yes' - - wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0 - - authd_pass | length > 0 - tags: - - config - -- name: macOS | Delete downloaded Wazuh agent installer file - file: - path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}" - state: absent \ No newline at end of file + - name: MacOS | Ensure file for storing deployment variable(s) exists + ansible.builtin.file: + path: "/tmp/wazuh_envs" + state: touch + mode: '0644' + + - name: MacOS | Set deployment variables for Wazuh agent enrollment (Cluster failover mode) + ansible.builtin.lineinfile: + path: "/tmp/wazuh_envs" + line: "WAZUH_MANAGER='{{ wazuh_server_addresses | join(',') }}' && WAZUH_REGISTRATION_SERVER='{{ wazuh_server_addresses[0] }}'" + create: yes + state: present + when: wazuh_server_addresses | length > 1 + + - name: MacOS | Set deployment variables for Wazuh agent enrollment (Single server mode) + ansible.builtin.lineinfile: + path: "/tmp/wazuh_envs" + line: "WAZUH_MANAGER='{{ wazuh_server_addresses[0] }}'" + create: yes + state: present + when: wazuh_server_addresses | length == 1 + +- name: MacOS | Install Wazuh agent using installer + command: "installer -pkg {{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}.pkg -target /" + +- name: MacOS | Initialize Wazuh agent service + command: "launchctl load /Library/LaunchDaemons/com.wazuh.agent.plist" + +- name: MacOS | Pause for 10 seconds while Wazuh agent service initializes + pause: + seconds: 10 + +- name: MacOS | Verify Wazuh agent service is running + shell: "launchctl list | grep com.wazuh.agent" + register: wazuh_agent_service_status + failed_when: "'com.wazuh.agent' not in wazuh_agent_service_status.stdout" + changed_when: false diff --git a/roles/wazuh-agent/tasks/main.yml b/roles/wazuh-agent/tasks/main.yml index 26c27817b..198d22b3f 100644 --- a/roles/wazuh-agent/tasks/main.yml +++ b/roles/wazuh-agent/tasks/main.yml @@ -1,28 +1,14 @@ --- -- include_vars: ../../vars/repo_vars.yml +- include_vars: ../../vars/main.yml -- include_vars: ../../vars/repo.yml - when: packages_repository == 'production' +- include_vars: ../../vars/{{ urls_file }} -- include_vars: ../../vars/repo_pre-release.yml - when: packages_repository == 'pre-release' - -- include_vars: ../../vars/repo_staging.yml - when: packages_repository == 'staging' - -- name: Overlay wazuh_agent_config on top of defaults - set_fact: - wazuh_agent_config: '{{ wazuh_agent_config_defaults | combine(config_layer, recursive=True) }}' - vars: - config_layer: '{{ wazuh_agent_config | default({}) }}' - when: wazuh_agent_config_overlay | bool +- include_tasks: "Linux.yml" + when: ansible_system == "Linux" - include_tasks: "Windows.yml" when: ansible_os_family == "Windows" -- include_tasks: "Linux.yml" - when: ansible_system == "Linux" - - include_tasks: "macOS.yml" - when: ansible_system == "Darwin" \ No newline at end of file + when: ansible_system == "Darwin" diff --git a/roles/wazuh-agent/templates/authd_pass.j2 b/roles/wazuh-agent/templates/authd_pass.j2 deleted file mode 100644 index 97a481f24..000000000 --- a/roles/wazuh-agent/templates/authd_pass.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ authd_pass }} \ No newline at end of file diff --git a/roles/wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 b/roles/wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 deleted file mode 100644 index 81979e595..000000000 --- a/roles/wazuh-agent/templates/var-ossec-etc-local-internal-options.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -# local_internal_options.conf -# -# This file should be handled with care. It contains -# run time modifications that can affect the use -# of OSSEC. Only change it if you know what you -# are doing. Look first at ossec.conf -# for most of the things you want to change. -# -# This file will not be overwritten during upgrades. - -# This is the template of Ansible for the file local_internal_options.conf -# In this file you could include the configuration settings for your agents - -# Logcollector - If it should accept remote commands from the manager -logcollector.remote_commands=1 - diff --git a/roles/wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 deleted file mode 100644 index 99fd93f93..000000000 --- a/roles/wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 +++ /dev/null @@ -1,500 +0,0 @@ -#jinja2: lstrip_blocks: True - - - - - - {% for manager in wazuh_managers %} - -
{{ manager.address }}
- {% if manager.port is defined %} - {{ manager.port }} - {% endif %} - {% if manager.protocol is defined %} - {{ manager.protocol }} - {% endif %} - {% if manager.max_retries is defined and manager.retry_interval is defined %} - {{ manager.max_retries }} - {{ manager.retry_interval }} - {% endif %} - - {% endfor %} - {% if wazuh_profile_centos is not none or wazuh_profile_ubuntu is not none %} - {% if ansible_distribution == 'CentOS' %} - {{ wazuh_profile_centos }} - {% elif ansible_distribution == "Ubuntu" %} - {{ wazuh_profile_ubuntu }} - {% endif %} - {% endif %} - {% if ansible_system == "Darwin" %} - {{ wazuh_profile_macos }} - {% endif %} - {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %} - {{ wazuh_notify_time }} - {{ wazuh_time_reconnect }} - {% endif %} - {{ wazuh_auto_restart }} - {{ wazuh_crypto_method }} - - {% if wazuh_agent_config.enrollment.enabled == 'yes' %} - - {{ wazuh_agent_config.enrollment.enabled }} - {% if wazuh_agent_config.enrollment.manager_address | length > 0 %} - {{ wazuh_agent_config.enrollment.manager_address }} - {% endif %} - {% if wazuh_agent_config.enrollment.agent_name | length > 0 %} - {{ wazuh_agent_config.enrollment.agent_name }} - {% endif %} - {% if wazuh_agent_config.enrollment.port is defined > 0 %} - {{ wazuh_agent_config.enrollment.port }} - {% endif %} - {% if wazuh_agent_config.enrollment.groups | length > 0 %} - {{ wazuh_agent_config.enrollment.groups }} - {% endif %} - {% if wazuh_agent_config.enrollment.agent_address | length > 0 %} - {{ wazuh_agent_config.enrollment.agent_address }} - {% endif %} - {% if wazuh_agent_config.enrollment.server_ca_path | length > 0 %} - {{ wazuh_agent_config.enrollment.server_ca_path }} - {% endif %} - {% if wazuh_agent_config.enrollment.agent_certificate_path | length > 0 %} - {{ wazuh_agent_config.enrollment.agent_certificate_path }} - {% endif %} - {% if wazuh_agent_config.enrollment.agent_key_path | length > 0 %} - {{ wazuh_agent_config.enrollment.agent_key_path }} - {% endif %} - {% if wazuh_agent_config.enrollment.authorization_pass_path | length > 0 and ansible_system != "Darwin" %} - {{ wazuh_agent_config.enrollment.authorization_pass_path }} - {% else %} - {{ wazuh_agent_config.enrollment.authorization_pass_path_macos }} - {% endif %} - {% if wazuh_agent_config.enrollment.auto_method | length > 0 %} - {{ wazuh_agent_config.enrollment.auto_method }} - {% endif %} - {% if wazuh_agent_config.enrollment.delay_after_enrollment is defined > 0 %} - {{ wazuh_agent_config.enrollment.delay_after_enrollment }} - {% endif %} - {% if wazuh_agent_config.enrollment.use_source_ip | length > 0 %} - {{ wazuh_agent_config.enrollment.use_source_ip }} - {% endif %} - - {% endif %} - - - - - - {{ wazuh_agent_config.client_buffer.disable }} - {{ wazuh_agent_config.client_buffer.queue_size }} - {{ wazuh_agent_config.client_buffer.events_per_sec }} - - - {% if wazuh_agent_config.rootcheck is defined %} - - no - {% if ansible_system == "Linux" or ansible_system == "Darwin" %} - yes - yes - yes - yes - yes - yes - yes - - - {{ wazuh_agent_config.rootcheck.frequency }} - - {% if ansible_system == "Darwin" %} - etc/shared/rootkit_files.txt - etc/shared/rootkit_trojans.txt - {% else %} - {{ wazuh_dir }}/etc/shared/rootkit_files.txt - {{ wazuh_dir }}/etc/shared/rootkit_trojans.txt - {% endif %} - yes - {% endif %} - {% if ansible_os_family == "Windows" %} - ./shared/win_applications_rcl.txt - ./shared/win_malware_rcl.txt - {% endif %} - - - - {% endif %} - - - {% if ansible_system == "Linux" and wazuh_agent_config.openscap.disable == 'no' %} - - {{ wazuh_agent_config.openscap.disable }} - {{ wazuh_agent_config.openscap.timeout }} - {{ wazuh_agent_config.openscap.interval }} - {{ wazuh_agent_config.openscap.scan_on_start }} - {% if ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' %} - - xccdf_org.ssgproject.content_profile_common - - {% elif ansible_distribution == 'Debian' %} - {% if ansible_distribution_release == 'jessie' %} - {% if openscap_version_valid.stdout == "0" %} - - xccdf_org.ssgproject.content_profile_common - - - {% endif %} - {% elif ansible_distribution_release == 'stretch' %} - - {% endif %} - {% elif ansible_distribution == 'CentOS' %} - {% if ansible_distribution_major_version == '8' %} - {# Policy not available #} - {% elif ansible_distribution_major_version == '7' %} - - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - {% elif ansible_distribution_major_version == '6' %} - - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - {% endif %} - {% elif ansible_distribution == 'RedHat' %} - {% if ansible_distribution_major_version == '8' %} - {# Policy not available #} - {% elif ansible_distribution_major_version == '7' %} - - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - {% elif ansible_distribution_major_version == '6' %} - - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - {% endif %} - {% if ansible_distribution_major_version == '7' %} - - {% elif ansible_distribution_major_version == '6' %} - - {% endif %} - {% elif ansible_distribution == 'Fedora' %} - - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_common - - {% endif %} - - {% endif %} - - {% if ansible_system != "Darwin" %} - - {{ wazuh_agent_config.cis_cat.disable }} - {{ wazuh_agent_config.cis_cat.timeout }} - {{ wazuh_agent_config.cis_cat.interval }} - {{ wazuh_agent_config.cis_cat.scan_on_start }} - {% if wazuh_agent_config.cis_cat.install_java == 'yes' and ansible_system == "Linux" %} - /usr/bin - {% elif ansible_os_family == "Windows" %} - {{ wazuh_agent_config.cis_cat.java_path_win }} - {% else %} - {{ wazuh_agent_config.cis_cat.java_path }} - {% endif %} - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %} - - {% endif %} - - - - {{ wazuh_agent_config.osquery.disable }} - {{ wazuh_agent_config.osquery.run_daemon }} - {% if ansible_os_family == "Windows" %} - {{ wazuh_agent_config.osquery.bin_path_win }} - {% endif %} - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.log_path_win }}{% else %}{{ wazuh_agent_config.osquery.log_path }}{% endif %} - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.config_path_win }}{% else %}{{ wazuh_agent_config.osquery.config_path }}{% endif %} - {{ wazuh_agent_config.osquery.add_labels }} - - - - - {{ wazuh_agent_config.syscollector.disable }} - {{ wazuh_agent_config.syscollector.interval }} - {{ wazuh_agent_config.syscollector.scan_on_start }} - {{ wazuh_agent_config.syscollector.hardware }} - {{ wazuh_agent_config.syscollector.os }} - {{ wazuh_agent_config.syscollector.network }} - {{ wazuh_agent_config.syscollector.packages }} - {{ wazuh_agent_config.syscollector.ports_no }} - {{ wazuh_agent_config.syscollector.processes }} - - - - {% if wazuh_agent_config.sca.enabled | length > 0 %} - {{ wazuh_agent_config.sca.enabled }} - {% endif %} - {% if wazuh_agent_config.sca.scan_on_start | length > 0 %} - {{ wazuh_agent_config.sca.scan_on_start }} - {% endif %} - {% if wazuh_agent_config.sca.interval | length > 0 %} - {{ wazuh_agent_config.sca.interval }} - {% endif %} - {% if wazuh_agent_config.sca.skip_nfs | length > 0 %} - yes - {% endif %} - {% if wazuh_agent_config.sca.day | length > 0 %} - {{ wazuh_agent_config.sca.day }} - {% endif %} - {% if wazuh_agent_config.sca.wday | length > 0 %} - {{ wazuh_agent_config.sca.wday }} - {% endif %} - {% if wazuh_agent_config.sca.time | length > 0 %} - - {% endif %} - - - - - {% if wazuh_agent_config.syscheck is defined %} - - no - {{ wazuh_agent_config.syscheck.frequency }} - {% if ansible_system == "Linux" or ansible_system == "Darwin" %} - {{ wazuh_agent_config.syscheck.scan_on_start }} - - {% if wazuh_agent_config.syscheck.directories is defined and ansible_system == "Linux" %} - {% for directory in wazuh_agent_config.syscheck.directories %} - {{ directory.dirs }} - {% endfor %} - {% elif ansible_system == "Darwin" %} - {% for directory in wazuh_agent_config.syscheck.macos_directories %} - {{ directory.dirs }} - {% endfor %} - {% endif %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %} - {% for directory in wazuh_agent_config.syscheck.win_directories %} - {{ directory.dirs }} - {% endfor %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.ignore is defined and (ansible_system == "Linux" or ansible_system == "Darwin") %} - {% for ignore in wazuh_agent_config.syscheck.ignore %} - {{ ignore }} - {% endfor %} - {% endif %} - - - {% if wazuh_agent_config.syscheck.ignore_linux_type is defined %} - {% for ignore in wazuh_agent_config.syscheck.ignore_linux_type %} - {{ ignore }} - {% endfor %} - {% endif %} - - {% if wazuh_agent_config.syscheck.ignore is defined and ansible_os_family == "Windows" %} - {% for ignore in wazuh_agent_config.syscheck.ignore_win %} - {{ ignore }} - {% endfor %} - {% endif %} - - {% if ansible_system == "Linux" or ansible_system == "Darwin" %} - - {% for no_diff in wazuh_agent_config.syscheck.no_diff %} - {{ no_diff }} - {% endfor %} - - {{ wazuh_agent_config.syscheck.skip_nfs }} - {{ wazuh_agent_config.syscheck.skip_dev }} - {{ wazuh_agent_config.syscheck.skip_proc }} - {{ wazuh_agent_config.syscheck.skip_sys }} - {% endif %} - - {% if ansible_os_family == "Windows" %} - {% for registry_key in wazuh_agent_config.syscheck.windows_registry %} - {% if registry_key.arch is defined %} - {{ registry_key.key }} - {% else %} - {{ registry_key.key }} - {% endif %} - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Windows" %} - {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %} - {% if registry_key.type is defined %} - {{ registry_key.key }} - {% else %} - {{ registry_key.key }} - {% endif %} - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Windows" %} - - {{ wazuh_agent_config.syscheck.win_audit_interval }} - {% endif %} - - - {{ wazuh_agent_config.syscheck.process_priority }} - - - {{ wazuh_agent_config.syscheck.max_eps }} - - - - {{ wazuh_agent_config.syscheck.sync_enabled }} - {{ wazuh_agent_config.syscheck.sync_interval }} - {{ wazuh_agent_config.syscheck.sync_max_interval }} - {{ wazuh_agent_config.syscheck.sync_max_eps }} - - - {% endif %} - - - {% if ansible_system == "Linux" %} - {% for localfile in wazuh_agent_config.localfiles.linux %} - - - {{ localfile.format }} - {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'json' %} - {% for label in localfile.label %} - - {% endfor %} - {% endif %} - {% endif %} - - {% endfor %} - - journald - journald - - {% endif %} - - {% if ansible_system == "Darwin" %} - {% for localfile in wazuh_agent_config.localfiles.macos %} - - - {{ localfile.format }} - {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'macos' %} - {{ localfile.query.value }} - {% endif %} - {% endif %} - - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Debian" %} - {% for localfile in wazuh_agent_config.localfiles.debian %} - - - {{ localfile.format }} - {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'json' %} - {% for label in localfile.label %} - - {% endfor %} - {% endif %} - {% endif %} - - {% endfor %} - {% endif %} - - {% if ansible_os_family == "RedHat" %} - {% for localfile in wazuh_agent_config.localfiles.centos %} - - - {{ localfile.format }} - {% if localfile.format == 'command' or localfile.format == 'full_command' %} - {{ localfile.command }} - {{ localfile.frequency }} - {% if localfile.alias is defined %} - {{ localfile.alias }} - {% endif %} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'json' %} - {% for label in localfile.label %} - - {% endfor %} - {% endif %} - {% endif %} - - {% endfor %} - {% endif %} - - {% if ansible_os_family == "Windows" %} - {% for localfile in wazuh_agent_config.localfiles.windows %} - - - {{ localfile.format }} - {% if localfile.format == 'eventchannel' %} - {{ localfile.location }} - {{ localfile.query}} - {% else %} - {{ localfile.location }} - {% if localfile.format == 'json' %} - {% for label in localfile.label %} - - {% endfor %} - {% endif %} - {% endif %} - - {% endfor %} - {% endif %} - -{% if wazuh_agent_config.labels.enable == true %} - - {% for label in wazuh_agent_config.labels.list %} - - {% endfor %} - -{% endif %} - - - {{ wazuh_agent_config.active_response.ar_disabled|default('no') }} - - {% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }} - {% else %} - {% if ansible_system == "Darwin" %}{{ wazuh_agent_config.active_response.ca_store_macos }} - {% else %} - {{ wazuh_agent_config.active_response.ca_store }} - {% endif %} - {% endif %} - - {{ wazuh_agent_config.active_response.ca_verification }} - - - - {{ wazuh_agent_config.log_format }} - - - From 2b7d9a6ad1eed33e366f5d3f50699849552dd573 Mon Sep 17 00:00:00 2001 From: Jesus Garcia Date: Mon, 3 Feb 2025 08:27:31 -0500 Subject: [PATCH 2/2] Improve wazuh-agent role --- roles/vars/main.yml | 4 +- roles/vars/urls.yml | 7 -- roles/wazuh-agent/defaults/main.yml | 2 +- .../files/default-wazuh-agent-conf.yml | 26 ++++++ roles/wazuh-agent/handlers/main.yml | 9 -- roles/wazuh-agent/tasks/Debian.yml | 6 +- roles/wazuh-agent/tasks/Linux.yml | 88 ++++++++++--------- roles/wazuh-agent/tasks/RedHat.yml | 6 +- roles/wazuh-agent/tasks/Windows.yml | 21 ++++- roles/wazuh-agent/tasks/macOS.yml | 54 ++++++------ 10 files changed, 124 insertions(+), 99 deletions(-) delete mode 100644 roles/vars/urls.yml create mode 100644 roles/wazuh-agent/files/default-wazuh-agent-conf.yml delete mode 100644 roles/wazuh-agent/handlers/main.yml diff --git a/roles/vars/main.yml b/roles/vars/main.yml index a6ab0da60..6c4907cdb 100644 --- a/roles/vars/main.yml +++ b/roles/vars/main.yml @@ -1,6 +1,6 @@ -wazuh_full_version: 5.0.0 +wazuh_full_version: "5.0.0" wazuh_major_minor_version: "5.0" wazuh_major_version: "5.x" -wazuh_package_revision: 1 +wazuh_package_revision: "1" urls_file: "urls.yml" diff --git a/roles/vars/urls.yml b/roles/vars/urls.yml deleted file mode 100644 index b7fc6f6ac..000000000 --- a/roles/vars/urls.yml +++ /dev/null @@ -1,7 +0,0 @@ -wazuh_agent_url_amd64_deb: "" -wazuh_agent_url_arm64_deb: "" -wazuh_agent_url_amd64_rpm: "" -wazuh_agent_url_arm64_rpm: "" -wazuh_agent_url_amd64_macos: "" -wazuh_agent_url_arm64_macos: "" -wazuh_agent_url_win: "" \ No newline at end of file diff --git a/roles/wazuh-agent/defaults/main.yml b/roles/wazuh-agent/defaults/main.yml index cc184ceb9..6d3e29425 100644 --- a/roles/wazuh-agent/defaults/main.yml +++ b/roles/wazuh-agent/defaults/main.yml @@ -2,4 +2,4 @@ wazuh_agent_package_download_path: "/tmp/wazuh-agent" wazuh_agent_win_package_download_path: "C:\\Temp\\wazuh-agent" -wazuh_agent_package_name: "wazuh-agent-package" +wazuh_agent_package_name: "wazuh-agent-{{ wazuh_full_version }}-{{ wazuh_package_revision }}" diff --git a/roles/wazuh-agent/files/default-wazuh-agent-conf.yml b/roles/wazuh-agent/files/default-wazuh-agent-conf.yml new file mode 100644 index 000000000..f18ea4413 --- /dev/null +++ b/roles/wazuh-agent/files/default-wazuh-agent-conf.yml @@ -0,0 +1,26 @@ +agent: + thread_count: 4 + server_url: https://172.31.36.181:27000 + retry_interval: 30s + verification_mode: none +events: + batch_interval: 10s + batch_size: 1MB +inventory: + enabled: true + interval: 1h + scan_on_start: true + hardware: true + system: true + networks: true + packages: true + ports: true + ports_all: true + processes: true + hotfixes: true +logcollector: + enabled: true + localfiles: + - /var/log/auth.log + reload_interval: 1m + read_interval: 500ms diff --git a/roles/wazuh-agent/handlers/main.yml b/roles/wazuh-agent/handlers/main.yml deleted file mode 100644 index f4770eb31..000000000 --- a/roles/wazuh-agent/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: restart wazuh-agent - service: name=wazuh-agent state=restarted enabled=yes - -- name: Windows | Restart Wazuh Agent - win_service: name=WazuhSvc start_mode=auto state=restarted - -- name: macOS | Restart Wazuh Agent - command: /Library/Ossec/bin/wazuh-control restart \ No newline at end of file diff --git a/roles/wazuh-agent/tasks/Debian.yml b/roles/wazuh-agent/tasks/Debian.yml index f4aeae865..6bad11de6 100644 --- a/roles/wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh-agent/tasks/Debian.yml @@ -3,15 +3,13 @@ - name: Linux Debian (AMD64) | Download wazuh-agent package get_url: url: "{{ wazuh_agent_url_amd64_deb }}" - dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_amd64.deb" when: - - ansible_os_family|lower != "redhat" - ansible_architecture == "x86_64" - name: Linux Debian (ARM64) | Download wazuh-agent package get_url: url: "{{ wazuh_agent_url_arm64_deb }}" - dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_arm64.deb" when: - - ansible_os_family|lower != "redhat" - ansible_architecture == "aarch64" diff --git a/roles/wazuh-agent/tasks/Linux.yml b/roles/wazuh-agent/tasks/Linux.yml index 720b940d0..d6e0b9569 100644 --- a/roles/wazuh-agent/tasks/Linux.yml +++ b/roles/wazuh-agent/tasks/Linux.yml @@ -16,57 +16,59 @@ # Installation tasks -- name: Linux | Create file for storing Wazuh Server IPs in environment variable(s) - ansible.builtin.copy: - dest: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" - content: "" - mode: '0644' - -- name: Linux | Handle Wazuh Server IPs - block: - - name: Linux | Create environment variable for Wazuh Server IP [1/3] (Cluster failover mode) - ansible.builtin.lineinfile: - path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" - line: "WAZUH_MANAGER=\"{{ wazuh_server_addresses | join(',') }}\"" - create: yes - state: present - when: wazuh_server_addresses | length > 1 - - - name: Linux | Create environment variable for Wazuh Server IP [2/3] (Cluster failover mode) - ansible.builtin.lineinfile: - path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" - line: "WAZUH_REGISTRATION_SERVER=\"{{ wazuh_server_addresses[0] }}\"" - create: yes - state: present - when: wazuh_server_addresses | length > 1 - - - name: Linux | Create environment variable for Wazuh Server IP [3/3] (Single server mode) - ansible.builtin.lineinfile: - path: "{{ wazuh_agent_package_download_path }}/wazuh-agent-addresses" - line: "WAZUH_MANAGER=\"{{ wazuh_server_addresses[0] }}\"" - create: yes - state: present - when: wazuh_server_addresses | length == 1 - -- name: Reload environment variables - shell: | - source {{ wazuh_agent_package_download_path }}/wazuh-agent-addresses - args: - executable: /bin/bash +- name: Linux CentOS/RedHat | Install wazuh-agent using yum (x86_64) + yum: + name: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_x86_64.rpm" + state: present + disable_gpg_check: yes + when: + - ansible_os_family|lower == "redhat" + - ansible_architecture == "x86_64" -- name: Linux CentOS/RedHat | Install wazuh-agent using yum +- name: Linux CentOS/RedHat | Install wazuh-agent using yum (aarch64) yum: - name: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" + name: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_aarch64.rpm" state: present disable_gpg_check: yes when: - ansible_os_family|lower == "redhat" + - ansible_architecture == "aarch64" -- name: Linux Debian | Install wazuh-agent using dpkg +- name: Linux Debian | Install wazuh-agent using dpkg (AMD64) shell: | - dpkg -i {{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }} + dpkg -i "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_amd64.deb" when: - ansible_os_family|lower != "redhat" + - ansible_architecture == "x86_64" + +- name: Linux Debian | Install wazuh-agent using dpkg (ARM64) + shell: | + dpkg -i "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_arm64.deb" + when: + - ansible_os_family|lower != "redhat" + - ansible_architecture == "aarch64" + +- name: Linux | Check if Wazuh agent configuration file exists + stat: + path: /etc/wazuh-agent/wazuh-agent.yml + register: wazuh_agent_config + +- name: Linux | Create Wazuh agent configuration file if it does not exist + copy: + src: default-wazuh-agent-conf.yml + dest: /etc/wazuh-agent/wazuh-agent.yml + when: not wazuh_agent_config.stat.exists + +- name: Update Wazuh agent configuration with Wazuh server IP address + lineinfile: + path: /etc/wazuh-agent/wazuh-agent.yml + regexp: '^ server_url: https://.*:27000' + line: ' server_url: https://{{ wazuh_server_addresses[0] }}:27000' + state: present + +- name: Linux | Register Wazuh agent + shell: | + /usr/share/wazuh-agent/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none - name: Linux | Start and enable Wazuh Agent service block: @@ -92,8 +94,10 @@ enabled: true state: started +# Cleanup tasks + - name: Linux | Remove leftover wazuh-agent installation directory ansible.builtin.file: path: "{{ wazuh_agent_package_download_path }}" state: absent - recurse: yes + force: yes diff --git a/roles/wazuh-agent/tasks/RedHat.yml b/roles/wazuh-agent/tasks/RedHat.yml index 04384d76f..c8b8c19d4 100644 --- a/roles/wazuh-agent/tasks/RedHat.yml +++ b/roles/wazuh-agent/tasks/RedHat.yml @@ -3,15 +3,13 @@ - name: Linux CentOS/RedHat (x86_64) | Download wazuh-agent package get_url: url: "{{ wazuh_agent_url_amd64_rpm }}" - dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_x86_64.rpm" when: - - ansible_os_family|lower == "redhat" - ansible_architecture == "x86_64" - name: Linux CentOS/RedHat (aarch64) | Download wazuh-agent package get_url: url: "{{ wazuh_agent_url_arm64_rpm }}" - dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}" + dest: "{{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}_aarch64.rpm" when: - - ansible_os_family|lower == "redhat" - ansible_architecture == "aarch64" diff --git a/roles/wazuh-agent/tasks/Windows.yml b/roles/wazuh-agent/tasks/Windows.yml index 9635551c8..0b6389f5a 100644 --- a/roles/wazuh-agent/tasks/Windows.yml +++ b/roles/wazuh-agent/tasks/Windows.yml @@ -13,23 +13,38 @@ - name: Windows | Install Wazuh agent (Single server mode) win_package: path: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi" - arguments: '/q WAZUH_MANAGER="{{ wazuh_server_addresses[0] }}"' + arguments: '/q WAZUH_SERVER="{{ wazuh_server_addresses[0] }}"' state: present when: wazuh_server_addresses | length == 1 - name: Windows | Install Wazuh agent (Cluster failover mode) win_package: path: "{{ wazuh_agent_win_package_download_path }}\\{{ wazuh_agent_package_name }}.msi" - arguments: "/q WAZUH_MANAGER=\"{{ wazuh_server_addresses | join(',') }}\" WAZUH_REGISTRATION_SERVER=\"{{ wazuh_server_addresses[0] }}\"" + arguments: "/q WAZUH_SERVER=\"{{ wazuh_server_addresses | join(',') }}\" WAZUH_REGISTRATION_SERVER=\"{{ wazuh_server_addresses[0] }}\"" state: present when: wazuh_server_addresses | length > 1 - name: Windows | Start Wazuh agent service win_service: - name: Wazuh + name: "Wazuh Agent" start_mode: auto state: started +- name: Windows | Register Wazuh agent + win_command: '"C:\\Program Files\\wazuh-agent\\wazuh-agent.exe" --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none' + +- name: Windows | Update Wazuh agent configuration with Wazuh server IP address + win_lineinfile: + path: 'C:\\ProgramData\\wazuh-agent\\config\\wazuh-agent.yml' + regexp: '^ server_url: https://.*:27000' + line: ' server_url: https://{{ wazuh_server_addresses[0] }}:27000' + state: present + +- name: Windows | Restart Wazuh agent service + win_service: + name: "Wazuh Agent" + state: restarted + - name: Windows | Delete Wazuh agent download directory win_file: path: "{{ wazuh_agent_win_package_download_path }}" diff --git a/roles/wazuh-agent/tasks/macOS.yml b/roles/wazuh-agent/tasks/macOS.yml index ef1889e0e..b23066818 100644 --- a/roles/wazuh-agent/tasks/macOS.yml +++ b/roles/wazuh-agent/tasks/macOS.yml @@ -20,39 +20,39 @@ when: - ansible_architecture == "aarch64" -- name: MacOS | Set deployment variables for Wazuh agent enrollment - block: - - name: MacOS | Ensure file for storing deployment variable(s) exists - ansible.builtin.file: - path: "/tmp/wazuh_envs" - state: touch - mode: '0644' - - - name: MacOS | Set deployment variables for Wazuh agent enrollment (Cluster failover mode) - ansible.builtin.lineinfile: - path: "/tmp/wazuh_envs" - line: "WAZUH_MANAGER='{{ wazuh_server_addresses | join(',') }}' && WAZUH_REGISTRATION_SERVER='{{ wazuh_server_addresses[0] }}'" - create: yes - state: present - when: wazuh_server_addresses | length > 1 - - - name: MacOS | Set deployment variables for Wazuh agent enrollment (Single server mode) - ansible.builtin.lineinfile: - path: "/tmp/wazuh_envs" - line: "WAZUH_MANAGER='{{ wazuh_server_addresses[0] }}'" - create: yes - state: present - when: wazuh_server_addresses | length == 1 - - name: MacOS | Install Wazuh agent using installer command: "installer -pkg {{ wazuh_agent_package_download_path }}/{{ wazuh_agent_package_name }}.pkg -target /" -- name: MacOS | Initialize Wazuh agent service +- name: MacOS | Initialize Wazuh agent service (MacOS 10.10+) + command: "launchctl bootstrap system /Library/LaunchDaemons/com.wazuh.agent.plist" + when: ansible_distribution_version is version('10.10', '>=') + +- name: MacOS | Load Wazuh agent service (MacOS < 10.10) command: "launchctl load /Library/LaunchDaemons/com.wazuh.agent.plist" + when: ansible_distribution_version is version('10.10', '<') + +- name: Update Wazuh agent configuration with Wazuh server IP address + become: yes + lineinfile: + path: "/Library/Application Support/Wazuh agent.app/etc/wazuh-agent.yml" + regexp: '^ server_url: https://.*:27000' + line: ' server_url: https://{{ wazuh_server_addresses[0] }}:27000' + state: present + +- name: MacOS | Register Wazuh agent + command: "/Library/Application\\ Support/Wazuh\\ agent.app/bin/wazuh-agent --register-agent --user wazuh --password wazuh --url https://{{ wazuh_server_addresses[0] }}:55000 --verification-mode none" + +- name: MacOS | Restart Wazuh agent service (MacOS 10.10+) + command: "launchctl kickstart -k system/com.wazuh.agent" + when: ansible_distribution_version is version('10.10', '>=') + +- name: MacOS | Restart Wazuh agent service (MacOS < 10.10) + command: "launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist && launchctl load /Library/LaunchDaemons/com.wazuh.agent.plist" + when: ansible_distribution_version is version('10.10', '<') -- name: MacOS | Pause for 10 seconds while Wazuh agent service initializes +- name: MacOS | Pause for 5 seconds while Wazuh agent service initializes pause: - seconds: 10 + seconds: 5 - name: MacOS | Verify Wazuh agent service is running shell: "launchctl list | grep com.wazuh.agent"