Wazuh-ansible: Create configuration templates based on Operating Systems

Created on 5 Nov 2018 · 4Comments · Source: wazuh/wazuh-ansible

Hello team,

Referring to the issue #77,

To complement the quick response solution, but doing a more detailed work, we will proceed to create different configuration templates of the agent depending on the operating system in which it is installed to avoid errors monitoring non-existent directories and to avoid losing events by not monitoring files as for example was the case of /var/logs/auth.log.

Therefore, we should identify the main cases like RPM, DEBIAN and WINDOWS (where we install agents via ansible) and create a specific configuration, adapting it if necessary to specific versions. This work will be useful in the future when we share the configurations from the manager using the groups.

Additionally, we should replicate what we do in a simple installation and keep the configuration shared from the empty manager.

Regards,

Alfonso

enhancement question

Source

SitoRBJ

All 4 comments

Hi team,

Regarding this issue, I just realized that the Windows ossec.conf file is not being generated completely. For example, the default directories to be ignored by syscheck according to the documentation are not being included on it.

Thanks

manuasir on 19 Nov 2018

Nice that you guys are considering restructuring this! I was actually thinking of making a PR for this. What I'd recommend is something like this:

- name: Include variables based on distribution and operating system family
  include_vars: "{{ item }}"
  with_first_found:
    - "{{ ansible_distribution }}.yaml"
    - "{{ ansible_os_family }}.yaml"
    - default.yaml

...and then create the same variable in each YAML file with the appropriate values based on the distribution and operating system family.

paulcalabro on 11 Dec 2018

Hello @paulcalabro,

Our colleague @cadoming is working on an issue pretty much like this one (#95). It is quite advanced, when we have it ready we will be able to study your proposal.

Thank you very much for your collaboration, please feel free to contribute as much as you want, it is very helpful.

Best regards,

Alfonso Ruiz-Bravo

SitoRBJ on 12 Dec 2018

👍1

Hi team,

This Issue is solve with the PRs #106 and #118 so I proceed to close it. Thank you @SitoRBJ for your idea.

Regards,
Carlos

cadoming on 10 Jan 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Need Easier Way to Override Select Portions of the Configuration Settings

paulcalabro · 5Comments

wazuh agent registration must not delegate_to localhost

singuliere · 4Comments

adding molecule tests

singuliere · 13Comments

"include_vars" statement overrides variable set elsewhere (e.g., in inventory)

dragospe · 3Comments

Feature request: add configurable timeout delays exiting failed atomic red team tests

jzsplunk · 5Comments