|
17 | 17 | - role: "{{ playbook_dir }}/roles/wazuh-ansible/wazuh-ansible/roles/wazuh/ansible-filebeat-oss"
|
18 | 18 | - role: "{{ playbook_dir }}/roles/wazuh-ansible/wazuh-ansible/roles/wazuh/wazuh-dashboard"
|
19 | 19 | post_tasks:
|
| 20 | + - block: |
| 21 | + - name: Check if custom SCA policies directory exists |
| 22 | + stat: |
| 23 | + path: "{{ local_custom_sca_policies_path }}" |
| 24 | + register: custom_sca_policies_folder |
| 25 | + delegate_to: localhost |
| 26 | + become: no |
| 27 | + |
| 28 | + - name: Gather list of custom SCA policies |
| 29 | + find: |
| 30 | + paths: "{{ local_custom_sca_policies_path }}" |
| 31 | + patterns: '*.yml' |
| 32 | + delegate_to: localhost |
| 33 | + register: custom_sca_policies |
| 34 | + when: custom_sca_policies_folder.stat.exists |
| 35 | + |
| 36 | + - name: Allow Wazuh agents to execute commands in SCA policies sent from the Wazuh manager |
| 37 | + blockinfile: |
| 38 | + path: "/var/ossec/etc/local_internal_options.conf" |
| 39 | + state: present |
| 40 | + owner: wazuh |
| 41 | + group: wazuh |
| 42 | + block: | |
| 43 | + sca.remote_commands=1 |
| 44 | + when: custom_sca_policies.files | length > 0 |
| 45 | + |
| 46 | + - name: Copy custom SCA policy files to Wazuh manager |
| 47 | + copy: |
| 48 | + # Note the trailing slash to copy directory contents |
| 49 | + src: "{{ local_custom_sca_policies_path }}/" |
| 50 | + dest: "/var/ossec/etc/shared/default/" |
| 51 | + owner: wazuh |
| 52 | + group: wazuh |
| 53 | + when: custom_sca_policies.files | length > 0 |
| 54 | + |
| 55 | + - name: Add custom policy definition(s) to the shared Agent config |
| 56 | + blockinfile: |
| 57 | + path: "/var/ossec/etc/shared/default/agent.conf" |
| 58 | + state: present |
| 59 | + owner: wazuh |
| 60 | + group: wazuh |
| 61 | + marker: "{mark} ANSIBLE MANAGED BLOCK Custom SCA Policies" |
| 62 | + insertafter: "<!-- Shared agent configuration here -->" |
| 63 | + block: | |
| 64 | + {% filter indent(width=2, first=true) %} |
| 65 | + <sca> |
| 66 | + <policies> |
| 67 | + {% for item in custom_sca_policies.files %} |
| 68 | + <policy>etc/shared/{{ item.path | basename }}</policy> |
| 69 | + {% endfor %} |
| 70 | + </policies> |
| 71 | + </sca> |
| 72 | + {% endfilter %} |
| 73 | + when: custom_sca_policies.files | length > 0 |
| 74 | + notify: |
| 75 | + - Restart wazuh |
| 76 | + |
20 | 77 | - name: Set http/s_proxy vars in ossec-init.conf for vulnerability detector
|
21 | 78 | blockinfile:
|
22 | 79 | path: "/var/ossec/etc/ossec.conf"
|
|
0 commit comments