-
Notifications
You must be signed in to change notification settings - Fork 0
/
ossec.yml
86 lines (65 loc) · 4.13 KB
/
ossec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
- hosts: '{{ hosts }}'
remote_user: root
vars:
path_file: /var/ossec/etc/ossec.conf
key_av: "{{ key_av }}"
tasks:
- name: Subscribe ossec Chanal
shell: spacewalk-channel -a -c ossec-epel7-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '7'
- name: Subscribe ossec Chanal
shell: spacewalk-channel -a -c ossec-epel6-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '6'
- name: Subscribe ossec Chanal
shell: spacewalk-channel -a -c ossec-epel5-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '5'
- name: Install package ossec-agent (CentOS)
yum: state=latest name=ossec-hids-agent update_cache=yes
when: ansible_distribution == "CentOS"
- name: Install repo ossec (Ubuntu 12)
shell: "apt-key adv --fetch-keys http://ossec.wazuh.com/repos/apt/conf/ossec-key.gpg.key ; echo 'deb http://ossec.wazuh.com/repos/apt/ubuntu precise main' > /etc/apt/sources.list.d/ossec.list"
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version =='12'
- name: Install repo ossec (Ubuntu 14)
shell: "apt-key adv --fetch-keys http://ossec.wazuh.com/repos/apt/conf/ossec-key.gpg.key ; echo 'deb http://ossec.wazuh.com/repos/apt/ubuntu trusty main' > /etc/apt/sources.list.d/ossec.list"
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version =='14'
- name: Install repo ossec (Ubuntu 16)
shell: "apt-key adv --fetch-keys http://ossec.wazuh.com/repos/apt/conf/ossec-key.gpg.key ; echo 'deb http://ossec.wazuh.com/repos/apt/ubuntu xenial main' > /etc/apt/sources.list.d/ossec.list"
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version =='16'
- name: apt-get update (Ubuntu)
shell: "apt-get update"
when: ansible_distribution == "Ubuntu"
- name: Install Package
apt: name="ossec-hids-agent" state=present update_cache=yes
when: ansible_distribution == "Ubuntu"
- name: Configuration server IP
shell: "sed -i 's#<server-ip>.*#<server-ip>'{{ip}}'</server-ip>#' /var/ossec/etc/ossec.conf"
- name: Activate KEY
shell: "echo -e \"I\n'{{ key_av }}'\ny\n\nQ\n\" | /var/ossec/bin/manage_agent"
when: ansible_distribution == "CentOS"
- name: Activate KEY
shell: "echo -e \"I\n'{{ key_av }}'\ny\n\nQ\n\" | /var/ossec/bin/manage_agents"
when: ansible_distribution == "Ubuntu"
- name: Cleanup config agent.conf
shell: ":> /var/ossec/etc/shared/agent.conf"
- name: reload systemd ossec-hids
systemd: state=reloaded name=ossec-hids enabled=yes
when: ansible_distribution == "CentOS" and ansible_distribution_major_version =='7' or ansible_distribution == "Fedora" and ansible_distribution_major_version =='24'
- name: reload service ossec-hids
service: state=restarted name=ossec-hids enabled=yes
when: ansible_distribution == "CentOS" and ansible_distribution_major_version =='6'
- name: reload systemd ossec-hids
systemd: state=restarted name=ossec.service enabled=yes
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version =='16'
- name: reload service ossec-hids
service: state=restarted name=ossec enabled=yes
when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version =='14'
- name: Unsubscribe ossec Chanal
shell: spacewalk-channel -r -c ossec-epel7-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '7'
- name: Unsubscribe ossec Chanal
shell: spacewalk-channel -r -c ossec-epel6-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '6'
- name: Unsubscribe ossec Chanal
shell: spacewalk-channel -r -c ossec-epel5-x86_64 --user=admin --password='SrK/hQ9(SN}x,{dz'
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == '5'