Giter Club home page Giter Club logo

ansible-ossec-agent's Introduction

dj-wasabi.ossec-agent

This role will install and configure an ossec-agent on the server. When there is a parameter, ossec_server_name configured, it will delagate an action to automatically authenticate the agent.

Build Status:

Build Status

Requirements

This role will work on:

  • Red Hat
  • Ubuntu
  • Debian

So, you'll need one of those operating systems.. :-)

Role Variables

This role needs 4 parameters:

  • ossec_server_ip: This is the ip address of the server running the ossec-server.
  • ossec_server_fqdn: This is the fqdn of the server running the ossec-server.
  • ossec_server_name: This is the hostname of the server running the ossec-server used for delegate with ansible.
  • ossec_managed_server: When set to false, tasks that delegate to ossec server will be skipped

This role has 3 tasks with 'delagation_to' which needs the parameter ossec_server_name. When this parameter is not set, you'll need to run manually the /var/ossec/bin/ossec-authd on the server and /var/ossec/bin/agent-auth on the agent. When this is the case, it will show you an message with the exact command line.

The following role variables are optional:

  • ossec_active_response_disabled: Disables active response if set to yes. If this is not defined active response is enabled.
  • ossec_disable_public_repos: Disables installation of public repositories if set to "yes".
  • ossec_agent_package_name: Default is "ossec-hids-agent". This can be set to a URL or path to a .rpm file or path to a .deb file if the public repositories cannot be used.
  • ossec_agent_name: Optional name for the OSSEC agent. Default is to use hostname.

Dependencies

No dependencies.

Example Playbook

The following is an example how this role can be used:

- hosts: all:!ossec-server.example.com
  roles:
     - { role: dj-wasabi.ossec-agent, ossec_server_ip: 192.168.1.1, ossec_server_name: ossec-server.example.com }

Molecule

This roles is configured to be tested with Molecule. You can find on this page some more information regarding Molecule: https://werner-dijkerman.nl/2016/07/10/testing-ansible-roles-with-molecule-testinfra-and-docker/ Molecule will boot 4 docker containers, containing the following OS:

  • CentOS 7 (Ossec Server)
  • CentOS 7 (Ossec Agent)
  • Debian 8 (Ossec Agent)
  • Ubuntu 16.04 (Ossec Agent)

License

GPLv3

Author Information

Please send suggestion or pull requests to make this role better.

Github: https://github.com/dj-wasabi/ansible-ossec-agent

mail: ikben [ at ] werner-dijkerman . nl

ansible-ossec-agent's People

Contributors

aarnaud avatar andskli avatar dj-wasabi avatar emmetog avatar recunius avatar zeroem avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

andskli recunius keywork juju4 rmrf-run fabiocorneti aarnaud avisri rxrevu afeld securityshift fulgorek awold-dcca rhythmictech franogales emmetog aptvision prawalsaxena aaronky vestainnovations ae-exact ovelayos

ansible-ossec-agent's Issues

Add Ubuntu support

Hello,

it would be great if this extension could get Ubuntu support as well. Basically the only change that needs to be made is to replace "debian" in this line with "ubuntu" if Ubuntu is detected:

deb http://ossec.alienvault.com/repos/apt/ubuntu trusty main

Move to Wazuh

Hello,

First awesome work, thank for your contribution with Ossec community.
I have a quick question, any thought to move to Wazuh?

https://github.com/wazuh/wazuh/blob/master/CHANGELOG.md

The last version has a new improvements and tools as for example Openscap and Auditd integration.

I can help with the code here.

regards!!

Deb repository doesn't contain bionic

Describe the bug
When running this role on Ubuntu 18.04.5 LTS (bionic) the installation fails:

TASK [ossec-agent : Debian/Ubuntu | Installing repository] **********************************************
fatal: [<<redacted>>]: FAILED! => {"changed": false, "msg": "apt cache update failed"}

Trying to add the repository manually gives "Access Denied". From a quick look it seems like this is because this repo doesn't support bionic.

The dj-wasabi/ansible-ossec-server role uses https://updates.atomicorp.com/channels/atomic/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} while this role uses http://ossec.wazuh.com/repos/apt/{{ ansible_distribution | lower }} {{ ansible_distribution_release }}.

I suggest using atomicorp.com instead as it seems to work fine for bionic, or even better: make this repository url and key configurable.

Installation method/version
Installed the role using an ansible galaxy requirements file as follows:

- src: dj-wasabi.ossec-agent
  name: "ossec-agent"
  version: master

Actual commit used is 6c29671c64909b9e0feb0e202cd8a00258a81187 (latest master at the time)

Ansible Version

ansible 2.9.6
  config file = /home/emmet/code/<<redacted>>/ansible.cfg
  configured module search path = ['/home/emmet/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.2 (default, Jul 16 2020, 14:00:26) [GCC 9.3.0]

Targetted hosts
Concerns the following OS(es):

  • Ubuntu 18.04.5 LTS (bionic)

Expected behavior
The install to be successful.

Additional context
If any more info is needed just ask.

Add check if repository is already installed

Hello,

if I run the playbook again on a host, the repository is added again everytime, resulting in duplicate entry warnings (Debian). Maybe there should be some check for that?

Thank you

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.