Scribd
Upload
33 views3 pages

Wazuh Setup for Debian/Ubuntu Admins

Uploaded by

Edwin Ospina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
33 views3 pages

Wazuh Setup for Debian/Ubuntu Admins

Uploaded by

Edwin Ospina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

---

- name: Debian/Ubuntu | Install apt-transport-https, ca-certificates and acl


apt:
name:
- apt-transport-https
- ca-certificates
- gnupg
- acl
state: present
cache_valid_time: 3600
install_recommends: false
register: wazuh_manager_https_packages_installed
until: wazuh_manager_https_packages_installed is succeeded

- name: Debian/Ubuntu | Installing Wazuh repository key (Ubuntu 14)


become: true
shell: |
set -o pipefail
curl -s {{ wazuh_repo.gpg_key }} | apt-key add -
args:
warn: false
executable: /bin/bash
changed_when: false
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14
- not wazuh_custom_packages_installation_manager_enabled | default(false)

- name: Debian/Ubuntu | Download Wazuh repository key


apt_key:
url: "{{ wazuh_repo.gpg_key }}"
state: present
when: ansible_os_family == "Debian"

- name: Debian/Ubuntu | Download Wazuh repository key


get_url:
url: "{{ wazuh_repo.gpg_key }}"
dest: "{{ wazuh_repo.keyring_path }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_custom_packages_installation_manager_enabled | default(false)

- name: Debian/Ubuntu | Import Wazuh GPG key


command: "gpg --no-default-keyring --keyring gnupg-ring:{{ wazuh_repo.keyring_path }} --import
{{ wazuh_repo.keyring_path }}"
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_custom_packages_installation_manager_enabled | default(false)
args:
creates: "{{ wazuh_repo.keyring_path }}"

- name: Debian/Ubuntu | Set permissions for Wazuh GPG key


file:
path: "{{ wazuh_repo.keyring_path }}"
mode: '0644'
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
- not wazuh_custom_packages_installation_manager_enabled | default(false)

- name: Debian/Ubuntu | Add Wazuh repositories


apt_repository:
repo: 'deb [signed-by={{ wazuh_repo.keyring_path }}] {{ wazuh_repo.repo }} stable main'
state: present
update_cache: true
changed_when: false
when:
- not wazuh_custom_packages_installation_manager_enabled | default(false)

- name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu


set_fact:
cis_distribution_filename: cis_debian_linux_rcl.txt

- name: Debian/Ubuntu | Install OpenJDK-8 repo


apt_repository:
repo: 'ppa:openjdk-r/ppa'
state: present
update_cache: true
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_major_version | int == 14

- when:
- wazuh_manager_config.cis_cat.disable | default('yes') == 'no'
- wazuh_manager_config.cis_cat.install_java | default('no') == 'yes'
block:
- name: Debian/Ubuntu | Install OpenJDK 1.8
apt:
name: openjdk-8-jre
state: present
cache_valid_time: 3600
tags:
- init

- name: Debian/Ubuntu | Install OpenScap


apt:
name:
- libopenscap8
- xsltproc
state: present
cache_valid_time: 3600
install_recommends: true
register: wazuh_manager_openscap_installed
until: wazuh_manager_openscap_installed is succeeded
when: wazuh_manager_config.openscap.disable | default('yes') == 'no'
tags:
- init

- name: Debian/Ubuntu | Get OpenScap installed version


shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
when: wazuh_manager_config.openscap.disable | default('yes') == 'no'
register: openscap_version
changed_when: false
tags:
- config
- name: Debian/Ubuntu | Check OpenScap version
shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
when: wazuh_manager_config.openscap.disable | default('yes') == 'no'
register: openscap_version_valid
changed_when: false
tags:
- config

- name: Debian/Ubuntu | Install wazuh-manager


apt:
name:
- "wazuh-manager={{ wazuh_manager_version }}-*"
state: present
tags: init
when:
- not wazuh_custom_packages_installation_manager_enabled | default(false)

- include_tasks: "installation_from_custom_packages.yml"
when:
- wazuh_custom_packages_installation_manager_enabled | default(false)

You might also like