Merge pull request #260 from wazuh/feature-256-add-sca-template

Add sca to Wazuh Agent and Manager installation
wazuh · Oct 8, 2019 · 5bfb3e0 · 5bfb3e0
2 parents 35c5cdf + d482629
commit 5bfb3e0
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 1 deletion.
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -236,6 +236,14 @@ wazuh_agent_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   cis_cat:
     disable: 'yes'
     install_java: 'yes'

diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -270,7 +270,29 @@
     <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
   </wodle>
 
-
+    <sca>
+    {% if wazuh_agent_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_agent_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_agent_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_agent_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_agent_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_agent_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
 
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -154,6 +154,14 @@ wazuh_manager_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   vul_detector:
     disable: 'yes'
     interval: '5m'

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -222,6 +222,30 @@
     <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
   </wodle>
 
+    <sca>
+    {% if wazuh_manager_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_manager_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_manager_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_manager_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_manager_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_manager_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_manager_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_manager_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
+
   <wodle name="vulnerability-detector">
     <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
     <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>