From 7371e7392041fe1753073290e231acf143ee8b71 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 13:38:45 +0200
Subject: [PATCH 1/6] Update default variables for sca configuration

---
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 170a8da56..f45e95b02 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -154,6 +154,14 @@ wazuh_manager_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   vul_detector:
     disable: 'yes'
     interval: '5m'

From beacf88017b24f9b473b11dbfa56e6c76c782b2f Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:29:53 +0200
Subject: [PATCH 2/6] Update Manager template to add <sca> configuration

---
 .../var-ossec-etc-ossec-server.conf.j2        | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 65ae38fb6..b107d6d15 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -222,6 +222,32 @@
     <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
   </wodle>
 
+  {% if ansible_system == "Linux" %}
+    <sca>
+    {% if wazuh_manager_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_manager_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_manager_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_manager_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_manager_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_manager_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_manager_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_manager_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_manager_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
+  {% endif %}
+
   <wodle name="vulnerability-detector">
     <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
     <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>

From 3e0cc08104726cc9338260eaf4ab58312df7fa64 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:30:11 +0200
Subject: [PATCH 3/6] Add sca default variables to wazuh agent defaults

---
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index fe6749ce1..7eaab059a 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -237,6 +237,14 @@ wazuh_agent_config:
     packages: 'yes'
     ports_no: 'yes'
     processes: 'yes'
+  sca:
+    enabled: 'yes'
+    scan_on_start: 'yes'
+    interval: '12h'
+    skip_nfs: 'yes'
+    day: ''
+    wday: ''
+    time: ''
   cis_cat:
     disable: 'yes'
     install_java: 'yes'

From d45ad1db03538c8935ad57c0132f2e78bf96eb89 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Fri, 27 Sep 2019 14:30:20 +0200
Subject: [PATCH 4/6] Update wazuh agent template to add sca configuration

---
 .../var-ossec-etc-ossec-agent.conf.j2         | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 6946cc078..59ab67d26 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -270,7 +270,31 @@
     <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
   </wodle>
 
-
+    {% if ansible_system == "Linux" %}
+    <sca>
+    {% if wazuh_agent_config.sca.enabled | length > 0 %}
+      <enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
+    {% endif %}
+    {% if wazuh_agent_config.sca.scan_on_start | length > 0 %}
+      <scan_on_start>{{ wazuh_agent_config.sca.scan_on_start }}</scan_on_start>
+    {% endif %}
+    {% if wazuh_agent_config.sca.interval | length > 0 %}
+      <interval>{{ wazuh_agent_config.sca.interval }}</interval>
+    {% endif %}
+    {% if wazuh_agent_config.sca.skip_nfs | length > 0 %}  
+      <skip_nfs>yes</skip_nfs>
+    {% endif %}
+    {% if wazuh_agent_config.sca.day | length > 0 %}  
+      <day>yes</day>
+    {% endif %}
+    {% if wazuh_agent_config.sca.wday | length > 0 %}  
+      <wday>yes</wday>
+    {% endif %}
+    {% if wazuh_agent_config.sca.time | length > 0 %}  
+      <time>yes</time>
+    {% endif %}
+    </sca>
+  {% endif %}
 
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">

From d7e3cec04bed4a865971601aee9daf34ec3fe1f5 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Mon, 7 Oct 2019 16:17:18 +0200
Subject: [PATCH 5/6] Enabling sca for Windows Agent in the ossec.conf template

---
 .../templates/var-ossec-etc-ossec-agent.conf.j2                 | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 59ab67d26..4d43bc94b 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -270,7 +270,6 @@
     <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
   </wodle>
 
-    {% if ansible_system == "Linux" %}
     <sca>
     {% if wazuh_agent_config.sca.enabled | length > 0 %}
       <enabled>{{ wazuh_agent_config.sca.enabled }}</enabled>
@@ -294,7 +293,6 @@
       <time>yes</time>
     {% endif %}
     </sca>
-  {% endif %}
 
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">

From d482629c80f13ed4367db87b1c71a9bbf95e9ea3 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Mon, 7 Oct 2019 16:26:56 +0200
Subject: [PATCH 6/6] Remove sca linux conditional from Manager template

---
 .../templates/var-ossec-etc-ossec-server.conf.j2                | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index b107d6d15..145af4afa 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -222,7 +222,6 @@
     <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
   </wodle>
 
-  {% if ansible_system == "Linux" %}
     <sca>
     {% if wazuh_manager_config.sca.enabled | length > 0 %}
       <enabled>{{ wazuh_manager_config.sca.enabled }}</enabled>
@@ -246,7 +245,6 @@
       <time>yes</time>
     {% endif %}
     </sca>
-  {% endif %}
 
   <wodle name="vulnerability-detector">
     <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>