diff --git a/handlers/main.yml b/handlers/main.yml
index c92d3b7..3bde758 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,6 +2,6 @@
# handlers file for ossec-server
- name: restart ossec-server
- service: name=ossec-hids
+ service: name={{ ossec_init_name }}
state=restarted
enabled=yes
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
index 368d87b..3305a98 100644
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@@ -1,22 +1,13 @@
---
-#
+- name: Debian/Ubuntu | Installing repository
+ apt_repository: repo="deb http://ossec.alienvault.com/repos/apt/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main" state=present
-#- name: Debian | Set some facts
-
-- name: Debian | Installing repository Debian
- shell: "echo \"deb http://ossec.alienvault.com/repos/apt/debian {{ ansible_distribution_release }} main\" >> /etc/apt/sources.list"
-# apt_repository: repo="deb http://ossec.alienvault.com/repos/apt/debian {{ ansible_distribution_release }} main"
-# state=present
-
-- name: Debian | Installing repository key
+- name: Debian/Ubuntu | Installing repository key
apt_key: url=http://ossec.alienvault.com/repos/apt/conf/ossec-key.gpg.key
id=9A1B1C65
-- name: Debian | Install ossec-hids
+- name: Debian/Ubuntu | Install ossec-hids
apt: pkg=ossec-hids
state=present
update_cache=yes
cache_valid_time=3600
-
-
-
diff --git a/tasks/main.yml b/tasks/main.yml
index 8f661a7..98fb29d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -44,9 +44,44 @@
- config
- rules
+- name: Install RHEL6 CIS Root Checks
+ get_url:
+ url: https://raw.githubusercontent.com/ossec/ossec-hids/master/src/rootcheck/db/cis_rhel6_linux_rcl.txt
+ dest: /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
+ mode: 0660
+ owner: root
+ group: ossec
+
+- name: Set Distribution CIS filename for Debian/Ubuntu
+ set_fact:
+ cis_distribution_filename: cis_debian_linux_rcl.txt
+ when: ansible_os_family == "Debian"
+
+- name: Set Distribution CIS filename for RHEL5
+ set_fact:
+ cis_distribution_filename: cis_rhel5_linux_rcl.txt
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5"
+
+- name: Set Distribution CIS filename for RHEL6
+ set_fact:
+ cis_distribution_filename: cis_rhel6_linux_rcl.txt
+ when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"
+
+- name: Set ossec deploy facts for RedHat
+ set_fact:
+ ossec_server_config_filename: ossec-server.conf
+ ossec_init_name: ossec-hids
+ when: ansible_os_family == "RedHat"
+
+- name: Set ossec deploy facts for Debian
+ set_fact:
+ ossec_server_config_filename: ossec.conf
+ ossec_init_name: ossec
+ when: ansible_os_family == "Debian"
+
- name: Configure the ossec-server
template: src=var-ossec-etc-ossec-server.conf.j2
- dest=/var/ossec/etc/ossec-server.conf
+ dest=/var/ossec/etc/{{ ossec_server_config_filename }}
owner=root
group=root
mode=0644
@@ -54,10 +89,3 @@
tags:
- init
- config
-
-- name: Make sure the symbolic link is there
- file: src=/var/ossec/etc/ossec-server.conf
- dest=/var/ossec/etc/ossec.conf
- state=link
- when: ansible_os_family == "RedHat"
-
diff --git a/templates/var-ossec-etc-ossec-server.conf.j2 b/templates/var-ossec-etc-ossec-server.conf.j2
index 3edef45..baafcef 100644
--- a/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/templates/var-ossec-etc-ossec-server.conf.j2
@@ -2,12 +2,16 @@
+ {% if ossec_server_config.email_notification is not defined or ossec_server_config.email_notification | lower == "yes" %}
yes
{% for ossec_server_config in ossec_server_config.mail_to %}
{{ ossec_server_config }}
{% endfor %}
{{ ossec_server_config.mail_smtp_server }}
{{ ossec_server_config.mail_from }}
+ {% else %}
+ no
+ {% endif %}
@@ -90,6 +94,8 @@
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
+ /var/ossec/etc/shared/system_audit_rcl.txt
+ /var/ossec/etc/shared/{{ cis_distribution_filename }}
@@ -135,4 +141,12 @@
{% endfor %}
+{% for syslog_output in ossec_server_config.syslog_outputs %}
+
+ {{ syslog_output.server }}
+ {{ syslog_output.port }}
+ {{ syslog_output.format }}
+
+{% endfor %}
+
diff --git a/templates/var-ossec-etc-shared-agent.conf.j2 b/templates/var-ossec-etc-shared-agent.conf.j2
index 8236a11..ac5a4d6 100644
--- a/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/templates/var-ossec-etc-shared-agent.conf.j2
@@ -16,19 +16,27 @@
{% for localfile in item.localfiles %}
{{ localfile.format }}
+ {% if localfile.command is defined %}
+ {{ localfile.command }}
+ {% else %}
{{ localfile.location }}
+ {% endif %}
{% endfor %}
-
-{% endfor %}
-
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
+ {% if item.cis_distribution_filename is defined %}
+ /var/ossec/etc/shared/{{ item.cis_distribution_filename }}
+ {% else %}
+ {# none specified so install all #}
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
+ {% endif %}
+
+{% endfor %}