Updates to support Ubuntu and also adds more configuration options

handlers/main.yml

@@ -2,6 +2,6 @@
 # handlers file for ossec-server
 
 - name: restart ossec-server
-  service: name=ossec-hids
+  service: name={{ ossec_init_name }}
            state=restarted
            enabled=yes

tasks/Debian.yml

@@ -1,22 +1,13 @@
 ---
-#
+- name: Debian/Ubuntu | Installing repository
+  apt_repository: repo="deb http://ossec.alienvault.com/repos/apt/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main" state=present
 
-#- name: Debian | Set some facts
-
-- name: Debian | Installing repository Debian
-  shell: "echo \"deb http://ossec.alienvault.com/repos/apt/debian {{ ansible_distribution_release }} main\" >> /etc/apt/sources.list"
-#  apt_repository: repo="deb http://ossec.alienvault.com/repos/apt/debian {{ ansible_distribution_release }} main"
-#                  state=present
-
-- name: Debian | Installing repository key
+- name: Debian/Ubuntu | Installing repository key
   apt_key: url=http://ossec.alienvault.com/repos/apt/conf/ossec-key.gpg.key
            id=9A1B1C65
 
-- name: Debian | Install ossec-hids
+- name: Debian/Ubuntu | Install ossec-hids
   apt: pkg=ossec-hids
        state=present
        update_cache=yes
        cache_valid_time=3600
-
-
-

tasks/main.yml

@@ -44,20 +44,48 @@
     - config
     - rules
 
+- name: Install RHEL6 CIS Root Checks
+  get_url:
+    url: https://raw.githubusercontent.com/ossec/ossec-hids/master/src/rootcheck/db/cis_rhel6_linux_rcl.txt
+    dest: /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
+    mode: 0660
+    owner: root
+    group: ossec 
+
+- name: Set Distribution CIS filename for Debian/Ubuntu
+  set_fact:
+    cis_distribution_filename: cis_debian_linux_rcl.txt
+  when: ansible_os_family == "Debian"
+
+- name: Set Distribution CIS filename for RHEL5
+  set_fact:
+    cis_distribution_filename: cis_rhel5_linux_rcl.txt
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5"
+
+- name: Set Distribution CIS filename for RHEL6
+  set_fact:
+    cis_distribution_filename: cis_rhel6_linux_rcl.txt
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"
+
+- name: Set ossec deploy facts for RedHat
+  set_fact:
+    ossec_server_config_filename: ossec-server.conf
+    ossec_init_name: ossec-hids
+  when: ansible_os_family == "RedHat"
+
+- name: Set ossec deploy facts for Debian
+  set_fact:
+    ossec_server_config_filename: ossec.conf
+    ossec_init_name: ossec
+  when: ansible_os_family == "Debian"
+
 - name: Configure the ossec-server
   template: src=var-ossec-etc-ossec-server.conf.j2
-            dest=/var/ossec/etc/ossec-server.conf
+            dest=/var/ossec/etc/{{ ossec_server_config_filename }}
             owner=root
             group=root
             mode=0644
   notify: restart ossec-server
   tags:
     - init
     - config
-
-- name: Make sure the symbolic link is there
-  file: src=/var/ossec/etc/ossec-server.conf 
-        dest=/var/ossec/etc/ossec.conf 
-        state=link
-  when: ansible_os_family == "RedHat"
-

templates/var-ossec-etc-ossec-server.conf.j2

@@ -2,12 +2,16 @@
 
 <ossec_config>
   <global>
+    {% if ossec_server_config.email_notification is not defined or ossec_server_config.email_notification | lower == "yes" %}
     <email_notification>yes</email_notification>
 {% for ossec_server_config in ossec_server_config.mail_to %}
     <email_to>{{ ossec_server_config }}</email_to>
 {% endfor %}
     <smtp_server>{{ ossec_server_config.mail_smtp_server }}</smtp_server>
     <email_from>{{ ossec_server_config.mail_from }}</email_from>
+    {% else %}
+    <email_notification>no</email_notification>
+    {% endif %}
   </global>
 
   <rules>
@@ -90,6 +94,8 @@
   <rootcheck>
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
   </rootcheck>
 
   <global>
@@ -135,4 +141,12 @@
   </localfile>
 {% endfor %}
 
+{% for syslog_output in ossec_server_config.syslog_outputs %}
+  <syslog_output>
+    <server>{{ syslog_output.server }}</server>
+    <port>{{ syslog_output.port }}</port>
+    <format>{{ syslog_output.format }}</format>
+  </syslog_output>
+{% endfor %}
+
 </ossec_config>

templates/var-ossec-etc-shared-agent.conf.j2

@@ -16,19 +16,27 @@
 {% for localfile in item.localfiles %}
   <localfile>
      <log_format>{{ localfile.format }}</log_format>
+     {% if localfile.command is defined %}
+     <command>{{ localfile.command }}</command>
+     {% else %}
      <location>{{ localfile.location }}</location>
+     {% endif %}
   </localfile>
 {% endfor %}
-</agent_config>
-{% endfor %}
 
-<agent_config>
   <rootcheck>
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+    {% if item.cis_distribution_filename is defined %}
+    <system_audit>/var/ossec/etc/shared/{{ item.cis_distribution_filename }}</system_audit>
+    {% else %}
+    {# none specified so install all #}
     <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
     <system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
     <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
+    {% endif %}
   </rootcheck>
+
 </agent_config>
+{% endfor %}