From 53668ed9b9f9aff9b7f8e16754c1d2031f3d84dc Mon Sep 17 00:00:00 2001
From: Kris <kris@keyb.ie>
Date: Thu, 23 Jan 2025 11:06:54 +0000
Subject: [PATCH] Adding wazuh install

---
 wazuh_install.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 wazuh_install.yml

diff --git a/wazuh_install.yml b/wazuh_install.yml
new file mode 100644
index 0000000..4ad1bf9
--- /dev/null
+++ b/wazuh_install.yml
@@ -0,0 +1,45 @@
+---
+- hosts: target_servers
+  become: yes
+  vars:
+    wazuh_version: 4.9.2
+    wazuh_manager_ip: '10.75.50.5'
+    wazuh_agent_group: 'Infrastructure'
+    wazuh_deb_filename: "wazuh-agent_{{ wazuh_version }}-1_amd64.deb"
+    wazuh_deb_url: "https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/{{ wazuh_deb_filename }}"
+
+  tasks:
+    - name: Download Wazuh Agent .deb package
+      ansible.builtin.get_url:
+        url: "{{ wazuh_deb_url }}"
+        dest: "/tmp/{{ wazuh_deb_filename }}"
+        mode: '0755'
+
+    - name: Install Wazuh Agent
+      ansible.builtin.apt:
+        deb: "/tmp/{{ wazuh_deb_filename }}"
+        state: present
+
+    - name: Configure Wazuh Agent
+      ansible.builtin.lineinfile:
+        path: /etc/ossec-agent/ossec.conf
+        regexp: '^(\s*)<manager>.*</manager>'
+        line: "    <manager>{{ wazuh_manager_ip }}</manager>"
+        backrefs: yes
+
+    - name: Set Wazuh Agent Group
+      ansible.builtin.command: 
+        cmd: "/var/ossec/bin/agent-groups -a {{ wazuh_agent_group }} -g default"
+      changed_when: false
+
+    - name: Restart Wazuh Agent
+      ansible.builtin.service:
+        name: wazuh-agent
+        state: restarted
+        enabled: yes
+
+  post_tasks:
+    - name: Clean up downloaded .deb file
+      ansible.builtin.file:
+        path: "/tmp/{{ wazuh_deb_filename }}"
+        state: absent
\ No newline at end of file