dj-wasabi.ossec-agent

=========

This role sets up and configures an OSSEC agent on a server. If the ossec_server_name parameter is provided, it will automatically handle the agent's authentication.

Build Status:

Requirements

This role works on:

Red Hat
Ubuntu
Debian

So, you'll need one of these operating systems. :-)

Role Variables

This role requires 4 parameters:

ossec_server_ip: The IP address of the server running the OSSEC server.
ossec_server_fqdn: The fully qualified domain name (FQDN) of the OSSEC server.
ossec_server_name: The hostname of the OSSEC server used for delegation with Ansible.
ossec_managed_server: Set to false to skip tasks that delegate to the OSSEC server.

This role has 3 tasks that need ossec_server_name. If this is not set, you'll need to run /var/ossec/bin/ossec-authd on the server and /var/ossec/bin/agent-auth on the agent manually. An exact command line message will be provided when needed.

Optional role variables include:

ossec_active_response_disabled: If set to yes, it disables active response. If not defined, active response is enabled.
ossec_disable_public_repos: Set to "yes" to prevent the use of public repositories.
ossec_agent_package_name: Defaults to "ossec-hids-agent". You can specify a URL or path to a .rpm or .deb file if public repositories cannot be used.
ossec_agent_name: An optional name for the OSSEC agent, defaults to the hostname.

Dependencies

No dependencies.

Example Playbook

Here’s an example of how to use this role:

- hosts: all:!ossec-server.example.com
  roles:
     - { role: dj-wasabi.ossec-agent, ossec_server_ip: 192.168.1.1, ossec_server_name: ossec-server.example.com }

Molecule

This role can be tested using Molecule. More information about Molecule can be found here: Molecule Testing Guide. Molecule will create 4 Docker containers with the following OS: