Install agents with ansible, different servers and systems

Felipe Andres Concha Sepúlveda

unread,

Jul 20, 2018, 3:26:15 AM7/20/18

to Wazuh mailing list

Hello All,

A question,
can I do an agent installation on solaris machines ?, using ansible

could you guide me in some way to install agents on servers, firewall or systems that do not have an already defined role, using ansible.

Regards
Felipe

Jesus Linares

unread,

Jul 31, 2018, 7:18:32 AM7/31/18

to Wazuh mailing list

Hi Felipe,

You can install the agent from sources or packages (https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/index.html). We recommend packages since you don't need to install dependencies in your production server. That said, you can use a management tool to deploy them. We have recipes/playbooks for:

Puppet: https://github.com/wazuh/wazuh-puppet
Ansible: https://github.com/wazuh/wazuh-ansible
Chef: https://github.com/wazuh/wazuh-chef

Ansible should work with Solaris properly.

Regarding firewall systems, we recommend 2 options:

Forwarding logs to the manager using syslog: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/remote.html#connection
Use the agentless feature: https://documentation.wazuh.com/current/user-manual/capabilities/agentless-monitoring/index.html?highlight=agentless

Regards,

Felipe Andres Concha Sepúlveda

unread,

Jul 31, 2018, 7:34:10 AM7/31/18

to Jesus Linares, Wazuh mailing list

Thank you Jesus for answering.

I used Ansible to install on Windows and Linux, both with registration via auth and it worked.

When you say that I can use Ansible to install on Solaris, you mean only the installation, without registering the agent (that should be done manually?), because I have not seen how to automate the registration with ansible.

Regards,

Felipe.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5484b5ea-d2ef-4a62-8ae0-206b77c9710b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Message has been deleted

Felipe Andres Concha Sepúlveda

unread,

Aug 1, 2018, 5:47:23 AM8/1/18

to jose.fe...@wazuh.com, Wazuh mailing list

Great Jesus you are a great !!!

With this you help me a lot

I'm going to try and tell you how it works!

Regards!!!

Felipe

El 01-08-2018, a las 11:41, jose.fe...@wazuh.com escribió:

Hi Felipe,

Currently, we haven't add to ansible playbooks a registration process, instead you can run additional playbook similar to:
--- ######################### Managers ####################################### # Configure Wazuh-manager - hosts: Managers tasks: - name: Starting authd command: "/var/ossec/bin/ossec-authd" - name: Starting wazuh-manager service service: name: wazuh-manager state: started ######################### Agents ####################################### # Configure wazuh-agent - hosts: Agents vars: template: ip: "SET_MANAGER_IP" tasks: - name: Setting manager IP in agent lineinfile: path: /var/ossec/etc/ossec.conf regexp: " <address>MANAGER_IP</address>" line: " <address>{{ template.ip }}</address>" - name: Starting authd in agent command: "/var/ossec/bin/agent-auth -m {{ template.ip }}" - name: Restarting wazuh-agent service service: name: wazuh-agent state: restarted

Remember to define hosts where to launch the playbook, in this example (Managers and Agents)

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5484b5ea-d2ef-4a62-8ae0-206b77c9710b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/eb4ba9e8-685f-45c6-bfb8-0b42c19e74f7%40googlegroups.com.

jose.fe...@wazuh.com

unread,

Aug 1, 2018, 5:48:32 AM8/1/18

to Wazuh mailing list

Hi Felipe,

I haven't test the ansible script on Solaris, but I think that It will run nearly similar to Linux script, you can adapt this https://github.com/wazuh/wazuh-ansible/blob/master/ansible-wazuh-agent/tasks/Linux.yml ansible script to run on solaris in a few lines, if you have some problem don't doubt on write here.

Regards.

José.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Bob Vincent

unread,

Aug 1, 2018, 2:22:32 PM8/1/18

to Wazuh mailing list

The wazuh-ansible repo has two outstanding PR's which need review.

If you manage to get it running on Solaris, please feel free to submit a PR to merge your changes.

Pedro Sánchez

unread,

Aug 1, 2018, 10:32:56 PM8/1/18

to Bob Vincent, Wazuh mailing list

Hi Bob,

I have just accepted the PR.

Regards,

Pedro.

On Wed, Aug 1, 2018 at 8:22 PM, Bob Vincent <pillar...@gmail.com> wrote:

The wazuh-ansible repo has two outstanding PR's which need review.

If you manage to get it running on Solaris, please feel free to submit a PR to merge your changes.

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/cf3d25a9-a2f6-443b-ac64-7bd80d870821%40googlegroups.com.

Felipe Andres Concha Sepúlveda

unread,

Aug 2, 2018, 6:30:26 AM8/2/18

to jose.fe...@wazuh.com, Wazuh mailing list

Thanks Jose, very good and clear your answer

Regards,

Felipe

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5484b5ea-d2ef-4a62-8ae0-206b77c9710b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/eb4ba9e8-685f-45c6-bfb8-0b42c19e74f7%40googlegroups.com.

Reply all

Reply to author

Forward