wazuh-ansible
wazuh-ansible copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Extend Wazuh ansible support for Windows and macOS endpoints
Hello team,
I'm opening this case because at this moment the Wazuh agent playbook does not support deploying Wazuh agents to Windows and macOS endpoints.
This lack of functionality can prevent users from using Wazuh for huge environments as we are only covering Linux OS so we should consider extending this support to the above mentioned OS.
Regards,
Miguel Casares
QA makes use of these playbooks to provision the testing environments, so, I suggest to extends them to all the supported OS for our testing processes:
- Windows
- Linux
- macOS
- Solaris
The documentation says that This playbook does not support deploying Wazuh agents to Windows and macOS endpoints. but Windows is supported:
https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-agent.html
Update Report
Related documentation and code that are interesting and related to this development:
- Wazuh agent installation in macOS endpoints.
- Installing Wazuh agent with Ansible.
- Linux role in the Wazuh ansible repository.
To extend the Wazuh Ansible support for macOS endpoints, it is necessary to perform the following tasks:
- [x] Provide a macOS VM
- [x] Test the SSH connection
- [x] Configure the SSH requirements for Ansible connection
- [x] Create a new role that
- [x] Download the macOS Wazuh agent installer
- [x] Install the Wazuh agent
- [x] Register the agent to the Wazuh server
- [x] Via auto-enrollment
- [x] Via
agent-authd - [x] Via API
- [x] Set the agent credentials
- [x] Update or create a new template for the
ossec.conffile.
To ensure that the installation is widely supported, is necessary to test this new playbook in the following OS:
In Intel64 architecture:
- [x] macOS Sierra
- [x] macOS High Sierra
- [x] macOS Mojave
- [x] macOS Catalina
- [x] macOS Big Sur
- [x] macOS Monterey
- [x] macOS Ventura
In ARM architecture:
- [x] macOS Big Sur
- [x] macOS Monterey
- [x] macOS Ventura
macOS instance
To first test the macOS connectivity, I launched a macOS VM in the Black Mini.
- In the folder
/Users/jenkins/Documents/cbordon/agent. - Launched the Vagrant VM:
vagrant --name='macos-monterey-768-ansible' --copy-ssh-files --bind-port='21789' --bind-ip='X.X.X.X' up macos-1201-testing-ansible
Test the SSH connection
- The VM is accessible with
ssh [email protected] -p 21789
Configure the SSH requirements for Ansible connection
With Ansible server downloaded and configured in my machine, I edited the /etc/ansible/hosts and I specified the following content:
[macos]
X.X.X.X ansible_ssh_user=vagrant ansible_ssh_pass=vagrant ansible_ssh_port=21789
I executed the ping Ansible command:
~ ansible macos -m ping
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
10.10.0.251 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
Update Report
New role - macOS.yml
A new role macOS.yml has been created. This role will contain the necessary tasks and steps to install the Wazuh agent in the macOS endpoints.
Some variables have been added to the repo.yml, repo_pre-release.yml and repo_staging.yml files to specify the macOS agent name and URL for the Intel64 and ARM architectures.
wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"
In the roles/wazuh/ansible-wazuh-agent/defaults/main.yml file, these variables have been added too, similar to the Windows deployment.
# macOS deployment
wazuh_macos_config:
download_dir: /tmp/
install_dir: /Library/Ossec/
Initial steps and package download
The related tasks are:
- Check the macOS architecture and set it to a variable
- Check if the package is downloaded, depending on the architecture.
- Download the package if is not downloaded.
- name: macOS | Check architecture
command: "/usr/bin/uname -m"
register: uname_result
- name: macOS | Set architecture variable
set_fact:
macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"
- name: macOS | Set package name and URL based on architecture
set_fact:
wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"
- name: macOS | Check if Wazuh installer is already downloaded
stat:
path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
register: wazuh_package_downloaded
- name: macOS | Download Wazuh Agent package
get_url:
url: "{{ wazuh_macos_package_url }}"
dest: "{{ wazuh_macos_config.download_dir }}"
register: download_result
when:
- not wazuh_package_downloaded.stat.exists
Agent installation
The related tasks are:
- Check the macOS agent is installed.
- Install the macOS agent if it is not installed.
- name: macOS | Check if Wazuh Agent is already installed
stat:
path: "{{ wazuh_macos_config.install_dir }}"
register: wazuh_installed
- name: macOS | Install Agent if not already installed
command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
when: not wazuh_installed.stat.exists
register: install_result
In several tests, I noticed that the macOS agent could not be installed after an uninstallation. The issue is reported here: https://github.com/wazuh/wazuh/issues/19406
Update Report
Update the ossec.conf file template.
In order to create the related tasks, it is necessary to create or update the ossec.conf file template. This template is copied into the machine after enrolling the agent, so this task must be done before developing the enrollment alternatives. In Linux.
- name: Linux | Installing agent configuration (ossec.conf)
template:
src: var-ossec-etc-ossec-agent.conf.j2
dest: "{{ wazuh_dir }}/etc/ossec.conf"
owner: root
group: wazuh
mode: 0644
notify: restart wazuh-agent
tags:
- init
- config
After modifying the var-ossec-etc-ossec-agent.conf.j2 file and adding a new task in the macOS.yml that copies this file, the differences between an ossec.conf file directly installed in the agent (left) and an ossec.conf file installed through Ansible using the template (right).
The differences are minimal.
Also, a new task to copy the local_internal_options.conf file has been added.
https://www.diffchecker.com/C0n759i8/
The log of the Ansible playbook with the macOS agent installed:
Show log
> ansible-playbook wazuh-agent.yml
PLAY [macos] ********************************************************************************************
TASK [Gathering Facts] **********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of that
path. See https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for
more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] **********************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ******
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ******
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***********
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *********
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] **************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ********
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] **********************
changed: [10.10.0.251]
PLAY RECAP **********************************************************************************************
10.10.0.251 : ok=12 changed=1 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
:green_circle: Agent Enrollment through authd
As seen in the previous log, the agent enrollment using authd has been developed:
Display related code snippet
- name: macOS | Agent registration via authd
block:
- name: Copy CA root certificate to verify authd
copy:
src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
mode: 0644
when:
- wazuh_agent_authd.ssl_agent_ca is not none
- name: Copy TLS/SSL certificate for agent verification
copy:
src: "{{ item }}"
dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ item | basename }}"
mode: 0644
with_items:
- "{{ wazuh_agent_authd.ssl_agent_cert }}"
- "{{ wazuh_agent_authd.ssl_agent_key }}"
when:
- wazuh_agent_authd.ssl_agent_cert is not none
- wazuh_agent_authd.ssl_agent_key is not none
- name: macOS | Register agent (via authd)
shell: >
{{ wazuh_macos_config.install_dir }}/bin/agent-auth
{% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
-A {{ wazuh_agent_authd.agent_name }}
{% endif %}
-m {{ wazuh_agent_authd.registration_address }}
-p {{ wazuh_agent_authd.port }}
{% if wazuh_agent_nat %} -I "any" {% endif %}
{% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
{% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
-v "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %}
-x "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None %}
-k "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
{% endif %}
{% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
{% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
-G "{{ wazuh_agent_authd.groups | join(',') }}"
{% endif %}
register: agent_auth_output
notify: macOS | Restart Wazuh Agent
vars:
agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
- name: Display var
debug:
var: agent_auth_output
- name: macOS | Verify agent registration
shell: >
sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
when:
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
- wazuh_agent_authd.registration_address is not none
when:
- wazuh_agent_authd.enable | bool
- wazuh_agent_config.enrollment.enabled != 'yes'
tags:
- config
- authd
Very similar to the Linux one, but replacing some needed variables
Update Report
:green_circle: Agent Enrollment through API
The second alternative of enrolling the agent, through the Wazuh manager API, has been developed and tested:
To execute this alternative, it is necessary to:
- Have the auto enrollment alternative deactivated.
- Have the
authdenrollment deactivated. - Specify the
adminpassword in themain.ymlfile.
Display related code snippet
- name: macOS | Agent registration via rest-API
block:
- name: macOS | Establish target Wazuh Manager for registration task
set_fact:
target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
vars:
manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
manager_fallback: "{{ wazuh_managers | list }}"
- name: macOS | Obtain JWT Token
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
method: POST
url_username: '{{ target_manager.api_user }}'
url_password: '{{ api_pass }}'
status_code: 200
return_content: yes
force_basic_auth: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_jwt_result.json.error == 0
register: api_jwt_result
become: no
tags:
- config
- api
- name: macOS | Create the agent key via rest-API
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
method: POST
body_format: json
body:
name: '{{ agent_name }}'
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
changed_when: api_agent_post.json.error == 0
register: api_agent_post
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
tags:
- config
- api
- name: macOS | Validate registered agent key matches manager record
uri:
url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
method: GET
headers:
Authorization: 'Bearer {{ jwt_token }}'
status_code: 200
return_content: yes
validate_certs: '{{ target_manager.validate_certs | default(false) }}'
become: no
no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
register: api_agent_validation
vars:
agent_id: '{{ api_agent_post.json.data.id }}'
agent_key: '{{ api_agent_post.json.data.key }}'
jwt_token: '{{ api_jwt_result.json.data.token }}'
failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
when:
- wazuh_agent_api_validate | bool
- api_agent_post.json.error == 0
tags:
- config
- api
- name: macOS | Import Key (via rest-API)
command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents"
environment:
OSSEC_ACTION: i
OSSEC_AGENT_NAME: '{{ agent_name }}'
OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
OSSEC_ACTION_CONFIRMED: y
register: manage_agents_output
vars:
agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
notify: macOS | Restart Wazuh Agent
when:
- not ( wazuh_agent_authd.enable | bool )
- wazuh_agent_config.enrollment.enabled != 'yes'
- not client_keys_file.stat.exists or client_keys_file.stat.size == 0
tags:
- config
- api
Very similar to the Linux one, but replacing some needed variables
In the following log and image, it is shown how the agent enrollment was successful:
Display related code snippet
> ansible-playbook wazuh-agent.yml
PLAY [macos] *******************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]
PLAY RECAP *********************************************************************
10.10.0.251 : ok=20 changed=8 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
In this development, I updated the API variables according to the related documentation.
In the wazuh-agent.yml file:
api_proto: 'https'
api_user: wazuh
Instead of:
api_proto: 'http'
api_user: ansible
Update Report
:green_circle: Agent Enrollment through auto-enrollment
The third and default alternative of enrolling the agent, through the auto enrollment, has been developed and tested:
To execute this alternative, it is necessary to:
- Have the API enrollment alternative deactivated.
- Have the
authdenrollment deactivated. - Have the
wazuh_agent_enrollment.enabledtoyes.
Display related code snippet
- name: macOS | Agent registration via auto-enrollment
debug:
msg: Agent registration will be performed through enrollment option in templated ossec.conf
when: wazuh_agent_config.enrollment.enabled == 'yes'
- name: macOS | Ensure group "wazuh" exists
ansible.builtin.group:
name: wazuh
state: present
- name: Create auto-enrollment password file
template:
src: authd_pass.j2
dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
owner: wazuh
group: wazuh
mode: 0640
when:
- wazuh_agent_config.enrollment.enabled == 'yes'
- wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
- authd_pass | length > 0
tags:
- config
Very similar to the Linux one, but replacing some needed variables
In the following log and image, it is shown how the agent enrollment was successful:
Display log and image
> ansible-playbook wazuh-agent.yml
PLAY [macos] *******************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]
PLAY RECAP *********************************************************************
10.10.0.251 : ok=17 changed=3 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
The enrollment block is successfully inserted in the ossec.conf file
<enrollment>
<enabled>yes</enabled>
<manager_address>X.X.X.X</manager_address>
<port>1515</port>
<authorization_pass_path>/etc/authd.pass</authorization_pass_path>
<auto_method>no</auto_method>
<delay_after_enrollment>20</delay_after_enrollment>
<use_source_ip>no</use_source_ip>
</enrollment>
Update Report
Testing
To ensure that this deployment is supported in every macOS supported version, is necessary to perform several tests.
Intel
:green_circle: macOS Sierra
PLAY [sierra,bigsur] ***********************************************************************************
TASK [Gathering Facts] *********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python2.7, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] **************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] **************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *****
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *****
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***********************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **********
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] *************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *******************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] **************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ******************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] **************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *************
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *******
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *********************
changed: [10.10.0.251]
PLAY RECAP *********************************************************************************************
10.10.0.251 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS High Sierra
PLAY [highsierra] *******************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at /usr/bin/python2.7, but future installation of
another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *******************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] **************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *******************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] **********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] **********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ****************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ******************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] *****************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] *****************************************************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ******************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *******************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ****************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ****************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***********************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ****************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *******************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ******************************************************
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] *****************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ******************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ****************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ************************************************
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] **************************************************************
changed: [10.10.0.251]
PLAY RECAP **************************************************************************************************************************************
10.10.0.251 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Mojave
> ansible-playbook wazuh-agent.yml
PLAY [mojave] ******************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python2.7, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]
PLAY RECAP *********************************************************************
10.10.0.251 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Catalina
> ansible-playbook wazuh-agent.yml
PLAY [catalina] ****************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]
PLAY RECAP *********************************************************************
10.10.0.251 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Big Sur
> ansible-playbook wazuh-agent.yml
[DEPRECATION WARNING]: DEFAULT_HASH_BEHAVIOUR option, this feature is fragile and not portable, leading to continual confusion and misuse, use the ``combine`` filter explicitly instead. This feature will be
removed from ansible-base in version 2.13. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [bigsur] *****************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
included: /home/nonsatus/Documents/Wazuh/Repositories/wazuh-ansible/merge/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ********************************************************************************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *************************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ****************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ****************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] **********************************************************************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] *********************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ************************************************************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***********************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ******************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***********************************************************************************************************************
skipping: [10.10.0.251] => (item=)
skipping: [10.10.0.251] => (item=)
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] **********************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] **********************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] *****************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] **********************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *************************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ************************************************************************************************************************
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***********************************************************************************************************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *******************************************************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ************************************************************************************************************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] **********************************************************************************************************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ******************************************************************************************************************
changed: [10.10.0.251]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ********************************************************************************************************************************
changed: [10.10.0.251]
PLAY RECAP ********************************************************************************************************************************************************************************************************
10.10.0.251 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Monterey
PLAY [macos] *******************************************************************************************
TASK [Gathering Facts] *********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] **************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********************************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] **************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *****
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *****
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***********************
changed: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **********
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *******************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] **************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ******************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] **************************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *************
ok: [10.10.0.251] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ************************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ********
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *************
ok: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***********************
skipping: [10.10.0.251]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *******
changed: [10.10.0.251]
PLAY RECAP *********************************************************************************************
10.10.0.251 : ok=17 changed=3 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Ventura
ansible-playbook wazuh-agent.yml
PLAY [ventura] ********************************************************************
TASK [Gathering Facts] ************************************************************
[WARNING]: Platform darwin on host 3.85.49.188 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 3.85.49.188
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ************
changed: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *****
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [3.85.49.188] => (item=)
skipping: [3.85.49.188] => (item=)
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ****
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *****
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] **************
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *****
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [3.85.49.188] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [3.85.49.188]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [3.85.49.188]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [3.85.49.188]
PLAY RECAP ************************************************************************
3.85.49.188 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
ARM
:green_circle: macOS Big Sur
> ansible-playbook wazuh-agent.yml
PLAY [bigsurARM] ************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************
[WARNING]: Platform darwin on host 3.92.185.158 is using the discovered Python interpreter at /usr/bin/python3, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***********************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 3.92.185.158
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ******************************************************************************
changed: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***********************************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] **************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] **************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ********************************************************************
changed: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] *******************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] **********************************************************
changed: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] *********************************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ****************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] *********************************************************
skipping: [3.92.185.158] => (item=)
skipping: [3.92.185.158] => (item=)
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] **********************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***********************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ********************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ********************************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ********************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***********************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] **********************************************************
ok: [3.92.185.158] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] *********************************************************************
ok: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *****************************************************
changed: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] **********************************************************
changed: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ********************************************************************
skipping: [3.92.185.158]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ****************************************************
changed: [3.92.185.158]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ******************************************************************
changed: [3.92.185.158]
PLAY RECAP ******************************************************************************************************************************************
3.92.185.158 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Monterey
PLAY [montereyARM] ***********************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.250 is using the discovered Python interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for more
information.
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.250
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *******************************************************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ************************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] *********************************************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ********************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***********************************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] **********************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *****************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] **********************************************************************
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***********************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] *********************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] *********************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ****************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] *********************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ************************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***********************************************************************
ok: [10.10.0.250] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] **********************************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ******************************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***********************************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] *********************************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *****************************************************************
changed: [10.10.0.250]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *******************************************************************************
changed: [10.10.0.250]
PLAY RECAP *******************************************************************************************************************************************************
10.10.0.250 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
:green_circle: macOS Ventura
PLAY [venturaARM] ******************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.250 is using the discovered Python interpreter at /usr/bin/python3, but
future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ******************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.250
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *************************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ******************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *********************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *********************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***************************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] *****************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ****************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***********************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ****************************
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.cert)
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.key)
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *****************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ******************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***************************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] **********************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ******************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *****************************
ok: [10.10.0.250] => {
"msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ****************************************
ok: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *****************************
changed: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***************************************
skipping: [10.10.0.250]
TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***********************
changed: [10.10.0.250]
RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *************************************
changed: [10.10.0.250]
PLAY RECAP *************************************************************************************************************
10.10.0.250 : ok=19 changed=7 unreachable=0 failed=0 skipped=14 rescued=0 ignored=0
Waiting for https://github.com/wazuh/wazuh-documentation/pull/6640 to be merged.