<===
2026-01-12 19:43:33
# wazuh-agents.yml
- name: Install and configure Wazuh agents
hosts: wazuh_agents
become: yes
tasks:
- name: Copy Wazuh RPM to agent
ansible.builtin.copy:
src: "{{ wazuh_rpm_src }}"
dest: "{{ wazuh_rpm_dst }}"
mode: '0644'
- name: Install Wazuh agent RPM
ansible.builtin.yum:
name: "{{ wazuh_rpm_dst }}"
state: present
- name: Ensure wazuh-agent service is stopped before config
ansible.builtin.service:
name: wazuh-agent
state: stopped
ignore_errors: yes
- name: Deploy Wazuh agent ossec.conf
ansible.builtin.template:
src: ossec.conf.j2
dest: /var/ossec/etc/ossec.conf
owner: root
group: ossec
mode: '0640'
- name: Reload systemd units
ansible.builtin.systemd:
daemon_reload: yes
- name: Enable and start wazuh-agent
ansible.builtin.service:
name: wazuh-agent # systemd unit name
enabled: yes
state: started
- name: Ensure firewalld package is present
ansible.builtin.yum:
name: firewalld
state: present
- name: Ensure firewalld is running
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: Allow outbound Wazuh traffic to managers (1514,1515)
ansible.posix.firewalld:
port: "{{ item }}/tcp"
state: enabled
permanent: yes
immediate: yes
loop:
- 1514
- 1515
==============================
<!-- templates/ossec.conf.j2 -->
<ossec_config>
<client>
{% for m in wazuh_managers %}
<server>
<address>{{ m.address }}</address>
<port>{{ m.port }}</port>
<protocol>{{ m.protocol }}</protocol>
</server>
{% endfor %}
<config-profile>{{ inventory_hostname }}</config-profile>
</client>
<!-- тут можно оставить stock-конфиг или вырезать ненужное -->
</ossec_config>
==========================
# group_vars/all.yml
wazuh_rpm_src: "file/wazuh.rpm"
wazuh_rpm_dst: "/tmp/wazuh.rpm"
wazuh_managers:
- address: 10.0.0.10
port: 1514
protocol: tcp
- address: 10.0.0.11
port: 1514
protocol: tcp
# какие порты надо открыть на менеджерах
wazuh_manager_ports:
- 1514 # agent connection
- 1515 # enrollment
- 55000 # API enrollment
========================