Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Wazuh ansible support for Windows and macOS endpoints #768

Closed
MiguelCasaresRobles opened this issue May 11, 2022 · 9 comments · Fixed by #1083 or wazuh/wazuh-documentation#6640
Closed

Extend Wazuh ansible support for Windows and macOS endpoints #768

MiguelCasaresRobles opened this issue May 11, 2022 · 9 comments · Fixed by #1083 or wazuh/wazuh-documentation#6640
Assignees
@davidcr01
Labels
enhancement level/task Subtask issue operations type/enhancement

Comments

@MiguelCasaresRobles
Copy link
Member

Hello team,

I'm opening this case because at this moment the Wazuh agent playbook does not support deploying Wazuh agents to Windows and macOS endpoints.

This lack of functionality can prevent users from using Wazuh for huge environments as we are only covering Linux OS so we should consider extending this support to the above mentioned OS.

Regards,

Miguel Casares
@Rebits
Copy link
Member

Rebits commented Jun 13, 2022

QA makes use of these playbooks to provision the testing environments, so, I suggest to extends them to all the supported OS for our testing processes:

  • Windows
  • Linux
  • macOS
  • Solaris

@Rebits Rebits added qa QA qa-thunder QA support: Vulnerability detector, Wazuh DB, Integrator, Log rotation, Labels, Office 365 labels Jun 13, 2022
@Rebits Rebits assigned roronoasins and unassigned roronoasins Jun 13, 2022
@Rebits Rebits removed qa QA qa-thunder QA support: Vulnerability detector, Wazuh DB, Integrator, Log rotation, Labels, Office 365 labels Jun 14, 2022
@snaow snaow added this to the Release 4.5.0 milestone Nov 16, 2022
@havidarou havidarou removed this from the Release 4.5.0 milestone Dec 13, 2022
@teddytpc1 teddytpc1 added the level/task Subtask issue label Apr 26, 2023
@teddytpc1
Copy link
Member

teddytpc1 commented May 29, 2023
edited
Loading

The documentation says that This playbook does not support deploying Wazuh agents to Windows and macOS endpoints. but Windows is supported:
https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-agent.html

@davidcr01 davidcr01 self-assigned this Sep 20, 2023
@davidcr01
Copy link
Contributor

davidcr01 commented Sep 21, 2023
edited
Loading

Update Report

Related documentation and code that are interesting and related to this development:

To extend the Wazuh Ansible support for macOS endpoints, it is necessary to perform the following tasks:

  • Provide a macOS VM
  • Test the SSH connection
  • Configure the SSH requirements for Ansible connection
  • Create a new role that
    • Download the macOS Wazuh agent installer
    • Install the Wazuh agent
    • Register the agent to the Wazuh server
      • Via auto-enrollment
      • Via agent-authd
      • Via API
    • Set the agent credentials
  • Update or create a new template for the ossec.conf file.

To ensure that the installation is widely supported, is necessary to test this new playbook in the following OS:

In Intel64 architecture:

  • macOS Sierra
  • macOS High Sierra
  • macOS Mojave
  • macOS Catalina
  • macOS Big Sur
  • macOS Monterey
  • macOS Ventura

In ARM architecture:

  • macOS Big Sur
  • macOS Monterey
  • macOS Ventura

macOS instance

To first test the macOS connectivity, I launched a macOS VM in the Black Mini.

  • In the folder /Users/jenkins/Documents/cbordon/agent.
  • Launched the Vagrant VM: vagrant --name='macos-monterey-768-ansible' --copy-ssh-files --bind-port='21789' --bind-ip='X.X.X.X' up macos-1201-testing-ansible

Test the SSH connection

  • The VM is accessible with ssh vagrant@X.X.X.X -p 21789

Configure the SSH requirements for Ansible connection

With Ansible server downloaded and configured in my machine, I edited the /etc/ansible/hosts and I specified the following content:

[macos]
X.X.X.X ansible_ssh_user=vagrant ansible_ssh_pass=vagrant ansible_ssh_port=21789

I executed the ping Ansible command:

 ~  ansible macos -m ping       
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
10.10.0.251 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

@davidcr01 davidcr01 mentioned this issue Oct 4, 2023
Closed
4 tasks
@davidcr01
Copy link
Contributor

davidcr01 commented Oct 5, 2023
edited
Loading

Update Report

New role - macOS.yml

A new role macOS.yml has been created. This role will contain the necessary tasks and steps to install the Wazuh agent in the macOS endpoints.

Some variables have been added to the repo.yml, repo_pre-release.yml and repo_staging.yml files to specify the macOS agent name and URL for the Intel64 and ARM architectures.

wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg"
wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg"
wazuh_macos_intel_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_intel_package_name }}"
wazuh_macos_arm_package_url: "https://packages.wazuh.com/4.x/macos/{{ wazuh_macos_arm_package_name }}"

In the roles/wazuh/ansible-wazuh-agent/defaults/main.yml file, these variables have been added too, similar to the Windows deployment.

# macOS deployment
wazuh_macos_config:
  download_dir: /tmp/
  install_dir: /Library/Ossec/

Initial steps and package download

The related tasks are:

  • Check the macOS architecture and set it to a variable
  • Check if the package is downloaded, depending on the architecture.
  • Download the package if is not downloaded.
- name: macOS | Check architecture
  command: "/usr/bin/uname -m"
  register: uname_result

- name: macOS | Set architecture variable
  set_fact:
    macos_architecture: "{{ 'arm' if uname_result.stdout == 'arm64' else 'intel' }}"

- name: macOS | Set package name and URL based on architecture
  set_fact:
    wazuh_macos_package_url: "{{ wazuh_macos_intel_package_url if macos_architecture == 'intel' else wazuh_macos_arm_package_url }}"
    wazuh_macos_package_name: "{{ wazuh_macos_intel_package_name if macos_architecture == 'intel' else wazuh_macos_arm_package_name }}"

- name: macOS | Check if Wazuh installer is already downloaded
  stat:
    path: "{{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }}"
  register: wazuh_package_downloaded

- name: macOS | Download Wazuh Agent package
  get_url:
    url: "{{ wazuh_macos_package_url }}"
    dest: "{{ wazuh_macos_config.download_dir }}"
  register: download_result
  when:
    - not wazuh_package_downloaded.stat.exists

Agent installation

The related tasks are:

  • Check the macOS agent is installed.
  • Install the macOS agent if it is not installed.
- name: macOS | Check if Wazuh Agent is already installed
  stat:
    path: "{{ wazuh_macos_config.install_dir }}"
  register: wazuh_installed

- name: macOS | Install Agent if not already installed
  command: "installer -pkg {{ wazuh_macos_config.download_dir }}{{ wazuh_macos_package_name }} -target /"
  when: not wazuh_installed.stat.exists
  register: install_result

In several tests, I noticed that the macOS agent could not be installed after an uninstallation. The issue is reported here: wazuh/wazuh#19406

@davidcr01 davidcr01 mentioned this issue Oct 6, 2023
Closed
3 tasks
@davidcr01
Copy link
Contributor

davidcr01 commented Oct 9, 2023
edited
Loading

Update Report

Update the ossec.conf file template.

In order to create the related tasks, it is necessary to create or update the ossec.conf file template. This template is copied into the machine after enrolling the agent, so this task must be done before developing the enrollment alternatives. In Linux.

- name: Linux | Installing agent configuration (ossec.conf)
  template:
    src: var-ossec-etc-ossec-agent.conf.j2
    dest: "{{ wazuh_dir }}/etc/ossec.conf"
    owner: root
    group: wazuh
    mode: 0644
  notify: restart wazuh-agent
  tags:
    - init
    - config

After modifying the var-ossec-etc-ossec-agent.conf.j2 file and adding a new task in the macOS.yml that copies this file, the differences between an ossec.conf file directly installed in the agent (left) and an ossec.conf file installed through Ansible using the template (right).
The differences are minimal.

Also, a new task to copy the local_internal_options.conf file has been added.

https://www.diffchecker.com/C0n759i8/

The log of the Ansible playbook with the macOS agent installed:

Show log 
> ansible-playbook wazuh-agent.yml

PLAY [macos] ********************************************************************************************

TASK [Gathering Facts] **********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of that
path. See https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for
more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] **********************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ******
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ******
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***********
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *********
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] **************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ********
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] **********************
changed: [10.10.0.251]


PLAY RECAP **********************************************************************************************
10.10.0.251                : ok=12   changed=1    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0

🟢 Agent Enrollment through authd

As seen in the previous log, the agent enrollment using authd has been developed:

Display related code snippet 
- name: macOS | Agent registration via authd
  block:

    - name: Copy CA root certificate to verify authd
      copy:
        src: "{{ wazuh_agent_authd.ssl_agent_ca }}"
        dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
        mode: 0644
      when:
        - wazuh_agent_authd.ssl_agent_ca is not none

    - name: Copy TLS/SSL certificate for agent verification
      copy:
        src: "{{ item }}"
        dest: "{{ wazuh_macos_config.install_dir }}/etc/{{ item | basename }}"
        mode: 0644
      with_items:
        - "{{ wazuh_agent_authd.ssl_agent_cert }}"
        - "{{ wazuh_agent_authd.ssl_agent_key }}"
      when:
        - wazuh_agent_authd.ssl_agent_cert is not none
        - wazuh_agent_authd.ssl_agent_key is not none
    - name: macOS | Register agent (via authd)
      shell: >
        {{ wazuh_macos_config.install_dir }}/bin/agent-auth
        {% if wazuh_agent_authd.agent_name is defined and wazuh_agent_authd.agent_name != None %}
        -A {{ wazuh_agent_authd.agent_name }}
        {% endif %}
        -m {{ wazuh_agent_authd.registration_address }}
        -p {{ wazuh_agent_authd.port }}
        {% if wazuh_agent_nat %} -I "any" {% endif %}
        {% if authd_pass | length > 0 %} -P {{ authd_pass }} {% endif %}
        {% if wazuh_agent_authd.ssl_agent_ca is defined and wazuh_agent_authd.ssl_agent_ca != None %}
        -v "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
        {% endif %}
        {% if wazuh_agent_authd.ssl_agent_cert is defined and wazuh_agent_authd.ssl_agent_cert != None %}
        -x "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
        {% endif %}
        {% if wazuh_agent_authd.ssl_agent_key is defined and wazuh_agent_authd.ssl_agent_key != None  %}
        -k "{{ wazuh_macos_config.install_dir }}/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
        {% endif %}
        {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
        {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
        -G "{{ wazuh_agent_authd.groups | join(',') }}"
        {% endif %}
      register: agent_auth_output
      notify: macOS | Restart Wazuh Agent
      vars:
        agent_name: "{% if single_agent_name is defined %}{{ single_agent_name }}{% else %}{{ ansible_hostname }}{% endif %}"
      when:
        - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
        - wazuh_agent_authd.registration_address is not none

    - name: Display var
      debug:
        var: agent_auth_output

    - name: macOS | Verify agent registration
      shell: >
        sh -c "echo '{{ agent_auth_output.stdout }} {{ agent_auth_output.stderr }}' | grep 'Valid key received'"
      when:
        - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
        - wazuh_agent_authd.registration_address is not none
  when:
    - wazuh_agent_authd.enable | bool
    - wazuh_agent_config.enrollment.enabled != 'yes'
  tags:
    - config
    - authd

image

Very similar to the Linux one, but replacing some needed variables

@davidcr01
Copy link
Contributor

Update Report

🟢 Agent Enrollment through API

The second alternative of enrolling the agent, through the Wazuh manager API, has been developed and tested:

To execute this alternative, it is necessary to:

  • Have the auto enrollment alternative deactivated.
  • Have the authd enrollment deactivated.
  • Specify the admin password in the main.yml file.
Display related code snippet 
- name: macOS | Agent registration via rest-API
  block:

    - name: macOS | Establish target Wazuh Manager for registration task
      set_fact:
        target_manager: '{{ manager_primary | length | ternary(manager_primary, manager_fallback) | first }}'
      vars:
        manager_primary: "{{ wazuh_managers | selectattr('register','true') | list }}"
        manager_fallback: "{{ wazuh_managers | list }}"

    - name: macOS | Obtain JWT Token
      uri:
        url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/security/user/authenticate'
        method: POST
        url_username: '{{ target_manager.api_user }}'
        url_password: '{{ api_pass }}'
        status_code: 200
        return_content: yes
        force_basic_auth: yes
        validate_certs: '{{ target_manager.validate_certs | default(false) }}'
      no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
      delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
      changed_when: api_jwt_result.json.error == 0
      register: api_jwt_result
      become: no
      tags:
        - config
        - api

    - name: macOS | Create the agent key via rest-API
      uri:
        url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents'
        method: POST
        body_format: json
        body:
          name: '{{ agent_name }}'
        headers:
          Authorization: 'Bearer {{ jwt_token }}'
        status_code: 200
        return_content: yes
        validate_certs: '{{ target_manager.validate_certs | default(false) }}'
      become: no
      no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
      delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
      changed_when: api_agent_post.json.error == 0
      register: api_agent_post
      vars:
        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
        jwt_token: '{{ api_jwt_result.json.data.token }}'
      tags:
        - config
        - api

    - name: macOS | Validate registered agent key matches manager record
      uri:
        url: '{{ target_manager.api_proto }}://{{ target_manager.address }}:{{ target_manager.api_port }}/agents/{{ agent_id }}/key'
        method: GET
        headers:
          Authorization: 'Bearer {{ jwt_token }}'
        status_code: 200
        return_content: yes
        validate_certs: '{{ target_manager.validate_certs | default(false) }}'
      become: no
      no_log: '{{ wazuh_agent_nolog_sensible | bool }}'
      delegate_to: '{{ inventory_hostname if wazuh_api_reachable_from_agent else "localhost" }}'
      register: api_agent_validation
      vars:
        agent_id: '{{ api_agent_post.json.data.id }}'
        agent_key: '{{ api_agent_post.json.data.key }}'
        jwt_token: '{{ api_jwt_result.json.data.token }}'
      failed_when: api_agent_validation.json.data.affected_items[0].key != agent_key
      when:
      - wazuh_agent_api_validate | bool
      - api_agent_post.json.error == 0
      tags:
        - config
        - api

    - name: macOS | Import Key (via rest-API)
      command: "{{ wazuh_macos_config.install_dir }}/bin/manage_agents"
      environment:
        OSSEC_ACTION: i
        OSSEC_AGENT_NAME: '{{ agent_name }}'
        OSSEC_AGENT_IP: '{{ wazuh_agent_address }}'
        OSSEC_AGENT_ID: '{{ api_agent_post.json.data.id }}'
        OSSEC_AGENT_KEY: '{{ api_agent_post.json.data.key }}'
        OSSEC_ACTION_CONFIRMED: y
      register: manage_agents_output
      vars:
        agent_name: '{{ target_manager.agent_name | default(ansible_hostname) }}'
      notify: macOS | Restart Wazuh Agent
  when:
    - not ( wazuh_agent_authd.enable | bool )
    - wazuh_agent_config.enrollment.enabled != 'yes'
    - not client_keys_file.stat.exists or client_keys_file.stat.size == 0
  tags:
    - config
    - api

Very similar to the Linux one, but replacing some needed variables

In the following log and image, it is shown how the agent enrollment was successful:

Display related code snippet 
> ansible-playbook wazuh-agent.yml

PLAY [macos] *******************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]

PLAY RECAP *********************************************************************
10.10.0.251                : ok=20   changed=8    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0

image

In this development, I updated the API variables according to the related documentation.

In the wazuh-agent.yml file:

api_proto: 'https'
api_user: wazuh

Instead of:

api_proto: 'http'
api_user: ansible

@davidcr01
Copy link
Contributor

Update Report

🟢 Agent Enrollment through auto-enrollment

The third and default alternative of enrolling the agent, through the auto enrollment, has been developed and tested:

To execute this alternative, it is necessary to:

  • Have the API enrollment alternative deactivated.
  • Have the authd enrollment deactivated.
  • Have the wazuh_agent_enrollment.enabled to yes.
Display related code snippet 
- name: macOS | Agent registration via auto-enrollment
  debug:
    msg: Agent registration will be performed through enrollment option in templated ossec.conf
  when:  wazuh_agent_config.enrollment.enabled == 'yes'

- name: macOS | Ensure group "wazuh" exists
  ansible.builtin.group:
    name: wazuh
    state: present

- name: Create auto-enrollment password file
  template:
    src: authd_pass.j2
    dest: "{{ wazuh_macos_config.install_dir }}/etc/authd.pass"
    owner: wazuh
    group: wazuh
    mode: 0640
  when:
    - wazuh_agent_config.enrollment.enabled == 'yes'
    - wazuh_agent_config.enrollment.authorization_pass_path_macos | length > 0
    - authd_pass | length > 0
  tags:
    - config

Very similar to the Linux one, but replacing some needed variables

In the following log and image, it is shown how the agent enrollment was successful:

Display log and image 
> ansible-playbook wazuh-agent.yml

PLAY [macos] *******************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]

PLAY RECAP *********************************************************************
10.10.0.251                : ok=17   changed=3    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

The enrollment block is successfully inserted in the ossec.conf file

<enrollment>
    <enabled>yes</enabled>
    <manager_address>X.X.X.X</manager_address>
    <port>1515</port>
    <authorization_pass_path>/etc/authd.pass</authorization_pass_path>
    <auto_method>no</auto_method>
    <delay_after_enrollment>20</delay_after_enrollment>
    <use_source_ip>no</use_source_ip>
</enrollment>

@davidcr01
Copy link
Contributor

davidcr01 commented Oct 11, 2023
edited
Loading

Update Report

Testing

To ensure that this deployment is supported in every macOS supported version, is necessary to perform several tests.

Intel

🟢 macOS Sierra 
PLAY [sierra,bigsur] ***********************************************************************************

TASK [Gathering Facts] *********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python2.7, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] **************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] **************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *****
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *****
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***********************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **********
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] *************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *******************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] **************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ******************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] **************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *************
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *******
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *********************
changed: [10.10.0.251]

PLAY RECAP *********************************************************************************************
10.10.0.251                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

sierra-intel

🟢 macOS High Sierra 
PLAY [highsierra] *******************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at /usr/bin/python2.7, but future installation of
another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ****************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *******************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ***************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] **************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *******************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] **********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] **********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ****************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ******************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] *****************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] *****************************************************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ******************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *******************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ****************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ****************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***********************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ****************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *******************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ******************************************************
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] *****************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ******************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ****************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ************************************************
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] **************************************************************
changed: [10.10.0.251]

PLAY RECAP **************************************************************************************************************************************
10.10.0.251                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

highsierra-intel

🟢 macOS Mojave 
> ansible-playbook wazuh-agent.yml

PLAY [mojave] ******************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python2.7, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]

PLAY RECAP *********************************************************************
10.10.0.251                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

🟢 macOS Catalina 
> ansible-playbook wazuh-agent.yml

PLAY [catalina] ****************************************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [10.10.0.251]

PLAY RECAP *********************************************************************
10.10.0.251                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

🟢 macOS Big Sur 
>  ansible-playbook wazuh-agent.yml
[DEPRECATION WARNING]: DEFAULT_HASH_BEHAVIOUR option, this feature is fragile and not portable, leading to continual confusion and misuse, use the ``combine`` filter explicitly instead. This feature will be 
removed from ansible-base in version 2.13. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [bigsur] *****************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **********************************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] *************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *********************************************************************************************************************************************************
included: /home/nonsatus/Documents/Wazuh/Repositories/wazuh-ansible/merge/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ********************************************************************************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *************************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ****************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ****************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] **********************************************************************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] *********************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ************************************************************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***********************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ******************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***********************************************************************************************************************
skipping: [10.10.0.251] => (item=) 
skipping: [10.10.0.251] => (item=) 

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] **********************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] **********************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] *****************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] **********************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *************************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ************************************************************************************************************************
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***********************************************************************************************************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *******************************************************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ************************************************************************************************************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] **********************************************************************************************************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ******************************************************************************************************************
changed: [10.10.0.251]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ********************************************************************************************************************************
changed: [10.10.0.251]

PLAY RECAP ********************************************************************************************************************************************************************************************************
10.10.0.251                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

🟢 macOS Monterey 
PLAY [macos] *******************************************************************************************

TASK [Gathering Facts] *********************************************************************************
[WARNING]: Platform darwin on host 10.10.0.251 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] **************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **********************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.251

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *********************************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] **************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *****
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *****
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***********************
changed: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **********
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *******************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ************
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.251] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] **************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***********************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ******************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] **************************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *************
ok: [10.10.0.251] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ************************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ********
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *************
ok: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***********************
skipping: [10.10.0.251]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *******
changed: [10.10.0.251]

PLAY RECAP *********************************************************************************************
10.10.0.251                : ok=17   changed=3    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

monterrey-intel

🟢 macOS Ventura 
ansible-playbook wazuh-agent.yml

PLAY [ventura] ********************************************************************

TASK [Gathering Facts] ************************************************************
[WARNING]: Platform darwin on host 3.85.49.188 is using the discovered Python
interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] **************************
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 3.85.49.188

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ************
changed: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] *****
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***
changed: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***
changed: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ***
skipping: [3.85.49.188] => (item=) 
skipping: [3.85.49.188] => (item=) 
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ****
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] *****
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] **************
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] *****
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***
ok: [3.85.49.188] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ***
ok: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ***
changed: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***
changed: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***
skipping: [3.85.49.188]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***
changed: [3.85.49.188]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ***
changed: [3.85.49.188]

PLAY RECAP ************************************************************************
3.85.49.188                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

ARM

🟢 macOS Big Sur 
> ansible-playbook wazuh-agent.yml

PLAY [bigsurARM] ************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************
[WARNING]: Platform darwin on host 3.92.185.158 is using the discovered Python interpreter at /usr/bin/python3, but future installation of another
Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-
core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ********************************************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ***********************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] *******************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 3.92.185.158

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] ******************************************************************************
changed: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ***********************************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] **************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] **************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ********************************************************************
changed: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] *******************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] **********************************************************
changed: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] *********************************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ****************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] *********************************************************
skipping: [3.92.185.158] => (item=) 
skipping: [3.92.185.158] => (item=) 
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] **********************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ***********************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ********************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ********************************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ***************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ********************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ***********************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] **********************************************************
ok: [3.92.185.158] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] *********************************************************************
ok: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] *****************************************************
changed: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] **********************************************************
changed: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ********************************************************************
skipping: [3.92.185.158]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ****************************************************
changed: [3.92.185.158]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] ******************************************************************
changed: [3.92.185.158]

PLAY RECAP ******************************************************************************************************************************************
3.92.185.158               : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

image

🟢 macOS Monterey 
PLAY [montereyARM] ***********************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.250 is using the discovered Python interpreter at /usr/bin/python3, but future installation of another Python
interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for more
information.
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] *********************************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] ********************************************************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.250

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *******************************************************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ************************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] ***************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] ***************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] *********************************************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] ********************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] ***********************************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] **********************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] *****************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] **********************************************************************
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] ***********************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] *********************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] *********************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] ****************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] *********************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ************************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] ***********************************************************************
ok: [10.10.0.250] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] **********************************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ******************************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] ***********************************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] *********************************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] *****************************************************************
changed: [10.10.0.250]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *******************************************************************************
changed: [10.10.0.250]

PLAY RECAP *******************************************************************************************************************************************************
10.10.0.250                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

monterey-arm

🟢 macOS Ventura 
PLAY [venturaARM] ******************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
[WARNING]: Platform darwin on host 10.10.0.250 is using the discovered Python interpreter at /usr/bin/python3, but
future installation of another Python interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_vars] ***************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Overlay wazuh_agent_config on top of defaults] ******************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : include_tasks] **************************************************************
included: /home/davidcr01/Wazuh/ansible/roles/wazuh/ansible-wazuh-agent/tasks/macOS.yml for 10.10.0.250

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check architecture] *************************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set architecture variable] ******************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Set package name and URL based on architecture] *********************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh installer is already downloaded] *********************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Download Wazuh Agent package] ***************************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if Wazuh Agent is already installed] **************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Install Agent if not already installed] *****************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Check if client.keys exists] ****************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy CA root certificate to verify authd] ***********************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Copy TLS/SSL certificate for agent verification] ****************************
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.cert) 
skipping: [10.10.0.250] => (item=/home/davidcr01/test/sslagent.key) 
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Register agent (via authd)] *****************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Verify agent registration] ******************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Establish target Wazuh Manager for registration task] ***************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Obtain JWT Token] ***************************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Create the agent key via rest-API] **********************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Validate registered agent key matches manager record] ***************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Import Key (via rest-API)] ******************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Agent registration via auto-enrollment] *****************************
ok: [10.10.0.250] => {
    "msg": "Agent registration will be performed through enrollment option in templated ossec.conf"
}

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Ensure group "wazuh" exists] ****************************************
ok: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing agent configuration (ossec.conf)] ************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Installing local_internal_options.conf] *****************************
changed: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : Create auto-enrollment password file] ***************************************
skipping: [10.10.0.250]

TASK [../roles/wazuh/ansible-wazuh-agent : macOS | Delete downloaded Wazuh agent installer file] ***********************
changed: [10.10.0.250]

RUNNING HANDLER [../roles/wazuh/ansible-wazuh-agent : macOS | Restart Wazuh Agent] *************************************
changed: [10.10.0.250]

PLAY RECAP *************************************************************************************************************
10.10.0.250                : ok=19   changed=7    unreachable=0    failed=0    skipped=14   rescued=0    ignored=0

ventura-arm

This was referenced Oct 17, 2023
Merged
Merged
@teddytpc1 teddytpc1 linked a pull request Oct 18, 2023 that will close this issue
Extend Ansible support for macOS endpoints #1083
Merged
@teddytpc1 teddytpc1 linked a pull request Oct 18, 2023 that will close this issue
Changed Windows agent support in Ansible deployment wazuh/wazuh-documentation#6640
Merged
7 tasks
@teddytpc1
Copy link
Member

Waiting for wazuh/wazuh-documentation#6640 to be merged.

@teddytpc1 teddytpc1 reopened this Oct 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidcr01 davidcr01

Labels
enhancement level/task Subtask issue operations type/enhancement
Projects
No open projects
Release 4.8.0
Archived in project
Milestone
No milestone
7 participants
@snaow @havidarou @Rebits @MiguelCasaresRobles @roronoasins @teddytpc1 @davidcr01