Add whitelisting of controller

astsu777 · Apr 14, 2018 · 9530974 · 9530974
1 parent 2545155
commit 9530974
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -3,6 +3,8 @@ Ansible Role: OSSEC-HIDS
 
 This role installs and configures OSSEC-HIDS in local mode. Depending on the defined variables, it is possible to choose the protections and also if email notifications are enabled.
 
+**Note**: the Ansible controller IP address will automatically be whitelisted (to avoid being disconnected by mistake). This IP needs to be defined in a variable (see below).
+
 Requirements
 ------------
 
@@ -28,6 +30,7 @@ ossec_integritycheck_daemon: y
 ossec_rootkit_engine: y
 ossec_active_response: y
 ossec_firewalldrop_response: y
+ansible_controller_ip: 192.168.0.1
 ```
 
 
@@ -43,6 +46,7 @@ ossec_integritycheck_daemon: y
 ossec_rootkit_engine: y
 ossec_active_response: y
 ossec_firewalldrop_response: y
+ansible_controller_ip: 192.168.0.1
 ```
 
 These variables should be defined in either group_vars or host_vars.

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -12,6 +12,7 @@ ossec_integritycheck_daemon: y
 ossec_rootkit_engine: y
 ossec_active_response: y
 ossec_firewalldrop_response: y
+ansible_controller_ip: 192.168.1.1
 
 # OSSEC installation questions (without email notification)
 #ossec_dir: /var/ossec

diff --git a/tasks/ossec.yml b/tasks/ossec.yml
@@ -67,3 +67,10 @@
   service:
     name: ossec
     state: started
+
+- name: (OSSEC) Whitelist Ansible Controller IP address
+  lineinfile:
+    path: /var/ossec/etc/ossec.conf
+    insertafter: '</white_list>'
+    state: present
+    line: "    <white_list>{{ ansible_controller_ip }}</white_list>"