diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml index 808b9b77d..7413fb323 100644 --- a/roles/debian/wazuh/tasks/main.yml +++ b/roles/debian/wazuh/tasks/main.yml @@ -139,6 +139,10 @@ ignore_errors: true changed_when: false +- name: Set fact if wazuh-manager service exists + ansible.builtin.set_fact: + wazuh_manager_exists: "'wazuh-manager.service' in wazuh_service.stdout" + - name: Deploy custom Wazuh local rules ansible.builtin.copy: src: custom_wazuh_rules.xml @@ -149,7 +153,7 @@ notify: restart wazuh-manager tags: - rules - when: "'wazuh-manager.service' in wazuh_service.stdout" + when: wazuh_manager_exists - name: Write the password to /var/ossec/etc/authd.pass ansible.builtin.copy: @@ -158,16 +162,50 @@ mode: '0640' owner: root group: wazuh - when: "'wazuh-manager.service' in wazuh_service.stdout or 'wazuh-agent.service' in wazuh_service.stdout" + when: wazuh_manager_exists or 'wazuh-agent.service' in wazuh_service.stdout" -- name: Restart wazuh-manager to apply changes +- name: Restart wazuh-manager to apply changes. ansible.builtin.systemd_service: name: wazuh-manager state: restarted - when: "'wazuh-manager.service' in wazuh_service.stdout" + when: wazuh_manager_exists -- name: Restart wazuh-agent to apply changes +- name: Restart wazuh-agent to apply changes. ansible.builtin.systemd_service: name: wazuh-agent state: restarted when: "'wazuh-agent.service' in wazuh_service.stdout" + +- name: Read filebeat.yml content (base64 encoded) + ansible.builtin.shell: | + set -o pipefail && awk -F'"' '/password:/ {print $2}' {{ wazuh.mitre_report.password_file }} + register: report_password + no_log: true + args: + executable: /bin/bash + when: wazuh_manager_exists + +- name: Set password fact + ansible.builtin.set_fact: + filebeat_password: "{{ report_password.stdout }}" + no_log: true + when: wazuh_manager_exists + +- name: Deploy the weekly report script + ansible.builtin.template: + src: generate_weekly_report.sh.j2 + dest: /usr/local/bin/generate_weekly_report.sh + owner: root + group: root + mode: '0755' + when: wazuh_manager_exists + +- name: Ensure weekly report cron job is present + ansible.builtin.cron: + name: "Weekly OpenSearch report generation" + user: root + minute: 0 + hour: 2 + weekday: 1 # Monday + job: "/usr/local/bin/generate_weekly_report.sh >> /var/log/opensearch-reports.log 2>&1" + when: wazuh_manager_exists diff --git a/roles/debian/wazuh/templates/generate_weekly_report.sh.j2 b/roles/debian/wazuh/templates/generate_weekly_report.sh.j2 new file mode 100644 index 000000000..d7a866700 --- /dev/null +++ b/roles/debian/wazuh/templates/generate_weekly_report.sh.j2 @@ -0,0 +1,46 @@ +#!/bin/bash + +# This script generates a PDF report from wazuh-dashboard visualization and emails it + +# Set variables +REPORT_DATE=$(date +"%Y-%m-%d") +REPORT_NAME="weekly-report-${REPORT_DATE}" +LOG_FILE="/var/log/opensearch-reports.log" +USERNAME= {{ wazuh.mitre_report.username }} +PASSWORD= {{ filebeat_password }} + +# Function to log messages +log_message() { + echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE" +} + +log_message "Starting weekly report generation" + +# Generate and send the report +opensearch-reporting-cli \ + -u "{{ wazuh.mitre_report.visualization_url }}" \ + -a basic \ + -c "$USERNAME:$PASSWORD" \ + --selfsignedcerts true \ + -f pdf \ + -n "$REPORT_NAME" \ + -e smtp \ + -s "{{ wazuh.mitre_report.e-mail_from }}" \ + -r "{{ wazuh.manager.wazuh_manager_mailto}}" \ + --subject "Weekly OpenSearch Report - $(date '+%B %d, %Y')" \ + --note "Hi,\n\nPlease find attached the weekly Wazuh Mitre report covering the last 7 days.\n\nReport generated on: $(date '+%Y-%m-%d %H:%M:%S')\n\nBest regards,\nAutomated Reporting System" \ + --smtphost localhost \ + --smtpport 25 + +# Check if the command was successful +if [ $? -eq 0 ]; then + log_message "Weekly report generated and sent successfully" +else + log_message "ERROR: Failed to generate or send weekly report" + exit 1 +fi + +# Optional: Clean up old report files (keep last 2 weeks) +find /tmp -name "weekly-report-*.pdf" -mtime +14 -delete 2>/dev/null + +log_message "Weekly report process completed"