Merge pull request #6 from EthDevOps/wazuh-agent

feature: wazuh agent role

Author: pauljickling

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this collection will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.0] - 2026-03-05
+
+### Added
+
+- New `wazuh_agent` role: installs and enrolls the Wazuh security monitoring agent via the official APT repository
+
 ## [1.1.0] - 2024
 
 ### Changed

roles/wazuh_agent/README.md

@@ -0,0 +1,42 @@
+# ethdevops.infrastructure.wazuh_agent
+
+This role installs and configures the Wazuh agent for host-based security monitoring. The agent enrolls automatically with the configured Wazuh manager using the APT repository method.
+
+## Requirements
+
+- Debian or Ubuntu target host
+- Network connectivity from the target to the Wazuh manager on port 1514 (agent events) and 1515 (enrollment)
+
+## Role Variables
+
+Default variables are defined in [defaults/main.yml](defaults/main.yml)
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `wazuh_agent_manager_host` | Hostname or IP of the Wazuh manager | `wazuh.ethquokkaops.io` |
+
+## Dependencies
+
+None
+
+## Example Playbook
+
+```yaml
+- hosts: all
+  become: true
+  roles:
+    - role: ethdevops.infrastructure.wazuh_agent
+```
+
+To override the manager host:
+
+```yaml
+- hosts: all
+  become: true
+  roles:
+    - role: ethdevops.infrastructure.wazuh_agent
+      vars:
+        wazuh_agent_manager_host: "wazuh.example.com"
+```
+
+To disable the agent for specific hosts, set `wazuh_agent_enabled: false` in the relevant host or group vars.

roles/wazuh_agent/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+wazuh_agent_manager_host: "wazuh.ethquokkaops.io"

roles/wazuh_agent/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart wazuh-agent
+  ansible.builtin.systemd:
+    name: wazuh-agent
+    state: restarted
+    daemon_reload: true

roles/wazuh_agent/meta/main.yml

@@ -0,0 +1,20 @@
+---
+galaxy_info:
+  role_name: wazuh_agent
+  author: EthDevOps
+  description: Install and configure Wazuh agent for security monitoring
+  license: MIT
+  min_ansible_version: "2.15"
+  platforms:
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+  galaxy_tags:
+    - wazuh
+    - security
+    - monitoring
+    - ids
+dependencies: []

roles/wazuh_agent/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+- name: Install prerequisite packages
+  ansible.builtin.apt:
+    name:
+      - gnupg
+      - apt-transport-https
+    state: present
+    update_cache: true
+- name: Download Wazuh GPG key
+  ansible.builtin.get_url:
+    url: https://packages.wazuh.com/key/GPG-KEY-WAZUH
+    dest: /tmp/wazuh-gpg-key
+    mode: '0644'
+- name: Import Wazuh GPG key into keyring
+  ansible.builtin.command:
+    cmd: >
+      gpg --no-default-keyring
+      --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg
+      --import /tmp/wazuh-gpg-key
+    creates: /usr/share/keyrings/wazuh.gpg
+- name: Set permissions on Wazuh keyring
+  ansible.builtin.file:
+    path: /usr/share/keyrings/wazuh.gpg
+    mode: '0644'
+- name: Clean up downloaded GPG key
+  ansible.builtin.file:
+    path: /tmp/wazuh-gpg-key
+    state: absent
+- name: Add Wazuh apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main"
+    filename: wazuh
+    state: present
+- name: Install Wazuh agent
+  ansible.builtin.apt:
+    name: wazuh-agent
+    state: present
+    update_cache: true
+  environment:
+    WAZUH_MANAGER: "{{ wazuh_agent_manager_host }}"
+  notify: Restart wazuh-agent
+- name: Enable and start Wazuh agent
+  ansible.builtin.systemd:
+    name: wazuh-agent
+    enabled: true
+    state: started
+    daemon_reload: true