diff --git a/security-monitoring-ansible/README.md b/security-monitoring-ansible/README.md
index 40b0f90b153f51c936ea009f04cd1fa3b089da88..fd4ffe8bd96f1f502358b76e997557b40737df62 100644
--- a/security-monitoring-ansible/README.md
+++ b/security-monitoring-ansible/README.md
@@ -3,6 +3,8 @@
This project is meant for quickly setting up Wazuh instance using Ansible scripts
on top infrastructure provisioned using Vagrant.
+In addition to Wazuh, ClamAV is also installed to agent machines (for testing purposes).
+
## Requirements
* Vagrant 2.2.14
diff --git a/security-monitoring-ansible/ansible/clamav/tasks/install-clamav.yml b/security-monitoring-ansible/ansible/clamav/tasks/install-clamav.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c4c9f1fc56255571affd2bcb5df7cb204834d76d
--- /dev/null
+++ b/security-monitoring-ansible/ansible/clamav/tasks/install-clamav.yml
@@ -0,0 +1,58 @@
+---
+- name: Install Epel-Release
+ become: True
+ yum:
+ name: epel-release
+
+- name: Install ClamAV packages
+ become: True
+ yum:
+ name:
+ - clamav-server
+ - clamav-data
+ - clamav-update
+ - clamav-filesystem
+ - clamav
+ - clamav-scanner-systemd
+ - clamav-devel
+ - clamav-lib
+ - clamav-server-systemd
+
+- name: Configure SELinux
+ become: true
+ command: setsebool -P {{ item }}
+ with_items:
+ - antivirus_can_scan_system 1
+ - clamd_use_jit 1
+
+- name: Edit ClamAV configuration
+ become: true
+ replace:
+ path: /etc/clamd.d/scan.conf
+ regexp: '^Example'
+ replace: '#Example'
+
+- name: Edit ClamAV socket location configuration
+ become: true
+ replace:
+ path: /etc/clamd.d/scan.conf
+ regexp: '#LocalSocket /run/clamd.scan/clamd.sock'
+ replace: 'LocalSocket /tmp/clamd.sock'
+
+- name: Edit ClamAV’s freshclam update engine configuration
+ become: true
+ replace:
+ path: /etc/freshclam.conf
+ regexp: '^Example'
+ replace: '#Example'
+
+- name: Run virus definition database update
+ become: True
+ command: freshclam
+
+- name: Start ClamAV and run it on boot
+ become: True
+ service:
+ name: clamd@scan
+ state: restarted
+ enabled: yes
\ No newline at end of file
diff --git a/security-monitoring-ansible/ansible/provision-agents.yml b/security-monitoring-ansible/ansible/provision-agents.yml
index 07e7758b03a979858b1867ebc3ef71aa21273d7c..7823533d9f4927b8baa619da0a40f682d5d12d38 100644
--- a/security-monitoring-ansible/ansible/provision-agents.yml
+++ b/security-monitoring-ansible/ansible/provision-agents.yml
@@ -3,7 +3,7 @@
- hosts: wazuh_agents
become: yes
pre_tasks:
- - import_tasks: "{{ ansible_dir }}/globals/vars.yml"
+ - import_tasks: "{{ ansible_dir }}/globals/vars.yml"
roles:
- ../../../wazuh-ansible/roles/wazuh/ansible-wazuh-agent
- docker
@@ -16,4 +16,7 @@
api_proto: 'http'
api_user: ansible
max_retries: 5
- retry_interval: 5
\ No newline at end of file
+ retry_interval: 5
+ tasks:
+ - name: Import ClamAV tasks
+ import_tasks: "{{ ansible_dir }}/clamav/tasks/install-clamav.yml"
\ No newline at end of file
diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile b/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile
index e39ebc35726f4d1fe48d18e9490fee7b04bd0a67..157229a6ea4fb84c503fc64207d59efa679ae6be 100644
--- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile
+++ b/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile
@@ -28,6 +28,10 @@ servers=[
Vagrant.configure(2) do |config|
servers.each do |machine|
config.vm.define machine[:hostname] do |node|
+ # Can cause error:
+ # "You are trying to forward a host IP that does not exist. Please set `host_ip`
+ # to the address of an existing IPv4 network interface, or remove the option
+ # from your port forward configuration."
if machine[:hostname] == "manager"
node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"