snort role

9e71a3d9 · Fred Smith · 1107098d · 9e71a3d9 · 9e71a3d9 · 9e71a3d9
Commit 9e71a3d9 authored May 14, 2014 by Fred Smith
6 changed files
--- a/playbooks/roles/snort/defaults/main.yml
+++ b/playbooks/roles/snort/defaults/main.yml
+
+---
+
+SNORT_OINKCODE: 'oinkcode'
--- a/playbooks/roles/snort/tasks/main.yml
+++ b/playbooks/roles/snort/tasks/main.yml
+---
+# install and configure snort IDS
+#
+
+- name: install snort
+  apt: pkg={{ item }} state="present"
+  with_items:
+    - snort
+    - oinkmaster
+
+- name: configure snort
+  template: >
+    src=etc/snort/snort.conf.j2 dest=/etc/snort/snort.conf
+    owner=root group=root mode=0644
+
+- name: configure snort (debian)
+  template: >
+    src=etc/snort/snort.debian.conf.j2 dest=/etc/snort/snort.debian.conf
+    owner=root group=root mode=0644
+
+- name: configure oinkmaster
+  template: >
+    src=etc/oinkmaster.conf.j2 dest=/etc/oinkmaster.conf
+    owner=root group=root mode=0644
+
+- name: update snort
+  shell: oinkmaster -C /etc/oinkmaster.conf -o /etc/snort/rules/ 
+  sudo: yes
+
+- name: snort service 
+  service: >
+    name="snort" 
+    state="started"
+
+- name: open read permissions on snort logs
+  file: >
+    name="/var/log/snort"
+    state="directory"
+    mode="755"
+
+- name: install oinkmaster cronjob
+  template: >
+    src=etc/cron.daily/oinkmaster.j2 dest=/etc/cron.daily/oinkmaster
+    owner=root group=root mode=0755
+
+
+
--- a/playbooks/roles/snort/templates/etc/cron.daily/oinkmaster.j2
+++ b/playbooks/roles/snort/templates/etc/cron.daily/oinkmaster.j2
+#! /bin/bash
+
+oinkmaster -C /etc/oinkmaster.conf -o /etc/snort/rules/ > /dev/null
+service snort restart
--- a/playbooks/roles/snort/templates/etc/oinkmaster.conf.j2
+++ b/playbooks/roles/snort/templates/etc/oinkmaster.conf.j2
--- a/playbooks/roles/snort/templates/etc/snort/snort.conf.j2
+++ b/playbooks/roles/snort/templates/etc/snort/snort.conf.j2
--- a/playbooks/roles/snort/templates/etc/snort/snort.debian.conf.j2
+++ b/playbooks/roles/snort/templates/etc/snort/snort.debian.conf.j2
+# snort.debian.config (Debian Snort configuration file)
+#
+# This file was generated by the post-installation script of the snort
+# package using values from the debconf database.
+#
+# It is used for options that are changed by Debian to leave
+# the original configuration files untouched.
+#
+# This file is automatically updated on upgrades of the snort package
+# *only* if it has not been modified since the last upgrade of that package.
+#
+# If you have edited this file but would like it to be automatically updated
+# again, run the following command as root:
+#   dpkg-reconfigure snort
+
+DEBIAN_SNORT_STARTUP="boot"
+DEBIAN_SNORT_HOME_NET=""
+DEBIAN_SNORT_OPTIONS=""
+DEBIAN_SNORT_INTERFACE="eth0"
+DEBIAN_SNORT_SEND_STATS="true"
+DEBIAN_SNORT_STATS_RCPT="root"
+DEBIAN_SNORT_STATS_THRESHOLD="1"