Skip to content
/ ids_install Public

Ansible role to install configuration Intrusion Detection Systems

License

GPL-3.0 license
4 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ansible-security/ids_install

BranchesTags

Repository files navigation

ids_install

Tech Preview

A role to install many different Intrusion Detection Systems, these are defined as "providers" to the Role.

Current supported list of providers:

  • snort

Requirements

Red Hat Enterprise Linux 7.x, or derived Linux distribution such as CentOS 7, Scientific Linux 7, etc

Role Variables

Role variables that get put into use are IDS provider specific, they are listed below.

ids_install_pkgs - List of packages to install on the system, by default this is left empty and the defaults will be selected for each provider.

snort

For the Snort provider you will need to set the ids_install_provider variable as such:

vars:
  ids_install_provider: snort

From there, all our ids_install_provider_* variables will be namespaced to the specific provider.

Note that the ids_install_snort_version and ids_install_snort_daq_version will change upstream sometimes and care should be taken that you are aligned with the correct version.

https://www.snort.org/

snort variables

  • ids_install_provider - Default value: "snort"
  • ids_install_snort_barnyard2_normalize_logs - Default value: false
  • ids_install_snort_interface - Default value: eth0
  • ids_install_snort_pkgs - List of packages to install - Default value: ['https://s3.amazonaws.com/linklight.securityautomation/daq-2.0.6-1.el7.x86_64.rpm', 'https://s3.amazonaws.com/linklight.securityautomation/snort-2.9.13-1.centos7.x86_64.rpm', 'libdnet', 'pulledpork']
  • ids_install_snort_promiscuous_interface - Default value: False
  • ids_install_snort_logdir - Default value: "/var/log/snort"
  • ids_install_snort_logfile - Default value: "snort.log"
  • ids_install_snort_logfile - Default value: "snort.log"
  • ids_install_snort_user - Default value: "snort"
  • ids_install_snort_group - Default value: "snort"
  • ids_install_snort_use_pulledpork - Default value: True
  • ids_install_snort_community_rules_url - URL to snort rules - Default value: https://s3.amazonaws.com/linklight.securityautomation/community-rules.tar.gz
  • ids_install_snort_registered_rules_url - URL to snort registered rules - Default value: https://s3.amazonaws.com/linklight.securityautomation/snortrules-snapshot-29130.tar.gz

When ids_install_snort_barnyard2_normalize_logs is set, the role will also install barnyard2 in service of normalizing the snort logs.

Dependencies

  • geerlingguy.repo-epel

Example Playbook

- name: configure snort
  hosts: idshosts
  vars:
      ids_install_provider: "snort"
      ids_install_barnyard2_normalize_logs: True
  tasks:
    - name: import ids_install role
      import_role:
        name: "ids_install"

Notes

  • This role does not start and enable the ids_provider service because this Role does not deal with the configuration of the service and only the installation.

License

BSD

Author Information

Ansible Security Automation Team

About

Ansible role to install configuration Intrusion Detection Systems

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages