AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

Got rkhunter working for HIDS; operational fixes for Sharingan

Browse Source
This commit is contained in:
DarkFeather
2022-05-03 16:57:52 -05:00
parent d0146770a4
commit 01dde4008d
40 changed files with 299 additions and 580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
roles/Sharingan/tasks/data.yml
View File

@@ -37,7 +37,7 @@
- name: Sharingan-Data service conf
become: yes
copy:
src: syslog-ng@sharingan-data
src: syslog-ng/syslog-ng@sharingan-data
dest: /etc/default/syslog-ng@sharingan-data
owner: root
group: root
@@ -47,107 +47,8 @@
become: yes
register: data_service
copy:
src: "sharingan-data.service/{{ ansible_os_family }}"
src: "syslog-ng/sharingan-data.service/{{ ansible_os_family }}"
dest: /usr/lib/systemd/system/sharingan-data.service
owner: root
group: root
mode: 0750
- name: Sharingan-Eval service
become: yes
register: eval_service
copy:
src: sharingan-eval.service
dest: /usr/lib/systemd/system/sharingan-eval.service
owner: root
group: root
mode: 0750
- name: Sharingan-Eval monitrc
become: yes
template:
src: monitrc.j2
dest: /etc/monitrc
owner: root
group: root
mode: 0700
- name: Sharingan-Eval includes dir
become: yes
file:
path: /etc/monit.d
state: directory
- name: Sharingan-Eval monit templates
become: yes
copy:
src: templates
dest: /etc/monit.d/templates
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit scripts
become: yes
copy:
src: templates
dest: /etc/monit.d/scripts
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit host config
become: yes
copy:
src: "{{ inventory_hostname }}"
dest: "/etc/monit.d/{{ inventory_hostname }}"
owner: root
group: root
mode: 0700
- name: Sharingan-Heartbeat service
become: yes
register: heartbeat_service
copy:
src: "{{ item }}"
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
loop:
- sharingan-heartbeat.timer
- sharingan-heartbeat.service
- name: Sharingan-Data heartbeat timer
become: yes
copy:
src: sharingan-heartbeat.timer
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
- systemd:
daemon_reload: yes
become: yes
when: data_service.changed or eval_service.changed or heartbeat_service.changed
- name: Start Sharingan-Data services
become: yes
service:
name: "{{ item }}"
state: restarted
enabled: yes
loop:
- sharingan-data.service
- sharingan-heartbeat.timer
- sharingan-eval.service
- name: Disable default service
become: yes
ignore_errors: yes
service:
name: syslog-ng@default.service
state: stopped
enabled: no

59
roles/Sharingan/tasks/eval.yml Normal file
View File

@@ -0,0 +1,59 @@
---
- name: Sharingan-Eval service
become: yes
register: eval_service
copy:
src: monit/sharingan-eval.service
dest: /usr/lib/systemd/system/sharingan-eval.service
owner: root
group: root
mode: 0750
- name: Sharingan-Eval monitrc
become: yes
template:
src: monitrc.j2
dest: /etc/monitrc
owner: root
group: root
mode: 0700
- name: Sharingan-Eval includes dir
become: yes
loop:
- "/etc/monit.d/"
- "/etc/monit.d/scripts"
- "/etc/monit.d/checks"
file:
path: "{{ item }}"
state: directory
- name: Sharingan-Eval monit templates
become: yes
copy:
src: monit/checks/
dest: /etc/monit.d/checks
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit scripts
become: yes
copy:
src: monit/scripts/
dest: /etc/monit.d/scripts
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit host config
become: yes
copy:
src: "monit/hostdefs/{{ inventory_hostname }}"
dest: "/etc/monit.d/{{ inventory_hostname }}"
owner: root
group: root
mode: 0700

48
roles/Sharingan/tasks/heartbeat.yml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: Sharingan-Heartbeat service
become: yes
register: heartbeat_service
copy:
src: "{{ item }}"
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
loop:
- sharingan-heartbeat.timer
- sharingan-heartbeat.service
- name: Sharingan-Data heartbeat timer
become: yes
copy:
src: sharingan-heartbeat.timer
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0750
- systemd:
daemon_reload: yes
become: yes
when: data_service.changed or eval_service.changed or heartbeat_service.changed
- name: Start Sharingan-Data services
become: yes
service:
name: "{{ item }}"
state: restarted
enabled: yes
loop:
- sharingan-data.service
- sharingan-heartbeat.timer
- sharingan-eval.service
- name: Disable default service
become: yes
ignore_errors: yes
service:
name: syslog-ng@default.service
state: stopped
enabled: no

90
roles/Sharingan/tasks/ids.yml
View File

@@ -1,14 +1,17 @@
---
- name: sshguard package
- name: IDS packages
become: yes
register: package_install
package:
name:
- sshguard
- suricata
- oinkmaster
- rkhunter
state: present
# Network IPS
- name: sshguard config
become: yes
copy:
@@ -28,32 +31,79 @@
group: root
mode: 0600
# - name: Copy oinkmaster service
# register: oinkmaster_service
# become: yes
# loop:
# - oinkmaster.service
# - oinkmaster.timer
# copy:
# src: "{{ item }}"
# dest: "/usr/lib/systemd/system/{{ item }}"
# owner: root
# group: root
# mode: 0644
#
# - systemd:
# daemon_reload: yes
# become: yes
# when: oinkmaster_service.changed
# Host IDS
- name: Copy rkhunter service
register: rkhunter_conf
become: yes
copy:
src: rkhunter/rkhunter.conf
dest: "/etc/rkhunter.conf"
owner: root
group: root
mode: 0644
- name: Copy rkhunter service
register: rkhunter_service
become: yes
loop:
- rkhunter.service
- rkhunter.timer
copy:
src: "rkhunter/{{ item }}"
dest: "/usr/lib/systemd/system/{{ item }}"
owner: root
group: root
mode: 0644
# Network IDS
- name: Copy oinkmaster conf
register: oinkmaster_conf
become: yes
copy:
src: "oinkmaster/oinkmaster.conf"
dest: "/usr/lib/systemd/system/oinkmaster.conf"
owner: root
group: root
mode: 0644
- name: Copy oinkmaster service
register: oinkmaster_service
become: yes
loop:
- oinkmaster.service
- oinkmaster.timer
copy:
src: "oinkmaster/{{ item }}"
dest: "/usr/lib/systemd/system/{{ item }}"
owner: root
group: root
mode: 0644
- systemd:
daemon_reload: yes
become: yes
when: oinkmaster_service.changed or rkhunter_service.changed
- name: Update oinkmaster DB
become: yes
when: package_install.changed or oinkmaster_conf.changed
service:
name: oinkmaster.service
state: started
- name: Update rkhunter DB
become: yes
when: package_install.changed or rkhunter_conf.changed
command: "/bin/bash -c 'export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; rkhunter -C && rkhunter --propupd'"
- name: IDS services
become: yes
loop:
- suricata.service
- sshguard.service
# - oinkmaster.timer
- oinkmaster.timer
- rkhunter.timer
service:
name: "{{ item }}"
state: restarted
enabled: yes

7
roles/Sharingan/tasks/main.yml
View File

@@ -1,4 +1,8 @@
---
- import_tasks: ../roles/Sharingan/tasks/data.yml
- import_tasks: ../roles/Sharingan/tasks/eval.yml
- import_tasks: ../roles/Sharingan/tasks/heartbeat.yml
- import_tasks: ../roles/Sharingan/tasks/siem.yml
when: siem is defined
@@ -6,7 +10,6 @@
- import_tasks: ../roles/Sharingan/tasks/ids.yml
when: secdetection is defined
- import_tasks: ../roles/Sharingan/tasks/vulns.yml
- import_tasks: ../roles/Sharingan/tasks/scans.yml
when: ansible_os_family == "Archlinux"
- import_tasks: ../roles/Sharingan/tasks/data.yml

18
roles/Sharingan/tasks/vulns.yml → roles/Sharingan/tasks/scans.yml
View File

@@ -20,7 +20,7 @@
group: root
mode: 0600
- name: lynis services
- name: Scanning services
become: yes
copy:
src: "lynis/{{ item }}"
@@ -29,8 +29,18 @@
group: root
mode: 0664
loop:
- sharingan-vulns.service
- sharingan-vulns.timer
- sharingan-scan.service
- sharingan-scan.timer
- name: Scanning services
become: yes
copy:
src: "clamav/{{ item }}"
dest: /usr/lib/systemd/system/
owner: root
group: root
mode: 0664
loop:
- freshclam.service
- freshclam.timer
@@ -38,7 +48,7 @@
become: yes
loop:
- freshclam.timer
- sharingan-vulns.timer
- sharingan-scan.timer
service:
name: "{{ item }}"
state: restarted