Got rkhunter working for HIDS; operational fixes for Sharingan

2022-05-03 16:57:52 -05:00
parent d0146770a4
commit 01dde4008d
40 changed files with 299 additions and 580 deletions
--- a/roles/Sharingan/tasks/ids.yml
+++ b/roles/Sharingan/tasks/ids.yml
@@ -1,14 +1,17 @@
 ---

- - name: sshguard package
+ - name: IDS packages
   become: yes
+   register: package_install
   package:
     name: 
       - sshguard
       - suricata
       - oinkmaster
+       - rkhunter
     state: present

+ # Network IPS
 - name: sshguard config
   become: yes
   copy:
@@ -28,32 +31,79 @@
     group: root
     mode: 0600

-# - name: Copy oinkmaster service
-#   register: oinkmaster_service
-#   become: yes
-#   loop: 
-#     - oinkmaster.service
-#     - oinkmaster.timer
-#   copy:
-#     src: "{{ item }}"
-#     dest: "/usr/lib/systemd/system/{{ item }}"
-#     owner: root
-#     group: root
-#     mode: 0644
-#
-# - systemd:
-#     daemon_reload: yes
-#   become: yes
-#   when: oinkmaster_service.changed
+ # Host IDS
+ - name: Copy rkhunter service
+   register: rkhunter_conf
+   become: yes
+   copy:
+     src: rkhunter/rkhunter.conf
+     dest: "/etc/rkhunter.conf"
+     owner: root
+     group: root
+     mode: 0644
+
+ - name: Copy rkhunter service
+   register: rkhunter_service
+   become: yes
+   loop: 
+     - rkhunter.service
+     - rkhunter.timer
+   copy:
+     src: "rkhunter/{{ item }}"
+     dest: "/usr/lib/systemd/system/{{ item }}"
+     owner: root
+     group: root
+     mode: 0644
+
+ # Network IDS
+ - name: Copy oinkmaster conf
+   register: oinkmaster_conf
+   become: yes
+   copy:
+     src: "oinkmaster/oinkmaster.conf"
+     dest: "/usr/lib/systemd/system/oinkmaster.conf"
+     owner: root
+     group: root
+     mode: 0644
+
+ - name: Copy oinkmaster service
+   register: oinkmaster_service
+   become: yes
+   loop: 
+     - oinkmaster.service
+     - oinkmaster.timer
+   copy:
+     src: "oinkmaster/{{ item }}"
+     dest: "/usr/lib/systemd/system/{{ item }}"
+     owner: root
+     group: root
+     mode: 0644
+
+ - systemd:
+     daemon_reload: yes
+   become: yes
+   when: oinkmaster_service.changed or rkhunter_service.changed
+
+ - name: Update oinkmaster DB
+   become: yes
+   when: package_install.changed or oinkmaster_conf.changed
+   service:
+     name: oinkmaster.service 
+     state: started
+
+ - name: Update rkhunter DB
+   become: yes
+   when: package_install.changed or rkhunter_conf.changed
+   command: "/bin/bash -c 'export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; rkhunter -C && rkhunter --propupd'"

 - name: IDS services
   become: yes
   loop: 
     - suricata.service
     - sshguard.service
-       # - oinkmaster.timer
+     - oinkmaster.timer
+     - rkhunter.timer
   service: 
     name: "{{ item }}"
     state: restarted
     enabled: yes
-