Updating Sharingan for testing

examples/msn0.yml

@@ -56,7 +56,7 @@ all:
                             uefi: true
                             siem: true
                             disks:
-                              - '-drive format=raw,index=0,media=disk,file=/dev/sdd'
+                              - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
                         DarkNet:
                             ip: 10.0.1.17
                             ipinterface: eth0
@@ -66,7 +66,7 @@ all:
                             vnc: 9
                             bridge: br0
                             disks: 
-                              - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
+                              - '-drive format=raw,index=0,media=disk,file=/dev/sdd'
                         Maat:
                             ip: 10.0.1.18
                             ipinterface: ens3

roles/Sharingan/files/clamav/clamscan.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Sharingan-IDS | Virus scanning
+
+[Service]
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+Type=simple
+ExecStart=clamscan -r / -i --exclude-dir="/srv/ygddrasil" --exclude-dir="/dev" --exclude-dir="/sys" --exclude-dir="/proc" --exclude-dir="/media/Infected/" --exclude-dir="/etc/snort/rules" --exclude-dir="/etc/suricata/rules"
+TimeoutSec=3600
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target

roles/Sharingan/files/clamav/clamscan.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Sharingan-IDS | Virus scanning
+
+[Timer]
+OnCalendar=02:00
+Persistent=false
+
+[Install]
+WantedBy=timers.target
+
+#EOF

roles/Sharingan/files/clamav/freshclam.service

@@ -8,7 +8,7 @@ IOSchedulingPriority=7
 Type=simple
 ExecStart=freshclam
 User=root
-group=root
+Group=root
 
 [Install]
 WantedBy=multi-user.target

roles/Sharingan/files/lynis/sharingan-scan.service

@@ -6,11 +6,11 @@ Nice=19
 IOSchedulingClass=best-effort
 IOSchedulingPriority=7
 Type=simple
-ExecStartPre=clamscan -r / -i --exclude-dir="/srv/ygddrasil" --exclude-dir="/dev" --exclude-dir="/sys" --exclude-dir="/proc" --exclude-dir="/media/Infected/" --exclude-dir="/etc/snort/rules" --exclude-dir="/etc/suricata/rules"
 ExecStart=lynis audit system
 ExecStartPost=systemd-cat -t sharingan-vulns arch-audit
+TimeoutSec=3600
 User=root
-group=root
+Group=root
 
 [Install]
 WantedBy=multi-user.target

roles/Sharingan/files/monit/checks/system

@@ -19,7 +19,7 @@ check filesystem rootfs with path /
   if space usage > 80% for 5 times within 15 cycles then exec "/etc/monit.d/scripts/critical Root filesystem is too full."
   if read rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many reads on root filesystem."
   if write rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many writes on root filesystem."
-  if service time > 50 milliseconds for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical Root filesystem performing slowly -- check iostat."
+  # if service time > 50 milliseconds for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical Root filesystem performing slowly -- check iostat."
   group system
 #
 ## Check a network link status (up/down), link capacity changes, saturation

roles/Sharingan/files/rkhunter/rkhunter.service

@@ -6,9 +6,9 @@ Nice=19
 IOSchedulingClass=best-effort
 IOSchedulingPriority=7
 Type=simple
-ExecStart=rkhunter --check --sk
+ExecStart=-/usr/bin/rkhunter --check --sk
 User=root
-group=root
+Group=root
 
 [Install]
 WantedBy=multi-user.target

roles/Sharingan/tasks/scans.yml

@@ -22,6 +22,7 @@
 
  - name: Scanning services
    become: yes
+   register: lynis_svc
    copy:
      src: "lynis/{{ item }}" 
      dest: /usr/lib/systemd/system/
@@ -34,6 +35,7 @@
 
  - name: Scanning services
    become: yes
+   register: clam_svc
    copy:
      src: "clamav/{{ item }}" 
      dest: /usr/lib/systemd/system/
@@ -43,6 +45,14 @@
    loop:
      - freshclam.service
      - freshclam.timer
+     - clamscan.service
+     - clamscan.timer
+
+ - systemd:
+     daemon_reload: yes
+   become: yes
+   when: clam_svc.changed or lynis_svc.changed
+
 
  - name: Enable timers
    become: yes