Current state of Sharingan role -- still need to add rkhunter

2022-05-02 15:00:29 -05:00
parent 1c2f4266ad
commit d0146770a4
45 changed files with 4004 additions and 46 deletions
--- a/roles/Sharingan/tasks/ids.yml
+++ b/roles/Sharingan/tasks/ids.yml
@@ -0,0 +1,59 @@
+---
+
+ - name: sshguard package
+   become: yes
+   package:
+     name: 
+       - sshguard
+       - suricata
+       - oinkmaster
+     state: present
+
+ - name: sshguard config
+   become: yes
+   copy:
+     src: sshguard.conf
+     dest: /etc/sshguard.conf
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: sshguard allowlist
+   become: yes
+   copy:
+     dest: /etc/sshguard.allowlist
+     content: |
+       "{{ router }}/{{ netmask }}"
+     owner: root
+     group: root
+     mode: 0600
+
+# - name: Copy oinkmaster service
+#   register: oinkmaster_service
+#   become: yes
+#   loop: 
+#     - oinkmaster.service
+#     - oinkmaster.timer
+#   copy:
+#     src: "{{ item }}"
+#     dest: "/usr/lib/systemd/system/{{ item }}"
+#     owner: root
+#     group: root
+#     mode: 0644
+#
+# - systemd:
+#     daemon_reload: yes
+#   become: yes
+#   when: oinkmaster_service.changed
+
+ - name: IDS services
+   become: yes
+   loop: 
+     - suricata.service
+     - sshguard.service
+       # - oinkmaster.timer
+   service: 
+     name: "{{ item }}"
+     state: restarted
+     enabled: yes
+