Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing

2023-02-20 16:50:10 -06:00
parent a2fecf9d64
commit d92ab6acda
39 changed files with 310 additions and 39 deletions
--- a/roles/Sharingan/files/rkhunter/rkhunter.conf
+++ b/roles/Sharingan/files/rkhunter/rkhunter.conf
@@ -1333,8 +1333,6 @@ DBDIR=/var/lib/rkhunter/db
 SCRIPTDIR=/usr/lib/rkhunter/scripts
 TMPDIR=/var/lib/rkhunter/tmp
 USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
-SCRIPTWHITELIST=/usr/bin/egrep
-SCRIPTWHITELIST=/usr/bin/fgrep
 SCRIPTWHITELIST=/usr/bin/ldd
 SCRIPTWHITELIST=/usr/bin/vendor_perl/GET
 BINDIR=/bin /usr/bin /sbin /usr/sbin
--- a/roles/Sharingan/tasks/ids.yml
+++ b/roles/Sharingan/tasks/ids.yml
@@ -31,6 +31,24 @@
     group: root
     mode: 0600

+ - name: suricata config files
+   become: yes
+   copy:
+     src: suricata/
+     dest: /etc/suricata/
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: suricata config template
+   become: yes
+   template:
+     src: suricata.yaml.j2
+     dest: /etc/suricata/suricata.yaml
+     owner: root
+     group: root
+     mode: 0600
+
 # Host IDS
 - name: Copy rkhunter service
   register: rkhunter_conf
--- a/roles/Sharingan/templates/monitrc.j2
+++ b/roles/Sharingan/templates/monitrc.j2
@@ -154,7 +154,7 @@ set httpd port 2812 and
    use address localhost  # only accept connection from localhost (drop if you use M/Monit)
    allow localhost        # allow localhost to connect to the server and
    # require user 'admin' with password
-    allow admin:"{{ secrets[Sharingan][monit] | default('monit') }}"
+    allow admin:"{{ secrets['Sharingan']['monit'] | default('monit') }}"
    #with ssl {            # enable SSL/TLS and set path to server certificate
    #    pemfile: /etc/ssl/certs/monit.pem
    #}
--- a/roles/Sharingan/templates/suricata.yaml.j2
+++ b/roles/Sharingan/templates/suricata.yaml.j2
@@ -16,7 +16,7 @@
 #max-pending-packets: 1024

 # Runmode the engine should use. Please check --list-runmodes to get the available
-# runmodes for each packet acquisition menp1s0fod. Defaults to "autofp" (auto flow pinned
+# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
 # load balancing).
 #runmode: autofp

@@ -143,7 +143,7 @@ outputs:
      append: yes
      #extended: yes     # enable this for extended logging information
      #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
+      #customformat:
      #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'

  # a line based log of TLS handshake parameters (no alerts)
@@ -310,7 +310,7 @@ nflog:
 # af-packet support
 # Set threads to > 1 to use PACKET_FANOUT support
 af-packet:
-  - interface: enp1s0f0
+  - interface: {{ ipinterface }}
    # Number of receive threads (>1 will enable experimental flow pinned
    # runmode)
    threads: 1
@@ -363,10 +363,10 @@ af-packet:
    # will not be copied.
    #copy-mode: ips
    #copy-iface: enp1s0f1
-  - interface: enp1s0f1
-    threads: 1
-    cluster-id: 98
-    cluster-type: cluster_flow
+    #   - interface: enp1s0f1
+    #     threads: 1
+    #     cluster-id: 98
+    #     cluster-type: cluster_flow
    defrag: yes
    # buffer-size: 32768
    # disable-promisc: no