Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password

roles/Sharingan/files/monit/checks/automated_response

@@ -0,0 +1,3 @@
+check program check_archlinux_wkd with path "/usr/bin/systemctl is-failed archlinux-keyring-wkd-sync.service"
+    if status == 0 for 1 times within 5 cycles then exec "/usr/bin/systemctl reset-failed archlinux-keyring-wkd-sync.service"
+    if status == 0 for 5 times within 5 cycles then exec "/etc/monit.d/scripts/critical CRITICAL: Archlinux Keyring WKD Sync has failed and automated remediation has not solved it."

roles/Sharingan/files/monit/hostdefs/DarkNet

@@ -1 +1,2 @@
 include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/automated_response"

roles/Sharingan/files/monit/hostdefs/Maat

@@ -1 +1,2 @@
 include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/automated_response"

roles/Sharingan/files/monit/hostdefs/Nodelet0

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Nodelet1

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Nodelet2

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Nodelet3

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Nodelet4

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Sharingan

@@ -1,3 +1,4 @@
 include "/etc/monit.d/checks/system"
 include "/etc/monit.d/checks/vips"
 include "/etc/monit.d/checks/availability"
+include "/etc/monit.d/checks/automated_response"

roles/Sharingan/files/monit/hostdefs/Yggdrasil

@@ -2,3 +2,4 @@ include "/etc/monit.d/checks/system"
 include "/etc/monit.d/checks/watcher-of-watchers"
 include "/etc/monit.d/checks/warrant-canary"
 include "/etc/monit.d/checks/grimoire"
+include "/etc/monit.d/checks/automated_response"

roles/Sharingan/tasks/scans.yml

@@ -33,33 +33,17 @@
      - sharingan-scan.service
      - sharingan-scan.timer
 
- - name: Scanning services
-   become: yes
-   register: clam_svc
-   copy:
-     src: "clamav/{{ item }}"
-     dest: /usr/lib/systemd/system/
-     owner: root
-     group: root
-     mode: 0664
-   loop:
-     - freshclam.service
-     - freshclam.timer
-     - clamscan.service
-     - clamscan.timer
-
  - systemd:
      daemon_reload: yes
    become: yes
-   when: clam_svc.changed or lynis_svc.changed
-
+   when: lynis_svc.changed
 
  - name: Enable timers
    become: yes
-   loop:
-     - freshclam.timer
-     - sharingan-scan.timer
    service:
-     name: "{{ item }}"
+     name: sharingan-scan.timer
      state: restarted
      enabled: yes
+
+ - import_tasks: "./vscan.yml"
+   when: vscan_enabled is defined

roles/Sharingan/tasks/siem.yml

@@ -5,7 +5,8 @@
    package:
      name:
        - elasticsearch
-       - mongodb44-bin # Temporarily pinned for extensions
+       - mongodb-bin
+       - mongodb-tools-bin
        - graylog
      state: present
 

roles/Sharingan/tasks/vscan.yml

@@ -0,0 +1,26 @@
+---
+
+ - name: Virus scanning services
+   become: yes
+   register: clam_svc
+   copy:
+     src: "clamav/{{ item }}"
+     dest: /usr/lib/systemd/system/
+     owner: root
+     group: root
+     mode: 0664
+   loop:
+     - freshclam.service
+     - freshclam.timer
+     - clamscan.service
+     - clamscan.timer
+
+ - name: Enable timers
+   become: yes
+   loop:
+     - freshclam.timer
+     - clamscan.timer
+   service:
+     name: "{{ item }}"
+     state: restarted
+     enabled: yes