AniNIX/Kapisi
AniNIX
/
Kapisi
2
0
Fork 0
Code Issues 25 Pull Requests 1 Projects 1 Releases Wiki Activity

Updating Sharingan for testing

This commit is contained in:
DarkFeather 2022-05-04 10:30:23 -05:00
parent 01dde4008d
commit 51e2836378
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
8 changed files with 44 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/msn0.yml
View File

@ -56,7 +56,7 @@ all:
uefi: true
siem: true
disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
DarkNet:
ip: 10.0.1.17
ipinterface: eth0
@ -66,7 +66,7 @@ all:
vnc: 9
bridge: br0
disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
Maat:
ip: 10.0.1.18
ipinterface: ens3

15
roles/Sharingan/files/clamav/clamscan.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Sharingan-IDS | Virus scanning
[Service]
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
Type=simple
ExecStart=clamscan -r / -i --exclude-dir="/srv/ygddrasil" --exclude-dir="/dev" --exclude-dir="/sys" --exclude-dir="/proc" --exclude-dir="/media/Infected/" --exclude-dir="/etc/snort/rules" --exclude-dir="/etc/suricata/rules"
TimeoutSec=3600
User=root
Group=root
[Install]
WantedBy=multi-user.target

11
roles/Sharingan/files/clamav/clamscan.timer Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Sharingan-IDS | Virus scanning
[Timer]
OnCalendar=02:00
Persistent=false
[Install]
WantedBy=timers.target
#EOF

2
roles/Sharingan/files/clamav/freshclam.service
View File

@ -8,7 +8,7 @@ IOSchedulingPriority=7
Type=simple
ExecStart=freshclam
User=root
group=root
Group=root
[Install]
WantedBy=multi-user.target

4
roles/Sharingan/files/lynis/sharingan-scan.service
View File

@ -6,11 +6,11 @@ Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
Type=simple
ExecStartPre=clamscan -r / -i --exclude-dir="/srv/ygddrasil" --exclude-dir="/dev" --exclude-dir="/sys" --exclude-dir="/proc" --exclude-dir="/media/Infected/" --exclude-dir="/etc/snort/rules" --exclude-dir="/etc/suricata/rules"
ExecStart=lynis audit system
ExecStartPost=systemd-cat -t sharingan-vulns arch-audit
TimeoutSec=3600
User=root
group=root
Group=root
[Install]
WantedBy=multi-user.target

2
roles/Sharingan/files/monit/checks/system
View File

@ -19,7 +19,7 @@ check filesystem rootfs with path /
if space usage > 80% for 5 times within 15 cycles then exec "/etc/monit.d/scripts/critical Root filesystem is too full."
if read rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many reads on root filesystem."
if write rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many writes on root filesystem."
if service time > 50 milliseconds for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical Root filesystem performing slowly -- check iostat."
# if service time > 50 milliseconds for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical Root filesystem performing slowly -- check iostat."
group system
#
## Check a network link status (up/down), link capacity changes, saturation

4
roles/Sharingan/files/rkhunter/rkhunter.service
View File

@ -6,9 +6,9 @@ Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
Type=simple
ExecStart=rkhunter --check --sk
ExecStart=-/usr/bin/rkhunter --check --sk
User=root
group=root
Group=root
[Install]
WantedBy=multi-user.target

10
roles/Sharingan/tasks/scans.yml
View File

@ -22,6 +22,7 @@
- name: Scanning services
become: yes
register: lynis_svc
copy:
src: "lynis/{{ item }}"
dest: /usr/lib/systemd/system/
@ -34,6 +35,7 @@
- name: Scanning services
become: yes
register: clam_svc
copy:
src: "clamav/{{ item }}"
dest: /usr/lib/systemd/system/
@ -43,6 +45,14 @@
loop:
- freshclam.service
- freshclam.timer
- clamscan.service
- clamscan.timer
- systemd:
daemon_reload: yes
become: yes
when: clam_svc.changed or lynis_svc.changed
- name: Enable timers
become: yes