From f9b9a2e72bb9381f8c6b0065cb006df6e4d58b83 Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Sat, 19 Nov 2022 11:48:56 +0100 Subject: [PATCH] fix typo with iptables-webserver; add custom list installation for pihole; add snort community rules configuration and setup --- roles/iptables-webserver/tasks/main.yml | 2 +- roles/pi-hole/defaults/main.yml | 26 +++++++++++++++++++ roles/pi-hole/tasks/main.yml | 23 +++++++++++++++- .../tasks/install_Community_Rules.yml | 19 ++++++++++++++ roles/snort-community/tasks/main.yml | 12 +++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 roles/snort-community/tasks/install_Community_Rules.yml diff --git a/roles/iptables-webserver/tasks/main.yml b/roles/iptables-webserver/tasks/main.yml index ad83382..58e18ab 100644 --- a/roles/iptables-webserver/tasks/main.yml +++ b/roles/iptables-webserver/tasks/main.yml @@ -10,7 +10,7 @@ ansible.builtin.iptables: chain: INPUT protocol: tcp - destination_port: "{{ port }}" + destination_port: "{{ item }}" ctstate: NEW,ESTABLISHED jump: ACCEPT comment: Webserver dedicated port diff --git a/roles/pi-hole/defaults/main.yml b/roles/pi-hole/defaults/main.yml index bcaef5d..9316b2a 100644 --- a/roles/pi-hole/defaults/main.yml +++ b/roles/pi-hole/defaults/main.yml @@ -2,3 +2,29 @@ # defaults file for pi-hole pihole_enabled: false +pihole_install_custom_list: false + +pihole_custom_list: + - https://blocklistproject.github.io/Lists/ads.txt + - https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt + - https://phishing.army/download/phishing_army_blocklist_extended.txt + - https://blocklistproject.github.io/Lists/ransomware.txt + - https://phishing.army/download/phishing_army_blocklist.txt + - https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt + - https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/ImmortalMalwareDomains.txt + - https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt + - https://v.firebog.net/hosts/Prigent-Crypto.txt + - https://raw.githubusercontent.com/mitchellkrogza/Phishing.Database/master/phishing-domains-ACTIVE.txt + - https://raw.githubusercontent.com/migueldemoura/ublock-umatrix-rulesets/master/Hosts/malware + - https://kriskintel.com/feeds/ktip_malicious_domains.txt + - https://blocklistproject.github.io/Lists/scam.txt + - https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt + - https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hacked-domains.list + - https://blocklistproject.github.io/Lists/fraud.txt + - https://raw.githubusercontent.com/infinitytec/blocklists/master/scams-and-phishing.txt + - https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt + - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts + - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt + - https://v.firebog.net/hosts/Prigent-Ads.txt + - https://blocklistproject.github.io/Lists/smart-tv.txt + - https://raw.githubusercontent.com/d43m0nhLInt3r/socialblocklists/master/SmartTV/smarttvblocklist.txt diff --git a/roles/pi-hole/tasks/main.yml b/roles/pi-hole/tasks/main.yml index 6c4d577..f999cac 100644 --- a/roles/pi-hole/tasks/main.yml +++ b/roles/pi-hole/tasks/main.yml @@ -15,6 +15,27 @@ ansible.builtin.package: name: curl - - name: Execute manually the automated install and follow instructions + - name: Execute manually the automated install and follow instructions, after that you can install custom list ansible.builtin.debug: msg: "curl -sSL https://install.pi-hole.net | bash" + + - name: Check if can install custom list + when: pihole_install_custom_list is true + block: + - name: Check if pi-hole db exists + stat: + path: /etc/pihole/gravity.db + register: pihole_db + + - name: Install sqlite3 package + ansible.builtin.package: + name: sqlite3 + + - name: Install more lists than default + when: pihole_db.stat.exists + ansible.builtin.shell: + cmd: sqlite3 /etc/pihole/gravity.db "INSERT INTO adlist (address, enabled, comment) VALUES ('{{ item }}', 1, '');" + loop: "{{ pihole_custom_list }}" + + - name: Update Gravity + ansible.builtin.shell: pihole updateGravity diff --git a/roles/snort-community/tasks/install_Community_Rules.yml b/roles/snort-community/tasks/install_Community_Rules.yml new file mode 100644 index 0000000..e640fb0 --- /dev/null +++ b/roles/snort-community/tasks/install_Community_Rules.yml @@ -0,0 +1,19 @@ +- name: Download updated Community Rules + ansible.builtin.get_url: + url: https://www.snort.org/rules/community + dest: /tmp/snort_community_rules.tar.gz + +- name: Extract Community Rules + ansible.builtin.unarchive: + src: /tmp/snort_community_rules.tar.gz + dest: /tmp/snort_community_rules + +- name: Copy rules to snort config folder + ansible.builtin.copy: + src: "{{ item }}" + dest: /etc/snort/rules + with_fileglob: + - /tmp/snort_community_rules/* + +- name: Activate Community rules + ansible.builtin.shell: sed -i 's/include $RULE_PATH/#include $RULE_PATH/' /etc/snort/snort.conf diff --git a/roles/snort-community/tasks/main.yml b/roles/snort-community/tasks/main.yml index 3ca9c9a..824b04b 100644 --- a/roles/snort-community/tasks/main.yml +++ b/roles/snort-community/tasks/main.yml @@ -65,6 +65,18 @@ regexp: 'ipvar HOME_NET any' replace: 'ipvar HOME_NET {{ snort_home_net_address }}' + - name: Check if there are rules or files in /etc/snort/rules + find: + paths: /etc/snort/rules + file_type: any + hidden: true + register: snort_rules + + - name: Install Community Rules if /etc/snort/rules empty + when: snort_rules.matched == 0 + block: + - include_tasks: install_Community_Rules.yml + - name: Validate snort configuration ansible.builtin.shell: snort -T -c /etc/snort/snort.conf register: snort_output