configurations-ansible/roles/snort-community/tasks/main.yml

---
# tasks file for snort-community

- name: Snort Community Edition setup
  when:
    - "snort_community_enabled is true"
  block:
    - name: Gather package facts
      package_facts:
        manager: auto

    - name: First time snort setup
      when: "'snort_package_name_by_os_family[ansible_os_family]' not in ansible_facts.packages"
      block:
        - name: Install snort package
          ansible.builtin.package:
            name: "{{ snort_package_name_by_os_family[ansible_os_family] }}"

        - name: Check if snort symlink exists
          stat:
            path: "{{ snort_symlink_dest }}"
          register: symlink_name

        - name: Symlink snort to /usr/sbin
          when: not symlink_name.stat.exists
          ansible.builtin.file:
            src: /usr/local/bin/snort
            dest: "{{ snort_symlink_dest }}"
            state: link

        - name: Create snort group
          group:
            name: "{{ snort_community_group }}"
            state: present

        - name: Create snort user
          user:
            name: "{{ snort_community_user }}"
            state: present
            shell: /sbin/nologin
            group: "{{ snort_community_group }}"

        - name: Create config directory
          ansible.builtin.file:
            path: "{{ item }}"
            state: directory
            owner: "{{ snort_community_user }}"
            group: "{{ snort_community_group }}"
            mode: '5775'
          loop:
            - /etc/snort/rules
            - /var/log/snort
            - /usr/local/lib/snort_dynamicrules

        - name: Create file for local.rules
          ansible.builtin.file:
            path: /etc/snort/rules/local.rules

        - name: Configure snort with defaults
          # when: "'snort_package_name_by_os_family[ansible_os_family]' not in ansible_facts.packages"
          block:
            - name: Set HOME_NET
              ansible.builtin.replace:
                path: /etc/snort/snort.conf
                regexp: 'ipvar HOME_NET any'
                replace: 'ipvar HOME_NET {{ snort_home_net_address }}'

        - name: Check if there are rules or files in /etc/snort/rules
          find:
            paths: /etc/snort/rules
            file_type: any
            hidden: true
          register: snort_rules

        - name: Install Community Rules if /etc/snort/rules empty
          when: snort_rules.matched == 0
          block:
            - include_tasks: install_Community_Rules.yml

        - name: Validate snort configuration
          ansible.builtin.shell: snort -T -c /etc/snort/snort.conf
          register: snort_output

        - name: Check successful state validation
          failed_when: "snort_output is not search('Snort successfully validated')"
          ansible.builtin.debug:
            msg: "Snort configuration end"