75 lines
2.4 KiB
YAML
75 lines
2.4 KiB
YAML
---
|
|
# tasks file for snort-community
|
|
|
|
- name: Snort Community Edition setup
|
|
when:
|
|
- "snort_community_enabled is true"
|
|
block:
|
|
- name: Gather package facts
|
|
package_facts:
|
|
manager: auto
|
|
|
|
- name: First time snort setup
|
|
when: "'snort_package_name_by_os_family[ansible_os_family]' not in ansible_facts.packages"
|
|
block:
|
|
- name: Install snort package
|
|
ansible.builtin.package:
|
|
name: "{{ snort_package_name_by_os_family[ansible_os_family] }}"
|
|
|
|
- name: Check if snort symlink exists
|
|
stat:
|
|
path: "{{ snort_symlink_dest }}"
|
|
register: symlink_name
|
|
|
|
- name: Symlink snort to /usr/sbin
|
|
when: not symlink_name.stat.exists
|
|
ansible.builtin.file:
|
|
src: /usr/local/bin/snort
|
|
dest: "{{ snort_symlink_dest }}"
|
|
state: link
|
|
|
|
- name: Create snort group
|
|
group:
|
|
name: "{{ snort_community_group }}"
|
|
state: present
|
|
|
|
- name: Create snort user
|
|
user:
|
|
name: "{{ snort_community_user }}"
|
|
state: present
|
|
shell: /sbin/nologin
|
|
group: "{{ snort_community_group }}"
|
|
|
|
- name: Create config directory
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ snort_community_user }}"
|
|
group: "{{ snort_community_group }}"
|
|
mode: '5775'
|
|
loop:
|
|
- /etc/snort/rules
|
|
- /var/log/snort
|
|
- /usr/local/lib/snort_dynamicrules
|
|
|
|
- name: Create file for local.rules
|
|
ansible.builtin.file:
|
|
path: /etc/snort/rules/local.rules
|
|
|
|
- name: Configure snort with defaults
|
|
# when: "'snort_package_name_by_os_family[ansible_os_family]' not in ansible_facts.packages"
|
|
block:
|
|
- name: Set HOME_NET
|
|
ansible.builtin.replace:
|
|
path: /etc/snort/snort.conf
|
|
regexp: 'ipvar HOME_NET any'
|
|
replace: 'ipvar HOME_NET {{ snort_home_net_address }}'
|
|
|
|
- name: Validate snort configuration
|
|
ansible.builtin.shell: snort -T -c /etc/snort/snort.conf
|
|
register: snort_output
|
|
|
|
- name: Check successful state validation
|
|
failed_when: "snort_output is not search('Snort successfully validated')"
|
|
ansible.builtin.debug:
|
|
msg: "Snort configuration end"
|