Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alir3z4/ansible-suricata

An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.
https://github.com/alir3z4/ansible-suricata

Last synced: about 2 months ago
JSON representation

An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.

Host: GitHub
URL: https://github.com/alir3z4/ansible-suricata
Owner: Alir3z4
License: bsd-3-clause
Created: 2014-09-27T00:40:14.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2021-10-30T17:14:59.000Z (about 3 years ago)
Last Synced: 2024-09-02T00:48:59.990Z (4 months ago)
Language: Jinja
Homepage: https://galaxy.ansible.com/list#/roles/1829
Size: 48.8 KB
Stars: 16
Watchers: 4
Forks: 12
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Ansible Suricata Playbook

An Ansible playbook for deploying the Suricata intrusion detection system and
fetching Snort rules with Oinkmaster.

## Role Variables

Below you can find the variables with their default variables.
```yaml
suricata_sniffing_interface: eth0
suricata_sniffing_interface_type: 100M
suricata_rules_archive_url: http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
suricata_log_dir: /var/log/suricata/
suricata_log_dir_certs: /var/log/suricata/certs/
suricata_rules_dir: /etc/suricata/rules/
```

## Installation

From your Ansible's *roles* folder run:
```bash
git submodule add https://github.com/ajdelgado/ansible-suricata.git suricata
```

## Platforms
Tested on:
- Ubuntu focal

## Usage Example

1. Create a group called *nids*
2. Add a host with access to all traffic (a router or use port mirroring in your switch to the port where this host is connected)
Inventory example (/etc/ansible/inventories/inventory):
```yaml
---
all:
children:
nids:
hosts:
my_router:
```
3. Set the variables in group_vars matching your system
Group variables example file (/etc/ansible/inventories/group_vars/nids/nids_vars.yml):
```yaml
---
suricata_sniffing_interface: eno1
suricata_sniffing_interface_type: 1000M
suricata_rules_archive_url: http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
suricata_log_dir: /var/log/suricata/
suricata_log_dir_certs: /var/log/suricata/certs/
suricata_rules_dir: /etc/suricata/rules/
```
4. Create a playbook like:
Playbook example file (/etc/ansible/playbooks/nids.yml):
```yaml
- name: Set up Suricata in NIDS hosts
hosts: nids
roles:
- role: suricata
```

## Dependencies

None!

## License

BSD

## Authors Information

* [Alireza Savand](https://github.com/Alir3z4)
* [Antonio J. Delgado](https://github.com/ajdelgado)