Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dj-wasabi/ansible-ossec-server
Installing and maintaining the ossec-server for RedHat/Debian/Ubuntu.
https://github.com/dj-wasabi/ansible-ossec-server
ansible-role molecule ossec ossec-server
Last synced: 2 months ago
JSON representation
Installing and maintaining the ossec-server for RedHat/Debian/Ubuntu.
- Host: GitHub
- URL: https://github.com/dj-wasabi/ansible-ossec-server
- Owner: dj-wasabi
- License: mit
- Created: 2014-12-07T14:06:54.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2022-12-22T18:17:25.000Z (about 2 years ago)
- Last Synced: 2024-09-27T08:41:21.647Z (3 months ago)
- Topics: ansible-role, molecule, ossec, ossec-server
- Language: Jinja
- Homepage: https://galaxy.ansible.com/dj-wasabi/ossec-server/
- Size: 106 KB
- Stars: 31
- Watchers: 6
- Forks: 26
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
ansible-ossec-server
====================
This role will install the ossec server on a host.
Build Status:
[](https://actions-badge.atrox.dev/dj-wasabi/ansible-ossec-server/goto?ref=master)
Requirements
------------
This role will work on:
* Red Hat
* Debian
* Ubuntu
* Amazon Linux (2)
So, you'll need one of those operating systems.. :-)
Role Variables
--------------
This role has some variables which you can or need to override.
```
ossec_server_atomic_release: 1.0-21
ossec_server_config: []
ossec_agent_configs: []
```
Example setup
-------------
Edit the vars file for the host which runs the ossec-server:
### host_vars/ossec-server
```
install_postfix: true
postfix_mydomain: email-smtp.us-west-1.amazonaws.com
postfix_sasl_passwds:
- "[email-smtp.us-west-1.amazonaws.com]:587 USERNAME:PASSWORD
postfix_relayhost: false
postfix_mynetworks: false
postfix_myhostname: localhost
postfix_domain: localhost
postfix_additional_settings:
relayhost: "[email-smtp.us-west-1.amazonaws.com]:587"
ossec_server_config:
mail_to:
- [email protected]
mail_smtp_server: localhost
mail_from: [email protected]
frequency_check: 72000
ignore_files:
- /etc/mtab
- /etc/mnttab
- /etc/hosts.deny
directories:
- check_all: 'yes'
dirs: /etc,/usr/bin,/usr/sbin
- check_all: 'yes'
dirs: /bin,/sbin
localfiles:
- format: 'syslog'
location: '/var/log/messages'
- format: 'syslog'
location: '/var/log/secure'
globals:
- '127.0.0.1'
- '192.168.2.1'
connection: 'secure'
log_level: 1
email_level: 7
commands:
- name: 'host-deny'
executable: 'host-deny.sh'
expect: 'srcip'
timeout_allowed: 'yes'
active_responses:
- command: 'host-deny'
location: 'local'
level: 6
timeout: 600
localfiles:
- format: 'syslog'
location: '/var/log/messages'
- format: 'syslog'
location: '/var/log/secure'
ossec_agent_configs:
- type: os
type_value: linux
frequency_check: 79200
ignore_files:
- /etc/mtab
- /etc/mnttab
- /etc/hosts.deny
- /etc/mail/statistics
- /etc/svc/volatile
directories:
- check_all: 'yes'
dirs: /etc,/usr/bin,/usr/sbin
- check_all: 'yes'
dirs: /bin,/sbin
localfiles:
- format: 'syslog'
location: '/var/log/messages'
- format: 'syslog'
location: '/var/log/secure'
- format: 'syslog'
location: '/var/log/maillog'
- format: 'apache'
location: '/var/log/httpd/error_log'
- format: 'apache'
location: '/var/log/httpd/access_log'
- format: 'apache'
location: '/var/ossec/logs/active-responses.log'
```
#### ossec_server_config:
At first, there is the server configuration. Change it for your needs, as this default setup won't do any good for you. (You don't have access to use the mail.example.com mailhost. :-))
#### ossec_agent_configs:
http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html
There are 3 "types":
* os
* name
* profile
In the above setup, the type is os. And this configuration is for the "linux" os. You can have several types configured in the host_vars file, so you can create all kind of different configs.
You can find here some more information about the ossec shared agent configuration: http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/
#### <_role_>/vars/main.yml
nil
Dependencies
------------
No dependencies.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: ossec-server.example.com
roles:
- { role: dj-wasabi.ossec-server }
Molecule
--------
This roles is configured to be tested with Molecule. You can find on this page some more information regarding Molecule: https://werner-dijkerman.nl/2016/07/10/testing-ansible-roles-with-molecule-testinfra-and-docker/
Molecule will boot 2 docker containers, containing the following OS:
* Debian 8
* CentOS 7
License
-------
GPLv3
Author Information
------------------
Please send suggestion or pull requests to make this role better.
Github: https://github.com/dj-wasabi/ansible-ossec-server
mail: ikben [ at ] werner-dijkerman . nl