Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/juju4/ansible-win-audit

Configure Windows Audit with ansible
https://github.com/juju4/ansible-win-audit

Last synced: 12 days ago
JSON representation

Configure Windows Audit with ansible

Host: GitHub
URL: https://github.com/juju4/ansible-win-audit
Owner: juju4
License: bsd-2-clause
Created: 2018-02-26T01:07:04.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2023-08-05T16:49:40.000Z (over 1 year ago)
Last Synced: 2024-11-07T17:40:51.799Z (2 months ago)
Language: PowerShell
Size: 88.9 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

[![Appveyor - master](https://ci.appveyor.com/api/projects/status/y6thcpaynaf2t9i3/branch/master?svg=true)](https://ci.appveyor.com/project/juju4/ansible-win-audit/branch/master)
[![Appveyor - devel](https://ci.appveyor.com/api/projects/status/y6thcpaynaf2t9i3/branch/devel?svg=true)](https://ci.appveyor.com/project/juju4/ansible-win-audit/branch/devel)

# Windows audit ansible role

Ansible role to setup audit on windows system.

## Requirements & Dependencies

### Ansible
It was tested on the following versions:
* 2.3 (Not working! [ansible#23940](https://github.com/ansible/ansible/issues/23940) = template upload failing)
* 2.4
* 2.5
* 4.10.0
* 5.3.0

### Operating systems

Tested in Appveyor

## Example Playbook

Just include this role in your list.
For example

```
- host: all
roles:
- juju4.win_audit
```

Run
```
$ ansible -i inventory -m win_ping win --ask-pass
$ ansible-playbook -i inventory --limit win site.yml
```

## Variables

See defaults/main.yml for full scope

## Continuous integration

This role has a travis basic test (for github, syntax check only), Appveyor test and a Vagrantfile (test/vagrant).

```
$ cd /path/to/roles/juju4.win_audit/test/vagrant
$ vagrant up
$ vagrant provision
$ vagrant destroy
$ ansible -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory -m win_ping -e ansible_winrm_server_cert_validation=ignore -e ansible_ssh_port=55986 all
```

## Troubleshooting & Known issues

## FAQ

Reference links
* https://posts.specterops.io/hunting-with-active-directory-replication-metadata-1dab2f681b19
* https://social.technet.microsoft.com/wiki/contents/articles/25946.metadata-de-replication-et-analyse-forensic-active-directory-fr-fr.aspx

## License

BSD 2-clause