deployment/roles/snort/tasks/snort.yml - metron - Git at Google

 #
 #  Licensed to the Apache Software Foundation (ASF) under one or more
 #  contributor license agreements.  See the NOTICE file distributed with
 #  this work for additional information regarding copyright ownership.
 #  The ASF licenses this file to You under the Apache License, Version 2.0
 #  (the "License"); you may not use this file except in compliance with
 #  the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #
 ---
 - name: Download snort
   get_url:
     url: "{{ snort_src_url }}"
     dest: "/tmp/snort-{{ snort_version }}.src.rpm"

 - name: Build snort
   shell: "rpmbuild --rebuild snort-{{ snort_version }}.src.rpm"
   args:
     chdir: /tmp
     creates: /root/rpmbuild/RPMS/x86_64/snort-{{ snort_version }}.x86_64.rpm

 - name: Install snort
   yum:
     name: /root/rpmbuild/RPMS/x86_64/snort-{{ snort_version }}.x86_64.rpm
   register: result
   until: result.rc == 0
   retries: 5
   delay: 10

 - name: Download snort community rules
   get_url:
     url: "{{ snort_community_rules_url }}"
     dest: "/tmp/community-rules.tar.gz"

 - name: Extract tarball
   unarchive:
     src: "/tmp/community-rules.tar.gz"
     dest: /tmp
     copy: no
     creates: "/tmp/community-rules"

 - name: Install snort rules
   shell: "{{ item }}"
   args:
     chdir: /tmp
   with_items:
     - cp -r community-rules/community.rules /etc/snort/rules
     - touch /etc/snort/rules/white_list.rules
     - touch /etc/snort/rules/black_list.rules
     - touch /var/log/snort/alerts
     - chown -R snort:snort /etc/snort

 - name: Uncomment all snort community rules
   shell: sed -i 's/^# alert/alert/' /etc/snort/rules/community.rules

 - name: Download snort configuration
   copy: src=snort.conf dest=/etc/snort/snort.conf

 - name: Configure network
   lineinfile:
     dest: /etc/snort/snort.conf
     regexp: "^ipvar HOME_NET.*$"
     line: "ipvar HOME_NET {{ ansible_eth0.ipv4.address }}"

 - name: Configure alerting
   lineinfile:
     dest: /etc/snort/snort.conf
     line: "output alert_csv: {{ snort_alert_csv_path }} default"

 - name: Configure sysconfig
   lineinfile:
     dest: /etc/sysconfig/snort
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
   with_items:
     - { regexp: "^ALERTMODE=.*$",     line: "ALERTMODE=" }
     - { regexp: "^NO_PACKET_LOG=.*$", line: "NO_PACKET_LOG=1" }
     - { regexp: "^INTERFACE=.*$",     line: "INTERFACE={{ sniff_interface }}" }
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	---
	- name: Download snort
	get_url:
	url: "{{ snort_src_url }}"
	dest: "/tmp/snort-{{ snort_version }}.src.rpm"

	- name: Build snort
	shell: "rpmbuild --rebuild snort-{{ snort_version }}.src.rpm"
	args:
	chdir: /tmp
	creates: /root/rpmbuild/RPMS/x86_64/snort-{{ snort_version }}.x86_64.rpm

	- name: Install snort
	yum:
	name: /root/rpmbuild/RPMS/x86_64/snort-{{ snort_version }}.x86_64.rpm
	register: result
	until: result.rc == 0
	retries: 5
	delay: 10

	- name: Download snort community rules
	get_url:
	url: "{{ snort_community_rules_url }}"
	dest: "/tmp/community-rules.tar.gz"

	- name: Extract tarball
	unarchive:
	src: "/tmp/community-rules.tar.gz"
	dest: /tmp
	copy: no
	creates: "/tmp/community-rules"

	- name: Install snort rules
	shell: "{{ item }}"
	args:
	chdir: /tmp
	with_items:
	- cp -r community-rules/community.rules /etc/snort/rules
	- touch /etc/snort/rules/white_list.rules
	- touch /etc/snort/rules/black_list.rules
	- touch /var/log/snort/alerts
	- chown -R snort:snort /etc/snort

	- name: Uncomment all snort community rules
	shell: sed -i 's/^# alert/alert/' /etc/snort/rules/community.rules

	- name: Download snort configuration
	copy: src=snort.conf dest=/etc/snort/snort.conf

	- name: Configure network
	lineinfile:
	dest: /etc/snort/snort.conf
	regexp: "^ipvar HOME_NET.*$"
	line: "ipvar HOME_NET {{ ansible_eth0.ipv4.address }}"

	- name: Configure alerting
	lineinfile:
	dest: /etc/snort/snort.conf
	line: "output alert_csv: {{ snort_alert_csv_path }} default"

	- name: Configure sysconfig
	lineinfile:
	dest: /etc/sysconfig/snort
	regexp: "{{ item.regexp }}"
	line: "{{ item.line }}"
	with_items:
	- { regexp: "^ALERTMODE=.*$", line: "ALERTMODE=" }
	- { regexp: "^NO_PACKET_LOG=.*$", line: "NO_PACKET_LOG=1" }
	- { regexp: "^INTERFACE=.*$", line: "INTERFACE={{ sniff_interface }}" }