ahuffman.aide

Panoramica Versioni Approfondimenti

Ansible Role

ahuffman.aide

Description

This is an Ansible role for installing, setting up, and scheduling AIDE (Advanced Intrusion Detection Environment).

Please Note
The default settings will set up AIDE using a standard configuration file after installation.
This role has been mainly tested on Fedora and RHEL7 operating systems. Please report any issues related to other platforms.

Role Variables

Variable Name Description Required Default Value Type
aide_pkg The name of the AIDE package to install. You can specify a different version if needed. Yes "aide" string
aide_conf_path The path to the AIDE configuration file. Yes "/etc/aide.conf" string
aide_update_db If true, forces an update of the AIDE database when this role is run. Yes False boolean
aide_dbdir The directory where the AIDE database will be created. Yes "/var/lib/aide" string
aide_logdir The directory where AIDE logs will be created. Yes "/var/log/aide" string
aide_database_filename The name to save the AIDE database file as. Yes "aide.db.gz" string
aide_database_out_filename The name to save the updated AIDE database file as. Yes "aide.db.new.gz" string
aide_gzip_dbout If true, compress the database output file. Yes True boolean
aide_verbose Controls the level of detail in the AIDE report. Values range from 0 to 255. Yes 5 integer
aide_report_url List of URLs for the report output. No ["file:@@{LOGDIR}/aide.log", "stdout"] list
aide_acl_no_symlink_follow If true, checks Access Control Lists (ACLs) for symlinks. Yes True boolean
aide_warn_dead_symlinks If true, warns about dead symlinks. Yes False boolean
aide_summarize_changes If true, summarizes changes in the report for added, removed, and changed files. Yes False boolean
aide_report_attributes List of rules to include in the report. No Undefined list
aide_grouped If true, groups report files as added, removed, and changed. Yes False boolean
aide_ignore_list (DEPRECATED, will be removed later). List attributes to ignore in the report. No [] list
aide_config_version Version number included in the report for informational purposes. No "1" string
aide_cron_schedule_check If true, sets up a cron job to run AIDE checks. Yes True boolean
aide_cron_email_notify_recipients List of email recipients for cron job notifications. Leave empty if not needed. Yes [] list
aide_cronjob_name Comment for the cron job in the schedule. Yes "aide scheduled database checkup" string
aide_cron_sched_min Minute to start the cron job. No "0" string
aide_cron_sched_hr Hour to start the cron job. No "1" string
aide_cron_sched_day Day to start the cron job. No "*" string
aide_cron_sched_mon Month to start the cron job. No "*" string
aide_cron_sched_wkd Weekday to start the cron job. No "*" string

Defining and Undefining aide.conf Variables

aide_macros:   
  define:   
     - name: "Give it a name"
       variable: "Name_of_Variable"
       value: "Value of the variable"
     - name: "DBDIR var"
       variable: "DBDIR"
       value: "/var/lib/aide"
  undefine:   
     - name: "Some var to undefine"
       variable: "Name_of_Variable"  # This removes the variable defined above.
     - name: "Undefining DBDIR var"
       variable: "DBDIR"

Defining Rules/Groups, Selection Paths, and Ignore Paths

A structured YAML specification is used to manage these features.

Attributes for a Rule

aide_rules:   
  - name: "My first rule"                                                 # Required   
    rule: "FIPSR"                                                         # Required   
    comment: "Comment for this rule"                                      # Optional   
    attributes: []  # List of default or custom rules                    # Required except for special negative rules   
    paths:                                                               # Optional   
       - "/my/include/path/1"  # Cannot start with '!'; see Ignore Paths   
       - "/my/include/path/2"

Special Rule for Ignore Paths

To ignore certain paths, add a rule with rule: negative:

aide_rules:   
  - name: "My negative/ignore selections"                                 # Required   
    rule: "negative"                                                      # Required   
    paths:                                                              # Required   
       - "/my/ignore/path/1"
       - "/my/ignore/path/2"

Do not place an '!' before the paths; the template will handle this automatically.

Scheduled Cron AIDE Checks

The default setup adds an 'aide --check' in crontab. If you want to remove it, change aide_cron_schedule_check to False. This will delete the cron job at the next playbook run. Make sure that aide_cronjob_name matches the existing cron job for proper removal.

Example Playbook

- name: "Install and configure aide"
  hosts: "servers"
  roles:
     - "ahuffman.aide"

License

MIT

Author Information

Andrew J. Huffman

Informazioni sul progetto

An Ansible role to install, configure, and schedule AIDE.

role advancedintrusiondetectionenvironment aide aideconf security system
Installa
ansible-galaxy install ahuffman.aide
GitHub repository
16 stelle
10 fork
2 problemi aperti
Licenza
mit
Download
33.7k
Proprietario