ids_config

Tech Preview

This role sets up configuration for various Intrusion Detection Systems (IDS), referred to as "providers" in this document.

Currently supported provider:

• snort

Requirements

You need Red Hat Enterprise Linux 7.x or a similar Linux distribution like CentOS 7, Scientific Linux 7, etc.

Role Variables

The variables used in this role depend on the IDS provider. Here’s what you need to know.

snort

For the Snort provider, set the ids_provider variable like this:

vars:
  ids_provider: snort

After that, all ids_config_* variables will be prefixed for this provider.

snort variables

Here are the variables specific to Snort:

• ids_config_snort_version
• ids_config_snort_rules_files
• ids_config_snort_home_net
• ids_config_snort_external_net
• ids_config_snort_dns_servers
• ids_config_snort_smtp_servers
• ids_config_snort_http_servers
• ids_config_snort_sql_servers
• ids_config_snort_telnet_servers
• ids_config_snort_ssh_servers
• ids_config_snort_ftp_servers
• ids_config_snort_sip_servers
• ids_config_snort_http_ports
• ids_config_snort_shellcode_ports
• ids_config_snort_oracle_ports
• ids_config_snort_ssh_ports
• ids_config_snort_ftp_ports
• ids_config_snort_sip_ports
• ids_config_snort_file_data_ports
• ids_config_snort_gtp_ports
• ids_config_snort_rule_path
• ids_config_snort_white_list_path
• ids_config_snort_black_list_path
• ids_config_snort_checksum_mode
• ids_config_snort_alert_syslog
• ids_config_snort_rules_dir

Dependencies

• You need a namespace for ASA content first, then likely ids_install as a dependency.

Example Playbook

- name: configure snort
  hosts: idshosts
  vars:
    ids_provider: "snort"
  tasks:
    - name: import ids_config role
      import_role:
        name: "ids_config"

License

BSD

Author Information

Ansible Security Automation Team