buluma.forensics
Ansible Role Forensics
This role helps you install and set up forensics tools on your system.
| GitHub | Version | Issues | Pull Requests | Downloads |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
Here's an example from molecule/default/converge.yml. It gets tested every time there's a push, pull request, or release.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: buluma.forensics
Before running this, the machine needs to be prepared. This is done in CI with molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: yes
gather_facts: no
roles:
- role: buluma.bootstrap
You can find a full guide and examples on using these roles.
Role Variables
Default variable values are set in defaults/main.yml:
---
# Default settings for forensics
# Location to store collected data.
forensics_local_storage_path: /tmp/forensics
# List of commands to run.
forensics_command_list:
- "journalctl -xe"
- "ps -ef"
- "lsof"
- "systemctl status"
- "netstat -an"
- "netstat -tulpen"
# Directories to collect files from.
forensics_directory_list:
- "/var/log"
- "/tmp"
- "/var/tmp"
- "/var/spool/cron"
- "/var/spool/anacron"
- "/etc/cron.d"
- "/etc/cron.daily"
- "/etc/cron.hourly"
- "/etc/cron.monthly"
- "/etc/cron.weekly"
- "/var/spool/at"
# Files to collect.
forensics_file_list:
- "/etc/passwd"
- "/etc/group"
- "/etc/shadow"
# Specific files to collect based on patterns.
forensics_specific_file_list:
- path: "/root"
pattern: ".authorized_keys"
- path: "/root"
pattern: ".bash_history"
- path: "/root"
pattern: ".history"
- path: "/home"
pattern: ".authorized_keys"
- path: "/home"
pattern: ".bash_history"
- path: "/home"
pattern: ".history"
Requirements
- pip packages mentioned in requirements.txt.
State of Used Roles
The following roles are used to prepare your system. You can prepare your system using other methods.
| Requirement | GitHub | Version |
|---|---|---|
| buluma.bootstrap |  |
 |
Context
This role works with many other roles. Check out the documentation for these roles for more details.
Here’s a visual of related roles:
Compatibility
This role has been tested on the following container images:
| Container | Tags |
|---|---|
| Alpine | all |
| Amazon | Candidate |
| EL | 8 |
| Debian | all |
| Fedora | all |
| openSUSE | all |
| Ubuntu | all |
The minimum Ansible version required is 2.12, and tests have been run on:
- The previous version.
- The current version.
- The development version.
If you find any problems, please report them on GitHub.
Changelog
You can see the History of the Role.
License
This is licensed under Apache-2.0.
Author Information
Created by Shadow Walker.
ansible-galaxy install buluma.forensics