fastlorenzo.redelk_client

redelk-client

OBSOLETE: please use https://github.com/fastlorenzo/redelk-ansible instead

This is an Ansible role used to install the client components for RedELK.

Variables

You can change the following variables:

Key	Type	Default	Description
attack_scenario	string	`"redteam"`	Name of the red team attack scenario. Currently, only one name can be used.
es_deploy_beats	list	`["filebeat"]`	Choices for beats to deploy (options include: `filebeat`, `apm-server`, `auditbeat`, `heartbeat`, `metricbeat`, `nagioscheckbeat`, `packetbeat`)
es_version	string	`"7.16.3"`	Version of Elastic software
optsec_dir	string	`"/opt"`	Main directory for installing components (where user data will be stored) - can be set to use an encrypted drive
redelk_cert_path	string	`"certificates/redelk"`	Local path to save RedELK certificates. Should match the value in the `redelk-server` role.
redelk_server_host	string	`"localhost"`	The hostname or IP address of the RedELK server (used for filebeat destination)
redelk_user	string	`"redelk"`	SSH username for RedELK (used to sync data between the server and clients)
ssh_keys_path	string	`"ssh_keys"`	Local path to store SSH keys

Dependencies

There are no specific dependencies for this module.

Example Playbook

- name: Apply redelk-client role to team servers
  hosts: teamservers
  gather_facts: True
  tags:
    - teamservers
  roles:
    - redelk-client

- name: Apply redelk-client role to redirectors
  hosts: redirectors
  gather_facts: True
  tags:
    - redirectors
  roles:
    - redelk-client

Example Inventory

[monitoring]
redelk-server  ansible_user=rtoperator  ansible_host=192.168.20.150  ansible_become_password=redelk  type=monitoring

[teamservers]
c2-01          ansible_user=rtoperator  ansible_host=192.168.20.151  ansible_become_password=redelk  type=c2

[redirectors]
redir-01       ansible_user=rtoperator  ansible_host=192.168.20.152  ansible_become_password=redelk  type=redirector