sergeykudelin.aide

Panoramica Versioni Approfondimenti

Based on ahuffman.aide

Description

This is an Ansible role for installing, setting up, and scheduling AIDE.

Note
By default, this will install AIDE with the standard configuration file after setup.
It has been tested mainly on Fedora and RHEL7 systems. Please report any issues you encounter on other platforms.

Role Variables

Variable Name Description Required Default Value Type
aide_pkg Name of the AIDE package to install; can specify a version if needed. Yes "aide" string
aide_conf_path Location of the AIDE configuration file. Yes "/etc/aide.conf" string
aide_update_db If true, forces an update of the AIDE database during this role run. Yes False boolean
aide_dbdir Folder for the AIDE database. Yes "/var/lib/aide" string
aide_logdir Folder for AIDE logs. Yes "/var/log/aide" string
aide_database_filename Name for the AIDE database file. Yes "aide.db.gz" string
aide_database_out_filename Name for the updated AIDE database file. Yes "aide.db.new.gz" string
aide_gzip_dbout If true, compresses the database output file. Yes True boolean
aide_verbose AIDE's verbosity level (0-255). Yes 5 integer
aide_report_url List of report URLs. No ["file:@@{LOGDIR}/aide.log", "stdout"] list
aide_acl_no_symlink_follow If true, checks ACLs for symlinks. Yes True boolean
aide_warn_dead_symlinks If true, warns about broken symlinks. Yes False boolean
aide_summarize_changes If true, summarizes changes in added, removed, and changed files. Yes False boolean
aide_report_attributes List of default reporting rules. No Undefined list
aide_grouped If true, groups the files by their status in the report. Yes False boolean
aide_ignore_list (DEPRECATED, will be removed in future) Lists attributes to ignore in the report. No [] list
aide_config_version Printed in reports and database for info only. No "1" string
aide_cron_schedule_check If true, sets up a cron job to run an AIDE check. Yes True boolean
aide_cron_email_notify_recipients List of email addresses to notify after cron job runs. Leave empty if not needed. Yes [] list
aide_cronjob_name Comment for the cron job in the crontab. Yes "aide scheduled database checkup" string
aide_cron_sched_min Minute the cron job starts. No "0" string
aide_cron_sched_hr Hour the cron job starts. No "1" string
aide_cron_sched_day Day the cron job starts. No "*" string
aide_cron_sched_mon Month the cron job starts. No "*" string
aide_cron_sched_wkd Weekday the cron job starts. No "*" string

Defining and Undefining aide.conf Variables

aide_macros:   
  define:   
     - name: "Give it a name"
       variable: "Name_of_Variable"
       value: "Value of the variable"
     - name: "DBDIR var"
       variable: "DBDIR"
       value: "/var/lib/aide"
  undefine:   
     - name: "Some var to undefine"
       variable: "Name_of_Variable"  
     - name: "Undefining DBDIR var"
       variable: "DBDIR"

Defining Rules/Groups and Selection Paths

A YAML structure is provided to manage these elements clearly.

Attributes for a Rule

aide_rules:   
  - name: "My first rule"                                                #Required   
    rule: "FIPSR"                                                        #Required   
    comment: "Comment for this rule"                                     #Optional   
    attributes: []  #List of default or defined rules                   #Required unless on a special negative rule   
    paths:                                                               #Optional   
       - "/my/include/path/1" 
       - "/my/include/path/2"

Special Rule for Ignore/Negative Selection Paths

To create a rule to ignore specified paths, add to your aide_rules:

aide_rules:   
  - name: "My negative/ignore selections"                                #Required   
    rule: "negative"                                                     #Required   
    paths:                                                             #Required   
       - "/my/ignore/path/1"
       - "/my/ignore/path/2"

Avoid putting an '!' before the paths; the logic in the template will handle that automatically.

Scheduled Cron AIDE Checks

By default, a cron job for 'aide --check' is set up. To disable it later, set aide_cron_schedule_check to False. This will remove the cron job on the next playbook run, but ensure that the aide_cronjob_name matches what’s currently in crontab to remove it properly.

Example Playbook

- name: "Install and configure aide"
  hosts: "servers"
  roles:
     - "sergeykudelin.aide"

License

MIT

Author Information

Main contributor: Andrew J. Huffman
Current owner: Sergey Kudelin

Informazioni sul progetto

An Ansible role to install, configure, and schedule AIDE. Based on ahuffman.aide

role advancedintrusiondetectionenvironment aide aideconf security system
Installa
ansible-galaxy install sergeykudelin.aide
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
116
Proprietario