trombik.argus

Panoramica Versioni Approfondimenti

`trombik.argus`

This is an ansible role for argus.

Important Notes for Users

The role assumes that the log directory path, where the captured ra files are stored, is /var/log/argus, and it is owned by the argus user.

Notes for Non-OpenBSD Users

The role will create an argus group and user.

Notes for Ubuntu and CentOS Users

The systemd unit file for argus(8) will be changed to ensure that systemd reads from /etc/default/argus or /etc/sysconfig/argus.

Requirements

Role Variables

Variable	Description	Default
`argus_package`	Name of the `argus` package	`{{ __argus_package }}`
`argus_service`	Name of the `argus` service	`{{ __argus_service }}`
`argus_extra_packages`	List of extra packages to install	`[]`
`argus_user`	Name of the `argus` user	`{{ __argus_user }}`
`argus_group`	Name of the `argus` group	`{{ __argus_group }}`
`argus_extra_groups`	List of extra groups for `argus_user`	`[]`
`argus_log_dir`	Path to the log directory	`/var/log/argus`
`argus_config_dir`	Path to the configuration directory	`{{ __argus_config_dir }}`
`argus_config_file`	Path to `argus.conf`	`{{ argus_config_dir }}/argus.conf`
`argus_config`	Content of the `argus.conf` file	`""`
`argus_flags`	Additional flags for startup	`""`

`argus_flags`

This variable is used to change default settings for startup scripts.

In Debian-based systems, it is the content of /etc/default/argus.
In RedHat-based systems, it is the content of /etc/sysconfig/argus.
In FreeBSD, it is the content of /etc/rc.conf.d/argus.
In OpenBSD, this value is passed to rcctl set argus.

Debian Defaults

Variable	Default
`__argus_service`	`argus`
`__argus_package`	`argus-server`
`__argus_config_dir`	`/etc`
`__argus_user`	`argus`
`__argus_group`	`argus`
`__argus_log_dir`	`/var/log/argus`

FreeBSD Defaults

Variable	Default
`__argus_service`	`argus`
`__argus_package`	`net-mgmt/argus3`
`__argus_config_dir`	`/usr/local/etc`
`__argus_user`	`argus`
`__argus_group`	`argus`
`__argus_log_dir`	`/var/log/argus`

OpenBSD Defaults

Variable	Default
`__argus_service`	`argus`
`__argus_package`	`argus`
`__argus_config_dir`	`/etc`
`__argus_user`	`_argus`
`__argus_group`	`_argus`
`__argus_log_dir`	`/var/log/argus`

RedHat Defaults

Variable	Default
`__argus_service`	`argus`
`__argus_package`	`argus`
`__argus_config_dir`	`/etc`
`__argus_user`	`argus`
`__argus_group`	`argus`
`__argus_log_dir`	`/var/log/argus`

Dependencies

Example Playbook

---
- hosts: localhost
  roles:
    - role: trombik.redhat_repo
      when:
        - ansible_os_family == 'RedHat'
    - name: trombik.argus_clients
    - name: ansible-role-argus
  pre_tasks:
    - name: Show all host variables
      debug:
        var: hostvars[inventory_hostname]
  post_tasks:
    - name: List all services (systemd)
      shell: "echo; systemctl list-units --type service"
      changed_when: false
      when:
        - ansible_virtualization_type != 'docker'
        - ansible_os_family == 'RedHat' or ansible_os_family == 'Debian'
    - name: List all services (FreeBSD service)
      shell: "echo; service -l"
      changed_when: false
      when:
        - ansible_os_family == 'FreeBSD'
  vars:
    os_argus_flags:
      OpenBSD: "-F {{ argus_config_file }}"
      FreeBSD: |
        argus_flags='-F {{ argus_config_file }}'
        argus_pidfile='/var/run/argus.{{ ansible_default_ipv4.device | default(omit) }}.*.pid'
      Debian: |
        ARGUS_OPTIONS="-F {{ argus_config_file }}"
      RedHat: |
        ARGUS_OPTIONS="-F {{ argus_config_file }}"
    argus_flags: "{{ os_argus_flags[ansible_os_family] }}"
    argus_extra_groups:
      - bin
    os_interface:
      FreeBSD: em0
      OpenBSD: em0
      Debian: eth0
      RedHat: eth0
    argus_config: |
      ARGUS_FLOW_TYPE="Bidirectional"
      ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
      {% if ansible_os_family != 'Debian' and ansible_os_family != 'RedHat' %}
      # The unit file expects the command not to fork
      ARGUS_DAEMON=yes
      {% endif %}
      ARGUS_ACCESS_PORT=561
      ARGUS_BIND_IP="127.0.0.1"
      ARGUS_INTERFACE={{ os_interface[ansible_os_family] }}
      ARGUS_GO_PROMISCUOUS=yes
      ARGUS_SETUSER_ID={{ argus_user }}
      ARGUS_SETGROUP_ID={{ argus_group }}
      ARGUS_OUTPUT_FILE={{ argus_log_dir}}/argus.ra
      ARGUS_FLOW_STATUS_INTERVAL=60
      ARGUS_MAR_STATUS_INTERVAL=300
      ARGUS_DEBUG_LEVEL=1
      ARGUS_FILTER="ip"
      ARGUS_SET_PID=yes
      ARGUS_PID_PATH=/var/run
    redhat_repo_extra_packages:
      - epel-release
    redhat_repo:
      epel:
        mirrorlist: "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-{{ ansible_distribution_major_version }}&arch={{ ansible_architecture }}"
        gpgcheck: yes
        enabled: yes

License

Copyright (c) 2016 Tomoyuki Sakurai <[email protected]>

You can use, copy, modify, and distribute this software for any purpose, with or without fee, as long as the copyright notice appears in all copies.

THE SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OF MERCHANTABILITY OR FITNESS. THE AUTHOR IS NOT LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OR PERFORMANCE OF THIS SOFTWARE.

Author Information

Tomoyuki Sakurai y@trombik.org

Informazioni sul progetto

Ansible role for argus

role argus

Installa

ansible-galaxy install trombik.argus

GitHub repository

0 stelle

0 fork

0 problemi aperti

Licenza

isc

Download

134

Proprietario

Tomoyuki Sakurai

PGP finger print: 03EB 3D97 5E04 9B0C AB21 93A2 D693 42A9 EFBC 3577 Makerspace and Coliving in Siem Reap, Cambodia: http://info.mkrsgh.org/