ids_rule_facts

Tech Preview

An Ansible role to collect facts about rules and signatures for many different Intrusion Detection Systems, these are defined as "providers" to the Role, as facts.

Current supported list of providers:

snort

Requirements

Red Hat Enterprise Linux 7.x, or derived Linux distribution such as CentOS 7, Scientific Linux 7, etc

Role Variables

ids_provider - This defines what IDS provider (Default Value: "snort")

snort

For the Snort provider you will need to set the ids_provider variable as such:

vars:
  ids_provider: snort

snort variables

ids_provider - Default value: "snort"
ids_rule_facts_path - File or directory containing rules to collect facts on. Default value: /etc/snort/rules/
ids_rule_facts_filter - Search string filter. Default value: None

Example Playbook

---
- name: test ids_rule_facts
  hosts: idshosts
  vars:
    ids_provider: "snort"
    ids_rule_facts_filter: 'content:"|21 4A 6B B9 B2 3D 76 D5 D8 79 DB 08 48 65 41 1F 9E 25 13 4E CB C2 A4 F5 95 ED 54 66 B8 22 75 FE|'
  tasks:
    - name: import ids_rule_facts
      import_role:
        name: 'ids_rule_facts'

    - debug:
        var: ansible_facts.ids_rules

License

GPLv3

Author Information

Ansible Security Automation Team

About

Intrusion Detection System Rule maintenance

role ids security snort

Install

ansible-galaxy install ansible-security/ids_rule_facts

GitHub repository

2 stars

1 forks

0 open issues

License

gpl-3.0

Downloads

8113

Owner

ansible-security