-
Notifications
You must be signed in to change notification settings - Fork 1
/
security.yml
executable file
·134 lines (117 loc) · 3.55 KB
/
security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
- name: Setup eth1 for attack simulator and snort victim
hosts: attack:snort
become: true
tasks:
- import_role:
name: security_eth1
- name: Setup host route for attack simulator
hosts: attack:snort
become: true
tasks:
- import_role:
name: security_hostroutes
- name: Install Pre Reqs on attacker
hosts: attack
become: true
vars:
async_timeout_seconds: "{{ student_total * 60 }}"
async_wait_for_retries: "{{ student_total * 10}}"
tasks:
- name: setup epel on attacker
include_role:
name: "geerlingguy.repo-epel"
- name: package pre-reqs are installed async
yum:
state: present
name:
- daemonize
async: "{{ async_timeout_seconds }}"
poll: 0
register: yum_async
- name: wait for pre-reqs install async
async_status:
jid: "{{ yum_async.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: "{{ async_wait_for_retries }}"
- name: include splunk playbook
import_playbook: splunk.yml
when: security_console == 'splunk'
- name: include qradar playbook
import_playbook: qradar.yml
when: security_console == 'qradar'
- name: INSTALL AND CONFIGURE SNORT
hosts: snort
become: true
vars:
ids_config_snort_version: '2.9.13'
ids_install_provider: "snort"
ids_install_snort_user: root
ids_install_snort_group: root
ids_normalize_logs: false
ids_install_snort_interface: eth1
async_timeout_seconds: "{{ student_total * 60 }}"
async_wait_for_retries: "{{ student_total * 10 }}"
tasks:
- name: Set fact vars for ids based SIEM type
block:
- name: set fact vars for qradar
set_fact:
ids_install_normalize_logs: false
when: security_console == 'qradar'
- name: set fact vars for qradar
set_fact:
ids_install_normalize_logs: true
when: security_console == 'splunk'
- name: Install Pre Reqs for IDS
block:
- name: setup epel for snort ecosystem rule lifecycling
include_role:
name: "geerlingguy.repo-epel"
- name: package pre-reqs are installed
yum:
state: present
name:
- libselinux-python
- python2-idstools
async: "{{ async_timeout_seconds }}"
poll: 0
register: yum_async
- name: wait for pre-reqs install async
async_status:
jid: "{{ yum_async.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: "{{ async_wait_for_retries }}"
- name: set selinux permissve because of policy issue that breaks snort
selinux:
policy: targeted
state: permissive
- name: Install IDS
block:
- name: import ids_install role
include_role:
name: "ansible_security.ids_install"
- name: import ids_config role
include_role:
name: "ansible_security.ids_config"
- name: import webserver role for web exploit simulation
include_role:
name: "webservers"
- name: import webserver attack simulation role
include_role:
name: "webservers_attack_simulation"
- name: SETUP WINDOWS WORKSTATION
hosts: windows
roles:
- role: windows_ws_setup
- name: FIX CHECKPOINT MGMT SERVER
hosts: checkpoint_mgmt
gather_facts: false
roles:
- role: cp_fix_mgmt
- name: SETUP CHECKPOINT ENVIRONMENT
hosts: control_nodes
roles:
- role: cp_setup