commit e6f230be2e48d9a498dbae6d191357742f3c1023 Author: Adrien Date: Mon Oct 8 19:35:19 2018 +0200 Externalize role diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ffc1b98 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +ossec_server: false +ossec_client: false diff --git a/files/yum-atomic.repo b/files/yum-atomic.repo new file mode 100644 index 0000000..d0ce289 --- /dev/null +++ b/files/yum-atomic.repo @@ -0,0 +1,17 @@ +[atomic] +name=Atomicorp Amazon Linux - atomic +mirrorlist=https://updates.atomicorp.com/channels/mirrorlist/atomic/centos-7-x86_64 +priority=1 +enabled=1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt +gpgcheck=1 + +[atomic-testing] +name=Atomicorp Amazon Linux - atomic-testing +mirrorlist=https://updates.atomicorp.com/channels/mirrorlist/atomic-testing/centos-7-x86_64 +priority=1 +enabled=0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt +gpgcheck=1 + + diff --git a/tasks/add_repo_Debian.yml b/tasks/add_repo_Debian.yml new file mode 100644 index 0000000..49229d2 --- /dev/null +++ b/tasks/add_repo_Debian.yml @@ -0,0 +1,30 @@ +--- +- name: Registering Ubuntu Atomic repository + apt_repository: + repo: deb https://updates.atomicorp.com/channels/atomic/ubuntu {{ ansible_distribution_name }} + filename: microsoft.list + state: present + update_cache: yes + mode: 0644 +# owner: root +# group: root + when: + - ansible_distribution == "Ubuntu" + +- name: Registering Debian Atomic repository + apt_repository: + repo: deb https://updates.atomicorp.com/channels/atomic/debian {{ ansible_distribution_name }} + filename: microsoft.list + state: present + update_cache: yes + mode: 0644 +# owner: root +# group: root + when: + - ansible_distribution == "Debian" + +- name: Install public repository GPG keys + apt_key: + url: https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt + state: + diff --git a/tasks/add_repo_RedHat.yml b/tasks/add_repo_RedHat.yml new file mode 100644 index 0000000..74c0072 --- /dev/null +++ b/tasks/add_repo_RedHat.yml @@ -0,0 +1,18 @@ +--- +- name: Registering OSSEC repository + copy: + src: yum-atomic.repo + dest: /etc/yum.repos.d/atomic.repo + owner: root + group: root + mode: 0644 + +- name: Retreive GPG Key + get_url: + url: https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt + dest: /etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt + owner: root + group: root + mode: 0644 + +# https://updates.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-21.el7.art.noarch.rpm \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..287f823 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Include vars for {{ ansible_os_family }} + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define repo for {{ ansible_os_family }} + include_tasks: add_repo_{{ ansible_os_family }}.yml + +- name: Install OSSEC server packages + package: name='{{ ossec_server_packages }}' state=latest update_cache=yes + when: + - ossec_server == true + +- name: Install OSSEC client packages + package: name='{{ ossec_client_packages }}' state=latest update_cache=yes + when: + - ossec_client == true diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..0d4500a --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,8 @@ +--- +ossec_server_packages: + - ossec-hids + - ossec-hids-server +ossec_client_packages: + - ossec-hids + - ossec-hids-agent + diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..fcf1764 --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,8 @@ +--- +ossec_server_packages: + - ossec-hids + - ossec-hids-server + +ossec_client_packages: + - ossec-hids + - ossec-hids-agent