Git-Mirrors/backend-and-orchestration-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/backend-and-orchestration-toolkit.git synced 2025-06-07 14:32:57 -04:00
Code Issues Projects Releases Packages Wiki Activity
backend-and-orchestration-t.../code/chef/recipes/mac.rb
autistic-symposium-helper 2a6449bb85
merge files from the blockchain infra repo (#59)
2024-11-17 17:03:20 -08:00

172 lines
3.4 KiB
Ruby
Executable file
Raw Blame History

# Cookbook Name:: suricata
# Recipe:: corpmac.rb
#
# Variable Definitions
suropts = node[:suricata]
raise 'No suricata interface defined for this host' if suropts[:interface].nil?
suricata_interface = suropts[:interface]
if suricata_interface.is_a? String
suricata_interface = [ suricata_interface ]
end
raise 'No suricata rules defined for this host' if suropts[:rules].nil?
rules = suropts[:rules]
# Setup
group 'suricata' do
gid 683
action :create
end
user 'suricata' do
comment 'suricata IDS user'
gid 683
shell '/sbin/nologin'
system true
action :create
end
# Install Suricata
package "libmagic" do
action :install
provider Chef::Provider::Package::Homebrew
end
homebrew_package "suricata" do
homebrew_user 'user'
action :install
end
directory '/etc/suricata/' do
action :create
end
# Set Rules Up
directory '/etc/suricata/rules' do
action :create
end
template '/etc/suricata/rules/local.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/local.rules.erb'
end
template '/etc/suricata/rules/shellcode.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/shellcode.rules.erb'
end
template '/etc/suricata/rules/osxmalware.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/osxmalware.rules.erb'
end
template '/etc/suricata/rules/nmap.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/nmap.rules.erb'
end
template '/etc/suricata/rules/mobilemalware.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/mobilemalware.rules.erb'
end
template '/etc/suricata/rules/emerging-exploit.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/emerging-exploit.rules.erb'
end
template '/etc/suricata/rules/emerging-shellcode.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/emerging-shellcode.rules.erb'
end
template '/etc/suricata/rules/dshield.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/dshield.rules.erb'
end
template '/etc/suricata/rules/compromised.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/compromised.rules.erb'
end
template '/etc/suricata/rules/tor.rules' do
mode 0644
owner 'root'
group 'wheel'
source 'mac_os_x/tor.rules.erb'
end
magic_file = '/usr/local/share/misc/magic.mgc'
include_recipe "logrotate::suricata_os_x"
service_name = 'com.host.suricata'
corpmacs = search(:node, 'roles:CorpMacDNS').map { |node| node['ipaddress'] }.sort!
template '/etc/suricata/suricata.yaml' do
mode 0644
source 'suricata.yaml.erb'
variables({:pcapinterface => suricata_interface,
:rules => rules,
:magic_file => magic_file,
:corpmacs => corpmacs})
notifies :restart, "service[#{service_name}]", :delayed
end
%w[ classification.config reference.config threshold.config ].each do |configfile|
cookbook_file "/etc/suricata/#{configfile}" do
source configfile
mode 0644
owner 'root'
end
end
# Setup logging
directory '/var/log/suricata/' do
owner 'root'
group 'suricata'
mode 0775
action :create
end
logfile_group = 'suricata'
if system('getent group splunk')
logfile_group = 'splunk'
end
# Start Suricata
service 'com.host.suricata' do
action [ :start ]
restart_command "kill -USR2 `cat /var/run/suricata.pid`"
end
Reference in a new issue View git blame Copy permalink