Skip to content

An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.

License

Notifications You must be signed in to change notification settings

HellstromIT/ansible-suricata

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Suricata Playbook

An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.

Role Variables

Below you can find the variables with their default variables.

suricata_sniffing_interface: eth0
suricata_sniffing_interface_type: 100M
suricata_rules_archive_url: http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
suricata_log_dir: /var/log/suricata/
suricata_log_dir_certs: /var/log/suricata/certs/
suricata_rules_dir: /etc/suricata/rules/

Installation

From your Ansible's roles folder run:

git submodule add https://github.com/ajdelgado/ansible-suricata.git suricata

Platforms

Tested on:

  • Ubuntu focal

Usage Example

  1. Create a group called nids
  2. Add a host with access to all traffic (a router or use port mirroring in your switch to the port where this host is connected) Inventory example (/etc/ansible/inventories/inventory):
---
all:
  children:
    nids:
      hosts:
        my_router:
  1. Set the variables in group_vars matching your system Group variables example file (/etc/ansible/inventories/group_vars/nids/nids_vars.yml):
---
suricata_sniffing_interface: eno1
suricata_sniffing_interface_type: 1000M
suricata_rules_archive_url: http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
suricata_log_dir: /var/log/suricata/
suricata_log_dir_certs: /var/log/suricata/certs/
suricata_rules_dir: /etc/suricata/rules/
  1. Create a playbook like: Playbook example file (/etc/ansible/playbooks/nids.yml):
- name: Set up Suricata in NIDS hosts
  hosts: nids
  roles:
    - role: suricata

Dependencies

None!

License

BSD

Authors Information

About

An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Jinja 98.6%
  • Shell 1.4%