An Ansible role to collect facts about rules and signatures for many different Intrusion Detection Systems, these are defined as "providers" to the Role, as facts.
Current supported list of providers:
- snort
Red Hat Enterprise Linux 7.x, or derived Linux distribution such as CentOS 7, Scientific Linux 7, etc
ids_provider
- This defines what IDS provider (Default Value: "snort")
For the Snort provider you will need to set the ids_provider
variable
as such:
vars:
ids_provider: snort
ids_provider
- Default value:"snort"
ids_rule_facts_path
- File or directory containing rules to collect facts on. Default value:/etc/snort/rules/
ids_rule_facts_filter
- Search string filter. Default value:None
---
- name: test ids_rule_facts
hosts: idshosts
vars:
ids_provider: "snort"
ids_rule_facts_filter: 'content:"|21 4A 6B B9 B2 3D 76 D5 D8 79 DB 08 48 65 41 1F 9E 25 13 4E CB C2 A4 F5 95 ED 54 66 B8 22 75 FE|'
tasks:
- name: import ids_rule_facts
import_role:
name: 'ids_rule_facts'
- debug:
var: ansible_facts.ids_rules
GPLv3