Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add snort cookbook

  • Loading branch information...
commit 20628a468fd0998f53d3d006b668ca12df266e7a 1 parent 1a5e816
@jtimberman jtimberman authored
View
73 snort/README.md
@@ -0,0 +1,73 @@
+Description
+===========
+
+Installs and configures SNORT.
+
+Requirements
+============
+
+Tested on Ubuntu. May work on Debian, and Red Hat family distributions. Won't work on other platforms.
+
+Cookbooks
+----
+
+No other cookbooks are strictly required, however to use one of the database backends, the appropriate cookbook should be used. For example, Opscode cookbooks:
+
+* mysql
+* postgresql
+
+Attributes
+==========
+
+* `node['snort']['home_net']` - Address range to use for preseeding `HOME_NET`. Default 192.168.0.0/16 on Ubuntu/Debian, all others any.
+* `node['snort']['database']` - What database backend to use. Default none. MySQL and PostgreSQL are usable. The default recipe will install the SNORT package for the appropriate database backend. You'll need to make sure that the database server is set up in some way such that SNORT can connect to it. This cookbook does not yet support automatic configuration.
+
+Usage
+=====
+
+Include `recipe[snort]` in a run list to have the system get SNORT installed. This performs a baseline installation and preseeds the package. You'll probably want to change the `node['snort']['home_net']` attribute to the appropriate network.
+
+We recommend adding a `template` resource to the default recipe to manage the `/etc/snort/snort.conf` file as a template. The default file is good enough for now on Debian/Ubuntu.
+
+On Ubuntu/Debian, the default rules package will be installed. You'll need to download and install additional rules. Automatically updating rules with oinkmaster is not yet supported. See future plans.
+
+Future Plans
+============
+
+The following features are planned for a future release of this cookbook. Contributions welcome, see [How to Contribute](http://wiki.opscode.com/display/chef/How+to+Contribute)
+
+Perform additional configuration of `/etc/snort/snort.conf` via template.
+
+Preseed database configuration for SNORT to connect to the database server. This will use Chef search results for the database master.
+
+Support either RPM or Yum based installations on Red Hat family distributions.
+
+Oinkmaster automatic rules updates.
+
+Source-based installation.
+
+Other platforms in general :).
+
+References
+==========
+
+* [SNORT home page](http://www.snort.org)
+* [snort -h doesn't do what you think](http://blog.joelesler.net/2010/03/snort-h-doesnt-do-what-you-think-it-does.html)
+
+License and Author
+==================
+
+Author: Joshua Timberman (<joshua@opscode.com>)
+Copyright 2010, Opscode, Inc (<legal@opscode.com>)
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
View
33 snort/attributes/default.rb
@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: snort
+# Attributes:: default
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node['platform']
+when "ubuntu", "debian"
+ default['snort']['home_net'] = "192.168.0.0/16"
+when "redhat","centos","fedora"
+ default['snort']['home_net'] = "any"
+ default['snort']['rpm']['version'] = "2.9.0.3-1.F13"
+ default['snort']['rpm']['checksum_snort'] = "7625fba04aa7ff2053f91406fa9ad457868ba711097000ca051ba2e0a245a904"
+ default['snort']['rpm']['checksum_snort_mysql'] = "a2b5bf7f95994ccd1d59e97efba110ed2dcf97187f5db1c697bad20aaf8a2e90"
+ default['snort']['rpm']['checksum_snort_postgresql'] = "94c8143dfd8b76944d0602948718750a17198b0ac50e9d1a5960f4e85b7fb7a8"
+else
+ default['snort']['home_net'] = "any"
+end
+
+default['snort']['database'] = 'none'
View
45 snort/metadata.json
@@ -0,0 +1,45 @@
+{
+ "name": "snort",
+ "description": "Installs/Configures snort",
+ "long_description": "Description\n===========\n\nInstalls and configures SNORT.\n\nRequirements\n============\n\nTested on Ubuntu. May work on Debian, and Red Hat family distributions. Won't work on other platforms.\n\nCookbooks\n----\n\nNo other cookbooks are strictly required, however to use one of the database backends, the appropriate cookbook should be used. For example, Opscode cookbooks:\n\n* mysql\n* postgresql\n\nAttributes\n==========\n\n* `node['snort']['home_net']` - Address range to use for preseeding `HOME_NET`. Default 192.168.0.0/16 on Ubuntu/Debian otherwise any.\n* `node['snort']['database']` - What database backend to use. Default none. MySQL and PostgreSQL are usable. The default recipe will install the SNORT package for the appropriate database backend. You'll need to make sure that the database server is set up in some way such that SNORT can connect to it. This cookbook does not yet support automatic configuration.\n\nUsage\n=====\n\nSimply include `recipe[snort]` in a run list to have the system get SNORT installed. This performs a baseline installation and preseeds the package.\n\nSee future plans.\n\nFuture Plans\n============\n\nThe following features are planned for a future release of this cookbook. Contributions welcome, see [How to Contribute](http://wiki.opscode.com/display/chef/How+to+Contribute)\n\nPreseed database configuration for SNORT to connect to the database server. This will use Chef search results for the database master.\n\nSupport either RPM or Yum based installations on Red Hat family distributions.\n\nOinkmaster automatic rules updates.\n\nSource-based installation.\n\nOther platforms in general :).\n\nReferences\n==========\n\n* [SNORT home page](http://www.snort.org)\n* [snort -h doesn't do what you think](http://blog.joelesler.net/2010/03/snort-h-doesnt-do-what-you-think-it-does.html)\n\nLicense and Author\n==================\n\nAuthor: Joshua Timberman (<joshua@opscode.com>)\nCopyright 2010, Opscode, Inc (<legal@opscode.com>)\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "ubuntu": [
+
+ ],
+ "debian": [
+
+ ],
+ "redhat": [
+
+ ],
+ "centos": [
+
+ ],
+ "fedora": [
+
+ ]
+ },
+ "dependencies": {
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "snort": "Installs snort packages based on platform"
+ },
+ "version": "0.9.0"
+}
View
12 snort/metadata.rb
@@ -0,0 +1,12 @@
+maintainer "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license "Apache 2.0"
+description "Installs/Configures snort"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version "0.9.0"
+
+recipe "snort", "Installs snort packages based on platform"
+
+%w{ ubuntu debian redhat centos fedora }.each do |os|
+ supports os
+end
View
82 snort/recipes/default.rb
@@ -0,0 +1,82 @@
+#
+# Cookbook Name:: snort
+# Recipe:: default
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node['platform']
+when 'ubuntu', 'debian'
+
+ snort_package = case node['snort']['database']
+ when "none"
+ "snort"
+ when "mysql"
+ "snort-mysql"
+ when "postgresql","pgsql","postgres"
+ "snort-pgsql"
+ end
+
+ directory "/var/cache/local/preseeding" do
+ owner "root"
+ group "root"
+ mode 0755
+ recursive true
+ end
+
+ template "/var/cache/local/preseeding/snort.seed" do
+ source "snort.seed.erb"
+ owner "root"
+ group "root"
+ mode 0755
+ notifies :run, "execute[preseed snort]", :immediately
+ end
+
+ execute "preseed snort" do
+ command "debconf-set-selections /var/cache/local/preseeding/snort.seed"
+ action :nothing
+ end
+
+ package snort_package do
+ action :upgrade
+ end
+
+ package "snort-rules-default" do
+ action :upgrade
+ end
+
+when "redhat", "centos", "fedora"
+
+ snort_package = case node['snort']['database']
+ when "none"
+ "snort"
+ when "mysql"
+ "snort-mysql"
+ when "postgresql","pgsql","postgres"
+ "snort-postgresql"
+ end
+
+ snort_rpm = "#{snort_package}-#{node['snort']['rpm']['version']}.i386.rpm"
+
+ remote_file "#{Chef::Config[:file_cache_path]}/#{snort_rpm}" do
+ source "http://www.snort.org/dl/snort-current/#{snort_rpm}"
+ checksum node['snort']['rpm']["checksum_#{snort_package}"]
+ mode 0644
+ end
+
+ rpm_package "#{Chef::Config[:file_cache_path]}/#{snort_rpm}" do
+ action :install
+ end
+end
View
13 snort/templates/default/snort.seed.erb
@@ -0,0 +1,13 @@
+snort snort/config_error error
+snort snort/please_restart_manually note
+snort snort/address_range string <%= node['snort']['home_net'] %>
+snort snort/startup select boot
+snort snort/options string
+snort snort/invalid_interface error
+snort snort/stats_treshold string 1
+snort snort/interface string eth0
+snort-common snort/deprecated_config note
+snort snort/disable_promiscuous boolean false
+snort snort/stats_rcpt string root
+snort snort/send_stats boolean true
+snort snort/config_parameters error
Please sign in to comment.
Something went wrong with that request. Please try again.