Skip to content

mediapop/verygood.ossec-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
defaults
defaults
 
 
files
files
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
.editorconfig
.editorconfig
 
 
README.md
README.md
 
 

Repository files navigation

Role Name

This roles setup a OSSEC Server

Requirements

This role will work on Ubuntu. OSSEC doesn't do SMTP auth of any kind so if you want email alerts you should add local SMTP like sendmail.

Role Variables

The role uses the Ubuntu package defaults. The below all the options with their defaults as examples, but list items are truncated. Please view defaults/main.yml for a full list.

Email

ossec_email_to: [email protected]
ossec_smtp_server: localhost
ossec_email_from: [email protected]

Rules

ossec_rules:
  - rules_config.xml

Syscheck

ossec_syscheck_frequency: 7200
ossec_syscheck_directories:
  - check_all: yes
    directories: /etc,/usr/bin,/usr/sbin
ossec_syscheck_ignore_directories:
  - /etc/mtab

Rootcheck

ossec_rootcheck_rootkit_files: /var/ossec/etc/shared/rootkit_files.txt
ossec_rootcheck_rootkit_rojans: /var/ossec/etc/shared/rootkit_trojans.txt

Global whitelist

ossec_global_white_lists:
  - 127.0.0.1

Remote

ossec_remote_connection: secure
ossec_remote_port: 1514
ossec_remote_protocol: udp
ossec_remote_local_ip: 0.0.0.0

Alerts

ossec_alerts_log_alert_level: 1
ossec_alerts_email_alert_level: 7

Commands

ossec_commands:
  - name: host-deny
    executable: host-deny.sh
    expect: srcip
    timeout_allowed: yes

Active Responses

ossec_active_responses:
  - command: host-deny
    location: local
    level: 6
    timeout: 600

Localfile

ossec_localfile:
  - log_format: syslog
    location: /var/log/messages

Example Playbook

- hosts: servers
  vars:
    ossec_email_from: [email protected]
    ossec_email_ro: [email protected]
  roles:
     - verygood.ossec-server

License

BSD

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

12 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages