You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ly...@apache.org on 2016/09/04 19:15:34 UTC
incubator-metron git commit: METRON-400 Deploy Probes to running
Docker Container closes apache/incubator-metron#238
Repository: incubator-metron
Updated Branches:
refs/heads/master 839bd2093 -> 5ac442431
METRON-400 Deploy Probes to running Docker Container closes apache/incubator-metron#238
Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/5ac44243
Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/5ac44243
Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/5ac44243
Branch: refs/heads/master
Commit: 5ac442431d567a1d4c45a22f3103f0e0d01d951d
Parents: 839bd20
Author: dlyle65535 <dl...@gmail.com>
Authored: Sun Sep 4 15:14:59 2016 -0400
Committer: David Lyle <dl...@gmail.com>
Committed: Sun Sep 4 15:14:59 2016 -0400
----------------------------------------------------------------------
.../playbooks/docker_probe_install.yml | 63 ++++++++++++++++++++
metron-deployment/roles/bro/meta/main.yml | 1 -
.../roles/bro/tasks/dependencies.yml | 2 +
.../roles/sensor-test-mode/tasks/snort.yml | 2 -
.../roles/sensor-test-mode/tasks/yaf.yml | 1 -
metron-deployment/roles/snort/meta/main.yml | 1 -
metron-deployment/roles/yaf/meta/main.yml | 1 -
metron-deployment/roles/yaf/tasks/yaf.yml | 2 +-
8 files changed, 66 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/playbooks/docker_probe_install.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/playbooks/docker_probe_install.yml b/metron-deployment/playbooks/docker_probe_install.yml
new file mode 100644
index 0000000..b23e72a
--- /dev/null
+++ b/metron-deployment/playbooks/docker_probe_install.yml
@@ -0,0 +1,63 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+---
+#
+# sensors
+#
+- hosts: localhost
+ tasks:
+ - name: add container to inventory
+ add_host:
+ name: amb-server
+ ansible_connection: docker
+ groups: sensors
+ changed_when: false
+ tags: add-host
+
+- hosts: sensors
+ vars:
+ metron_version: 0.2.0BETA
+ metron_directory: /usr/metron/{{ metron_version }}
+ bro_version: "2.4.1"
+ fixbuf_version: "1.7.1"
+ yaf_version: "2.8.0"
+ daq_version: "2.0.6-1"
+ pycapa_repo: "https://github.com/OpenSOC/pycapa.git"
+ pycapa_home: "/opt/pycapa"
+ snort_version: "2.9.8.0-1"
+ snort_alert_csv_path: "/var/log/snort/alert.csv"
+ threat_intel_bulk_load: False
+ sensor_test_mode: True
+ install_pycapa: False
+ install_bro: True
+ install_snort: True
+ install_yaf: True
+ install_pcap_replay: True
+ sniff_interface: eth0
+ pcap_replay_interface: "{{ sniff_interface }}"
+ pcapservice_port: 8081
+ kafka_broker_url: amb4.service.consul:6667
+ connection: docker
+ roles:
+ - { role: bro, tags: ['bro'] }
+ - { role: flume, tags: ['snort','flume'] }
+ - { role: snort, tags: ['snort'] }
+ - { role: yaf, tags: ['yaf'] }
+ - { role: pcap_replay, tags: ['pcap-replay'] }
+ - { role: sensor-test-mode, tags: ['sensor-test-mode'] }
+ tags:
+ - sensors
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/bro/meta/main.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/bro/meta/main.yml b/metron-deployment/roles/bro/meta/main.yml
index 9c9286f..df226e7 100644
--- a/metron-deployment/roles/bro/meta/main.yml
+++ b/metron-deployment/roles/bro/meta/main.yml
@@ -17,7 +17,6 @@
---
dependencies:
- libselinux-python
- - ambari_gather_facts
- build-tools
- kafka-client
- librdkafka
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/bro/tasks/dependencies.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/bro/tasks/dependencies.yml b/metron-deployment/roles/bro/tasks/dependencies.yml
index 431e861..fa20b71 100644
--- a/metron-deployment/roles/bro/tasks/dependencies.yml
+++ b/metron-deployment/roles/bro/tasks/dependencies.yml
@@ -31,6 +31,8 @@
- swig
- zlib-devel
- perl
+ - crontabs
+ - net-tools
register: result
until: result.rc == 0
retries: 5
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/sensor-test-mode/tasks/snort.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/sensor-test-mode/tasks/snort.yml b/metron-deployment/roles/sensor-test-mode/tasks/snort.yml
index a9785c0..3b1af5f 100644
--- a/metron-deployment/roles/sensor-test-mode/tasks/snort.yml
+++ b/metron-deployment/roles/sensor-test-mode/tasks/snort.yml
@@ -19,13 +19,11 @@
# configure snort to alert on every packet
#
- name: Configure snort to use a set of test rules
- become: True
lineinfile:
dest: /etc/snort/snort.conf
line: "include $RULE_PATH/test.rules"
- name: Create a snort alert for testing that alerts on every packet
- become: True
lineinfile:
dest: /etc/snort/rules/test.rules
line: "alert tcp any any -> any any (msg:'snort test alert'; sid:999158; )"
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml b/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml
index 1206e23..c867d60 100644
--- a/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml
+++ b/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml
@@ -19,7 +19,6 @@
# configure yaf to generate a flow record for every packet
#
- name: Stop running instances of yaf
- become: True
service: name=yaf state=stopped
- name: Configure yaf to generate a flow record for every network packet
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/snort/meta/main.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/snort/meta/main.yml b/metron-deployment/roles/snort/meta/main.yml
index f742973..ebca8ed 100644
--- a/metron-deployment/roles/snort/meta/main.yml
+++ b/metron-deployment/roles/snort/meta/main.yml
@@ -16,7 +16,6 @@
#
---
dependencies:
- - ambari_gather_facts
- epel
- libselinux-python
- build-tools
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/yaf/meta/main.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/yaf/meta/main.yml b/metron-deployment/roles/yaf/meta/main.yml
index ff366b8..768bcac 100644
--- a/metron-deployment/roles/yaf/meta/main.yml
+++ b/metron-deployment/roles/yaf/meta/main.yml
@@ -16,7 +16,6 @@
#
---
dependencies:
- - ambari_gather_facts
- build-tools
- java_jdk
- libselinux-python
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/5ac44243/metron-deployment/roles/yaf/tasks/yaf.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/yaf/tasks/yaf.yml b/metron-deployment/roles/yaf/tasks/yaf.yml
index 9a9787b..7ee361e 100644
--- a/metron-deployment/roles/yaf/tasks/yaf.yml
+++ b/metron-deployment/roles/yaf/tasks/yaf.yml
@@ -50,5 +50,5 @@
template: src=yaf dest=/etc/init.d/yaf mode=0755
- name: Register the service with systemd
- shell: systemctl enable pcap-replay
+ shell: systemctl enable yaf
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"