nopaste
HomeAll pastesPopular pastesRecent pastes

Public paste
Undefined
By: miah | Date: Mar 30 2010 19:37 | Format: None | Expires: never | Size: 4.32 KB | Hits: 836
Edit & repaste | raw paste | Request removal

  1. # snort.pp
  2. # Miah Johnson - <miahNO$P4M@chia-pet.org>
  3. # Describes how to install Snort.
  4.  
  5. class snort {
  6.  
  7.   include virt_users, virt_groups
  8.   realize(
  9.     Group["snort"],
  10.     User["snort"],
  11.   )
  12.  
  13.   package { pcre:
  14.     ensure => "installed",
  15.     before => Package["snort", "snort-mysql"],
  16.   }
  17.  
  18.   package { mysql:
  19.     name => $operatingsystem ? {
  20.        default => "mysql",
  21.        opensuse => "libmysqlclient15",
  22.     },
  23.     ensure => "installed",
  24.     before => Package["snort-mysql"],
  25.   }
  26.  
  27.   package { snort:
  28.     ensure => "installed",
  29.     require => [ File["nstrepo"], Package["pcre"] ],
  30.   }
  31.  
  32.   package { snort-mysql:
  33.     ensure => "installed",
  34.     require => package["snort"],
  35.   }
  36.  
  37.   file { "/etc/snort/rules":
  38.     ensure => "directory",
  39.     mode => "750",
  40.     owner => "root",
  41.     group => "snort",
  42.     recurse => "true",
  43.     before => Exec["extract-snort-rules"],
  44.     require => Package["snort"],
  45.     }
  46.  
  47.   file { "/etc/snort/xfer.tgz":
  48.     source => "puppet://puppet/nst/xfer.tgz",
  49.     alias => "snort-rules",
  50.     before => Exec["extract-snort-rules"],
  51.     require => File["/etc/snort/rules"],
  52.     checksum => "md5lite",
  53.     }
  54.  
  55.   exec { "tar zxf xfer.tgz -C /etc/snort/rules":
  56.     path => ["/bin", "/sbin", "/usr/bin", "/usr/sbin"],
  57.     cwd => "/etc/snort",
  58.     alias => "extract-snort-rules",
  59.     subscribe => File["snort-rules"],
  60.     refreshonly => "true",
  61.     }
  62.  
  63.   file { "/var/run/snort":
  64.     ensure => "directory",
  65.     mode => "770",
  66.     owner => "root",
  67.     group => "snort"
  68.     }
  69.  
  70.   service { "snortd":
  71.     enable => "false",
  72.     ensure => "stopped",
  73.     require => Package["snort"],
  74.   }
  75.  
  76. }
  77.  
  78. define snort::daemon (
  79.  $dev,
  80.  $sensor_name,
  81.  $bpf_rules,
  82.  $home_net = "any",
  83.  $ext_net = "any",
  84.  $dns_srv = "$HOME_NET",
  85.  $smtp_srv = "$HOME_NET",
  86.  $telnet_srv = "$HOME_NET",
  87.  $snmp_srv = "$HOME_NET",
  88.  $http_srv = "$HOME_NET",
  89.  $sql_srv = "$HOME_NET",
  90.  $http_prt = "80",
  91.  $shc_prt = "!80",
  92.  $orcl_prt = "1521",
  93.  $aim_srv = "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24",
  94.  $db_type = "mysql",
  95.  $db_user = "snort",
  96.  $db_pass = "64m0nsn0rt",
  97.  $db_name = "snort",
  98.  # demarc.reinternal.com
  99.  $db_host = "10.104.138.241",
  100.  $snort_opts = ["-A", "fast", "-b", "-D", "-o"],
  101.  $snort_usr = "snort",
  102.  $snort_grp = "snort"
  103.  )
  104. # $dev - which device to bind snort to. eg, any or eth0
  105. # $sensor_name - the name to use for mysql reporting, initscripts,
  106. # configuration files, and log directories.
  107. # $bpf_rules - Multiple rules allowed, use an array.
  108. # $name - name the daemon, eg snort1, snort2, keep under 12 chars.
  109.  
  110.  {
  111.   include snort
  112.  
  113.   file { "/etc/snort/bpf-$sensor_name.conf":
  114.     ensure => "present",
  115.     content => template("snort/bpf.conf.erb"),
  116.     notify => Service["snortd-$sensor_name"],
  117.     require => File["/etc/snort/rules"],
  118.     }
  119.  
  120.   file { "/etc/snort/snort-$sensor_name.conf":
  121.     ensure => "present",
  122.     content => template("snort/snort.conf.erb"),
  123.     notify => Service["snortd-$sensor_name"],
  124.     require => File["/etc/snort/rules"],
  125.     }
  126.  
  127.  
  128.   file { "/var/log/snort-$sensor_name":
  129.     ensure => "directory",
  130.     mode => "770",
  131.     owner => "root",
  132.     group => "snort",
  133.     }
  134.  
  135.   file { "/etc/sysconfig/snort-$sensor_name":
  136.     ensure => "present",
  137.     owner => "root",
  138.     group => "snort",
  139.     mode => "640",
  140.     content => template("snort/sysconfig.erb"),
  141.     alias => "snortcfg-$sensor_name",
  142.     notify => Service["snortd-$sensor_name"]
  143.     }
  144.  
  145.   file { "/etc/init.d/snortd-$sensor_name":
  146.     ensure => "present",
  147.     owner => "root",
  148.     group => "root",
  149.     mode => "755",
  150.     content => $operatingsystem ? {
  151.       default => template("snort/snortd.rhel.erb"),
  152.       suse => template("snort/snortd.suse.erb"),
  153.       opensuse => template("snort/snortd.suse.erb"),
  154.       },
  155.     }
  156.  
  157.   file { "/etc/logrotate.d/snort-$sensor_name":
  158.     ensure => "present",
  159.     owner => "root",
  160.     group => "root",
  161.     mode => "644",
  162.     content => template("snort/logrotate.erb"),
  163.     }
  164.  
  165.   service { "snortd-$sensor_name":
  166.     enable => "true",
  167.     ensure => "running",
  168.     hasstatus => "true",
  169.     subscribe => file["snortcfg-$sensor_name", "snort-rules"],
  170.     require => Package["snort", "snort-mysql"],
  171.   }
  172.  
  173. }
Latest pastes
THREE XXX VIDEOS FULL HD EXCLUSIVE CONTENT
4 days ago
AM4Z1NG S3X VID3OS .. THE BEST
5 days ago
T33N S3X APRIL 19 2024 COLLECTION
5 days ago
2 AM4ZING TTEENN V1DEOS APRIL 17 COLL3CTION
7 days ago
ATM CREDIT CARD Cloned Cards transfers PAYPAL(Telegram +1( 202) 503 9187 ) Cashapp Bank Western Union Zelle Cc cVV Authentic DL and Passport VbV Dumps
8 days ago

What's new | Credits | Contact