Skip to content

mjay-kerberos/snort-ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
host_vars
host_vars
 
 
molecule/default
molecule/default
 
 
roles/snort
roles/snort
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
inventory.ini
inventory.ini
 
 
snort.yml
snort.yml
 
 

Repository files navigation

Ansible Role: Snort 3

A simple snort ansible role. This role installs and configures Snort 3, the latest version of the open-source network intrusion detection system (NIDS) software. It ensures that Snort 3 and its dependencies are installed and configured on your systems.

Requirements

  • Target systems must be running a Debian-based Linux distribution (e.g., Ubuntu).
  • sudo privileges on the target systems for installing packages and performing configurations.

Role Variables

Variables and their default values (see defaults/main.yml):

# Snort version to install
snort_version: "3.1.78.0"

# Snort download URL
snort_download_url: "https://www.snort.org/downloads/snortplus/snort3-{{ snort_version }}.tar.gz"

# DAQ (Data Acquisition library) version
daq_version: "3.0.14"

# DAQ download URL
daq_download_url: "https://www.snort.org/downloads/snortplus/libdaq-{{ daq_version }}.tar.gz"

# Path to store Snort source files
snort_src_path: "/root/snort_src"

# Snort rules URL
snort_rules_url: "https://www.snort.org/downloads/community/snort3-community-rules.tar.gz"

# Path to store Snort rules
snort_rules_path: "/etc/snort/rules"

Dependencies

None. The ansible script makes sure to install all necessary dependencies for you. However, for testing purposes if you want to use the molecule folder. Make sure to have the reqs needed.

Requirements

  • Ansible
  • Docker
  • Molecule (with Docker driver)

Installation & Configuration

  1. Clone this repository to your control node:

    git clone <repository_url>
cd <cloned_directory>

  2. Update the inventory.ini file to include the IP addresses or hostnames of your target systems under the appropriate host group.

  3. (Optional) Modify the defaults/main.yml file to customize Snort configuration parameters according to your requirements.

Remember to replace <repository_url> and <cloned_directory> with the actual URL of the git repo and the name of the directory to which the repository is cloned, respectively.

Running the Playbook

To deploy Snort on your target systems, run the Ansible playbook snort.yml. Since this playbook uses become: yes for tasks that require elevated privileges, you might need to provide a sudo password.

Execute the playbook with the following command:

ansible-playbook -i inventory.ini snort.yml --ask-become-pass

When prompted, enter the sudo password for the user under which the playbook is executed.

If your system does not require you to use sudo you can continue with

 ansible-playbook -i inventory.ini snort.yml

Snort Verification

To verify the Snort installation by running:

 snort -V

Testing with Molecule

This role includes Molecule tests for verifying functionality. To run these tests:

  1. Ensure you have Molecule and the Docker driver installed:

    python3 -m pip install --user molecule molecule-docker

  2. Change to the role directory:

    cd snort

  3. Run Molecule tests:

    molecule test

Molecule will perform a series of actions, such as linting the role, creating a Docker container, applying the role to the container, and then running any defined tests. After the tests are complete, Molecule will destroy the created container.

For more information on Molecule, visit the Molecule documentation.

License

MIT

Author Information

This role was created in 2024 by Juliet Meza.

About

A simple snort ansible script

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages