Create testfile

config.yaml

+---
+iac:
+- terraform
+- nginx
+...
\ No newline at end of file

nginx/config.yaml

+
+---
+input:
+  - instance_ip_nginx_vm
+  - instance_server_private_key_ubuntu
+output: []
+engine: ansible
+...

nginx/inventory.j2

+
+
+[servers_for_nginx]
+{{ instance_ip_nginx_vm }}
+
+[servers_for_nginx:vars]
+ansible_connection=ssh
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ssh_key

nginx/main.yml

+
+
+---
+- hosts: servers_for_nginx
+  gather_facts: no
+  become: yes
+  tasks:
+    - name: Update repositories
+      apt:
+        update_cache: yes
+
+    - name: Install nginx
+      package:
+        name: nginx
+
+    - name: Start nginx
+      service:
+        name: nginx
+        enabled: yes
+        state: started
+
+    - name: Set attributes
+      set_stats:
+        data:
+          site_config_dir: /etc/nginx/conf.d
+
+    - name: Install sample site
+      copy:
+        dest: "{{ item }}"
+        content: |
+          <!doctype html>
+          <html lang="en">
+          <head>
+            <title>Hello World!</title>
+          </head>
+          <body>
+            <h1>Sample web page</h1>
+            <p>With little content ;)</p>
+          </body>
+          </html>
+      with_items:
+        - /var/www/html/index.html
+        - /usr/share/nginx/html/index.html
+

nginx/ssh_key.j2

+{{ instance_server_private_key_ubuntu }}

piacere_monitoring/ansible.cfg

+# https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+[defaults]
+host_key_checking = False
+inventory = {{CWD}}/hosts.yaml  ; This points to the file that lists your hosts
+remote_user = esilab
+deprecation_warnings=False ; to remove the python version depretation warning
+display_skipped_hosts = no 
\ No newline at end of file

piacere_monitoring/ansible_requirements.yml

+roles:
+#  - name: dj-wasabi.telegraf
+#    version: 0.13.3
+#    source: https://galaxy.ansible.com
+  - name: dj-wasabi.telegraf
+    src: https://github.com/dj-wasabi/ansible-telegraf.git
+    scm: git
+    version: 0.13.3

piacere_monitoring/config.yaml

+
+---
+input:
+  - instance_ip_nginx_vm
+  - instance_server_private_key_ubuntu
+output: []
+engine: ansible
+...

piacere_monitoring/hosts.yaml

+all:
+  hosts:
+    localhost:
+      ansible_connection: local

piacere_monitoring/install_playbook_requirements.sh

+#!/bin/bash
+set -e
+
+SCRIPT_DIR=$(dirname "$0")
+
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site_requirements.yaml --extra-vars "$1"
+fi

piacere_monitoring/inventory.j2

+
+
+[servers_for_piacere_monitoring]
+{{ instance_ip_nginx_vm }}
+
+[servers_for_piacere_monitoring:vars]
+ansible_connection=ssh
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ssh_key

piacere_monitoring/main.yml

+---
+- hosts: localhost
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml
+
+- hosts: all
+  pre_tasks:
+    - name: Ensure gnupg package
+      package:
+        name: gnupg
+        state: present
+      become: true
+  vars_files:
+    - vars/main.yaml
+  tasks:
+    - name: Install telegraf
+      ansible.builtin.include_role:
+        name: dj-wasabi.telegraf

piacere_monitoring/run-playbook.sh

+#!/bin/bash
+set -e
+
+SCRIPT_DIR=$(dirname "$0")
+
+# to avoid the being run in a world writable directory we explicitly assign the ANSIBLE_CONFIG variable 
+if [[ -f ./ansible.cfg ]]
+then
+    export ANSIBLE_CONFIG=./ansible.cfg
+else 
+    if [[ -f $SCRIPT_DIR/ansible.cfg ]]
+    then
+        export ANSIBLE_CONFIG=$SCRIPT_DIR/ansible.cfg
+    fi
+fi
+
+if [[ -z "$ANSIBLE_CONFIG" ]]
+then 
+    echo ANSIBLE_CONFIG to assigned using default https://docs.ansible.com/ansible/latest/reference_appendices/config.html
+else 
+    echo ANSIBLE_CONFIG=$ANSIBLE_CONFIG
+fi
+
+if [[ -z "$1" ]]
+then 
+    # echo without params 
+    echo ansible-playbook $SCRIPT_DIR/site.yaml
+    ansible-playbook $SCRIPT_DIR/site.yaml
+else 
+    # echo with params
+    echo ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+    ansible-playbook $SCRIPT_DIR/site.yaml --extra-vars "$1"
+fi

piacere_monitoring/site.yaml

+- hosts: all
+  pre_tasks:
+    - name: Check parameters
+      fail:
+        msg: 'variable {{item}} not defined'
+      when: item is not defined
+      with_items:
+        - pma_deployment_id
+        - pma_influxdb_bucket
+        - pma_influxdb_token
+        - pma_influxdb_org
+        - pma_influxdb_addr
+    - name: Print parameters
+      debug:
+        msg: 
+          - "pma_deployment_id: {{ pma_deployment_id }}"
+          - "pma_influxdb_bucket: {{ pma_influxdb_bucket }}"
+          - "pma_influxdb_token: {{ pma_influxdb_token }}"
+          - "pma_influxdb_org: {{ pma_influxdb_org }}"
+          - "pma_influxdb_addr: {{ pma_influxdb_addr }}"
+    - name: Ensure gnupg package
+      package:
+        name: gnupg
+        state: present
+      become: true
+      
+  vars_files:
+    - vars/main.yaml
+  roles:
+    - dj-wasabi.telegraf

piacere_monitoring/site_requirements.yaml

+- hosts: localhost
+  tasks:
+    - name: print disclamer
+      debug:
+        msg: this can also be done with "ansible-galaxy install -r requirements"
+    - name: install telegraf from galaxy
+      community.general.ansible_galaxy_install:
+        type: role
+        requirements_file: ansible_requirements.yml

piacere_monitoring/ssh_key.j2

+{{ instance_server_private_key_ubuntu }}

piacere_monitoring/vars/main.yaml

+pma_deployment_id: "123e4567-e89b-12d3-a456-426614174002"
+pma_influxdb_bucket: "bucket"
+pma_influxdb_token: "piacerePassword"
+pma_influxdb_org: "piacere"
+pma_influxdb_addr: "https://influxdb.pm.ci.piacere.digital.tecnalia.dev"
+
+telegraf_agent_package_state: latest
+
+telegraf_agent_output:
+  - type: influxdb_v2
+    config:
+      - urls = ["{{ pma_influxdb_addr }}"]
+      - token = "{{ pma_influxdb_token }}"
+      - organization = "{{ pma_influxdb_org }}"
+      - bucket = "{{ pma_influxdb_bucket }}"
+      - insecure_skip_verify = true
+
+telegraf_global_tags:
+  - tag_name: deployment_id
+    tag_value: "{{ pma_deployment_id }}"
+
+telegraf_plugins_default:
+  - plugin: cpu
+  - plugin: mem
+  - plugin: processes
+  - plugin: disk
+  - plugin: net
\ No newline at end of file

piacere_security/build-wazuh-agent.yml

+---
+- hosts: all
+  tasks:
+
+  - name: include vars
+    include_vars: vars.yml
+
+  - name: Copy build dir to dest
+    copy:
+      src: "./docker-deploy"
+      dest: "{{ docker_image_build_dir }}"
+      mode: 0644
+
+  - name: Build docker image
+    community.docker.docker_image:
+      build:
+        path: "{{ docker_image_build_dir }}/docker-deploy"
+      name: "{{ wazuh_agent_image_name }}"
+      tag: latest
+      source: build
\ No newline at end of file

piacere_security/config.yaml

+
+---
+input:
+  - instance_ip_nginx_vm
+  - instance_server_private_key_ubuntu
+output: []
+engine: ansible
+...

piacere_security/config/ossec.conf.j2

+<ossec_config>
+  <client>
+    <server>
+      <address>{{ wazuh_manager_hostname }}</address>
+      <port>{{ wazuh_manager_port }}</port>
+      <protocol>tcp</protocol>
+    </server>
+    <config-profile>ubuntu, ubuntu20, ubuntu20.04</config-profile>
+    <notify_time>60</notify_time>
+    <time-reconnect>120</time-reconnect>
+    <auto_restart>yes</auto_restart>
+    <crypto_method>aes</crypto_method>
+  </client>
+
+
+  <client_buffer>
+    <!-- Agent buffer options -->
+    <disabled>no</disabled>
+    <queue_size>5000</queue_size>
+    <events_per_second>500</events_per_second>
+  </client_buffer>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>100</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </syscheck>
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <!-- Active response -->
+  <active-response>
+    <disabled>no</disabled>
+    <ca_store>etc/wpk_root.pem</ca_store>
+    <ca_verification>yes</ca_verification>
+  </active-response>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <labels>
+    <label key="piacere-deployment-id">{{ piacere_deployment_id }}</label>
+  </labels>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>audit</log_format>
+    <location>/var/log/audit/audit.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/messages</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/secure</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/maillog</location>
+  </localfile>
+
+</ossec_config>
\ No newline at end of file