Installs and configure osquery
- file integrity monitoring
- packs
It was tested on the following versions:
- 2.2
- 2.3
- 2.5
Tested on Ubuntu 14.04, 16.04, 18.04, Centos 7. Kitchen test vagrant or lxd, Travis.
Just include this role in your list. For example
- host: all
roles:
- juju4.osquery
Run
$ ansible-playbook -i inventory site.yml
Sample. See defaults/main.yml for full scope
osquery_service_enable: true
osquery_debug_packages_install: true
## define this if don't want to use upstream ones
#osquery_repository: ''
#osquery_repositorykey: ''
osquery_template: 'osquery.conf.j2'
#osquery_upload_packs: []
osquery_upload_packs:
- osquery-snapshots-pack
- osquery-monitoring2-pack
osquery_packs:
- "osquery-monitoring"
- "incident-response"
- "it-compliance"
- "ossec-rootkit"
- "vuln-management"
- "hardware-monitoring"
- "osquery-snapshots-pack"
- osquery-monitoring2-pack
osquery_config_plugin: 'filesystem'
osquery_logger_plugin: 'filesystem'
#osquery_logger_plugin: 'syslog'
#osquery_logger_plugin: 'filesystem,syslog'
osquery_flags: []
osquery_fim: true
osquery_fim_interval: 300
This role has a travis basic test (for github), more advanced with kitchen and also a Vagrantfile (test/vagrant). Default kitchen config (.kitchen.yml) is lxd-based, while (.kitchen.vagrant.yml) is vagrant/virtualbox based.
Once you ensured all necessary roles are present, You can test with:
$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.osquery
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify
or
$ cd /path/to/roles/juju4.osquery/test/vagrant
$ vagrant up
$ vagrant ssh
TBD
TBD
BSD 2-clause
- Original role made by Kevin Brebanov.