DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

Ossec Hids Puppet Module

06.25.2010
| 2377 views |
  • submit to reddit
        // puppet module for downloading, installing and managing ossec in server, local, or agent mode
// still needs work, but it's a working start

# /etc/puppet/modules/ossec/manifests/init.pp
# install ossec-hids-agent on monitored servers and workstations
# This module downloads the defined version of ossec from a defined website
# extracts the files, configures the preloaded-vars.conf file to unattended install
# runs the installation script and then copies and manages the master  ossec.conf
# and rules files.

# call this module via:  node 'name' {include ossec::server}
# replace server with  local or agent  depending on the type of ossec install you
# want to perform.

class ossec {
        
    # I will move this define to a common definition module later        
    define download_file(
            $site="",
            $cwd="",
            $creates="",
            $require="",
            $user="") {                                                                                         
    
        exec { $name:                                                                                                                     
            command => "/usr/bin/wget ${site}/${name}",                                                         
            cwd => $cwd,
            creates => "${cwd}/${name}",                                                              
            require => $require,
            user => $user,                                                                                                          
        }
    }        
        

    class install{
            
        $ossecversion = "ossec-hids-2.4.1" 
        $ossecfile = "$ossecversion.tar.gz"
        $workdir = "/opt/working"
            
                
        file { "/opt/working":    
            ensure  => directory,
            owner => root,
            group => root,
            mode => 760, 
        }
        
        download_file {"${ossecfile}":                                                                                                                              
           site => "http://www.ossec.net/files",   # best to use a local copy if working with lots of machines                                                                        
           cwd => "${workdir}",                                                                            
           creates => "${workdir}/$name",                                                                  
           require => File["/opt/working"],                                                                  
           user => root,                                                                                                              
       }
       
        exec {"extract-ossec":
           cwd => "${workdir}",
           command => "/bin/tar xzf ${ossecfile}",
           creates => "${workdir}/${ossecversion}",
           require => Download_file["${ossecfile}"],
           user => root,
        }
    
    }


    class server inherits ossec::install {
    
        $ossectype = "server"
    
        file {"ossecvars":
            path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
            ensure => present,
            content => template("ossec/preloaded-vars.conf-${ossectype}"), 
            require => Exec["extract-ossec"],
            
        }
        
        exec {"install-ossec":
            cwd => "${workdir}/${ossecversion}",
            command => "${workdir}/${ossecversion}/install.sh",
            creates => "/var/ossec/etc",
            user => root,
            require => File["ossecvars"],
        }
        
            
        service { "ossec":
            enable => true,
            ensure => running,
        }
    
        # manage ossec.conf file
        file { "ossec.conf":
            path => "/var/ossec/etc/ossec.conf",
            ensure  => present, owner => root, group => ossec, mode => 550, 
            content => template("ossec/ossec-conf-${ossectype}.erb"),    
        } 
    
        # manage the /var/ossec/rules 
        file { "ossec-rules":
            path => "/var/ossec/rules",
            checksum => "mtime",
            ensure  => directory, owner => root, group => ossec, mode => 550, 
            source  => "puppet://$server/ossec/ossec-rules",
            recurse => true,
            ignore  => [ ".svn" ],
        }
    
        exec {ossec-restart:
            command => "/var/ossec/bin/ossec-control restart",
            subscribe => File[ "ossec.conf" , "ossec-rules" ],
            refreshonly => true,  # Only run command if monitored files change       
        }
    
    }
    
        

    class local inherits ossec::install {
    
        $ossectype = "local"
    
        file {"ossecvars":
            path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
            ensure => present,
            content => template("ossec/preloaded-vars.conf-${ossectype}"), 
            require => Exec["extract-ossec"],
            
        }
        
        exec {"install-ossec":
            cwd => "${workdir}/${ossecversion}",
            command => "${workdir}/${ossecversion}/install.sh",
            creates => "/var/ossec/etc",
            user => root,
            require => File["ossecvars"],
        }
        
            
        service { "ossec":
            enable => true,
            ensure => running,
        }
    
        # manage ossec.conf file
        file { "ossec.conf":
            path => "/var/ossec/etc/ossec.conf",
            ensure  => present, owner => root, group => ossec, mode => 550, 
            content => template("ossec/ossec-conf-${ossectype}.erb"),    
        } 
    
        # manage the /var/ossec/rules 
        file { "ossec-rules":
            path => "/var/ossec/rules",
            checksum => "mtime",
            ensure  => directory, owner => root, group => ossec, mode => 550, 
            source  => "puppet://$server/ossec/ossec-rules",
            recurse => true,
            ignore  => [ ".svn" ],
        }
    
        exec {ossec-restart:
            command => "/var/ossec/bin/ossec-control restart",
            subscribe => File[ "ossec.conf" , "ossec-rules" ],
            refreshonly => true,  # Only run command if monitored files change       
        }
    
    }

    
    class agent inherits ossec::install {    
        $ossectype = "agent"
    
        file {"ossecvars":
            path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
            ensure => present,
            content => template("ossec/preloaded-vars.conf-${ossectype}"), 
            require => Exec["extract-ossec"],
            
        }
        
        exec {"install-ossec":
            cwd => "${workdir}/${ossecversion}",
            command => "${workdir}/${ossecversion}/install.sh",
            creates => "/var/ossec/etc",
            user => root,
            require => File["ossecvars"],
        }
        
            
        service { "ossec":
            enable => true,
            ensure => running,
        }
    
        # manage ossec.conf file
        file { "ossec.conf":
            path => "/var/ossec/etc/ossec.conf",
            ensure  => present, owner => root, group => ossec, mode => 550, 
            content => template("ossec/ossec-conf-${ossectype}.erb"),    
        } 
    
        exec {ossec-restart:
            command => "/var/ossec/bin/ossec-control restart",
            subscribe => File["ossec.conf"],
            refreshonly => true,  # Only run command if monitored files change       
        }
    }
}