DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world
Ossec Hids Puppet Module
// puppet module for downloading, installing and managing ossec in server, local, or agent mode
// still needs work, but it's a working start
# /etc/puppet/modules/ossec/manifests/init.pp
# install ossec-hids-agent on monitored servers and workstations
# This module downloads the defined version of ossec from a defined website
# extracts the files, configures the preloaded-vars.conf file to unattended install
# runs the installation script and then copies and manages the master ossec.conf
# and rules files.
# call this module via: node 'name' {include ossec::server}
# replace server with local or agent depending on the type of ossec install you
# want to perform.
class ossec {
# I will move this define to a common definition module later
define download_file(
$site="",
$cwd="",
$creates="",
$require="",
$user="") {
exec { $name:
command => "/usr/bin/wget ${site}/${name}",
cwd => $cwd,
creates => "${cwd}/${name}",
require => $require,
user => $user,
}
}
class install{
$ossecversion = "ossec-hids-2.4.1"
$ossecfile = "$ossecversion.tar.gz"
$workdir = "/opt/working"
file { "/opt/working":
ensure => directory,
owner => root,
group => root,
mode => 760,
}
download_file {"${ossecfile}":
site => "http://www.ossec.net/files", # best to use a local copy if working with lots of machines
cwd => "${workdir}",
creates => "${workdir}/$name",
require => File["/opt/working"],
user => root,
}
exec {"extract-ossec":
cwd => "${workdir}",
command => "/bin/tar xzf ${ossecfile}",
creates => "${workdir}/${ossecversion}",
require => Download_file["${ossecfile}"],
user => root,
}
}
class server inherits ossec::install {
$ossectype = "server"
file {"ossecvars":
path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
ensure => present,
content => template("ossec/preloaded-vars.conf-${ossectype}"),
require => Exec["extract-ossec"],
}
exec {"install-ossec":
cwd => "${workdir}/${ossecversion}",
command => "${workdir}/${ossecversion}/install.sh",
creates => "/var/ossec/etc",
user => root,
require => File["ossecvars"],
}
service { "ossec":
enable => true,
ensure => running,
}
# manage ossec.conf file
file { "ossec.conf":
path => "/var/ossec/etc/ossec.conf",
ensure => present, owner => root, group => ossec, mode => 550,
content => template("ossec/ossec-conf-${ossectype}.erb"),
}
# manage the /var/ossec/rules
file { "ossec-rules":
path => "/var/ossec/rules",
checksum => "mtime",
ensure => directory, owner => root, group => ossec, mode => 550,
source => "puppet://$server/ossec/ossec-rules",
recurse => true,
ignore => [ ".svn" ],
}
exec {ossec-restart:
command => "/var/ossec/bin/ossec-control restart",
subscribe => File[ "ossec.conf" , "ossec-rules" ],
refreshonly => true, # Only run command if monitored files change
}
}
class local inherits ossec::install {
$ossectype = "local"
file {"ossecvars":
path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
ensure => present,
content => template("ossec/preloaded-vars.conf-${ossectype}"),
require => Exec["extract-ossec"],
}
exec {"install-ossec":
cwd => "${workdir}/${ossecversion}",
command => "${workdir}/${ossecversion}/install.sh",
creates => "/var/ossec/etc",
user => root,
require => File["ossecvars"],
}
service { "ossec":
enable => true,
ensure => running,
}
# manage ossec.conf file
file { "ossec.conf":
path => "/var/ossec/etc/ossec.conf",
ensure => present, owner => root, group => ossec, mode => 550,
content => template("ossec/ossec-conf-${ossectype}.erb"),
}
# manage the /var/ossec/rules
file { "ossec-rules":
path => "/var/ossec/rules",
checksum => "mtime",
ensure => directory, owner => root, group => ossec, mode => 550,
source => "puppet://$server/ossec/ossec-rules",
recurse => true,
ignore => [ ".svn" ],
}
exec {ossec-restart:
command => "/var/ossec/bin/ossec-control restart",
subscribe => File[ "ossec.conf" , "ossec-rules" ],
refreshonly => true, # Only run command if monitored files change
}
}
class agent inherits ossec::install {
$ossectype = "agent"
file {"ossecvars":
path => "${workdir}/${ossecversion}/etc/preloaded-vars.conf",
ensure => present,
content => template("ossec/preloaded-vars.conf-${ossectype}"),
require => Exec["extract-ossec"],
}
exec {"install-ossec":
cwd => "${workdir}/${ossecversion}",
command => "${workdir}/${ossecversion}/install.sh",
creates => "/var/ossec/etc",
user => root,
require => File["ossecvars"],
}
service { "ossec":
enable => true,
ensure => running,
}
# manage ossec.conf file
file { "ossec.conf":
path => "/var/ossec/etc/ossec.conf",
ensure => present, owner => root, group => ossec, mode => 550,
content => template("ossec/ossec-conf-${ossectype}.erb"),
}
exec {ossec-restart:
command => "/var/ossec/bin/ossec-control restart",
subscribe => File["ossec.conf"],
refreshonly => true, # Only run command if monitored files change
}
}
}
