provisioner/security.yml

---
- name: Setup eth1 for attack simulator and snort victim
  hosts: attack:snort
  become: true
  tasks:
    - import_role:
        name: security_eth1

- name: Setup host route for attack simulator
  hosts: attack:snort
  become: true
  tasks:
    - import_role:
        name: security_hostroutes

- name: Install Pre Reqs on attacker
  hosts: attack
  become: true
  tasks:
    - name: setup epel on attacker
      include_role:
        name: "geerlingguy.repo-epel"

    - name: package pre-reqs are installed
      yum:
        state: present
        name: daemonize

- name: include splunk playbook
  import_playbook: splunk.yml
  when: security_console == 'splunk'

- name: include qradar playbook
  import_playbook: qradar.yml
  when: security_console == 'qradar'

- name: INSTALL AND CONFIGURE SNORT
  hosts: snort
  become: true
  vars:
    ids_config_snort_version: '2.9.13'
    ids_install_provider: "snort"
    ids_install_snort_user: root
    ids_install_snort_group: root
    ids_normalize_logs: false
    ids_install_snort_interface: eth1
  tasks:
    - name: Set fact vars for ids based SIEM type
      block:
        - name: set fact vars for qradar
          set_fact:
            ids_install_normalize_logs: false
          when: security_console == 'qradar'

        - name: set fact vars for qradar
          set_fact:
            ids_install_normalize_logs: true
          when: security_console == 'splunk'

    - name: Install Pre Reqs for IDS
      block:
        - name: setup epel for snort ecosystem rule lifecycling
          include_role:
            name: "geerlingguy.repo-epel"

        - name: package pre-reqs are installed
          yum:
            state: present
            name:
              - libselinux-python
              - python-virtualenv
              - python-setuptools
              - python-pip

        - name: install idstools
          pip:
            name: idstools

        - name: set selinux permissve because of policy issue that breaks snort
          selinux:
            policy: targeted
            state: permissive

    - name: Install IDS
      block:
        - name: import ids_install role
          include_role:
            name: "ansible_security.ids_install"
        - name: import ids_config role
          include_role:
            name: "ansible_security.ids_config"
        - name: import webserver role for web exploit simulation
          include_role:
            name: "webservers"
        - name: import webserver attack simulation role
          include_role:
            name: "webservers_attack_simulation"

- name: SETUP WINDOWS WORKSTATION
  hosts: windows
  roles:
    - role: windows_ws_setup

- name: FIX CHECKPOINT MGMT SERVER
  hosts: checkpoint_mgmt
  gather_facts: false
  roles:
    - role: cp_fix_mgmt

- name: SETUP CHECKPOINT ENVIRONMENT
  hosts: control_nodes
  roles:
    - role: cp_setup