# playbook.yml: --- - name: "maplegrid" hosts: localhost connection: local vars_files: - maplegrid_variables.yml ### tasks: #Add elastic repo for v7.x - name: Add elastic repo key shell: curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - - name: install packages apt: pkg: - apt-transport-https - python-pip - python3-pip - name: add repo for elastic v7.x shell: echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-7.x.list - name: Install filebeat apt: name: filebeat update_cache: yes - name: Setup alternate SSH port lineinfile: dest: "/etc/ssh/sshd_config" regexp: "^Port" line: "Port 22222" - name: Setup alternate SSH port in fail2ban jail lineinfile: dest: "/etc/fail2ban/jail.conf" regexp: '^port = ssh' line: "port = 22222" - name: Restart fail2ban service: name: fail2ban state: restarted enabled: yes #PSHITT: - name: Install pip extensions shell: pip install python-daemon argparse paramiko - name: Git checkout git: repo: 'https://github.com/regit/pshitt' dest: /srv/pshitt - name: Add configuration block in /etc/systemd/system/pshitt.service blockinfile: create: yes dest: /etc/systemd/system/pshitt.service block: | [Unit] Description=pshitt service Wants=network-online.target After=network-online.target [Service] ExecStart=/srv/pshitt/pshitt.py -p 22 -k /etc/ssh/ssh_host_rsa_key -o /var/log/pshitt/data.json -l /var/log/pshitt/log.log [Install] WantedBy=multi-user.target - name: Creates directory file: path: /var/log/pshitt state: directory #configure iptables: - name: Creates directory file: path: /scripts state: directory - name: create rules.v4 blockinfile: create: yes state: present dest: "/scripts/rules.v4" marker: "# {mark} ANSIBLE MANAGED BLOCK #" block: | # Generated by iptables-save v1.4.21 on Tue Nov 19 22:41:29 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [372:91728] :fail2ban-ssh - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22222 -j ACCEPT -A INPUT -i {{ ansible_default_ipv4.interface }} -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -j DROP -A OUTPUT -o lo -j ACCEPT -A fail2ban-ssh -j RETURN COMMIT # Completed on Tue Nov 19 22:41:29 2019 - name: reload iptables v4 action: shell /sbin/iptables-restore /scripts/rules.v4 - name: save iptables v4 rules shell: iptables-save > /etc/iptables/rules.v4 #restart services on new ports: - name: Restart pshitt service: name: pshitt state: restarted enabled: yes - name: Restart sshd service: name: ssh state: restarted enabled: yes #Filebeat: - name: delete file ignore_errors: yes file: state: absent path: /etc/filebeat/filebeat.yml - name: Ansible create file if it doesn't exist example ignore_errors: yes file: path: "/etc/filebeat/filebeat.yml" state: touch - name: create rules.v4 blockinfile: create: yes state: present dest: "/etc/filebeat/filebeat.yml" marker: "# {mark} ANSIBLE MANAGED BLOCK #" block: | filebeat.inputs: - type: log enabled: true paths: - /var/log/pshitt/data.json json.keys_under_root: true processors: - drop_fields: fields: ["beat", "source", "prospector", "offset", "host", "log", "input", "event", "fileset" ] - add_fields: target: '' fields: pshitt_host: {{ filebeat_hostname }} output.logstash: hosts: ["{{ logstash_ip }}:{{ logstash_port }}"] #Filebeat service logging: logging.level: info logging.to_files: true logging.files: path: /var/log/filebeat name: filebeat keepfiles: 7 permissions: 0640 - name: Restart filebeat service: name: filebeat state: restarted enabled: yes