Skip to content

Commit

Permalink
Fix ansible-lint rule violations
Browse files Browse the repository at this point in the history
  • Loading branch information
@ansible-code-bot
ansible-code-bot[bot] committed Dec 26, 2023
1 parent 54efa71 commit 9f0c417
Show file tree
Hide file tree
Showing 22 changed files with 98 additions and 85 deletions.
2 changes: 1 addition & 1 deletion add_block_rule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
hosts: localhost
gather_facts: false
vars:
actiontaken: 'drop'
actiontaken: drop

roles:
- create_rule
2 changes: 1 addition & 1 deletion collections/requirements.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
collections:

- name: ibm.qradar

- name: paloaltonetworks.panos
4 changes: 2 additions & 2 deletions remove_log_forwarding_snort.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
hosts: snort.shadowman.dev
gather_facts: false
vars:
ids_provider: "snort"
ids_config_provider: "snort"
ids_provider: snort
ids_config_provider: snort
ids_config_remote_log: false
ids_config_remote_log_destination: "{{ hostvars['qradar.shadowman.dev']['ip_addr'] }}"
ids_config_remote_log_procotol: udp
Expand Down
22 changes: 11 additions & 11 deletions roles/create_rule/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---
rule_name: 'Ansible Attacker Rule'
description: 'An Ansible attacker rule'
source_zone: ['any']
destination_zone: ['any']
rule_name: Ansible Attacker Rule

Check warning on line 2 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: rule_name)

Check warning on line 2 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: rule_name)
description: An Ansible attacker rule

Check warning on line 3 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: description)

Check warning on line 3 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: description)
source_zone: [any]

Check warning on line 4 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_zone)

Check warning on line 4 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_zone)
destination_zone: [any]

Check warning on line 5 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: destination_zone)

Check warning on line 5 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: destination_zone)
source_ip: "{{ hostvars['attacker.shadowman.dev']['ip_addr'] }}"

Check warning on line 6 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_ip)

Check warning on line 6 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_ip)
source_user: ['any']
source_user: [any]

Check warning on line 7 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_user)

Check warning on line 7 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: source_user)
destination_ip: "{{ hostvars['snort.shadowman.dev']['ip_addr'] }}"

Check warning on line 8 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: destination_ip)

Check warning on line 8 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: destination_ip)
category: ['any']
application: ['any']
service: ['any']
hip_profiles: ['any']
actiontaken: 'allow'
state: 'present'
category: [any]

Check warning on line 9 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: category)

Check warning on line 9 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: category)
application: [any]

Check warning on line 10 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: application)

Check warning on line 10 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: application)
service: [any]

Check warning on line 11 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: service)

Check warning on line 11 in roles/create_rule/defaults/main.yml

View workflow job for this annotation

GitHub Actions / build

var-naming[no-role-prefix] 

Variables names from within roles should use create_rule_ as a prefix. (vars: service)
hip_profiles: [any]
actiontaken: allow
state: present
4 changes: 2 additions & 2 deletions roles/delete_rule/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
---
rule_name: 'Ansible Attacker Rule'
state: 'absent'
rule_name: Ansible Attacker Rule
state: absent
8 changes: 4 additions & 4 deletions roles/disable_log_forwarding_palo/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
- name: Remove palo remote logging from QRadar
ibm.qradar.qradar_log_source_management:
name: "Palo Alto rsyslog source - {{ hostvars['palo.shadowman.dev']['ip_addr'] }}"
type_name: "Palo Alto PA Series"
name: Palo Alto rsyslog source - {{ hostvars['palo.shadowman.dev']['ip_addr'] }}
type_name: Palo Alto PA Series
state: absent
description: "Palo Alto rsyslog source"
identifier: "palo.shadowman.dev"
description: Palo Alto rsyslog source
identifier: palo.shadowman.dev

- name: Remove the new log source
ibm.qradar.qradar_deploy:
Expand Down
8 changes: 4 additions & 4 deletions roles/disable_log_forwarding_snort/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
- name: Remove snort remote logging from QRadar
ibm.qradar.qradar_log_source_management:
name: "Snort rsyslog source - {{ hostvars['snort.shadowman.dev']['ip_addr'] }}"
type_name: "Snort Open Source IDS"
name: Snort rsyslog source - {{ hostvars['snort.shadowman.dev']['ip_addr'] }}
type_name: Snort Open Source IDS
state: absent
description: "Snort rsyslog source"
identifier: "snort"
description: Snort rsyslog source
identifier: snort

- name: Remove the new log source
ibm.qradar.qradar_deploy:
Expand Down
8 changes: 4 additions & 4 deletions roles/enable_log_forwarding_palo/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
- name: Add remote logging to QRadar
ibm.qradar.qradar_log_source_management:
name: "Palo Alto rsyslog source - {{ hostvars['palo.shadowman.dev']['ip_addr'] }}"
type_name: "Palo Alto PA Series"
name: Palo Alto rsyslog source - {{ hostvars['palo.shadowman.dev']['ip_addr'] }}
type_name: Palo Alto PA Series
state: present
description: "Palo Alto rsyslog source"
identifier: "palo.shadowman.dev"
description: Palo Alto rsyslog source
identifier: palo.shadowman.dev

- name: Deploy the new log source
ibm.qradar.qradar_deploy:
Expand Down
8 changes: 4 additions & 4 deletions roles/enable_log_forwarding_snort/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
- name: Add remote logging to QRadar
ibm.qradar.qradar_log_source_management:
name: "Snort rsyslog source - {{ hostvars['snort.shadowman.dev']['ip_addr'] }}"
type_name: "Snort Open Source IDS"
name: Snort rsyslog source - {{ hostvars['snort.shadowman.dev']['ip_addr'] }}
type_name: Snort Open Source IDS
state: present
description: "Snort rsyslog source"
identifier: "snort"
description: Snort rsyslog source
identifier: snort

- name: Deploy the new log source
ibm.qradar.qradar_deploy:
Expand Down
2 changes: 1 addition & 1 deletion roles/ids_config/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# defaults file for snort-config
#

ids_provider: "snort"
ids_provider: snort

ids_provider_list:
- snort
Expand Down
9 changes: 4 additions & 5 deletions roles/ids_config/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---

- name: Find snort rules
ansible.builtin.find:
paths: "{{ ids_config_snort_rules_dir }}"
patterns: '*.rules'
patterns: "*.rules"
recurse: true
register: ids_config_snort_rules_files

Expand All @@ -13,7 +12,7 @@
dest: /etc/snort/snort.conf
owner: root
group: root
mode: '0644'
mode: "0644"
notify: Restart snort

- name: Enable remote logging
Expand All @@ -26,7 +25,7 @@
backup: true
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart rsyslog

Expand All @@ -46,7 +45,7 @@
backup: true
owner: root
group: root
mode: '0644'
mode: "0644"
when: st.stat.exists

- name: Remove ids_config_snort_rsyslog.conf rsyslog config
Expand Down
Binary file modified roles/ids_rule/library/__pycache__/snort_rule.cpython-39.pyc
View file
Binary file not shown.
Binary file modified roles/ids_rule_facts/library/__pycache__/snort_rule_facts.cpython-39.pyc
View file
Binary file not shown.
14 changes: 7 additions & 7 deletions roles/remove_log_forwarding_palo/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
username: "{{ palo_username }}"
password: "{{ palo_password }}"
names:
- "Ansible Attacker Rule"
- Ansible Attacker Rule
register: ruleresults

- name: Remove Forwarding Rule
Expand Down Expand Up @@ -35,8 +35,8 @@
ip_address: "{{ palo_ip_address }}"
username: "{{ palo_username }}"
password: "{{ palo_password }}"
name: "QRadar Shadowman"
log_forwarding_profile: 'QRadar Shadowman'
name: QRadar Shadowman
log_forwarding_profile: QRadar Shadowman
state: absent

- name: Remove Log Forwarding Profile
Expand All @@ -45,7 +45,7 @@
ip_address: "{{ palo_ip_address }}"
username: "{{ palo_username }}"
password: "{{ palo_password }}"
name: "QRadar Shadowman"
name: QRadar Shadowman
state: absent

- name: Remove Syslog server Palo
Expand All @@ -55,8 +55,8 @@
username: "{{ palo_username }}"
password: "{{ palo_password }}"
state: absent
name: "QRadar Shadowman"
syslog_profile: "QRadar Shadowman"
name: QRadar Shadowman
syslog_profile: QRadar Shadowman
server: "{{ hostvars['qradar.shadowman.dev']['ip_addr'] }}"

- name: Remove Syslog profile Palo
Expand All @@ -65,7 +65,7 @@
ip_address: "{{ palo_ip_address }}"
username: "{{ palo_username }}"
password: "{{ palo_password }}"
name: "QRadar Shadowman"
name: QRadar Shadowman
state: absent

- name: Commit Changes
Expand Down
11 changes: 6 additions & 5 deletions roles/security_hostroutes/tasks/add_hostroutes_from_attacker_to_checkpoint.yml
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
---
- name: "Add gw route on attacker node {{ inventory_hostname }}"
- name: Add gw route on attacker node {{ inventory_hostname }}
ansible.builtin.lineinfile:
path: /etc/sysconfig/network-scripts/route-ens3
line: "{{ hostvars[inventory_hostname | regex_replace('attacker.shadowman.dev', 'palo.shadowman.dev')]['ip_addr'] }} dev ens3"
create: true
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart-network

- name: "Add snort route on attacker node {{ inventory_hostname }}"
- name: Add snort route on attacker node {{ inventory_hostname }}
ansible.builtin.lineinfile:
path: /etc/sysconfig/network-scripts/route-ens3
line: "{{ hostvars[inventory_hostname | regex_replace('attacker.shadowman.dev', 'snort.shadowman.dev')]['ip_addr'] }} via {{ hostvars[inventory_hostname | regex_replace('attacker.shadowman.dev', 'palo.shadowman.dev')]['ip_addr'] }} dev ens3 metric 5"
line: "{{ hostvars[inventory_hostname | regex_replace('attacker.shadowman.dev', 'snort.shadowman.dev')]['ip_addr'] }} via {{ hostvars[inventory_hostname | regex_replace('attacker.shadowman.dev',
'palo.shadowman.dev')]['ip_addr'] }} dev ens3 metric 5"
create: true
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart-network
11 changes: 6 additions & 5 deletions roles/security_hostroutes/tasks/add_hostroutes_from_snort_to_checkpoint.yml
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
---
- name: "Add gw route on snort node {{ inventory_hostname }}"
- name: Add gw route on snort node {{ inventory_hostname }}
ansible.builtin.lineinfile:
path: /etc/sysconfig/network-scripts/ifcfg-ens3
line: "{{ hostvars[inventory_hostname | regex_replace('snort.shadowman.dev', 'palo.shadowman.dev')]['ip_addr'] }} dev ens3"
create: true
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart-network

- name: "Add attacker route on snort node {{ inventory_hostname }}"
- name: Add attacker route on snort node {{ inventory_hostname }}
ansible.builtin.lineinfile:
path: /etc/sysconfig/network-scripts/ifcfg-ens3
line: "{{ hostvars[inventory_hostname | regex_replace('snort.shadowman.dev', 'attacker.shadowman.dev')]['ip_addr'] }} via {{ hostvars[inventory_hostname | regex_replace('snort.shadowman.dev', 'palo.shadowman.dev')]['ip_addr'] }} dev ens3 metric 5"
line: "{{ hostvars[inventory_hostname | regex_replace('snort.shadowman.dev', 'attacker.shadowman.dev')]['ip_addr'] }} via {{ hostvars[inventory_hostname | regex_replace('snort.shadowman.dev',
'palo.shadowman.dev')]['ip_addr'] }} dev ens3 metric 5"
create: true
owner: root
group: root
mode: '0644'
mode: "0644"
notify:
- Restart-network
Loading

0 comments on commit 9f0c417

Please sign in to comment.