debian.yml

---

- name: Debian | Ensure apt-transport-https is present
  ansible.builtin.package:
    name: apt-transport-https
    state: present
  register: pkg_result
  until: pkg_result is success

- name: Opensuse repository
  ## upstream focal 2.5.5/bionic 2.5.3/xenial 2.4.1, opensuse repo zeek/3.0.1 (not available for 16.04) or 2.5.5
  when: >
    (ansible_distribution == 'Ubuntu' and ansible_distribution_version.split('.')[0]|int < 18)
  block:
    - name: Ubuntu | Add bro repository key
      ansible.builtin.apt_key:
        url: >
          https://download.opensuse.org/repositories/network:/bro/xUbuntu_{{ ansible_distribution_version }}/Release.key
        state: present
      register: pkg_result
      until: pkg_result is success
    - name: Ubuntu | Add bro repository
      ansible.builtin.apt_repository:
        repo: >
          deb https://download.opensuse.org/repositories/network:/bro/xUbuntu_{{ ansible_distribution_version }}/ /
        state: present
- name: Opensuse repository2
  when: ansible_distribution == 'Debian'
  block:
    - name: Debian | Add bro repository key
      ansible.builtin.apt_key:
        url: >
          https://download.opensuse.org/repositories/security:/zeek/Debian_{{ ansible_distribution_version }}/Release.key
        state: present
      register: pkg_result
      until: pkg_result is success
    - name: Debian | Add bro repository
      ansible.builtin.apt_repository:
        repo: >
          deb https://download.opensuse.org/repositories/security:/zeek/Debian_{{ ansible_distribution_version }}/ /
        state: present

## WARNING: The following packages cannot be authenticated! = force
- name: Debian/Ubuntu | Install Bro and dependencies
  ansible.builtin.apt:
    name: "{{ broids_packages + broids_packages_deps }}"
    state: "present"
    update_cache: "yes"
    cache_valid_time: "3600"
    force: "yes"
  register: pkg_result
  until: pkg_result is success

- name: Init.d
  when: ansible_service_mgr != 'systemd'
  block:
    - name: Check if /etc/init.d/bro-ids is present
      ansible.builtin.stat:
        path: /etc/init.d/bro-ids
      register: initbro
    - name: Download startup script for bro
      ansible.builtin.get_url:
        url: https://raw.githubusercontent.com/lruppert/bro-scripts/master/shell/bro-ids
        dest: /etc/init.d/bro-ids
        mode: '0755'
        checksum: 'sha256:cafc0b8eebae434c4600bc71a4a3448e0e3a59ff306f5ef8408a838f58e33860'
      when: >
        (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and
        not initbro.stat.exists
    - name: Update bro path in init.d/bro-ids
      ansible.builtin.replace:
        dest: /etc/init.d/bro-ids
        regexp: '^DAEMON=.*'
        replace: "DAEMON={{ broids_broctl }}"
        mode: '0644'
        backup: yes
      when: not use_securityonion_deb and (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu')

- name: Install startup script for bro - systemd
  ansible.builtin.template:
    src: systemd-bro.service.j2
    dest: /lib/systemd/system/bro.service
    mode: '0644'
    backup: yes
  when: ansible_service_mgr == 'systemd'

- name: Opensuse repository
  block:
    - name: Update broctl LogDir
      ansible.builtin.replace:
        dest: "{{ broids_etc }}/broctl.cfg"
        regexp: "{{ item.re }}"
        replace: "{{ item.rep }}"
        mode: '0644'
        backup: yes
      with_items:
        - { re: '^LogDir = .*', rep: "LogDir = {{ broids_log }}" }

## bro 2.1+
- name: Enable broctl MailConnectionSummary
  ansible.builtin.replace:
    dest: "{{ broids_etc }}/broctl.cfg"
    regexp: "^MailConnectionSummary = .*"
    replace: "MailConnectionSummary = 1"
    mode: '0644'
    backup: yes
  when: bro_email_notification
- name: Disable broctl MailConnectionSummary
  ansible.builtin.replace:
    dest: "{{ broids_etc }}/broctl.cfg"
    regexp: "^MailConnectionSummary = .*"
    replace: "MailConnectionSummary = 0"
    mode: '0644'
    backup: yes
  when: not bro_email_notification

- name: Ensure aide hids directory exists
  ansible.builtin.file:
    dest: /etc/aide/aide.conf.d
    state: directory
    mode: '0755'
- name: Add custom configuration for aide HIDS
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/aide/aide.conf.d"
    owner: "root"
    mode: "0644"
  with_items:
    - aide-criticalstack

## from https://github.com/geerlingguy/drupal-vm/pull/456/files#diff-b1546b21a9366075f1e1245d7551eee6R11
- name: Detect if AppArmor is installed.
  ansible.builtin.stat:
    path: /etc/init.d/apparmor
  register: apparmor_installed
  when: travisci is defined and travisci

- name: Ensure MySQL AppArmor profile is disabled (for slow query log).
  ansible.builtin.file:
    path: /etc/apparmor.d/disable/usr.sbin.mysqld
    src: /etc/apparmor.d/usr.sbin.mysqld
    mode: '0644'
    state: link
  when: travisci is defined and travisci and apparmor_installed.stat.exists
  notify:
    - Restart apparmor