63 lines
1.4 KiB
YAML
63 lines
1.4 KiB
YAML
---
|
|
- name: Install Auditbeat
|
|
hosts: hosts
|
|
become: true
|
|
vars:
|
|
haproxy_ssl: false
|
|
|
|
vars_files:
|
|
- vars/variables.yml
|
|
|
|
environment: "{{ deployment_environment_variables | default({}) }}"
|
|
|
|
pre_tasks:
|
|
- include_tasks: common_task_data_node_hosts.yml
|
|
|
|
tasks:
|
|
- include_tasks: common_task_install_elk_repo.yml
|
|
|
|
- name: Ensure Auditbeat is installed
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: "{{ elk_package_state | default('present') }}"
|
|
update_cache: true
|
|
with_items:
|
|
- audispd-plugins
|
|
- auditbeat
|
|
register: _apt_task
|
|
until: _apt_task is success
|
|
retries: 3
|
|
delay: 2
|
|
tags:
|
|
- package_install
|
|
|
|
- name: exit playbook after uninstall
|
|
meta: end_play
|
|
when:
|
|
- elk_package_state | default('present') == 'absent'
|
|
|
|
post_tasks:
|
|
- name: Drop auditbeat conf file
|
|
template:
|
|
src: templates/auditbeat.yml.j2
|
|
dest: /etc/auditbeat/auditbeat.yml
|
|
|
|
- name: Stop auditd
|
|
systemd:
|
|
name: "auditd"
|
|
enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
|
|
state: stopped
|
|
when:
|
|
- not apply_security_hardening | default(true) | bool
|
|
|
|
- name: Enable and restart auditbeat
|
|
systemd:
|
|
name: "auditbeat"
|
|
enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
|
|
state: restarted
|
|
|
|
tags:
|
|
- beat-install
|
|
|
|
- import_playbook: setupAuditbeat.yml
|