From 4e6dee680481790ea2efa26505b7ce9149244ded Mon Sep 17 00:00:00 2001 From: Evan Richardson Date: Mon, 30 Jan 2023 20:52:58 -0800 Subject: [PATCH 1/2] add Ansible playbook to automate tasks --- ansible/README.md | 6 ++++ ansible/inventory.yml | 2 ++ ansible/playbook.yml | 81 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 ansible/README.md create mode 100644 ansible/inventory.yml create mode 100644 ansible/playbook.yml diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..9a0c38a --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,6 @@ +run this using: +ansible-playbook -i inventory.yml -u root -k playbook.yml + +It will prompt you for the SSH password to your OPNSense device. This playbook assumes you've completed the first part of configuring OPNSense. + +Change the IP Address to whatever IP address you use for OPNSense diff --git a/ansible/inventory.yml b/ansible/inventory.yml new file mode 100644 index 0000000..22ae321 --- /dev/null +++ b/ansible/inventory.yml @@ -0,0 +1,2 @@ +[router] +192.168.1.1 diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..2e4e2f2 --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,81 @@ +--- +- name: Configure Opnsense for Grafana + hosts: 192.168.1.1 + become: true + + tasks: + - name: Add telegraf to sudoers + lineinfile: + path: /usr/local/etc/sudoers + state: present + regexp: '^telegraf\s+ALL=' + line: 'telegraf ALL=(root) NOPASSWD: /usr/local/bin/telegraf_pfifgw.php' + validate: '/usr/local/sbin/visudo -cf %s' + + - name: Add telegraf cmd alias to sudoers + lineinfile: + path: /usr/local/etc/sudoers + state: present + regexp: '^Cmnd_Alias\s+PFIGW' + line: 'Cmnd_Alias PFIFGW = /usr/local/bin/telegraf_pfifgw.php' + validate: '/usr/local/sbin/visudo -cf %s' + # - name: disable logging for pfifgw script + + - name: Disable logging for PFIGW + lineinfile: + path: /usr/local/etc/sudoers + state: present + regexp: '^Defaults!PFIGW' + line: 'Defaults!PFIFGW !log_allowed' + validate: '/usr/local/sbin/visudo -cf %s' + + - name: Create telegraf directory + file: + path: /usr/local/etc/telegraf.d + state: directory + owner: telegraf + group: telegraf + mode: '0750' + + - name: Download telegraf config + get_url: + url: https://raw.githubusercontent.com/bsmithio/OPNsense-Dashboard/master/config/custom.conf + dest: /usr/local/etc/telegraf.d/custom.conf + mode: '0644' + + - name: Download telegraf_pfifgw.php + get_url: + url: https://raw.githubusercontent.com/Bsmith101/OPNsense-Dashboard/master/plugins/telegraf_pfifgw.php + dest: /usr/local/bin/telegraf_pfifgw.php + mode: '0755' + + - name: Download telegraf_temperature.sh + get_url: + url: https://raw.githubusercontent.com/Bsmith101/OPNsense-Dashboard/master/plugins/telegraf_temperature.sh + dest: /usr/local/bin/telegraf_temperature.sh + mode: '0755' + + - name: Download Suricata.conf + get_url: + url: https://raw.githubusercontent.com/bsmithio/OPNsense-Dashboard/master/config/suricata/suricata.conf + dest: /usr/local/etc/telegraf.d/suricata.conf + mode: '0644' + + - name: Download suricata custom.yaml + get_url: + url: https://raw.githubusercontent.com/bsmithio/OPNsense-Dashboard/master/config/suricata/custom.yaml + dest: /usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml + mode: '0644' + + - name: create eve.json + file: + path: /tmp/eve.json + owner: telegraf + state: touch + group: telegraf + mode: '0640' + + - name: Restart Telegraf service + service: + name: telegraf + state: restarted From 6176c2be9d8fe3916910ffae26bceb720d102e61 Mon Sep 17 00:00:00 2001 From: Evan Richardson Date: Mon, 30 Jan 2023 21:01:36 -0800 Subject: [PATCH 2/2] change hosts to all --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2e4e2f2..4e88c3c 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,6 +1,6 @@ --- - name: Configure Opnsense for Grafana - hosts: 192.168.1.1 + hosts: all become: true tasks: