panaman-bro

Release 1.1.3

Puppet module to manage Bro NSM

Repository Puppet Puppet Download

Keywords
security, monitor, network, bro
License
Apache-2.0
Install
puppet module install panaman-bro --version 1.1.3

Documentation

Bro NSM Puppet Module

Puppet module to manage a Bro Network Security Monitor. (To learn more about Bro visit the organizations website: http://www.bro.org)

Description

This module has been tested on Centos 6.5 and Ubuntu 12.04. It should work on any Redhat or Debian based system. Redhat systems can install from pre-built bro.org package. Debian systems will need to set pkg_source => 'none' or 'repo'. If pkg_source = 'none', then prebuild and install the package manually. If set to repo, puppet will assume bro is in a package repository (yum/apt). Using a private package repository server is recommended.

Bro 2.3 Compatible

If running with pfring you will need to compile custom packages.

Standalone Bro - RedHat

  class { 'bro':
    int => 'eth2',
  }

Standalone Bro - Debian

  class { 'bro':
    pkg_source => 'none',
    int        => 'eth2',
  }

Basic Bro Cluster

  class { 'bro':
    manager => 'sensor01',
    proxy   => 'sensor01',
    network => ['192.168.10.0/24','192.168.11.0/24'],
    type    => 'cluster',
  }
  bro::worker { 'eth1':
    host      => 'sensor01',
  }
  bro::worker { 'eth2':
    host      => 'sensor01',
  }

Advanced - Bro Cluster : Pfring

You must specify cpus or procs when method is in use. cpus ['1','4'] represents cpus 1,2,3,4 and will also place lb_procs value of 4.

  class { 'bro':
    manager => 'sensor01',
    proxy   => 'sensor01',
    network => ['192.168.10.0/24','192.168.11.0/24'],
    type    => 'cluster',
  }
  bro::worker { 'eth1':
    host      => 'sensor01',
    method    => 'pf_ring',
    cpus      => ['1','4'],
  }
  bro::worker { 'eth2':
    host      => 'sensor01',
    method    => 'pf_ring',
    procs     => '7',
  }

Advanced - Bro Cluster : Myrcom

  class { 'bro':
    manager => 'sensor01',
    proxy   => 'sensor01',
    network => ['192.168.10.0/24','192.168.11.0/24'],
    type    => 'cluster',
  }
  bro::worker { 'eth1':
    host      => 'sensor01',
    method    => 'myricom',
    procs     => '12'
  }

local.bro

This bro module will first look for a local.bro.$hostname and if that file does not exist it will load the default local.bro.

Place any custom local.bro files in files/localbro

There is a default local.bro in files/localbro/local.bro "DO NOT EDIT THIS FILE."

To over-ride the default local.bro, modifiy the sitepolicy value.

  class { 'bro':
    sitepolicy => 'custom_local.bro',
  }

Bro Scripts

Place all Bro scripts into /files/scripts

Puppet will sync everythig you stick in this directory.

It is recommened to put bro scripts in individual directories and use __load__.bro files.

Example:
directory = scripts/something
script = scripts/something/something.bro
loader = scripts/something/__load__.bro

Then in your custom.local.bro you can @load scripts/something

Other Customizable Variables

class { 'bro':
  $ensure       = 'running' # Toggle Bro on or off
  $pf_cid       = 'UNSET' # Customize Pfring Cluster ID
  $broctl       = 'DEFAULT' # Set to 'CUSTOM' to create custom broctl.cfg, (bro/files/broctl/custom_broctl.cfg)
  $debug        = '0' # Toggle Debug on and off, 0 = Off and 1 = On
  $mailto       = 'root@localhost' # Change notice email
  $sitepolicy   = 'local.bro'# Change the default site policy file. This is useful when customizing bro.
  $mindisk      = '5' # Min disk threshold
  $logrotate    = '3600' # Rotate logs every 3600 seconds
  $logpurge     = 'disabled' # Change to a number like 30 to delete logs older thatn 30 days
  $basedir      = '/opt/bro' # Bro base install dir
  $logdir       = '/var/opt/bro' # Bro Log Dir
  $manager      = $::hostname # Manager host
  $int          = $::hostint  # Sniffing Interface 
  $worker       = $::hostname # Worker host
  $proxy        = $::hostname # Proxy host
  $pkg_ensure   = 'present' # Ensure bro package, only valid with pkg_source => 'bro.org' or 'repo'
  $pkg          = 'bro' # Package title
  $pkg_source   = 'bro.org' # Source of package installs from bro.org. Only valid on RedHat based.
                  'repo' # This is default. This value assumes you have a custom repository with pre-built packages.
                  'none' # No package dependency. Asumes you built package from source or manual install
  $type         = 'standalone' # Standalone bro
                = 'cluster' # Running bro in a cluster
  $network      = $::hostint_ipv4_cidr # Accepts an array of cidr blocks
  $bro_pkg_name = $::osfamily ? {               # only valid for RedHat
    'RedHat' => 'Bro-2.3-Linux-x86_64.rpm',
    'Debian' => 'Bro-2.3-Linux-x86_64.deb',
  }
  $bro_url = 'http://www.bro.org/downloads/release'
}

Support

Please log tickets and issues at our Projects site

Stats

Dependencies
4
Dependent packages
0
Dependent repositories
0
Total releases
7
Latest release
First release
Stars
11
Forks
6
Watchers
4
Contributors
2
Repository size
409 KB
SourceRank
0

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.3
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Contributors

Panaman Ryan John Peck


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2017-09-12 19:22:59 UTC

Login to resync this project