Merge pull request #56 from redBorder/development

Version 2.1.1

CHANGELOG.md

@@ -1,6 +1,26 @@
 cookbook-rb-ips CHANGELOG
 ===============
 
+## 2.2.0
+
+  - Luis Blanco
+    - [59caf92] Merge pull request #49 from redBorder/feature/18893_integrate_firewall_cookbook
+    - [8713033] Merge branch 'development' into feature/18893_integrate_firewall_cookbook
+  - ptorresred
+    - [05869b9] Version 2.1.1
+    - [dbd4122] Merge pull request #55 from redBorder/bugfix/19105_sendmail_CPU_overload
+  - Daniel Castro
+    - [782a895] stop sending mails for failed sudo commands and add wildcard for arguments in rb_get_sensor.sh commands
+  - nilsver
+    - [2681d66] add firewall cookbook
+
+## 2.1.1
+
+  - ptorresred
+    - [dbd4122] Merge pull request #55 from redBorder/bugfix/19105_sendmail_CPU_overload
+  - Daniel Castro
+    - [782a895] stop sending mails for failed sudo commands and add wildcard for arguments in rb_get_sensor.sh commands
+
 ## 2.1.0
 
   - manegron

resources/attributes/default.rb

@@ -58,6 +58,7 @@
 default['redborder']['services']['chef-client'] = true
 default['redborder']['services']['chrony'] = true
 default['redborder']['services']['redborder-exporter'] = true
+default['redborder']['services']['firewall'] = true
 default['redborder']['services']['redborder-monitor'] = true
 default['redborder']['services']['rsyslog'] = true
 default['redborder']['services']['snmp'] = true
@@ -66,6 +67,7 @@
 default['redborder']['systemdservices']['barnyard2'] = ['barnyard2']
 default['redborder']['systemdservices']['chef-client'] = ['chef-client']
 default['redborder']['systemdservices']['chrony'] = ['chronyd']
+default['redborder']['systemdservices']['firewall'] = ['firewalld']
 default['redborder']['systemdservices']['redborder-exporter'] = ['rb-exporter']
 default['redborder']['systemdservices']['redborder-monitor'] = ['redborder-monitor']
 default['redborder']['systemdservices']['rsyslog'] = ['rsyslog']

resources/metadata.rb

@@ -5,7 +5,7 @@
 maintainer_email '[email protected]'
 license          'AGPL-3.0'
 description      'Installs/Configures redborder ips'
-version          '2.1.0'
+version          '2.2.0'
 
 depends 'rb-common'
 depends 'geoip'
@@ -20,3 +20,4 @@
 depends 'rb-clamav'
 depends 'rb-chrony'
 depends 'rb-exporter'
+depends 'rb-firewall'

resources/recipes/configure.rb

@@ -44,6 +44,14 @@
   end
 end
 
+rb_firewall_config 'Configure Firewall' do
+  if ips_services['firewall']
+    action :add
+  else
+    action :remove
+  end
+end
+
 node.normal['redborder']['chef_client_interval'] = 300
 
 directory '/etc/snortpcaps' do

resources/templates/default/redBorder.erb

@@ -12,7 +12,8 @@
 <%# You should have received a copy of the GNU Affero General Public License License %>
 <%# along with redBorder. If not, see <http://www.gnu.org/licenses/>. %>
 <%####################################################################### %>
+Defaults    !mail_no_user
 Defaults:redborder !requiretty
 Defaults:redborder-monitor !requiretty, !syslog 
 redborder      ALL= NOPASSWD:SETENV: /usr/bin/env BOOTUP=none /usr/lib/redborder/bin/rb_get_sensor_rules.sh *, /usr/lib/redborder/bin/rb_bypass.sh, /usr/lib/redborder/bin/rb_wakeup_chef.sh, /usr/lib/redborder/bin/rb_disassociate.sh -f, /sbin/service chef-client restart, /usr/lib/redborder/bin/rb_u2pcap.sh *, /usr/lib/redborder/bin/rb_update_geoip, /usr/lib/redborder/bin/rb_update_redborder_rpms.sh -f
-redborder-monitor     ALL= NOPASSWD: /usr/lib/redborder/bin/rb_get_perfmonitor_stats.sh, /usr/lib/redborder/bin/rb_get_sensor.sh, /usr/lib/redborder/bin/rb_get_pfring_stats.sh, /usr/bin/nice -n 19 /usr/sbin/fping -p 1 -c 10 kafka.<%= node["redborder"]["cdomain"] %>
+redborder-monitor     ALL= NOPASSWD: /usr/lib/redborder/bin/rb_get_perfmonitor_stats.sh, /usr/lib/redborder/bin/rb_get_sensor.sh *, /usr/lib/redborder/bin/rb_get_pfring_stats.sh, /usr/bin/nice -n 19 /usr/sbin/fping -p 1 -c 10 kafka.<%= node["redborder"]["cdomain"] %>