def run(self, tmp=None, task_vars=None):
self._supports_check_mode = True
self._result = super(ActionModule, self).run(tmp, task_vars)
self._check_argspec()
if self._result.get("failed"):
return self._result
conn = Connection(self._connection.socket_path)
conn_request = DeepSecurityRequest(connection=conn,
task_vars=task_vars)
if self._task.args["state"] == "gathered":
if self._task.args.get("config"):
self._result["gathered"] = self.search_for_resource_name(
conn_request, self._task.args["config"])
else:
self._result["gathered"] = conn_request.get(self.api_object)
elif (self._task.args["state"] == "merged"
or self._task.args["state"] == "replaced"):
if self._task.args.get("config"):
self._result[self.module_return], self._result[
"changed"] = self.configure_module_api(
conn_request, self._task.args["config"])
elif self._task.args["state"] == "deleted":
if self._task.args.get("config"):
self._result[self.module_return], self._result[
"changed"] = self.delete_module_api_config(
conn_request, self._task.args["config"])
return self._result
def main():
argspec = dict(id=dict(required=False, type="int"))
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
if module.params["id"]:
hosts = deepsec_request.get("/rest/hosts/{0}".format(
module.params["id"]))
else:
hosts = deepsec_request.get("/rest/hosts")
if "hosts" in hosts:
module.exit_json(hosts=hosts["hosts"]["hosts"], changed=False)
else:
if "error" in hosts:
module.fail_json(msg=hosts["error"]["message"])
else:
module.fail_json(msg=hosts["message"])
def main():
api_keys_list_spec = {
"key_name": dict(type="str"),
"id": dict(type="str"),
"description": dict(type="str"),
"locale": dict(type="str", choices=["en-US", "ja-JP"]),
"role_id": dict(type="int"),
"time_zone": dict(type="str"),
"active": dict(type="bool"),
"created": dict(type="int"),
"last_sign_in": dict(type="int"),
"unlock_time": dict(type="int"),
"unsuccessful_sign_in_attempts": dict(type="int"),
"expiry_date": dict(type="int"),
"secret_key": dict(no_log=True, type="str"),
"service_account": dict(type="bool"),
"current": dict(type="bool"),
}
argspec = dict(
state=dict(choices=["present", "absent", "gathered"],
default="present"),
api_keys=dict(
type="list",
elements="dict",
options=api_keys_list_spec,
no_log=False,
),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
module.params = utils.remove_empties(module.params)
if module.params["state"] == "gathered":
display_gathered_result(argspec=argspec,
module=module,
deepsec_request=deepsec_request)
elif module.params["state"] == "absent":
delete_module_api_config(argspec=argspec,
module=module,
deepsec_request=deepsec_request)
elif module.params["state"] == "present":
configure_module_api(argspec=argspec,
module=module,
deepsec_request=deepsec_request)
def main():
argspec = dict(
state=dict(choices=["present", "absent"], default="present"),
name=dict(required=True, type="str"),
description=dict(type="str"),
scan_type=dict(type="str", choices=["real-time", "on-demand"]),
document_exploit_protection_enabled=dict(type="bool"),
document_exploit_protection=dict(
type="str", choices=["critical-only", "critical-and-heuristic"]),
document_exploit_heuristic_level=dict(
type="str", choices=["default", "default-and-agressive"]),
machine_learning_enabled=dict(type="bool"),
behavior_monitoring_enabled=dict(type="bool"),
document_recovery_enabled=dict(type="bool"),
intelli_trap_enabled=dict(type="bool"),
memory_scan_enabled=dict(type="bool"),
spyware_enabled=dict(type="bool"),
alert_enabled=dict(type="bool"),
directories_to_scan=dict(type="str",
choices=["all-directories",
"directory-list"]),
directory_list_id=dict(type="int"),
files_to_scan=dict(
type="str",
choices=[
"all-files",
"intelliscan-file-types",
"file-extension-list",
],
),
file_extension_list_id=dict(type="int"),
excluded_directory_list_id=dict(type="int"),
excluded_file_list_id=dict(type="int"),
excluded_file_extension_list_id=dict(type="int"),
excluded_process_image_file_list_id=dict(type="int"),
real_time_scan=dict(type="str",
choices=["read-only", "write-only", "read-write"]),
scan_compressed_enabled=dict(type="bool"),
scan_compressed_maximum_size=dict(type="int"),
scan_compressed_maximum_levels=dict(type="int"),
scan_compressed_maximum_files=dict(type="int"),
microsoft_office_enabled=dict(type="bool"),
microsoft_office_layers=dict(type="int"),
network_directories_enabled=dict(type="bool"),
custom_remediation_actions_enabled=dict(type="bool"),
custom_scan_actions_enabled=dict(type="bool"),
scan_action_for_virus=dict(
type="str",
choices=["pass", "delete", "quarantine", "clean", "deny-access"],
),
scan_action_for_trojans=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_packer=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_spyware=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_other_threats=dict(
type="str",
choices=["pass", "delete", "quarantine", "clean", "deny-access"],
),
scan_action_for_cookies=dict(type="str", choices=["pass", "delete"]),
scan_action_for_cve=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_heuristics=dict(
type="str",
choices=["pass", "delete", "quarantine", "deny-access"]),
scan_action_for_possible_malware=dict(
type="str",
choices=[
"active-action",
"pass",
"delete",
"quarantine",
"deny-access",
],
),
cpu_usage=dict(type="str", choices=["low", "medium", "high"]),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
# Search for existing Anti Malware config via Get call
search_existing_anti_malware_config = check_if_config_exists(
deepsec_request,
want["name"],
"antimalwareconfigurations",
"antiMalwareConfigurations",
)
if ("ID" in search_existing_anti_malware_config
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
"antimalwareconfigurations",
search_existing_anti_malware_config["ID"],
"antiMalwareConfigurations",
handle_return=True,
)
elif ("ID" not in search_existing_anti_malware_config
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
anti_malware_config = deepsec_request.post(
"/api/antimalwareconfigurations", data=want)
if "ID" in search_existing_anti_malware_config:
module.exit_json(
anti_malware_config=search_existing_anti_malware_config,
changed=False,
)
elif anti_malware_config.get("message"):
module.fail_json(msg=anti_malware_config["message"])
else:
module.exit_json(anti_malware_config=anti_malware_config,
changed=True)
module.exit_json(changed=False)
def main():
imr_spec = {
"name":
dict(type="str"),
"description":
dict(type="str"),
"severity":
dict(type="str", choices=["low", "medium", "high", "critical"]),
"template":
dict(type="str", choices=["registry", "file", "custom"]),
"registry_key_root":
dict(type="str", no_log=True),
"registry_key_value":
dict(type="str", no_log=True),
"registry_include_subkeys":
dict(type="bool"),
"registry_included_values":
dict(type="list", elements="str"),
"registry_include_default_value":
dict(type="bool"),
"registry_excluded_values":
dict(type="list", elements="str"),
"registry_attributes":
dict(type="list", elements="str"),
"filebase_directory":
dict(type="str"),
"fileinclude_subdirectories":
dict(type="bool"),
"file_included_values":
dict(type="list", elements="str"),
"file_excluded_values":
dict(type="list", elements="str"),
"file_attributes":
dict(type="list", elements="str"),
"custom_xml":
dict(type="str"),
"alert_enabled":
dict(type="bool"),
"real_time_monitoring_enabled":
dict(type="bool"),
"recommendations_mode":
dict(type="str", choices=["enabled", "ignored", "unknown",
"disabled"]),
"minimum_agent_version":
dict(type="str"),
"minimum_manager_version":
dict(type="str"),
"original_issue":
dict(type="int"),
"last_updated":
dict(type="int"),
"type":
dict(type="str"),
"identifier":
dict(type="str"),
"id":
dict(type="int"),
}
argspec = dict(
state=dict(choices=["present", "absent", "gathered"],
default="present"),
config=dict(type="list", elements="dict", options=imr_spec),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
module.params = utils.remove_empties(module.params)
if module.params["state"] == "gathered":
display_gathered_result(module=module, deepsec_request=deepsec_request)
elif module.params["state"] == "absent":
reset_module_api_config(module=module, deepsec_request=deepsec_request)
elif module.params["state"] == "present":
configure_module_api(argspec=argspec,
module=module,
deepsec_request=deepsec_request)
def main():
argspec = dict(
state=dict(choices=["present", "absent"], required=True),
name=dict(required=True, type="str"),
description=dict(type="str", required=False),
action=dict(
type="str",
choices=["log-only", "allow", "deny", "force-allow", "bypass"],
required=False,
),
priority=dict(type="str",
choices=["0", "1", "2", "3", "4"],
required=False),
direction=dict(type="str",
choices=["incoming", "outgoing"],
required=False),
frame_type=dict(
type="str",
choices=["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"],
required=False,
),
frame_number=dict(type="int", required=False),
frame_not=dict(type="bool", required=False),
protocol=dict(
type="str",
choices=[
"any",
"icmp",
"igmp",
"ggp",
"tcp",
"pup",
"udp",
"idp",
"nd",
"raw",
"tcp-udp",
"icmp6",
"other",
],
required=False,
),
protocol_number=dict(type="int", required=False),
protocol_not=dict(type="bool", required=False),
source_iptype=dict(
type="str",
choices=[
"any",
"masked-ip",
"range",
"ip-list",
"single",
"multiple",
],
required=False,
),
source_ipvalue=dict(type="str", required=False),
source_ipmask=dict(type="str", required=False),
source_iprange_from=dict(type="str", required=False),
source_iprange_to=dict(type="str", required=False),
source_ipmultiple=dict(type="list", elements="str", required=False),
source_iplist_id=dict(type="int", required=False),
source_ipnot=dict(type="bool", required=False),
source_mactype=dict(
type="str",
choices=["any", "single", "mac-list", "multiple"],
required=False,
),
source_macvalue=dict(type="str", required=False),
source_macmultiple=dict(type="list", elements="str", required=False),
source_maclist_id=dict(type="int", required=False),
source_macnot=dict(type="bool", required=False),
source_port_type=dict(
type="str",
choices=["any", "multiple", "port-list"],
required=False,
),
source_port_multiple=dict(type="list", elements="str", required=False),
source_port_list_id=dict(type="int", required=False),
source_port_not=dict(type="bool", required=False),
destination_iptype=dict(
type="str",
choices=[
"any",
"masked-ip",
"range",
"ip-list",
"single",
"multiple",
],
required=False,
),
destination_ipvalue=dict(type="str", required=False),
destination_ipmask=dict(type="str", required=False),
destination_iprange_from=dict(type="str", required=False),
destination_iprange_to=dict(type="str", required=False),
destination_ipmultiple=dict(type="list",
elements="str",
required=False),
destination_iplist_id=dict(type="int", required=False),
destination_ipnot=dict(type="bool", required=False),
destination_mactype=dict(
type="str",
choices=["any", "single", "mac-list", "multiple"],
required=False,
),
destination_macvalue=dict(type="str", required=False),
destination_macmultiple=dict(type="list",
elements="str",
required=False),
destination_maclist_id=dict(type="int", required=False),
destination_macnot=dict(type="bool", required=False),
destination_port_type=dict(
type="str",
choices=["any", "multiple", "port-list"],
required=False,
),
destination_port_multiple=dict(type="list",
elements="str",
required=False),
destination_port_list_id=dict(type="int", required=False),
destination_port_not=dict(type="bool", elements="int", required=False),
any_flags=dict(type="bool", required=False),
log_disabled=dict(type="bool", required=False),
include_packet_data=dict(type="bool", required=False),
alert_enabled=dict(type="bool", required=False),
context_id=dict(type="int", required=False),
tcpflags=dict(
type="list",
elements="str",
choices=["fin", "syn", "rst", "psh", "ack", "urg"],
required=False,
),
tcpnot=dict(type="bool", required=False),
icmptype=dict(type="int", required=False),
icmpcode=dict(type="int", required=False),
icmpnot=dict(type="bool", required=False),
)
api_object = "/api/firewallrules"
api_return = "firewallRules"
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
search_existing_firewallrules = check_if_config_exists(
deepsec_request, want["name"],
api_object.split("/")[2], api_return)
if ("ID" in search_existing_firewallrules
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
api_object.split("/")[2],
search_existing_firewallrules["ID"],
api_return,
)
elif ("ID" not in search_existing_firewallrules
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
firewallrules = deepsec_request.post("{0}".format(api_object),
data=want)
if "ID" in search_existing_firewallrules:
module.exit_json(firewallrules=search_existing_firewallrules,
changed=False)
elif firewallrules.get("message"):
module.fail_json(msg=firewallrules["message"])
else:
module.exit_json(firewallrules=firewallrules, changed=True)
module.exit_json(changed=False)
def main():
log_files_spec_list = {
"location":
dict(type="str"),
"format":
dict(
type="str",
choices=[
"syslog",
"snort-full",
"snort-fast",
"apache",
"iis",
"squid",
"nmapg",
"mysql-log",
"postgresql-log",
"dbj-multilog",
"eventlog",
"single-line-text-log",
],
),
}
log_files_spec = {
"log_files":
dict(type="list", elements="dict", options=log_files_spec_list)
}
argspec = dict(
state=dict(choices=["present", "absent"], default="present"),
name=dict(required=True, type="str"),
description=dict(type="str"),
minimum_agent_version=dict(type="str"),
minimum_manager_version=dict(type="str"),
type=dict(type="str"),
original_issue=dict(type="int"),
last_updated=dict(type="int"),
identifier=dict(type="str"),
template=dict(type="str", choices=["basic-rule", "custom"]),
rule_id=dict(type="int"),
level=dict(type="int"),
groups=dict(type="list", elements="str"),
rule_description=dict(type="str"),
pattern=dict(type="str"),
pattern_type=dict(type="str", choices=["string", "regex"]),
dependency=dict(type="str", choices=["none", "rule", "group"]),
dependency_rule_id=dict(type="int"),
dependency_group=dict(type="str"),
frequency=dict(type="int"),
time_frame=dict(type="int"),
rule_xml=dict(type="str"),
log_files=dict(type="dict", options=log_files_spec),
alert_enabled=dict(type="bool"),
alert_minimum_severity=dict(type="int"),
recommendations_mode=dict(
type="str", choices=["enabled", "ignored", "unknown", "disabled"]),
sort_order=dict(type="int"),
can_be_assigned_alone=dict(type="bool"),
depends_onrule_id=dict(type="list", elements="str"),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
want = map_params_to_obj(remove_empties(module.params))
search_existing_log_inspection_rules = check_if_config_exists(
deepsec_request,
want["name"],
"loginspectionrules",
"logInspectionRules",
)
if ("ID" in search_existing_log_inspection_rules
and module.params["state"] == "absent"):
delete_config_with_id(
module,
deepsec_request,
"loginspectionrules",
search_existing_log_inspection_rules["ID"],
"logInspectionRules",
handle_return=True,
)
elif ("ID" not in search_existing_log_inspection_rules
and module.params["state"] == "absent"):
module.exit_json(changed=False)
else:
log_inspection_rules = deepsec_request.post("/api/loginspectionrules",
data=want)
if "ID" in search_existing_log_inspection_rules:
module.exit_json(
log_inspection_rules=search_existing_log_inspection_rules,
changed=False,
)
elif log_inspection_rules.get("message"):
module.fail_json(msg=log_inspection_rules["message"])
else:
module.exit_json(log_inspection_rules=log_inspection_rules,
changed=True)
module.exit_json(changed=False)
def main():
ipr_spec = {
"name":
dict(type="str"),
"description":
dict(type="str"),
"minimum_agent_version":
dict(type="str"),
"application_type_id":
dict(type="int"),
"priority":
dict(type="str",
choices=["lowest", "low", "normal", "high", "highest"]),
"severity":
dict(type="str", choices=["low", "medium", "high", "critical"]),
"detect_only":
dict(type="bool"),
"event_logging_disabled":
dict(type="bool"),
"generate_event_on_packet_drop":
dict(type="bool"),
"always_include_packet_data":
dict(type="bool"),
"debug_mode_enabled":
dict(type="bool"),
"type":
dict(
type="str",
choices=[
"custom",
"smart",
"vulnerability",
"exploit",
"hidden",
"policy",
"info",
],
),
"original_issue":
dict(type="int"),
"id":
dict(type="int"),
"identifier":
dict(type="str"),
"last_updated":
dict(type="int"),
"template":
dict(type="str", choices=["signature", "start-end-patterns",
"custom"]),
"signature":
dict(type="str"),
"start":
dict(type="str"),
"patterns":
dict(type="list", elements="str"),
"end":
dict(type="str"),
"can_be_assigned_alone":
dict(type="bool"),
"case_sensitive":
dict(type="bool"),
"condition":
dict(type="str", choices=["all", "any", "none"]),
"action":
dict(type="str", choices=["drop", "log-only"]),
"custom_xml":
dict(type="str"),
"alert_enabled":
dict(type="bool"),
"schedule_id":
dict(type="int"),
"context_id":
dict(type="int"),
"recommendations_mode":
dict(type="str", choices=["enabled", "ignored", "unknown",
"disabled"]),
"depends_on_rule_ids":
dict(type="list", elements="int"),
"cvss_score":
dict(type="str"),
"cve":
dict(type="list", elements="str"),
}
argspec = dict(
state=dict(choices=["present", "absent", "gathered"],
default="present"),
config=dict(type="list", elements="dict", options=ipr_spec),
)
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
module.params = utils.remove_empties(module.params)
if module.params["state"] == "gathered":
display_gathered_result(module=module, deepsec_request=deepsec_request)
elif module.params["state"] == "absent":
reset_module_api_config(module=module, deepsec_request=deepsec_request)
elif module.params["state"] == "present":
configure_module_api(argspec=argspec,
module=module,
deepsec_request=deepsec_request)
def main():
argspec = dict(
state=dict(
choices=["present", "absent", "gathered"], default="present"
),
id=dict(type="str"),
name=dict(type="str"),
description=dict(type="str"),
server=dict(type="str"),
port=dict(type="int", default=514),
transport=dict(
type="str", choices=["udp", "tcp", "tls"], default="udp"
),
event_format=dict(
type="str", choices=["standard", "cef", "leef"], default="cef"
),
facility=dict(
type="str",
choices=[
"kernel",
"user",
"mail",
"daemon",
"authorization",
"syslog",
"printer",
"news",
"uucp",
"clock",
"authpriv",
"ftp",
"ntp",
"log-audit",
"log-alert",
"cron",
"local0",
"local1",
"local2",
"local3",
"local4",
"local5",
"local6",
"local7",
],
default="local0",
),
certificate_chain=dict(type="list", elements="str"),
private_key=dict(type="str", no_log=True),
direct=dict(type="bool", default=False),
)
api_object = "/rest/syslog-configurations"
api_return = "syslogConfiguration"
api_get_return = "syslogConfigurations"
api_create_obj = "CreateSyslogConfigurationRequest"
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
deepsec_request = DeepSecurityRequest(module)
# Get the configured Syslog config when state is gathered
if module.params["state"] == "gathered":
result = check_if_syslog_config_exists(
module, deepsec_request, None, api_object, api_get_return
)
module.exit_json(gathered=result, changed=False)
want = map_params_to_obj(remove_empties(module.params))
# Search for existing syslog config via Get call
search_existing_syslog_config = check_if_syslog_config_exists(
module, deepsec_request, want["name"], api_object, api_get_return
)
if (
"ID" in search_existing_syslog_config
and module.params["state"] == "absent"
):
delete_config_with_id(
module,
deepsec_request,
api_object.split("/")[2],
search_existing_syslog_config["ID"],
api_return,
False,
handle_return=True,
)
elif (
"ID" not in search_existing_syslog_config
and module.params["state"] == "absent"
):
module.exit_json(changed=False)
else:
# create legacy API request body for creating Syslog-Configurations
want = {api_create_obj: {api_return: want}}
syslog_config = deepsec_request.post(
"{0}".format(api_object), data=want
)
if "ID" in search_existing_syslog_config:
module.exit_json(
syslog_config=search_existing_syslog_config, changed=False
)
elif syslog_config.get("message"):
module.fail_json(msg=syslog_config["message"])
else:
module.exit_json(syslog_config=syslog_config, changed=True)