Delete roles we won't use with self-hosted k8s

author: Chris Lovering <[email protected]> 2022-10-12 20:23:37 +0100
committer: Johannes Christ <[email protected]> 2022-10-18 23:14:17 +0200
commit: 1295dd8f97b7aed56cfa842da7d1923af1a526d5 (patch)
tree: 74d7eca1ce00bedd34094a441060b0f0d95afead /roles/auditbeat
parent: Disable `fqcn-builtins` lint (diff)
7 files changed, 0 insertions, 156 deletions
diff --git a/roles/auditbeat/README.md b/roles/auditbeat/README.md
deleted file mode 100644
index da18eda..0000000
--- a/roles/auditbeat/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Role "auditbeat"
-
-The auditbeat role installs and configures the auditbeat reporting agent.
diff --git a/roles/auditbeat/handlers/main.yml b/roles/auditbeat/handlers/main.yml
deleted file mode 100644
index cda733c..0000000
--- a/roles/auditbeat/handlers/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: restart auditbeat
-  service:
-    name: auditbeat
-    state: restarted
-  tags:
-    - role::auditbeat
diff --git a/roles/auditbeat/meta/main.yml b/roles/auditbeat/meta/main.yml
deleted file mode 100644
index 522f87c..0000000
--- a/roles/auditbeat/meta/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-dependencies:
-  - role: elasticsearch-repos
-    tags:
-      - role::auditbeat
diff --git a/roles/auditbeat/tasks/main.yml b/roles/auditbeat/tasks/main.yml
deleted file mode 100644
index b928c4a..0000000
--- a/roles/auditbeat/tasks/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-- name: Install Auditbeat
-  apt:
-    pkg: auditbeat
-    state: present
-  tags:
-    - role::auditbeat
-
-- name: Configure Auditbeat
-  template:
-    src: auditbeat.yml.j2
-    dest: /etc/auditbeat/auditbeat.yml
-    mode: 0644
-    owner: root
-    group: root
-  tags:
-    - role::auditbeat
-  notify:
-    - restart auditbeat
-
-- name: Start and enable Auditbeat
-  service:
-    name: auditbeat
-    state: started
-    enabled: true
-  tags:
-    - role::auditbeat
diff --git a/roles/auditbeat/templates/auditbeat.yml.j2 b/roles/auditbeat/templates/auditbeat.yml.j2
deleted file mode 100644
index b779a05..0000000
--- a/roles/auditbeat/templates/auditbeat.yml.j2
+++ /dev/null
@@ -1,99 +0,0 @@
-# You can find the full configuration reference here:
-# https://www.elastic.co/guide/en/beats/auditbeat/index.html
-
-# =========================== Modules configuration ============================
-auditbeat.modules:
-
-- module: auditd
-  # Load audit rules from separate files. Same format as audit.rules(7).
-  audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
-  audit_rules: |
-    ## Define audit rules here.
-    ## Create file watches (-w) or syscall audits (-a or -A). Uncomment these
-    ## examples or add your own rules.
-
-    ## If you are on a 64 bit platform, everything should be running
-    ## in 64 bit mode. This rule will detect any use of the 32 bit syscalls
-    ## because this might be a sign of someone exploiting a hole in the 32
-    ## bit API.
-    #-a always,exit -F arch=b32 -S all -F key=32bit-abi
-
-    ## Executions.
-    #-a always,exit -F arch=b64 -S execve,execveat -k exec
-
-    ## External access (warning: these can be expensive to audit).
-    #-a always,exit -F arch=b64 -S accept,bind,connect -F key=external-access
-
-    ## Identity changes.
-    #-w /etc/group -p wa -k identity
-    #-w /etc/passwd -p wa -k identity
-    #-w /etc/gshadow -p wa -k identity
-
-    ## Unauthorized access attempts.
-    #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
-    #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
-
-- module: file_integrity
-  paths:
-  - /bin
-  - /usr/bin
-  - /sbin
-  - /usr/sbin
-  - /etc
-
-- module: system
-  datasets:
-    - package # Installed, updated, and removed packages
-
-  period: 2m # The frequency at which the datasets check for changes
-
-- module: system
-  datasets:
-    - host    # General host information, e.g. uptime, IPs
-    - login   # User logins, logouts, and system boots.
-    - process # Started and stopped processes
-    - socket  # Opened and closed sockets
-    - user    # User information
-
-  # How often datasets send state updates with the
-  # current state of the system (e.g. all currently
-  # running processes, all open sockets).
-  state.period: 3h
-
-  # Enabled by default. Auditbeat will read password fields in
-  # /etc/passwd and /etc/shadow and store a hash locally to
-  # detect any changes.
-  user.detect_password_changes: true
-
-  # File patterns of the login record files.
-  login.wtmp_file_pattern: /var/log/wtmp*
-  login.btmp_file_pattern: /var/log/btmp*
-
-# ======================= Elasticsearch template setting =======================
-setup.template.settings:
-  index.number_of_shards: 1
-  #index.codec: best_compression
-  #_source.enabled: false
-
-# ================================== Outputs ===================================
-
-# Configure what output to use when sending the data collected by the beat.
-
-# ---------------------------- Elasticsearch Output ----------------------------
-output.elasticsearch:
-  # Array of hosts to connect to.
-  hosts: ["{{ auditbeat_elasticsearch_host }}"]
-
-  protocol: "https"
-  username: "{{ auditbeat_elastic_username }}"
-  password: "{{ auditbeat_elastic_password}}"
-
-  ssl:
-    enabled: true
-    ca_trusted_fingerprint: "{{ auditbeat_elastic_fingerprint }}"
-
-
-processors:
-  - add_host_metadata: ~
-  - add_cloud_metadata: ~
-  - add_docker_metadata: ~
diff --git a/roles/auditbeat/vars/main/vars.yml b/roles/auditbeat/vars/main/vars.yml
deleted file mode 100644
index f7c6aa2..0000000
--- a/roles/auditbeat/vars/main/vars.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-auditbeat_kibana_host: "http://10.5.0.0:5601"
-auditbeat_elasticsearch_host: "10.5.0.0:9200"
-
-auditbeat_elastic_username: "pydis"
-auditbeat_elastic_password: "{{ encrypted_auditbeat_elastic_password }}"
-auditbeat_elastic_fingerprint: >-
-  e75cfe8591cb5d30ce31f9a094053f4e0090ebd057a120ac9dcbbf5754fb5a73
diff --git a/roles/auditbeat/vars/main/vault.yml b/roles/auditbeat/vars/main/vault.yml
deleted file mode 100644
index e2443a1..0000000
--- a/roles/auditbeat/vars/main/vault.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35633733373033323135653436373566666461363766646664313032316535313638353365333565
-6530393663656438653338333865396266306130613666630a633263373239626436633965346533
-66396166626231376564373462643065653261663362383762633234336234396566663937353864
-3733633736306237630a626639646437343735316331623361636333613932616439366336323035
-65636234366363663630363834633764613564366264663037386166633538303630343935383438
-38303838633632386164663265313430656535383761613936333861383138376139613533336264
-393131653033376537643138643635363765
author	Chris Lovering <[email protected]>	2022-10-12 20:23:37 +0100
committer	Johannes Christ <[email protected]>	2022-10-18 23:14:17 +0200
commit	1295dd8f97b7aed56cfa842da7d1923af1a526d5 (patch)
tree	74d7eca1ce00bedd34094a441060b0f0d95afead /roles/auditbeat
parent	Disable `fqcn-builtins` lint (diff)