rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remote logging for SSHD

Browse Source
This commit is contained in:
Rene Mewissen
2025-10-07 14:53:14 +02:00
parent 2c53a79453
commit 3fa4ad3616
4 changed files with 87 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/bastionhost/handlers/main.yml
View File

@@ -9,6 +9,6 @@
state: restarted state: restarted
- name: restart rsyslog - name: restart rsyslog
service: ansible.builtin.service:
name: rsyslog name: rsyslog
state: restarted state: restarted

1
roles/bastionhost/tasks/main.yml
View File

@@ -16,6 +16,7 @@
- import_tasks: system_setup/ntfy_alerts.yml - import_tasks: system_setup/ntfy_alerts.yml
- import_tasks: system_setup/auditd_logging.yml - import_tasks: system_setup/auditd_logging.yml
- import_tasks: system_setup/aide.yml - import_tasks: system_setup/aide.yml
- import_tasks: system_setup/rsyslog_forwarding.yml
rescue: rescue:
- set_fact: task_failed=true - set_fact: task_failed=true

42
roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml Normal file
View File

@@ -0,0 +1,42 @@
---
- name: Bastionhost | rsyslog forwarding | Ensure rsyslog-gnutls is installed
ansible.builtin.package:
name: rsyslog-gnutls
state: present
- name: Bastionhost | rsyslog forwarding | Configure forwarding for SSH logs
ansible.builtin.copy:
dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
owner: root
group: root
mode: '0644'
content: |
# This file is managed by Ansible
# Forward sshd logs to a remote log server
# Define the template for forwarding
template(name="RSYSLOG_SyslogProtocol23Format" type="string" string="<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n")
# Setup forwarding action
action(
type="omfwd"
target="{{ log_forwarding_target }}"
port="{{ log_forwarding_port | default(6514) }}"
protocol="tcp"
template="RSYSLOG_SyslogProtocol23Format"
StreamDriver="gtls"
StreamDriverMode="1" # Run in TLS-only mode
StreamDriverAuthMode="x509/name"
)
# Filter for sshd messages and apply the action
if $programname == 'sshd' then {
call-action
}
notify: restart rsyslog
when:
- log_forwarding_target is defined
- log_forwarding_permitted_peer is defined
- log_forwarding_ca_cert is defined
- log_forwarding_cert is defined
- log_forwarding_key is defined

68
roles/bastionhost/vars/main.yml
View File

@@ -1,26 +1,44 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65396466653564326330323561623932366130366565303161646335393738646666313165636332 61333765333035376432346536323631396432653338303031366335326362373634646634333234
3962366134303535383238653937353530353534666265380a313734643339343331326630636232 6363636236313966616332393632343564653637333838640a326563666366343235366334633835
62633264346465663637303934383763316436323233346337373961363961366364646430646133 31386635613936366531656137346164316335366132356338313963336632306639356231373638
6532653866366330610a313833333961313164376537373561393766313533666534386230643337 3065333563656639380a626134646463643834393262616633643565333465316235383161643031
64356337663864313039306138316263333838346235623136643934313063646462313361366162 66363231383063383733623839643464663531366232323832343630633465363563393934336266
34656537643361336631333366613835336138303830643930663333363034396438373631373139 31623439366534653563633636363137623238643266306339353934623662393137363866663631
64666139396365386532333764646366313830333363366233333631616266636333343231343734 34383862626166626166363066383261636364326337653235653836376165303430663430613132
65643134616639333239303136343835363430353436306439336533663632636535366266656162 63333939333233323161646163326130326535306631613530396432633961393266323662653064
30643434376664313632343763386262663866353436356530343761653065613962336366396263 38653064656335613261316630366135393066323337626538363533333263303437623932303832
66343163643061363165653737333464333739366365383833313737623764356337393232313437 66373566306465323732646562323033646235643739653161353665623332643433656231373235
35343031653434346136306434333864626537623530333638633830326633663062356634303566 34373636623530393966313638303335363533663366333238636165663831353264616137376532
36343961623364643333326332646564363838636531396462356239363337623436373964303730 64663839666639393335656464383532313231663063376434656430303039346663303336356636
65313332363563386533363933326566356438616231373438376331656337636437376464653531 66633137636236633738643030393431663433356138393862383639383864653538363035303666
66376635663435623038343237356262333831363665656437643035363933613738613731643631 34356266313931326138386632353238313438306538323764366335336364663631643931326437
34646633363965636439383037353437373863393039613836633833393063633630653461336639 64663132666661626135626362623639303933336366323537303735343865343066323031356266
65353430366435383763623434386135393532656135376437373932653833363165393965316462 63313862323537376137376230333462313538306135313564393034336130316635616334383730
63653766343363646238313962303963653965343432373365656230396464643263666465333532 34326163666332393131376337343566323164633461313864633534663531363361626436356233
33373661656661616666356666353166623462663033653563656232653466343139626136376335 32353333313130623666663637626161646435306164326131653965303162383862613234313138
30373863626135303236643931353033353330656331613962326662363930303462623432396566 62396632323632643663643765306136383538653535646565306162326162343762313462356336
37623134303737366164663435656532613462326136313135633932383130363364643333663338 66373139653737316161386330363839656338623231353365626562646461633035303364363432
38333739643537323865333639353062646337666431303931316166303262343732303063656639 32343234373332306263626564636539363164643063393231373738343765326262363463363334
64313963643861326632343538313561363831653133353862666563316237613737626461303733 62343237343034316461323361643635316538303165383863616362353838666631363738623737
65663730373561323533356135306263623563396462666164346430663937663736613062313963 39656461616463633333396238336266376334396463326433663335626331626135633539323166
65306135323665303665383135313938623338303934633065333739663565636234633238363632 38306534653938663265383238333433326631653666346535633630623737363965376338396137
3936 35363365383366636139393365633065326531656137633938663136383666666462323933343931
33316162363339343762343737373734383338343061323630653436356263653566636237363138
34303334356235386162326530343132636266353932376631336639383930653966663163656538
61613239363161353662373564383264666139306661623833386139333539396663363930663230
38366536306230613561353861306563323839613937316363333636343330613837656133326337
39393438353934623732346566303262666564373239653565646564363632613561316535396139
34393262383837383962613064633364393662313237616535643431626364393861386332326236
66623961313131313634613666366665666536346535373166333231353264646336313737646131
61346639656166633735323865643864646134653166313661326464303062393839376234353561
61666137303165653961303062396661616265626666393266336435636461303764386463326339
36333838303237366330323565366465323736303633653063306661343138643632393134306432
33356133663861653038666165613635303966323839353431386663303466663664653039666531
61343065616330333836306636366262363434663933353038313563616363323831333337323032
33656530343038666436333039396635356163396365383733633434316432373965366537633232
63373565363762396162633233313438393262636264386638643036326233363461383032663733
36353534366332333464633037353430326161316332393338303333366163363462613633343937
34303033393863386334383565346166336333633266316361393762643063323563316462616432
64396630633861633532666239366539616632356566313430333037623335653835373830363433
333363383932633665656436623032306336