Configuring Iptables/UFW and Auditd with Ansible

00:00 – Introduction why you should setup logging
01:50 – Start of configuring UFW, enabling UFW and setting the policy to accept all
04:00 – Showing how to insert IPTABLES Rules into UFW’s Config
05:10 – Using the LineInFile Ansible Module to add our IPTABLES Line to Log SYN Packets on the INPUT Chain
05:50 – The IPTABLES Rule that logs all SYN Packets on INPUT
08:20 – Finding out rsyslog is disabled, enabling it
10:20 – Showing that we are now logging when boxes initiates a connection to us
12:20 – Moving our UFW Logging into our main playbook as a role
13:40 – Start of talking about AuditD
14:30 – Start of configuring the Playbook to install/configure AuditD
15:40 – Downloading auditd.rules from Florian Roth’s github
21:30 – Showing ausearch that allows us to search through Audit Logs
22:40 – Installing Laurel to make auditd logs a bit easier for us to read
23:50 – Creating the _laurel user and needed directories
27:00 – Downloading the Laurel Configuration Files
30:30 – Using get_file to download and install the laurel binary
37:00 – Laurel did not work, troubleshooting the error. Laurel may not have been able to read the config but our read-users config was also bad
40:50 – Showing Laurel working, we now have auditd logs in JSON Format
43:50 – Cleaning up our playbook a little bit with loops and copying it to our main playbook as a role
50:30 – Testing the playbook on a fresh install of parrot