Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

bro

Module to install Bro Network Security Monitor
Project URLRSS FeedReport issues

12,106 downloads

10,127 latest version

2.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.1.3 (latest)
  • 1.1.1
  • 1.1.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Oct 27th 2014

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'panaman-bro', '1.1.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add panaman-bro
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install panaman-bro --version 1.1.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: security, monitor, network, bro

Documentation

panaman/bro — version 1.1.3 Oct 27th 2014

Bro NSM Puppet Module

Puppet module to manage a Bro Network Security Monitor. (To learn more about Bro visit the organizations website: http://www.bro.org)

###Description This module has been tested on Centos 6.5 and Ubuntu 12.04. It should work on any Redhat or Debian based system. Redhat systems can install from pre-built bro.org package. Debian systems will need to set pkg_source => 'none' or 'repo'. If pkg_source = 'none', then prebuild and install the package manually. If set to repo, puppet will assume bro is in a package repository (yum/apt). Using a private package repository server is recommended.

Bro 2.3 Compatible

If running with pfring you will need to compile custom packages.

###Standalone Bro - RedHat

  class { 'bro':
    int => 'eth2',
  }

###Standalone Bro - Debian

  class { 'bro':
    pkg_source => 'none',
    int        => 'eth2',
  }

###Basic Bro Cluster

  class { 'bro':
    manager => 'sensor01',
    proxy   => 'sensor01',
    network => ['192.168.10.0/24','192.168.11.0/24'],
    type    => 'cluster',
  }
  bro::worker { 'eth1':
    host      => 'sensor01',
  }
  bro::worker { 'eth2':
    host      => 'sensor01',
  }

###Advanced - Bro Cluster : Pfring You must specify cpus or procs when method is in use. cpus ['1','4'] represents cpus 1,2,3,4 and will also place lb_procs value of 4.

  class { 'bro':
    manager => 'sensor01',
    proxy   => 'sensor01',
    network => ['192.168.10.0/24','192.168.11.0/24'],
    type    => 'cluster',
  }
  bro::worker { 'eth1':
    host      => 'sensor01',
    method    => 'pf_ring',
    cpus      => ['1','4'],
  }
  bro::worker { 'eth2':
    host      => 'sensor01',
    method    => 'pf_ring',
    procs     => '7',
  }

###Advanced - Bro Cluster : Myrcom

class { 'bro':
  manager => 'sensor01',
  proxy   => 'sensor01',
  network => ['192.168.10.0/24','192.168.11.0/24'],
  type    => 'cluster',
}
bro::worker { 'eth1':
  host      => 'sensor01',
  method    => 'myricom',
  procs     => '12'
}

local.bro

This bro module will first look for a local.bro.$hostname and if that file does not exist it will load the default local.bro.

Place any custom local.bro files in files/localbro

There is a default local.bro in files/localbro/local.bro "DO NOT EDIT THIS FILE."

To over-ride the default local.bro, modifiy the sitepolicy value.

  class { 'bro':
    sitepolicy => 'custom_local.bro',
  }

Bro Scripts

Place all Bro scripts into /files/scripts

Puppet will sync everythig you stick in this directory.

It is recommened to put bro scripts in individual directories and use __load__.bro files.

Example:
directory = scripts/something
script = scripts/something/something.bro
loader = scripts/something/__load__.bro

Then in your custom.local.bro you can @load scripts/something

###Other Customizable Variables

class { 'bro':
  $ensure       = 'running' # Toggle Bro on or off
  $pf_cid       = 'UNSET' # Customize Pfring Cluster ID
  $broctl       = 'DEFAULT' # Set to 'CUSTOM' to create custom broctl.cfg, (bro/files/broctl/custom_broctl.cfg)
  $debug        = '0' # Toggle Debug on and off, 0 = Off and 1 = On
  $mailto       = 'root@localhost' # Change notice email
  $sitepolicy   = 'local.bro'# Change the default site policy file. This is useful when customizing bro.
  $mindisk      = '5' # Min disk threshold
  $logrotate    = '3600' # Rotate logs every 3600 seconds
  $logpurge     = 'disabled' # Change to a number like 30 to delete logs older thatn 30 days
  $basedir      = '/opt/bro' # Bro base install dir
  $logdir       = '/var/opt/bro' # Bro Log Dir
  $manager      = $::hostname # Manager host
  $int          = $::hostint  # Sniffing Interface 
  $worker       = $::hostname # Worker host
  $proxy        = $::hostname # Proxy host
  $pkg_ensure   = 'present' # Ensure bro package, only valid with pkg_source => 'bro.org' or 'repo'
  $pkg          = 'bro' # Package title
  $pkg_source   = 'bro.org' # Source of package installs from bro.org. Only valid on RedHat based.
                  'repo' # This is default. This value assumes you have a custom repository with pre-built packages.
                  'none' # No package dependency. Asumes you built package from source or manual install
  $type         = 'standalone' # Standalone bro
                = 'cluster' # Running bro in a cluster
  $network      = $::hostint_ipv4_cidr # Accepts an array of cidr blocks
  $bro_pkg_name = $::osfamily ? {               # only valid for RedHat
    'RedHat' => 'Bro-2.3-Linux-x86_64.rpm',
    'Debian' => 'Bro-2.3-Linux-x86_64.deb',
  }
  $bro_url = 'http://www.bro.org/downloads/release'
}
```
###Support
Please log tickets and issues at our [Projects site](https://github.com/panaman/puppet-bro/issues)