mirror of https://github.com/gophish/gophish
Updated the Ansible Playbook (#2138)
* Update Ansible role * lint Ansible role * Update Ansible Playbook README * use python3 packages instead python2pull/1813/merge
parent
ceab0509eb
commit
0646f14c99
|
@ -1,4 +1,4 @@
|
||||||
Tested on Ubuntu 16.04.4.
|
Tested on Ubuntu 20.04 LTS.
|
||||||
|
|
||||||
Installs Postfix (to listen on localhost only) and the latest Linux gophish binary. setcap is used to allow the gophish binary to listen on privileged ports without running as root.
|
Installs Postfix (to listen on localhost only) and the latest Linux gophish binary. setcap is used to allow the gophish binary to listen on privileged ports without running as root.
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ ansible-playbook site.yml -i hosts -u root --private-key=private.key
|
||||||
ansible-playbook site.yml -i hosts -u root --ask-pass
|
ansible-playbook site.yml -i hosts -u root --ask-pass
|
||||||
|
|
||||||
# Log in as non-root user with SSH key (if root login has been disabled)
|
# Log in as non-root user with SSH key (if root login has been disabled)
|
||||||
ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
|
ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
|
||||||
|
|
||||||
# Logging in as non-root user without SSH keys
|
# Logging in as non-root user without SSH keys
|
||||||
ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
|
ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
"migrations_prefix": "db/db_",
|
"migrations_prefix": "db/db_",
|
||||||
"contact_address": "",
|
"contact_address": "",
|
||||||
"logging": {
|
"logging": {
|
||||||
"filename": "",
|
"filename": "gophish.log",
|
||||||
"level": ""
|
"level": ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,19 +10,19 @@
|
||||||
- name: Allow TCP 22 for SSH.
|
- name: Allow TCP 22 for SSH.
|
||||||
ufw:
|
ufw:
|
||||||
rule: allow
|
rule: allow
|
||||||
port: '22'
|
port: "22"
|
||||||
proto: tcp
|
proto: tcp
|
||||||
|
|
||||||
- name: Allow TCP 80 for Gophish.
|
- name: Allow TCP 80 for Gophish.
|
||||||
ufw:
|
ufw:
|
||||||
rule: allow
|
rule: allow
|
||||||
port: '80'
|
port: "80"
|
||||||
proto: tcp
|
proto: tcp
|
||||||
|
|
||||||
- name: Allow TCP 443 for Gophish.
|
- name: Allow TCP 443 for Gophish.
|
||||||
ufw:
|
ufw:
|
||||||
rule: allow
|
rule: allow
|
||||||
port: '443'
|
port: "443"
|
||||||
proto: tcp
|
proto: tcp
|
||||||
|
|
||||||
- name: Enable ufw.
|
- name: Enable ufw.
|
||||||
|
@ -43,19 +43,19 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/ssl/csr
|
path: /etc/ssl/csr
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: "0755"
|
||||||
|
|
||||||
- name: Ensure /etc/ssl/private folder exists
|
- name: Ensure /etc/ssl/private folder exists
|
||||||
file:
|
file:
|
||||||
path: /etc/ssl/private
|
path: /etc/ssl/private
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: "0755"
|
||||||
|
|
||||||
- name: Ensure /etc/ssl/crt folder exists
|
- name: Ensure /etc/ssl/crt folder exists
|
||||||
file:
|
file:
|
||||||
path: /etc/ssl/crt
|
path: /etc/ssl/crt
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: "0755"
|
||||||
|
|
||||||
- name: Install specified packages.
|
- name: Install specified packages.
|
||||||
apt:
|
apt:
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
|
|
||||||
- name: adding existing user '{{ gophish_user }}' to group ssl-cert
|
- name: adding existing user '{{ gophish_user }}' to group ssl-cert
|
||||||
user:
|
user:
|
||||||
name: '{{ gophish_user }}'
|
name: "{{ gophish_user }}"
|
||||||
groups: ssl-cert
|
groups: ssl-cert
|
||||||
append: yes
|
append: yes
|
||||||
|
|
||||||
|
@ -109,10 +109,16 @@
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
|
- name: get latest release info
|
||||||
|
uri:
|
||||||
|
url: "https://api.github.com/repos/gophish/gophish/releases/latest"
|
||||||
|
return_content: true
|
||||||
|
register: latest_json_reponse
|
||||||
|
|
||||||
- name: Download latest Gophish .zip file.
|
- name: Download latest Gophish .zip file.
|
||||||
get_url:
|
get_url:
|
||||||
validate_certs: True
|
validate_certs: True
|
||||||
url: https://getgophish.com/releases/latest/linux/64
|
url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip"
|
||||||
dest: "/home/{{ gophish_user }}/gophish.zip"
|
dest: "/home/{{ gophish_user }}/gophish.zip"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: "{{ gophish_user }}"
|
owner: "{{ gophish_user }}"
|
||||||
|
@ -144,7 +150,7 @@
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "/home/{{ gophish_user }}/gophish.zip"
|
src: "/home/{{ gophish_user }}/gophish.zip"
|
||||||
dest: "/home/{{ gophish_user }}/gophish_deploy"
|
dest: "/home/{{ gophish_user }}/gophish_deploy"
|
||||||
remote_src: True # File is on target server and not locally.
|
remote_src: True # File is on target server and not locally.
|
||||||
owner: "{{ gophish_user }}"
|
owner: "{{ gophish_user }}"
|
||||||
group: "{{ gophish_user }}"
|
group: "{{ gophish_user }}"
|
||||||
|
|
||||||
|
@ -155,6 +161,11 @@
|
||||||
group: "{{ gophish_user }}"
|
group: "{{ gophish_user }}"
|
||||||
recurse: True
|
recurse: True
|
||||||
|
|
||||||
|
- name: Ensure gophish binary is executable
|
||||||
|
file:
|
||||||
|
path: /home/{{ gophish_user }}/gophish_deploy/gophish
|
||||||
|
mode: 744
|
||||||
|
|
||||||
- name: Ensure gophish binary is allowed to bind to privileged ports using setcap
|
- name: Ensure gophish binary is allowed to bind to privileged ports using setcap
|
||||||
capabilities:
|
capabilities:
|
||||||
path: /home/{{ gophish_user }}/gophish_deploy/gophish
|
path: /home/{{ gophish_user }}/gophish_deploy/gophish
|
||||||
|
@ -202,6 +213,14 @@
|
||||||
state: reloaded
|
state: reloaded
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
|
- name: get Gophish log file which contain initial password
|
||||||
|
command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log
|
||||||
|
register: gophish_log
|
||||||
|
|
||||||
|
- name: display log file
|
||||||
|
debug:
|
||||||
|
msg: "{{ gophish_log }}"
|
||||||
|
|
||||||
- name: Reboot the box in 1 minute.
|
- name: Reboot the box in 1 minute.
|
||||||
command: shutdown -r 1
|
command: shutdown -r 1
|
||||||
when: reboot_box
|
when: reboot_box
|
||||||
|
|
|
@ -4,7 +4,8 @@ install_packages:
|
||||||
- postfix
|
- postfix
|
||||||
- unzip
|
- unzip
|
||||||
- libcap2-bin
|
- libcap2-bin
|
||||||
- python-pip
|
- python-is-python3
|
||||||
|
- python3-pip
|
||||||
|
|
||||||
hostname: gophish
|
hostname: gophish
|
||||||
gophish_user: ubuntu
|
gophish_user: ubuntu
|
||||||
|
@ -15,4 +16,4 @@ gophish_ssl_cert_path: /etc/ssl/private/gophish.pem
|
||||||
gophish_csr_path: /etc/ssl/csr/gophish.csr
|
gophish_csr_path: /etc/ssl/csr/gophish.csr
|
||||||
gophish_crt_path: /etc/ssl/crt/gophish.crt
|
gophish_crt_path: /etc/ssl/crt/gophish.crt
|
||||||
# Required if changing /etc/hostname to something different.
|
# Required if changing /etc/hostname to something different.
|
||||||
reboot_box: true
|
reboot_box: true
|
||||||
|
|
Loading…
Reference in New Issue