Updated the Ansible Playbook (#2138)

* Update Ansible role
* lint Ansible role
* Update Ansible Playbook README
* use python3 packages instead python2
pull/1813/merge
Bilal Retiat 2021-12-23 19:13:43 +01:00 committed by GitHub
parent ceab0509eb
commit 0646f14c99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 18 deletions

View File

@ -1,4 +1,4 @@
Tested on Ubuntu 16.04.4.
Tested on Ubuntu 20.04 LTS.
Installs Postfix (to listen on localhost only) and the latest Linux gophish binary. setcap is used to allow the gophish binary to listen on privileged ports without running as root.
@ -17,7 +17,7 @@ ansible-playbook site.yml -i hosts -u root --private-key=private.key
ansible-playbook site.yml -i hosts -u root --ask-pass
# Log in as non-root user with SSH key (if root login has been disabled)
ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
# Logging in as non-root user without SSH keys
ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass

View File

@ -16,7 +16,7 @@
"migrations_prefix": "db/db_",
"contact_address": "",
"logging": {
"filename": "",
"filename": "gophish.log",
"level": ""
}
}
}

View File

@ -10,19 +10,19 @@
- name: Allow TCP 22 for SSH.
ufw:
rule: allow
port: '22'
port: "22"
proto: tcp
- name: Allow TCP 80 for Gophish.
ufw:
rule: allow
port: '80'
port: "80"
proto: tcp
- name: Allow TCP 443 for Gophish.
ufw:
rule: allow
port: '443'
port: "443"
proto: tcp
- name: Enable ufw.
@ -43,19 +43,19 @@
file:
path: /etc/ssl/csr
state: directory
mode: '0755'
mode: "0755"
- name: Ensure /etc/ssl/private folder exists
file:
path: /etc/ssl/private
state: directory
mode: '0755'
mode: "0755"
- name: Ensure /etc/ssl/crt folder exists
file:
path: /etc/ssl/crt
state: directory
mode: '0755'
mode: "0755"
- name: Install specified packages.
apt:
@ -64,7 +64,7 @@
- name: adding existing user '{{ gophish_user }}' to group ssl-cert
user:
name: '{{ gophish_user }}'
name: "{{ gophish_user }}"
groups: ssl-cert
append: yes
@ -109,10 +109,16 @@
state: started
enabled: yes
- name: get latest release info
uri:
url: "https://api.github.com/repos/gophish/gophish/releases/latest"
return_content: true
register: latest_json_reponse
- name: Download latest Gophish .zip file.
get_url:
validate_certs: True
url: https://getgophish.com/releases/latest/linux/64
url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip"
dest: "/home/{{ gophish_user }}/gophish.zip"
mode: 0755
owner: "{{ gophish_user }}"
@ -144,7 +150,7 @@
unarchive:
src: "/home/{{ gophish_user }}/gophish.zip"
dest: "/home/{{ gophish_user }}/gophish_deploy"
remote_src: True # File is on target server and not locally.
remote_src: True # File is on target server and not locally.
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
@ -155,6 +161,11 @@
group: "{{ gophish_user }}"
recurse: True
- name: Ensure gophish binary is executable
file:
path: /home/{{ gophish_user }}/gophish_deploy/gophish
mode: 744
- name: Ensure gophish binary is allowed to bind to privileged ports using setcap
capabilities:
path: /home/{{ gophish_user }}/gophish_deploy/gophish
@ -202,6 +213,14 @@
state: reloaded
enabled: yes
- name: get Gophish log file which contain initial password
command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log
register: gophish_log
- name: display log file
debug:
msg: "{{ gophish_log }}"
- name: Reboot the box in 1 minute.
command: shutdown -r 1
when: reboot_box
when: reboot_box

View File

@ -4,7 +4,8 @@ install_packages:
- postfix
- unzip
- libcap2-bin
- python-pip
- python-is-python3
- python3-pip
hostname: gophish
gophish_user: ubuntu
@ -15,4 +16,4 @@ gophish_ssl_cert_path: /etc/ssl/private/gophish.pem
gophish_csr_path: /etc/ssl/csr/gophish.csr
gophish_crt_path: /etc/ssl/crt/gophish.crt
# Required if changing /etc/hostname to something different.
reboot_box: true
reboot_box: true