Ansible zip folder reorg (#1002)

* Updated README

* Updated playbook to work with new .zip file structure and cleaned up misc. parts

* Added missing quotes to be safe for variable interpretation

ansible-playbook/README

@@ -1,4 +1,4 @@
-Tested on Ubuntu 16.04.2.
+Tested on Ubuntu 16.04.4.
 
 Installs Postfix (to listen on localhost only) and the latest Linux gophish binary.  setcap is used to allow the gophish binary to listen on privileged ports without running as root.
 
@@ -18,3 +18,6 @@ ansible-playbook site.yml -i hosts -u root --ask-pass
 
 # Log in as non-root user with SSH key (if root login has been disabled)
 ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
+
+# Logging in as non-root user without SSH keys
+ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass

ansible-playbook/roles/gophish/tasks/main.yml

@@ -2,26 +2,45 @@
   hostname:
     name: "{{ hostname }}"
 
-- name: Allow TCP 80 for Gophish
+- name: Allow TCP 22 for SSH.
-  ufw: rule=allow port=80 proto=tcp
+  ufw:
+    rule: allow
+    port: 22
+    proto: tcp
 
-- name: Allow TCP 443 for Gophish
+- name: Allow TCP 80 for Gophish.
-  ufw: rule=allow port=443 proto=tcp
+  ufw:
+    rule: allow
+    port: 80
+    proto: tcp
 
-- name: Enable ufw
+- name: Allow TCP 443 for Gophish.
-  ufw: state=enabled policy=deny
+  ufw:
+    rule: allow
+    port: 443
+    proto: tcp
+
+- name: Enable ufw.
+  ufw:
+    state: enabled
+    policy: deny
   when: enable_ufw_firewall
 
-- name: Update APT package cache
+- name: Update APT package cache.
-  apt: update_cache=yes
+  apt:
+    update_cache: yes
 
-- name: Upgrade APT to the latest packages
+- name: Upgrade APT to the latest packages.
-  apt: upgrade=safe
+  apt:
+    upgrade: safe
 
-- name: Ensure postfix is installed (Debian).
+- name: Install specified packages.
-  apt: name=postfix state=installed
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+  with_items: "{{ install_packages }}"
 
-- name: Update postfix main.cf configuration file
+- name: Update postfix main.cf configuration file.
   template:
     src: main.cf.j2
     dest: /etc/postfix/main.cf
@@ -30,59 +49,60 @@
     group: root
     mode: 0644
 
-- name: Restart postfix
+- name: Restart postfix.
-  service: name=postfix state=restarted
+  service:
+    name: postfix
+    state: restarted
 
 - name: Ensure postfix is started and enabled at boot.
-  service: name=postfix state=started enabled=yes
+  service:
+    name: postfix
+    state: started
+    enabled: yes
 
-- name: Download latest Gophish .zip file
+- name: Download latest Gophish .zip file.
   get_url:
-    validate_certs: False
+    validate_certs: True
     url: https://getgophish.com/releases/latest/linux/64
-    dest: /home/{{ gophish_user }}/gophish.zip
+    dest: "/home/{{ gophish_user }}/gophish.zip"
     mode: 0755
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
 
-- name: Unzip gophish file
+- name: Create directory for gophish.
+  file:
+    path: "/home/{{ gophish_user }}/gophish"
+    state: directory
+    mode: 0755
+    owner: "{{ gophish_user }}"
+    group: "{{ gophish_user }}"
+
+- name: Unzip gophish file.
   unarchive:
-    src: /home/{{ gophish_user }}/gophish.zip
+    src: "/home/{{ gophish_user }}/gophish.zip"
-    dest: /home/{{ gophish_user }}
+    dest: "/home/{{ gophish_user }}/gophish"
     remote_src: True  # File is on target server and not locally.
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
 
-- shell: ls -d /home/{{ gophish_user }}/gophish-*
+- name: Change ownership of Gophish folder and files.
-  register: gophish_dir
-
-- name: Rename gophish folder
-  command: mv {{ item }} /home/{{ gophish_user }}/gophish
-  with_items: "{{ gophish_dir.stdout }}"
-
-- name: Change ownership of Gophish folder
   file:
     path: /home/{{ gophish_user }}/gophish
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
     recurse: True
 
-- name: Add execution privileges to the gophish binary
+- name: Allow gophish binary to bind to privileged ports using setcap.
-  file:
-    path: /home/{{ gophish_user }}/gophish/gophish
-    mode: 0755
-
-- name: Allow gophish binary to bind to privileged ports using setcap
   shell: setcap CAP_NET_BIND_SERVICE=+eip /home/{{ gophish_user }}/gophish/gophish
 
-- name: Copy config.json file
+- name: Copy config.json file.
   copy:
     src: files/config.json
-    dest: /home/{{ gophish_user }}/gophish/config.json
+    dest: "/home/{{ gophish_user }}/gophish/config.json"
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
     mode: 0644
 
-- name: Reboot the box in 1 minute
+- name: Reboot the box in 1 minute.
   command: shutdown -r 1
   when: reboot_box

ansible-playbook/roles/gophish/vars/main.yml

@@ -1,7 +1,11 @@
 enable_ufw_firewall: true
 
+install_packages:
+  - postfix
+  - unzip
+
 hostname: gophish
-gophish_user: gpuser
+gophish_user: ubuntu
 postfix_hostname: gophish
 postfix_inet_interfaces: 127.0.0.1