Ansible zip folder reorg (#1002)

* Updated README

* Updated playbook to work with new .zip file structure and cleaned up misc. parts

* Added missing quotes to be safe for variable interpretation
pull/1014/head
derpadoo 2018-03-13 19:53:20 -05:00 committed by Jordan Wright
parent c9ff8714a0
commit 709e83bade
3 changed files with 68 additions and 41 deletions

View File

@ -1,4 +1,4 @@
Tested on Ubuntu 16.04.2.
Tested on Ubuntu 16.04.4.
Installs Postfix (to listen on localhost only) and the latest Linux gophish binary. setcap is used to allow the gophish binary to listen on privileged ports without running as root.
@ -18,3 +18,6 @@ ansible-playbook site.yml -i hosts -u root --ask-pass
# Log in as non-root user with SSH key (if root login has been disabled)
ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
# Logging in as non-root user without SSH keys
ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass

View File

@ -2,26 +2,45 @@
hostname:
name: "{{ hostname }}"
- name: Allow TCP 80 for Gophish
ufw: rule=allow port=80 proto=tcp
- name: Allow TCP 22 for SSH.
ufw:
rule: allow
port: 22
proto: tcp
- name: Allow TCP 443 for Gophish
ufw: rule=allow port=443 proto=tcp
- name: Allow TCP 80 for Gophish.
ufw:
rule: allow
port: 80
proto: tcp
- name: Enable ufw
ufw: state=enabled policy=deny
- name: Allow TCP 443 for Gophish.
ufw:
rule: allow
port: 443
proto: tcp
- name: Enable ufw.
ufw:
state: enabled
policy: deny
when: enable_ufw_firewall
- name: Update APT package cache
apt: update_cache=yes
- name: Update APT package cache.
apt:
update_cache: yes
- name: Upgrade APT to the latest packages
apt: upgrade=safe
- name: Upgrade APT to the latest packages.
apt:
upgrade: safe
- name: Ensure postfix is installed (Debian).
apt: name=postfix state=installed
- name: Install specified packages.
apt:
pkg: "{{ item }}"
state: latest
with_items: "{{ install_packages }}"
- name: Update postfix main.cf configuration file
- name: Update postfix main.cf configuration file.
template:
src: main.cf.j2
dest: /etc/postfix/main.cf
@ -30,59 +49,60 @@
group: root
mode: 0644
- name: Restart postfix
service: name=postfix state=restarted
- name: Restart postfix.
service:
name: postfix
state: restarted
- name: Ensure postfix is started and enabled at boot.
service: name=postfix state=started enabled=yes
service:
name: postfix
state: started
enabled: yes
- name: Download latest Gophish .zip file
- name: Download latest Gophish .zip file.
get_url:
validate_certs: False
validate_certs: True
url: https://getgophish.com/releases/latest/linux/64
dest: /home/{{ gophish_user }}/gophish.zip
dest: "/home/{{ gophish_user }}/gophish.zip"
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Unzip gophish file
- name: Create directory for gophish.
file:
path: "/home/{{ gophish_user }}/gophish"
state: directory
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Unzip gophish file.
unarchive:
src: /home/{{ gophish_user }}/gophish.zip
dest: /home/{{ gophish_user }}
src: "/home/{{ gophish_user }}/gophish.zip"
dest: "/home/{{ gophish_user }}/gophish"
remote_src: True # File is on target server and not locally.
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- shell: ls -d /home/{{ gophish_user }}/gophish-*
register: gophish_dir
- name: Rename gophish folder
command: mv {{ item }} /home/{{ gophish_user }}/gophish
with_items: "{{ gophish_dir.stdout }}"
- name: Change ownership of Gophish folder
- name: Change ownership of Gophish folder and files.
file:
path: /home/{{ gophish_user }}/gophish
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
recurse: True
- name: Add execution privileges to the gophish binary
file:
path: /home/{{ gophish_user }}/gophish/gophish
mode: 0755
- name: Allow gophish binary to bind to privileged ports using setcap
- name: Allow gophish binary to bind to privileged ports using setcap.
shell: setcap CAP_NET_BIND_SERVICE=+eip /home/{{ gophish_user }}/gophish/gophish
- name: Copy config.json file
- name: Copy config.json file.
copy:
src: files/config.json
dest: /home/{{ gophish_user }}/gophish/config.json
dest: "/home/{{ gophish_user }}/gophish/config.json"
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
mode: 0644
- name: Reboot the box in 1 minute
- name: Reboot the box in 1 minute.
command: shutdown -r 1
when: reboot_box

View File

@ -1,7 +1,11 @@
enable_ufw_firewall: true
install_packages:
- postfix
- unzip
hostname: gophish
gophish_user: gpuser
gophish_user: ubuntu
postfix_hostname: gophish
postfix_inet_interfaces: 127.0.0.1