Projects STRLCPY gophish Commits 0646f14c
🤬
  • Updated the Ansible Playbook (#2138)

    * Update Ansible role
    * lint Ansible role
    * Update Ansible Playbook README
    * use python3 packages instead python2
  • Loading...
  • Bilal Retiat committed with GitHub 2 years ago
    0646f14c
    1 parent ceab0509
  • ■ ■ ■ ■ ■ ■
    ansible-playbook/README
    1  -Tested on Ubuntu 16.04.4.
     1 +Tested on Ubuntu 20.04 LTS.
    2 2   
    3 3  Installs Postfix (to listen on localhost only) and the latest Linux gophish binary. setcap is used to allow the gophish binary to listen on privileged ports without running as root.
    4 4   
    skipped 12 lines
    17 17  ansible-playbook site.yml -i hosts -u root --ask-pass
    18 18   
    19 19  # Log in as non-root user with SSH key (if root login has been disabled)
    20  -ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
     20 +ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
    21 21   
    22 22  # Logging in as non-root user without SSH keys
    23  -ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
     23 +ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass
    24 24   
  • ■ ■ ■ ■ ■
    ansible-playbook/roles/gophish/files/config.json
    skipped 15 lines
    16 16   "migrations_prefix": "db/db_",
    17 17   "contact_address": "",
    18 18   "logging": {
    19  - "filename": "",
     19 + "filename": "gophish.log",
    20 20   "level": ""
    21 21   }
    22 22  }
     23 + 
  • ■ ■ ■ ■ ■
    ansible-playbook/roles/gophish/tasks/main.yml
    skipped 9 lines
    10 10  - name: Allow TCP 22 for SSH.
    11 11   ufw:
    12 12   rule: allow
    13  - port: '22'
     13 + port: "22"
    14 14   proto: tcp
    15 15   
    16 16  - name: Allow TCP 80 for Gophish.
    17 17   ufw:
    18 18   rule: allow
    19  - port: '80'
     19 + port: "80"
    20 20   proto: tcp
    21 21   
    22 22  - name: Allow TCP 443 for Gophish.
    23 23   ufw:
    24 24   rule: allow
    25  - port: '443'
     25 + port: "443"
    26 26   proto: tcp
    27 27   
    28 28  - name: Enable ufw.
    skipped 14 lines
    43 43   file:
    44 44   path: /etc/ssl/csr
    45 45   state: directory
    46  - mode: '0755'
     46 + mode: "0755"
    47 47   
    48 48  - name: Ensure /etc/ssl/private folder exists
    49 49   file:
    50 50   path: /etc/ssl/private
    51 51   state: directory
    52  - mode: '0755'
     52 + mode: "0755"
    53 53   
    54 54  - name: Ensure /etc/ssl/crt folder exists
    55 55   file:
    56 56   path: /etc/ssl/crt
    57 57   state: directory
    58  - mode: '0755'
     58 + mode: "0755"
    59 59   
    60 60  - name: Install specified packages.
    61 61   apt:
    skipped 2 lines
    64 64   
    65 65  - name: adding existing user '{{ gophish_user }}' to group ssl-cert
    66 66   user:
    67  - name: '{{ gophish_user }}'
     67 + name: "{{ gophish_user }}"
    68 68   groups: ssl-cert
    69 69   append: yes
    70 70   
    skipped 38 lines
    109 109   state: started
    110 110   enabled: yes
    111 111   
     112 +- name: get latest release info
     113 + uri:
     114 + url: "https://api.github.com/repos/gophish/gophish/releases/latest"
     115 + return_content: true
     116 + register: latest_json_reponse
     117 + 
    112 118  - name: Download latest Gophish .zip file.
    113 119   get_url:
    114 120   validate_certs: True
    115  - url: https://getgophish.com/releases/latest/linux/64
     121 + url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip"
    116 122   dest: "/home/{{ gophish_user }}/gophish.zip"
    117 123   mode: 0755
    118 124   owner: "{{ gophish_user }}"
    skipped 25 lines
    144 150   unarchive:
    145 151   src: "/home/{{ gophish_user }}/gophish.zip"
    146 152   dest: "/home/{{ gophish_user }}/gophish_deploy"
    147  - remote_src: True # File is on target server and not locally.
     153 + remote_src: True # File is on target server and not locally.
    148 154   owner: "{{ gophish_user }}"
    149 155   group: "{{ gophish_user }}"
    150 156   
    skipped 3 lines
    154 160   owner: "{{ gophish_user }}"
    155 161   group: "{{ gophish_user }}"
    156 162   recurse: True
     163 + 
     164 +- name: Ensure gophish binary is executable
     165 + file:
     166 + path: /home/{{ gophish_user }}/gophish_deploy/gophish
     167 + mode: 744
    157 168   
    158 169  - name: Ensure gophish binary is allowed to bind to privileged ports using setcap
    159 170   capabilities:
    skipped 42 lines
    202 213   state: reloaded
    203 214   enabled: yes
    204 215   
     216 +- name: get Gophish log file which contain initial password
     217 + command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log
     218 + register: gophish_log
     219 + 
     220 +- name: display log file
     221 + debug:
     222 + msg: "{{ gophish_log }}"
     223 + 
    205 224  - name: Reboot the box in 1 minute.
    206 225   command: shutdown -r 1
    207 226   when: reboot_box
     227 + 
  • ■ ■ ■ ■ ■
    ansible-playbook/roles/gophish/vars/main.yml
    skipped 3 lines
    4 4   - postfix
    5 5   - unzip
    6 6   - libcap2-bin
    7  - - python-pip
     7 + - python-is-python3
     8 + - python3-pip
    8 9   
    9 10  hostname: gophish
    10 11  gophish_user: ubuntu
    skipped 5 lines
    16 17  gophish_crt_path: /etc/ssl/crt/gophish.crt
    17 18  # Required if changing /etc/hostname to something different.
    18 19  reboot_box: true
     20 + 
Please wait...
Page is in error, reload to recover