2023-06-21 21:21:11 +00:00
|
|
|
---
|
2023-07-05 15:55:59 +00:00
|
|
|
################################
|
|
|
|
|
# T-Pot - Debian Remove (sudo) #
|
|
|
|
|
################################
|
|
|
|
|
|
|
|
|
|
# Be sure to use root password as become password
|
|
|
|
|
- name: T-Pot - Debian Remove (sudo)
|
2023-06-21 21:21:11 +00:00
|
|
|
hosts: all
|
|
|
|
|
gather_facts: true
|
2023-06-30 11:15:30 +00:00
|
|
|
become: false
|
2023-06-21 21:21:11 +00:00
|
|
|
|
2023-07-05 15:55:59 +00:00
|
|
|
tasks:
|
|
|
|
|
- name: Check if running as root
|
|
|
|
|
assert:
|
|
|
|
|
that: ansible_user != 'root'
|
|
|
|
|
fail_msg: "T-Pot playbook should not be run as root."
|
|
|
|
|
success_msg: "Running as user: {{ ansible_user }}."
|
|
|
|
|
tags:
|
|
|
|
|
- "Debian"
|
|
|
|
|
|
|
|
|
|
- name: Check if running as tpot
|
|
|
|
|
assert:
|
|
|
|
|
that: ansible_user != 'tpot'
|
|
|
|
|
fail_msg: "Reserved username `tpot` detected."
|
|
|
|
|
success_msg: "Running as user: {{ ansible_user }}."
|
|
|
|
|
tags:
|
|
|
|
|
- "Debian"
|
2023-06-21 21:21:11 +00:00
|
|
|
|
|
|
|
|
- name: Remove current user from sudo group
|
|
|
|
|
become: true
|
|
|
|
|
become_method: su
|
|
|
|
|
command: gpasswd -d "{{ ansible_user_id }}" sudo
|
|
|
|
|
when: ansible_distribution == "Debian"
|
2023-07-05 15:55:59 +00:00
|
|
|
tags:
|
|
|
|
|
- "Debian"
|
2023-06-21 21:21:11 +00:00
|
|
|
|
|
|
|
|
- name: Uninstall sudo package if present
|
|
|
|
|
become: true
|
|
|
|
|
become_method: su
|
2023-07-05 15:55:59 +00:00
|
|
|
package:
|
2023-06-21 21:21:11 +00:00
|
|
|
name: sudo
|
|
|
|
|
state: absent
|
|
|
|
|
update-cache: no
|
|
|
|
|
when: ansible_distribution == "Debian"
|
2023-07-05 15:55:59 +00:00
|
|
|
tags:
|
|
|
|
|
- "Debian"
|
2023-06-21 21:21:11 +00:00
|
|
|
|
2023-07-05 15:55:59 +00:00
|
|
|
- name: Remove sudoers file for ansible_user_id
|
|
|
|
|
become: true
|
|
|
|
|
become_method: su
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/sudoers.d/{{ ansible_user_id }}
|
|
|
|
|
state: absent
|
|
|
|
|
tags:
|
|
|
|
|
- "Debian"
|
