From 0392517fa25c5c63a77fdad2096821f66c394415 Mon Sep 17 00:00:00 2001
From: Sebastian Haderecker <sebastian.haderecker@gmail.com>
Date: Sat, 29 Jun 2019 16:21:47 +0000
Subject: [PATCH] Added new playbook and roles

---
 .../ansible/deploy_tpot.yaml                  | 25 ++++++++++++++
 .../ansible/roles/check/tasks/main.yaml       | 25 ++++++++++++++
 .../ansible/roles/custom_ews/tasks/main.yaml  | 11 ------
 .../roles/custom_ews/templates/ews.cfg        | 30 ++++++++--------
 .../roles/custom_hpfeeds/tasks/main.yaml      | 10 ++++++
 .../templates/hpfeeds.cfg                     |  0
 .../ansible/roles/deploy/tasks/main.yaml      | 34 +++++++++++++++++++
 .../ansible/roles/deploy/vars/main.yaml       |  8 +++++
 .../ansible/roles/deploy/vars/os_auth.yaml    |  5 +++
 .../ansible/roles/install/tasks/main.yaml     |  6 ++--
 .../ansible/roles/install/vars/main.yaml      |  1 +
 .../ansible/roles/reboot/tasks/main.yaml      |  3 ++
 12 files changed, 129 insertions(+), 29 deletions(-)
 create mode 100644 cloud/open-telekom-cloud/ansible/deploy_tpot.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/check/tasks/main.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/tasks/main.yaml
 rename cloud/open-telekom-cloud/ansible/roles/{custom_ews => custom_hpfeeds}/templates/hpfeeds.cfg (100%)
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/deploy/tasks/main.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/deploy/vars/main.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/deploy/vars/os_auth.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/install/vars/main.yaml
 create mode 100644 cloud/open-telekom-cloud/ansible/roles/reboot/tasks/main.yaml

diff --git a/cloud/open-telekom-cloud/ansible/deploy_tpot.yaml b/cloud/open-telekom-cloud/ansible/deploy_tpot.yaml
new file mode 100644
index 00000000..88909b17
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/deploy_tpot.yaml
@@ -0,0 +1,25 @@
+- name: Check host prerequisites
+  hosts: localhost
+  become: yes
+  become_user: root
+  become_method: sudo
+  roles:
+    - check
+
+- name: Deploy instance
+  hosts: localhost
+  roles:
+    - deploy
+
+- name: Install T-Pot on new instance
+  hosts: TPOT
+  remote_user: linux
+  become: yes
+  become_user: root
+  become_method: sudo
+  gather_facts: no
+  roles:
+    - install
+#    - custom_ews
+#    - custom_hpfeeds
+    - reboot
diff --git a/cloud/open-telekom-cloud/ansible/roles/check/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/check/tasks/main.yaml
new file mode 100644
index 00000000..1adac185
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/check/tasks/main.yaml
@@ -0,0 +1,25 @@
+- name: Install pwgen
+  apt:
+    name: pwgen
+
+- name: Install setuptools
+  apt:
+    name: python-setuptools
+
+- name: Install pip
+  apt:
+    name: python-pip
+
+- name: Install openstacksdk
+  pip:
+    name: openstacksdk
+
+- name: Set fact for agent forwarding
+  set_fact:
+    agent_forwarding: "{{ lookup('env','SSH_AUTH_SOCK') }}"
+
+- name: Check if agent forwarding is enabled
+  fail:
+    msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
+  ignore_errors: yes
+  when: agent_forwarding == ""
diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml
index b49d4df4..197403bd 100644
--- a/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml
+++ b/cloud/open-telekom-cloud/ansible/roles/custom_ews/tasks/main.yaml
@@ -11,14 +11,3 @@
     path: /opt/tpot/etc/tpot.yml
     insertafter: '/opt/ewsposter/ews.ip'
     line: '     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg'
-
-- name: Copy hpfeeds configuration file
-  template:
-    src: ../templates/hpfeeds.cfg
-    dest: /data/ews/conf
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Applying hpfeeds settings
-  command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/ews.cfg b/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/ews.cfg
index 2dfc89e6..a775d04b 100644
--- a/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/ews.cfg
+++ b/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/ews.cfg
@@ -35,7 +35,7 @@ jsondir = /data/ews/json/
 
 [GLASTOPFV3]
 glastopfv3 = true
-nodeid = glastopfv3-{{ HPNAME }}
+nodeid = glastopfv3-{{ ansible_hostname }}
 sqlitedb = /data/glastopf/db/glastopf.db
 malwaredir = /data/glastopf/data/files/
 
@@ -59,18 +59,18 @@ malwaredir =
 
 [COWRIE]
 cowrie = true
-nodeid = cowrie-{{ HPNAME }}
+nodeid = cowrie-{{ ansible_hostname }}
 logfile = /data/cowrie/log/cowrie.json
 
 [DIONAEA]
 dionaea = true
-nodeid = dionaea-{{ HPNAME }}
+nodeid = dionaea-{{ ansible_hostname }}
 malwaredir = /data/dionaea/binaries/
 sqlitedb = /data/dionaea/log/dionaea.sqlite
 
 [HONEYTRAP]
 honeytrap = true
-nodeid = honeytrap-{{ HPNAME }}
+nodeid = honeytrap-{{ ansible_hostname }}
 newversion = true
 payloaddir = /data/honeytrap/attacks/
 attackerfile = /data/honeytrap/log/attacker.log
@@ -83,55 +83,55 @@ targetip =
 
 [EMOBILITY]
 eMobility = false
-nodeid = emobility-{{ HPNAME }}
+nodeid = emobility-{{ ansible_hostname }}
 logfile = /data/emobility/log/centralsystemEWS.log
 
 [CONPOT]
 conpot = true
-nodeid = conpot-{{ HPNAME }}
+nodeid = conpot-{{ ansible_hostname }}
 logfile = /data/conpot/log/conpot*.json
 
 [ELASTICPOT]
 elasticpot = true
-nodeid = elasticpot-{{ HPNAME }}
+nodeid = elasticpot-{{ ansible_hostname }}
 logfile = /data/elasticpot/log/elasticpot.log
 
 [SURICATA]
 suricata = true
-nodeid = suricata-{{ HPNAME }}
+nodeid = suricata-{{ ansible_hostname }}
 logfile = /data/suricata/log/eve.json
 
 [MAILONEY]
 mailoney = true
-nodeid = mailoney-{{ HPNAME }}
+nodeid = mailoney-{{ ansible_hostname }}
 logfile = /data/mailoney/log/commands.log
 
 [RDPY]
 rdpy = true
-nodeid = rdpy-{{ HPNAME }}
+nodeid = rdpy-{{ ansible_hostname }}
 logfile = /data/rdpy/log/rdpy.log
 
 [VNCLOWPOT]
 vnclowpot = true
-nodeid = vnclowpot-{{ HPNAME }}
+nodeid = vnclowpot-{{ ansible_hostname }}
 logfile = /data/vnclowpot/log/vnclowpot.log
 
 [HERALDING]
 heralding = true
-nodeid = heralding-{{ HPNAME }}
+nodeid = heralding-{{ ansible_hostname }}
 logfile = /data/heralding/log/auth.csv
 
 [CISCOASA]
 ciscoasa = true
-nodeid = ciscoasa-{{ HPNAME }}
+nodeid = ciscoasa-{{ ansible_hostname }}
 logfile = /data/ciscoasa/log/ciscoasa.log
 
 [TANNER]
 tanner = true
-nodeid = tanner-{{ HPNAME }}
+nodeid = tanner-{{ ansible_hostname }}
 logfile = /data/tanner/log/tanner_report.json
 
 [GLUTTON]
 glutton = true
-nodeid = glutton-{{ HPNAME }}
+nodeid = glutton-{{ ansible_hostname }}
 logfile = /data/glutton/log/glutton.log
diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/tasks/main.yaml
new file mode 100644
index 00000000..421d1ed6
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/tasks/main.yaml
@@ -0,0 +1,10 @@
+- name: Copy hpfeeds configuration file
+  template:
+    src: ../templates/hpfeeds.cfg
+    dest: /data/ews/conf
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Applying hpfeeds settings
+  command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
diff --git a/cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/hpfeeds.cfg b/cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/templates/hpfeeds.cfg
similarity index 100%
rename from cloud/open-telekom-cloud/ansible/roles/custom_ews/templates/hpfeeds.cfg
rename to cloud/open-telekom-cloud/ansible/roles/custom_hpfeeds/templates/hpfeeds.cfg
diff --git a/cloud/open-telekom-cloud/ansible/roles/deploy/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/deploy/tasks/main.yaml
new file mode 100644
index 00000000..884e1e49
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/deploy/tasks/main.yaml
@@ -0,0 +1,34 @@
+- name: Create T-Pot name
+  shell: echo t-pot-otc-$(pwgen -ns 6 -1)
+  register: tpot_name
+
+- name: Import OpenStack authentication variables
+  include_vars:
+    file: roles/deploy/vars/os_auth.yaml
+
+- name: Launch an instance
+  os_server:
+    auth:
+      auth_url: "{{ auth_url }}"
+      username: "{{ username }}"
+      password: "{{ password }}"
+      project_name: "{{ project_name }}"
+      os_user_domain_name: "{{ os_user_domain_name }}"
+    name: "{{ tpot_name.stdout }}"
+    region_name: "{{ region_name }}"
+    availability_zone: "{{ availability_zone }}"
+    image: "{{ image }}"
+    boot_from_volume: yes
+    volume_size: "{{ volume_size }}"
+    key_name: "{{ key_name }}"
+    timeout: 200
+    flavor: "{{ flavor }}"
+    security_groups: "{{ security_groups }}"
+    network: "{{ network }}"
+  register: tpot
+
+- name: Add instance to inventory
+  add_host:
+    hostname: "{{ tpot_name.stdout }}"
+    ansible_host: "{{ tpot.server.public_v4 }}"
+    groups: TPOT
diff --git a/cloud/open-telekom-cloud/ansible/roles/deploy/vars/main.yaml b/cloud/open-telekom-cloud/ansible/roles/deploy/vars/main.yaml
new file mode 100644
index 00000000..c0697442
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/deploy/vars/main.yaml
@@ -0,0 +1,8 @@
+region_name: eu-de
+availability_zone: eu-de-03
+image: Standard_Debian_9_latest
+volume_size: 128
+key_name: your-KeyPair
+flavor: s2.medium.8
+security_groups: your-sg
+network: your-network-id
diff --git a/cloud/open-telekom-cloud/ansible/roles/deploy/vars/os_auth.yaml b/cloud/open-telekom-cloud/ansible/roles/deploy/vars/os_auth.yaml
new file mode 100644
index 00000000..fdb1a29b
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/deploy/vars/os_auth.yaml
@@ -0,0 +1,5 @@
+auth_url: https://iam.eu-de.otc.t-systems.com/v3
+username: your_api_user
+password: your_password
+project_name: eu-de_your_project
+os_user_domain_name: OTC-EU-DE-000000000010000XXXXX
diff --git a/cloud/open-telekom-cloud/ansible/roles/install/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/install/tasks/main.yaml
index 9e4fd51a..855fe615 100644
--- a/cloud/open-telekom-cloud/ansible/roles/install/tasks/main.yaml
+++ b/cloud/open-telekom-cloud/ansible/roles/install/tasks/main.yaml
@@ -8,13 +8,13 @@
 
 - name: Cloning t-pot install directory
   git:
-    repo: 'https://github.com/dtag-dev-sec/tpotce.git'
+    repo: "https://github.com/dtag-dev-sec/tpotce.git"
     dest: /root/tpot
 
 - name: Prepare to set user password 
   set_fact:
-    user_password: "{{ lookup('env', 'LINUX_PASS') }}"
-    user_salt: 's0mew1ck3dTpoT'
+    user_password: "{{ linux_pass }}"
+    user_salt: "s0mew1ck3dTpoT"
 
 - name: Changing password for user linux to {{ user_password }}
   user:
diff --git a/cloud/open-telekom-cloud/ansible/roles/install/vars/main.yaml b/cloud/open-telekom-cloud/ansible/roles/install/vars/main.yaml
new file mode 100644
index 00000000..48a12942
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/install/vars/main.yaml
@@ -0,0 +1 @@
+linux_pass: LiNuXuSeRPaSs#
diff --git a/cloud/open-telekom-cloud/ansible/roles/reboot/tasks/main.yaml b/cloud/open-telekom-cloud/ansible/roles/reboot/tasks/main.yaml
new file mode 100644
index 00000000..f0c338bc
--- /dev/null
+++ b/cloud/open-telekom-cloud/ansible/roles/reboot/tasks/main.yaml
@@ -0,0 +1,3 @@
+- name: Finally rebooting t-pot in one minute - make sure your next login is on port 64295 or via https:// on port 64297
+  shell: /sbin/shutdown -r -t 1
+  become: true