From b5a1c0bdf102c9b59424406a9db5d06129512b9e Mon Sep 17 00:00:00 2001 From: Dan Urson <21295236+plygrnd@users.noreply.github.com> Date: Tue, 23 Sep 2025 11:30:22 -0400 Subject: [PATCH] Add support for Red Hat Enterprise Linux - Thank you @plygrnd Adjust installer, uninstaller and playbooks to support T-Pot installation using RHEL >= 8 --- README.md | 22 ++++-- install.sh | 57 ++++++++++++-- installer/install/tpot.yml | 156 ++++++++++++++++++++++++------------- installer/remove/tpot.yml | 62 +++++++++------ uninstall.sh | 15 ++-- 5 files changed, 218 insertions(+), 94 deletions(-) diff --git a/README.md b/README.md index 52383221..b70237c5 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/in - [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support) - [Get and install T-Pot](#get-and-install-t-pot) - [macOS \& Windows](#macos--windows) + - [Red Hat Enterprise Linux](#red-hat-enterprise-linux) - [Installation Types](#installation-types) - [Standard / Hive](#standard--hive) - [Distributed](#distributed) @@ -190,7 +191,7 @@ T-Pot offers a number of services which are basically divided into five groups: During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors. | Service | Account Type | Username / Group | Description | -| :--------------- | :----------- | :--------------- | :----------------------------------------------------------------- | +|:-----------------|:-------------|:-----------------|:-------------------------------------------------------------------| | SSH | OS | `` | The user you chose during the installation of the OS. | | Nginx | BasicAuth | `` | `` you chose during the installation of T-Pot. | | CyberChef | BasicAuth | `` | `` you chose during the installation of T-Pot. | @@ -209,7 +210,7 @@ Depending on the [supported Linux distro images](#choose-your-distro), hive / se

| T-Pot Type | RAM | Storage | Description | -| :--------- | :--- | :-------- | :----------------------------------------------------------------------------------------------- | +|:-----------|:-----|:----------|:-------------------------------------------------------------------------------------------------| | Hive | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed. | | Sensor | 8GB | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. | @@ -250,7 +251,7 @@ Some users report working installations on other clouds and hosters, i.e. Azure Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions. | Port | Protocol | Direction | Description | -| :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- | +|:--------------------------------------------------------------------------------------------------------------------------------------|:---------|:----------|:----------------------------------------------------------------------------------------------------| | 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. | | 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation | | 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 | @@ -317,14 +318,14 @@ Once you are familiar with how things work you should choose a network you suspe ## Choose your distro **Steps to Follow:** -1. Download a supported Linux distribution from the list below. +1. Download a supported Linux distribution from the list below. (NOTE: Red Hat Enterprise Linux >= 8 is supported, but omitted from the list below due to its subscription-based nature. See [Red Hat Enterprise Linux](#red-hat-enterprise-linux) for details). 2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages. 3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts. 4. Make sure to install SSH, so you can connect to the machine remotely. | Distribution Name | x64 | arm64 | -| :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- | +|:-----------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| | [Alma Linux OS 9.6 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso) | | [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.1.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.1.0-arm64-netinst.iso) | | [Fedora Server 42 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) | @@ -336,7 +337,7 @@ Once you are familiar with how things work you should choose a network you suspe ## Raspberry Pi 4 (8GB) Support | Distribution Name | arm64 | -| :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- | +|:-----------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------| | [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) |

@@ -381,6 +382,15 @@ To get things up and running just follow these steps: 8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background. 9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely. +## Red Hat Enterprise Linux + +Red Hat Enterprise Linux (RHEL) is a somewhat unique case in that: + +1. Connections to Red Hat repositories depend on a Red Hat subscription. You will not be able to update the OS or install new packages if the targeted machine is not subscribed. **If your server is not attached to a Red Hat subscription, installation will fail!** +2. Ansible is installed from a RHEL-specific repository by the installer. Do not attempt to install it from the upstream repositories. +3. Docker is installed from EPEL, which is installed by the installer script. Do not attempt to install it from the community installer script. +2. T-Pot will only install successfully on RHEL >= 8. One of the convenience dependencies (`grc`) depends on Python 2, which was removed after RHEL 7. It is omitted from the RHEL installation of T-Pot. + ## Installation Types ### Standard / Hive diff --git a/install.sh b/install.sh index 6a00d968..3de29c08 100755 --- a/install.sh +++ b/install.sh @@ -27,6 +27,30 @@ validate_type() { } } +rhel_version() { + # special case for RHEL due to its complicated repo infrastructure + # primarily used for EPEL repo selection + # supports RHEL 7-10 + myRHEL_VERSION=$(grep PLATFORM_ID /etc/os-release | cut -d ':' -f2 | grep -Eo '([0-9]{1,2})') + if [ "$myRHEL_VERSION" -lt 7 ]; then + echo "Error: RHEL < 7 not supported!" >&2 + exit 1 + fi + echo "$myRHEL_VERSION" +} + +rhel_ansible_repo() { + # rhel uses a dedicated repo for ansible that we need to enable through subscription-manager + myRHEL_ANSIBLE_REPO=$(sudo subscription-manager repos --list \ + | grep -E "ansible-automation-platform-[0-9]{1}\.[0-9]{1}-for-rhel-$(rhel_version)-x86_64-rpms" \ + | awk -F':' '{print $2}' \ + | tr -d ' ' \ + | sort -nr \ + | head -n 1 +) + echo "$myRHEL_ANSIBLE_REPO" +} + # Defaults myQST="" myTPOT_TYPE="" @@ -78,6 +102,7 @@ myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env" myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget" myPACKAGES_FEDORA="ansible cracklib httpd-tools wget" myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget" +myPACKAGES_RHEL="ansible-core ansible-collection-redhat-rhel_mgmt cracklib httpd-tools wget" myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget" @@ -99,12 +124,12 @@ if [ ${EUID} -eq 0 ]; fi # Check if running on a supported distribution -mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu") +mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; then - echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu." + echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." echo exit 1 @@ -122,8 +147,7 @@ if [[ -z "$myQST" ]]; then echo done fi -if [ "${myQST}" = "n" ]; - then +if [ "${myQST}" = "n" ]; then echo echo "### Aborting!" echo @@ -176,14 +200,35 @@ case ${myCURRENT_DISTRIBUTION} in sudo dnf -y --refresh install ${myPACKAGES_ROCKY} ansible-galaxy collection install ansible.posix ;; + "Red Hat Enterprise Linux") + echo + echo ${myINSTALL_NOTIFICATION} + echo + echo "RHEL detected - configuring version and Ansible repo strings" + rhel_version + rhel_ansible_repo + sudo yum update + # extra repo required for EPEL on RHEL + sudo subscription-manager repos --enable codeready-builder-for-rhel-"$myRHEL_VERSION"-$(arch)-rpms + # epel installer is not standard on RHEL + sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$myRHEL_VERSION".noarch.rpm + # ansible comes from rhel subscription manager + sudo subscription-manager repos --enable "$myRHEL_ANSIBLE_REPO" + sudo dnf -y --refresh install ${myPACKAGES_RHEL} + ansible-galaxy collection install ansible.posix esac echo # Define tag for Ansible -myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux") +myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; then - myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) + # special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions + if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then + myANSIBLE_TAG="RedHat" + else + myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) + fi else myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} fi diff --git a/installer/install/tpot.yml b/installer/install/tpot.yml index b6fb16e8..8f67015e 100644 --- a/installer/install/tpot.yml +++ b/installer/install/tpot.yml @@ -19,6 +19,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -31,6 +32,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -44,13 +46,14 @@ - "Raspbian" - "Ubuntu" - - name: Add python package (Alma, Fedora, Rocky) + - name: Add python package (Alma, Fedora, RHEL, Rocky) raw: | dnf -y --refresh install python3 - when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == "" + when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] and my_python3.stdout | trim == "" tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - name: Add python package (openSUSE Tumbleweed) @@ -75,6 +78,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -93,8 +97,8 @@ - name: Check if supported distribution (All) assert: - that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] - fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}." + that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] + fail_msg: "T-Pot is not supported on this platform: {{ ansible_distribution }}." success_msg: "T-Pot will now install on {{ ansible_distribution }}." ############################################################ @@ -109,7 +113,7 @@ tasks: - name: Syncing clocks (All) shell: "hwclock --hctosys" - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] ignore_errors: true tags: - "AlmaLinux" @@ -117,6 +121,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -178,14 +183,15 @@ - "AlmaLinux" - "Rocky" - - name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, Rocky) + - name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, RHEL, Rocky) shell: "curl https://getmic.ro | bash && mv micro /usr/bin" args: executable: /bin/bash - when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - name: Install recommended packages (Fedora) @@ -255,7 +261,7 @@ become: true tasks: - - name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) + - name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) package: name: - docker @@ -267,12 +273,13 @@ - podman state: absent update_cache: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -329,6 +336,16 @@ when: ansible_distribution in ["Fedora"] tags: - "Fedora" + + - name: Add Docker repository (RHEL) + shell: | + if [ "$(dnf repolist docker-ce-stable)" == "" ]; + then + dnf -y config-manager addrepo --from-repofile=https://download.docker.com/linux/rhel/docker-ce.repo + fi + when: ansible_distribution in ["RedHat"] + tags: + - "RedHat" - name: Add Docker repository (AlmaLinux, Rocky) shell: | @@ -368,7 +385,7 @@ tags: - "openSUSE Tumbleweed" - - name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) + - name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) package: name: - docker-ce @@ -378,12 +395,13 @@ - docker-compose-plugin state: latest update_cache: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -392,13 +410,14 @@ name: docker state: stopped enabled: false - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -417,13 +436,14 @@ name: tpot gid: 2000 state: present - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -435,13 +455,14 @@ shell: /bin/false home: /nonexistent group: tpot - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -451,13 +472,14 @@ line: "vm.max_map_count=262144" state: present create: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -478,32 +500,34 @@ tags: - "Ubuntu" - - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) + - name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: '^(Port (?!64295$)[0-9]+)' replace: '# \1' - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" - - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) + - name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) lineinfile: path: /etc/ssh/sshd_config line: "Port 64295" insertafter: EOF - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -516,76 +540,83 @@ tags: - "openSUSE Tumbleweed" - - name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) firewalld: port: 64295/tcp permanent: yes state: enabled - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - - name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) firewalld: zone: public target: ACCEPT permanent: yes state: enabled - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - - name: Load kernel modules (AlmaLinux, Fedora, Rocky) + - name: Load kernel modules (AlmaLinux, Fedora, RHEL, Rocky) command: modprobe -v iptable_filter - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - - name: Update iptables.conf (AlmaLinux, Fedora, Rocky) + - name: Update iptables.conf (AlmaLinux, Fedora, RHEL, Rocky) lineinfile: path: /etc/modules-load.d/iptables.conf line: iptable_filter create: yes - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - - name: Set SELinux config to permissive (AlmaLinux, Fedora, Rocky) + - name: Set SELinux config to permissive (AlmaLinux, Fedora, RHEL, Rocky) lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: 'SELINUX=permissive' - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - - name: Set SELinux to permissive (AlmaLinux, Fedora, Rocky) + - name: Set SELinux to permissive (AlmaLinux, Fedora, RHEL, Rocky) command: "setenforce Permissive" - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - - name: Stop Resolved (Fedora, Ubuntu) + - name: Stop Resolved (Fedora, RHEL, Ubuntu) service: name: systemd-resolved state: stopped - when: ansible_distribution in ["Fedora", "Ubuntu"] + when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] tags: - "Fedora" + - "RedHat" - "Ubuntu" - name: Copy resolved.conf to /etc/systemd (Fedora) @@ -597,6 +628,15 @@ tags: - "Fedora" + - name: Copy resolv.conf to /etc/systemd (RHEL) + copy: + src: /usr/lib/systemd/resolv.conf + dest: /etc/systemd/resolv.conf + when: ansible_distribution in ["RedHat"] + ignore_errors: true + tags: + - "RedHat" + - name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu) lineinfile: path: /etc/systemd/resolved.conf @@ -618,44 +658,48 @@ become: true tasks: - - name: Start Resolved (Fedora, Ubuntu) + - name: Start Resolved (Fedora, RHEL, Ubuntu) service: name: systemd-resolved state: restarted - when: ansible_distribution in ["Fedora", "Ubuntu"] + when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"] tags: - "Fedora" + - "RedHat" - "Ubuntu" - name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) service: name: firewalld state: restarted - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - - "Rocky" - "openSUSE Tumbleweed" + - "RedHat" + - "Rocky" - - name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) command: "firewall-cmd --list-all" register: firewall_output - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - - "Rocky" - "openSUSE Tumbleweed" + - "RedHat" + - "Rocky" - - name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) debug: var: firewall_output.stdout_lines - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - name: Enable Docker Engine upon boot (All) @@ -663,13 +707,14 @@ name: docker state: restarted enabled: true - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -678,13 +723,14 @@ name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}" state: restarted enabled: true - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -702,6 +748,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -709,27 +756,28 @@ - name: Check for non-root user id (All) debug: msg: "Detected user: '{{ ansible_user_id }}'" - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] failed_when: ansible_user_id == "root" - - name: Add aliases (All) + - name: Add aliases blockinfile: path: ~/.bashrc block: | - alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort' + alias dps='{{ "grc --colour=on " if ansible_distribution != "RedHat" else "" }}docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort' alias dpsw='watch -c bash -ic dps' alias mi='micro' alias sudo='sudo ' marker: "# {mark} ANSIBLE MANAGED BLOCK" insertafter: EOF state: present - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -740,7 +788,7 @@ version: master clone: yes update: no - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] - name: Add current user to Docker, T-Pot group (All) become: true @@ -750,7 +798,7 @@ - docker - tpot append: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] ######################################## # T-Pot - Install service and cron job # @@ -766,6 +814,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -779,7 +828,7 @@ group: root mode: '0755' notify: Reload systemd and enable service - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] handlers: - name: Reload systemd and enable service @@ -789,7 +838,7 @@ daemon_reload: yes state: stopped enabled: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] - name: T-Pot - Setup a randomized daily reboot hosts: all @@ -801,6 +850,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -817,4 +867,4 @@ hour: "{{ random_hour }}" job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'" state: present - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] diff --git a/installer/remove/tpot.yml b/installer/remove/tpot.yml index eb89ae86..55551f6b 100644 --- a/installer/remove/tpot.yml +++ b/installer/remove/tpot.yml @@ -17,6 +17,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -35,7 +36,7 @@ - name: Check if supported distribution (All) assert: - that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}." success_msg: "T-Pot will now be removed from {{ ansible_distribution }}." @@ -53,6 +54,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -62,7 +64,7 @@ name: "T-Pot Daily Reboot" user: root state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] - name: Remove T-Pot systemd service hosts: all @@ -74,6 +76,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -84,14 +87,14 @@ state: stopped enabled: no ignore_errors: yes - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] - name: Remove systemd service file for tpot ansible.builtin.file: path: '/etc/systemd/system/tpot.service' state: absent notify: Reload systemd - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] handlers: - name: Reload systemd @@ -113,6 +116,7 @@ - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -124,7 +128,7 @@ marker: "# {mark} ANSIBLE MANAGED BLOCK" state: absent become: false - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] ########################################################## # T-Pot - Restore configs, remove users and groups, etc. # @@ -147,50 +151,53 @@ - "Fedora" - "Ubuntu" - - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky) + - name: Revert SELinux config to enforcing (AlmaLinux, Fedora, RHEL, Rocky) lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: 'SELINUX=enforcing' - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "Rocky" - - name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky) + - name: Remove iptables.conf file (AlmaLinux, Fedora, RHEL, Rocky) file: path: /etc/modules-load.d/iptables.conf state: absent - when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" - - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) firewalld: zone: public target: DROP permanent: yes state: enabled - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky) + - name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky) firewalld: port: 22/tcp permanent: yes state: enabled - when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"] + when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"] tags: - "AlmaLinux" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Rocky" - name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed) @@ -201,32 +208,34 @@ tags: - "openSUSE Tumbleweed" - - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) + - name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) lineinfile: path: /etc/ssh/sshd_config line: "Port 64295" state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "RedHat", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" - - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu) + - name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu) ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: '^# (Port (?!22$)[0-9]+)' replace: '\1' - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -235,13 +244,14 @@ path: /etc/sysctl.conf line: "vm.max_map_count=262144" state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -249,13 +259,14 @@ user: name: tpot state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -263,13 +274,14 @@ group: name: tpot state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" - "Raspbian" + - "RedHat" - "Rocky" - "Ubuntu" @@ -298,7 +310,7 @@ tags: - "openSUSE Tumbleweed" - - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu) + - name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu) package: name: - docker-ce @@ -307,7 +319,7 @@ - docker-buildx-plugin - docker-compose-plugin state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" @@ -320,12 +332,13 @@ file: path: /var/lib/docker state: absent - when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"] + when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"] tags: - "AlmaLinux" - "Debian" - "Fedora" - "openSUSE Tumbleweed" + - "RedHat" - "Raspbian" - "Rocky" - "Ubuntu" @@ -350,7 +363,7 @@ - "Raspbian" - "Ubuntu" - - name: Remove Docker repository (AlmaLinux, Rocky) + - name: Remove Docker repository (AlmaLinux, RHEL, Rocky) file: path: /etc/yum.repos.d/docker-ce.repo state: absent @@ -358,4 +371,5 @@ tags: - "AlmaLinux" - "Fedora" + - "RedHat" - "Rocky" diff --git a/uninstall.sh b/uninstall.sh index c5741e42..73d2bbdb 100755 --- a/uninstall.sh +++ b/uninstall.sh @@ -23,12 +23,12 @@ if [ ${EUID} -eq 0 ]; fi # Check if running on a supported distribution -mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu") +mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu") myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"') if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]]; then - echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu." + echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu." echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms." echo exit 1 @@ -54,13 +54,18 @@ if [ "${myQST}" = "n" ]; fi # Define tag for Ansible -myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux") +myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux") if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]]; then - myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) + # special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions + if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then + myANSIBLE_TAG="RedHat" + else + myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1) + fi else myANSIBLE_TAG=${myCURRENT_DISTRIBUTION} -fi + fi # Check type of sudo access if myANSIBLE_TAG="Debian";