Compare commits

...

2 commits

Author SHA1 Message Date
Dan Urson
cb7b920aa1 close unclosed if statement in uninstall script 2025-09-23 15:18:11 +00:00
Dan Urson
38a3bed537 address PR feedback 2025-09-23 09:26:20 -04:00
5 changed files with 218 additions and 94 deletions

View file

@ -39,6 +39,7 @@ env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/in
- [Raspberry Pi 4 (8GB) Support](#raspberry-pi-4-8gb-support)
- [Get and install T-Pot](#get-and-install-t-pot)
- [macOS \& Windows](#macos--windows)
- [Red Hat Enterprise Linux](#red-hat-enterprise-linux)
- [Installation Types](#installation-types)
- [Standard / Hive](#standard--hive)
- [Distributed](#distributed)
@ -190,7 +191,7 @@ T-Pot offers a number of services which are basically divided into five groups:
During the installation and during the usage of T-Pot there are two different types of accounts you will be working with. Make sure you know the differences of the different account types, since it is **by far** the most common reason for authentication errors.
| Service | Account Type | Username / Group | Description |
| :--------------- | :----------- | :--------------- | :----------------------------------------------------------------- |
|:-----------------|:-------------|:-----------------|:-------------------------------------------------------------------|
| SSH | OS | `<OS_USERNAME>` | The user you chose during the installation of the OS. |
| Nginx | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. |
| CyberChef | BasicAuth | `<WEB_USER>` | `<web_user>` you chose during the installation of T-Pot. |
@ -209,7 +210,7 @@ Depending on the [supported Linux distro images](#choose-your-distro), hive / se
<br><br>
| T-Pot Type | RAM | Storage | Description |
| :--------- | :--- | :-------- | :----------------------------------------------------------------------------------------------- |
|:-----------|:-----|:----------|:-------------------------------------------------------------------------------------------------|
| Hive | 16GB | 256GB SSD | As a rule of thumb, the more honeypots, sensors & data, the more RAM and storage is needed. |
| Sensor | 8GB | 128GB SSD | Since honeypot logs are persisted (~/tpotce/data) for 30 days, storage depends on attack volume. |
@ -250,7 +251,7 @@ Some users report working installations on other clouds and hosters, i.e. Azure
Besides the ports generally needed by the OS, i.e. obtaining a DHCP lease, DNS, etc. T-Pot will require the following ports for incoming / outgoing connections. Review the [T-Pot Architecture](#technical-architecture) for a visual representation. Also some ports will show up as duplicates, which is fine since used in different editions.
| Port | Protocol | Direction | Description |
| :------------------------------------------------------------------------------------------------------------------------------------ | :------- | :-------- | :-------------------------------------------------------------------------------------------------- |
|:--------------------------------------------------------------------------------------------------------------------------------------|:---------|:----------|:----------------------------------------------------------------------------------------------------|
| 80, 443 | tcp | outgoing | T-Pot Management: Install, Updates, Logs (i.e. OS, GitHub, DockerHub, Sicherheitstacho, etc. |
| 11434 | tcp | outgoing | LLM based honeypots: Access your Ollama installation |
| 64294 | tcp | incoming | T-Pot Management: Sensor data transmission to hive (through NGINX reverse proxy) to 127.0.0.1:64305 |
@ -317,14 +318,14 @@ Once you are familiar with how things work you should choose a network you suspe
## Choose your distro
**Steps to Follow:**
1. Download a supported Linux distribution from the list below.
1. Download a supported Linux distribution from the list below. (NOTE: Red Hat Enterprise Linux >= 8 is supported, but omitted from the list below due to its subscription-based nature. See [Red Hat Enterprise Linux](#red-hat-enterprise-linux) for details).
2. During installation choose a **minimum**, **netinstall** or **server** version that will only install essential packages.
3. **Never** install a graphical desktop environment such as Gnome or KDE. T-Pot will fail to work with it due to port conflicts.
4. Make sure to install SSH, so you can connect to the machine remotely.
| Distribution Name | x64 | arm64 |
| :--------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------- |
|:-----------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
| [Alma Linux OS 9.6 Boot ISO](https://almalinux.org) | [download](https://repo.almalinux.org/almalinux/9.6/isos/x86_64/AlmaLinux-9.6-x86_64-boot.iso) | [download](https://repo.almalinux.org/almalinux/9.6/isos/aarch64/AlmaLinux-9.6-aarch64-boot.iso) |
| [Debian 13 Network Install](https://www.debian.org/CD/netinst/index.en.html) | [download](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.0.0-amd64-netinst.iso) | [download](https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-13.0.0-arm64-netinst.iso) |
| [Fedora Server 42 Network Install](https://fedoraproject.org/server/download) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/iso/Fedora-Server-netinst-x86_64-42-1.1.iso) | [download](https://download.fedoraproject.org/pub/fedora/linux/releases/42/Server/aarch64/iso/Fedora-Server-netinst-aarch64-42-1.1.iso) |
@ -336,7 +337,7 @@ Once you are familiar with how things work you should choose a network you suspe
## Raspberry Pi 4 (8GB) Support
| Distribution Name | arm64 |
| :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
|:-----------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------|
| [Raspberry Pi OS (**64Bit, Lite**)](https://www.raspberrypi.com) | [download](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz) |
<br><br>
@ -381,6 +382,15 @@ To get things up and running just follow these steps:
8. Start T-Pot: `docker compose up` or `docker compose up -d` if you want T-Pot to run in the background.
9. Stop T-Pot: `CTRL-C` (it if was running in the foreground) and / or `docker compose down -v` to stop T-Pot entirely.
## Red Hat Enterprise Linux
Red Hat Enterprise Linux (RHEL) is a somewhat unique case in that:
1. Connections to Red Hat repositories depend on a Red Hat subscription. You will not be able to update the OS or install new packages if the targeted machine is not subscribed. **If your server is not attached to a Red Hat subscription, installation will fail!**
2. Ansible is installed from a RHEL-specific repository by the installer. Do not attempt to install it from the upstream repositories.
3. Docker is installed from EPEL, which is installed by the installer script. Do not attempt to install it from the community installer script.
2. T-Pot will only install successfully on RHEL >= 8. One of the convenience dependencies (`grc`) depends on Python 2, which was removed after RHEL 7. It is omitted from the RHEL installation of T-Pot.
## Installation Types
### Standard / Hive

View file

@ -27,6 +27,30 @@ validate_type() {
}
}
rhel_version() {
# special case for RHEL due to its complicated repo infrastructure
# primarily used for EPEL repo selection
# supports RHEL 7-10
myRHEL_VERSION=$(grep PLATFORM_ID /etc/os-release | cut -d ':' -f2 | grep -Eo '([0-9]{1,2})')
if [ "$myRHEL_VERSION" -lt 7 ]; then
echo "Error: RHEL < 7 not supported!" >&2
exit 1
fi
echo "$myRHEL_VERSION"
}
rhel_ansible_repo() {
# rhel uses a dedicated repo for ansible that we need to enable through subscription-manager
myRHEL_ANSIBLE_REPO=$(sudo subscription-manager repos --list \
| grep -E "ansible-automation-platform-[0-9]{1}\.[0-9]{1}-for-rhel-$(rhel_version)-x86_64-rpms" \
| awk -F':' '{print $2}' \
| tr -d ' ' \
| sort -nr \
| head -n 1
)
echo "$myRHEL_ANSIBLE_REPO"
}
# Defaults
myQST=""
myTPOT_TYPE=""
@ -78,6 +102,7 @@ myTPOT_CONF_FILE="/home/${myUSER}/tpotce/.env"
myPACKAGES_DEBIAN="ansible apache2-utils cracklib-runtime wget"
myPACKAGES_FEDORA="ansible cracklib httpd-tools wget"
myPACKAGES_ROCKY="ansible-core ansible-collection-redhat-rhel_mgmt epel-release cracklib httpd-tools wget"
myPACKAGES_RHEL="ansible-core ansible-collection-redhat-rhel_mgmt cracklib httpd-tools wget"
myPACKAGES_OPENSUSE="ansible apache2-utils cracklib wget"
@ -99,12 +124,12 @@ if [ ${EUID} -eq 0 ];
fi
# Check if running on a supported distribution
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu")
myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu."
echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
echo
exit 1
@ -122,8 +147,7 @@ if [[ -z "$myQST" ]]; then
echo
done
fi
if [ "${myQST}" = "n" ];
then
if [ "${myQST}" = "n" ]; then
echo
echo "### Aborting!"
echo
@ -176,14 +200,35 @@ case ${myCURRENT_DISTRIBUTION} in
sudo dnf -y --refresh install ${myPACKAGES_ROCKY}
ansible-galaxy collection install ansible.posix
;;
"Red Hat Enterprise Linux")
echo
echo ${myINSTALL_NOTIFICATION}
echo
echo "RHEL detected - configuring version and Ansible repo strings"
rhel_version
rhel_ansible_repo
sudo yum update
# extra repo required for EPEL on RHEL
sudo subscription-manager repos --enable codeready-builder-for-rhel-"$myRHEL_VERSION"-$(arch)-rpms
# epel installer is not standard on RHEL
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$myRHEL_VERSION".noarch.rpm
# ansible comes from rhel subscription manager
sudo subscription-manager repos --enable "$myRHEL_ANSIBLE_REPO"
sudo dnf -y --refresh install ${myPACKAGES_RHEL}
ansible-galaxy collection install ansible.posix
esac
echo
# Define tag for Ansible
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux")
if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
then
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
# special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions
if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then
myANSIBLE_TAG="RedHat"
else
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
fi
else
myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
fi

View file

@ -19,6 +19,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -31,6 +32,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -44,13 +46,14 @@
- "Raspbian"
- "Ubuntu"
- name: Add python package (Alma, Fedora, Rocky)
- name: Add python package (Alma, Fedora, RHEL, Rocky)
raw: |
dnf -y --refresh install python3
when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "Rocky"] and my_python3.stdout | trim == ""
when: my_distribution.stdout | trim in ["AlmaLinux", "Fedora", "RedHat", "Rocky"] and my_python3.stdout | trim == ""
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Add python package (openSUSE Tumbleweed)
@ -75,6 +78,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -93,8 +97,8 @@
- name: Check if supported distribution (All)
assert:
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}."
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
fail_msg: "T-Pot is not supported on this platform: {{ ansible_distribution }}."
success_msg: "T-Pot will now install on {{ ansible_distribution }}."
############################################################
@ -109,7 +113,7 @@
tasks:
- name: Syncing clocks (All)
shell: "hwclock --hctosys"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
ignore_errors: true
tags:
- "AlmaLinux"
@ -117,6 +121,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -178,14 +183,15 @@
- "AlmaLinux"
- "Rocky"
- name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, Rocky)
- name: Download and install micro editor (AlmaLinux, openSUSE Tumbleweed, RHEL, Rocky)
shell: "curl https://getmic.ro | bash && mv micro /usr/bin"
args:
executable: /bin/bash
when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Install recommended packages (Fedora)
@ -255,7 +261,7 @@
become: true
tasks:
- name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
- name: Remove distribution based Docker packages and podman-docker (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu)
package:
name:
- docker
@ -267,12 +273,13 @@
- podman
state: absent
update_cache: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -330,6 +337,16 @@
tags:
- "Fedora"
- name: Add Docker repository (RHEL)
shell: |
if [ "$(dnf repolist docker-ce-stable)" == "" ];
then
dnf -y config-manager addrepo --from-repofile=https://download.docker.com/linux/rhel/docker-ce.repo
fi
when: ansible_distribution in ["RedHat"]
tags:
- "RedHat"
- name: Add Docker repository (AlmaLinux, Rocky)
shell: |
if [ "$(dnf repolist docker-ce-stable)" == "" ];
@ -368,7 +385,7 @@
tags:
- "openSUSE Tumbleweed"
- name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
- name: Install Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu)
package:
name:
- docker-ce
@ -378,12 +395,13 @@
- docker-compose-plugin
state: latest
update_cache: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -392,13 +410,14 @@
name: docker
state: stopped
enabled: false
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -417,13 +436,14 @@
name: tpot
gid: 2000
state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -435,13 +455,14 @@
shell: /bin/false
home: /nonexistent
group: tpot
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -451,13 +472,14 @@
line: "vm.max_map_count=262144"
state: present
create: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -478,32 +500,34 @@
tags:
- "Ubuntu"
- name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu)
- name: Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu)
ansible.builtin.replace:
path: /etc/ssh/sshd_config
regexp: '^(Port (?!64295$)[0-9]+)'
replace: '# \1'
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
- name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
- name: Change SSH Port to 64295 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu)
lineinfile:
path: /etc/ssh/sshd_config
line: "Port 64295"
insertafter: EOF
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -516,76 +540,83 @@
tags:
- "openSUSE Tumbleweed"
- name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Add T-Pot SSH port to Firewall (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
firewalld:
port: 64295/tcp
permanent: yes
state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Set T-Pot default target to ACCEPT (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
firewalld:
zone: public
target: ACCEPT
permanent: yes
state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Load kernel modules (AlmaLinux, Fedora, Rocky)
- name: Load kernel modules (AlmaLinux, Fedora, RHEL, Rocky)
command: modprobe -v iptable_filter
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Update iptables.conf (AlmaLinux, Fedora, Rocky)
- name: Update iptables.conf (AlmaLinux, Fedora, RHEL, Rocky)
lineinfile:
path: /etc/modules-load.d/iptables.conf
line: iptable_filter
create: yes
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Set SELinux config to permissive (AlmaLinux, Fedora, Rocky)
- name: Set SELinux config to permissive (AlmaLinux, Fedora, RHEL, Rocky)
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=permissive'
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Set SELinux to permissive (AlmaLinux, Fedora, Rocky)
- name: Set SELinux to permissive (AlmaLinux, Fedora, RHEL, Rocky)
command: "setenforce Permissive"
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Stop Resolved (Fedora, Ubuntu)
- name: Stop Resolved (Fedora, RHEL, Ubuntu)
service:
name: systemd-resolved
state: stopped
when: ansible_distribution in ["Fedora", "Ubuntu"]
when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"]
tags:
- "Fedora"
- "RedHat"
- "Ubuntu"
- name: Copy resolved.conf to /etc/systemd (Fedora)
@ -597,6 +628,15 @@
tags:
- "Fedora"
- name: Copy resolv.conf to /etc/systemd (RHEL)
copy:
src: /usr/lib/systemd/resolv.conf
dest: /etc/systemd/resolv.conf
when: ansible_distribution in ["RedHat"]
ignore_errors: true
tags:
- "RedHat"
- name: Modify DNSStubListener in resolved.conf (Fedora, Ubuntu)
lineinfile:
path: /etc/systemd/resolved.conf
@ -618,44 +658,48 @@
become: true
tasks:
- name: Start Resolved (Fedora, Ubuntu)
- name: Start Resolved (Fedora, RHEL, Ubuntu)
service:
name: systemd-resolved
state: restarted
when: ansible_distribution in ["Fedora", "Ubuntu"]
when: ansible_distribution in ["Fedora", "RedHat", "Ubuntu"]
tags:
- "Fedora"
- "RedHat"
- "Ubuntu"
- name: Restart Firewalld (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
service:
name: firewalld
state: restarted
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "Rocky"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Get Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
command: "firewall-cmd --list-all"
register: firewall_output
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "Rocky"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Print Firewall rules (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
debug:
var: firewall_output.stdout_lines
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Enable Docker Engine upon boot (All)
@ -663,13 +707,14 @@
name: docker
state: restarted
enabled: true
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -678,13 +723,14 @@
name: "{{ 'ssh' if ansible_distribution in ['Ubuntu'] else 'sshd' }}"
state: restarted
enabled: true
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -702,6 +748,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -709,27 +756,28 @@
- name: Check for non-root user id (All)
debug:
msg: "Detected user: '{{ ansible_user_id }}'"
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
failed_when: ansible_user_id == "root"
- name: Add aliases (All)
- name: Add aliases
blockinfile:
path: ~/.bashrc
block: |
alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dps='{{ "grc --colour=on " if ansible_distribution != "RedHat" else "" }}docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\\t{{'{{'}}.Status{{'}}'}}\\t{{'{{'}}.Ports{{'}}'}}" | sort'
alias dpsw='watch -c bash -ic dps'
alias mi='micro'
alias sudo='sudo '
marker: "# {mark} ANSIBLE MANAGED BLOCK"
insertafter: EOF
state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -740,7 +788,7 @@
version: master
clone: yes
update: no
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
- name: Add current user to Docker, T-Pot group (All)
become: true
@ -750,7 +798,7 @@
- docker
- tpot
append: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
########################################
# T-Pot - Install service and cron job #
@ -766,6 +814,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -779,7 +828,7 @@
group: root
mode: '0755'
notify: Reload systemd and enable service
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
handlers:
- name: Reload systemd and enable service
@ -789,7 +838,7 @@
daemon_reload: yes
state: stopped
enabled: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
- name: T-Pot - Setup a randomized daily reboot
hosts: all
@ -801,6 +850,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -817,4 +867,4 @@
hour: "{{ random_hour }}"
job: "bash -c 'systemctl stop tpot.service && docker container prune -f; docker image prune -f; docker volume prune -f; /usr/sbin/shutdown -r +1 \"T-Pot Daily Reboot\"'"
state: present
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]

View file

@ -17,6 +17,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -35,7 +36,7 @@
- name: Check if supported distribution (All)
assert:
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
that: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
fail_msg: "T-Pot uninstall is not supported on this plattform: {{ ansible_distribution }}."
success_msg: "T-Pot will now be removed from {{ ansible_distribution }}."
@ -53,6 +54,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -62,7 +64,7 @@
name: "T-Pot Daily Reboot"
user: root
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
- name: Remove T-Pot systemd service
hosts: all
@ -74,6 +76,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -84,14 +87,14 @@
state: stopped
enabled: no
ignore_errors: yes
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
- name: Remove systemd service file for tpot
ansible.builtin.file:
path: '/etc/systemd/system/tpot.service'
state: absent
notify: Reload systemd
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
handlers:
- name: Reload systemd
@ -113,6 +116,7 @@
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -124,7 +128,7 @@
marker: "# {mark} ANSIBLE MANAGED BLOCK"
state: absent
become: false
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
##########################################################
# T-Pot - Restore configs, remove users and groups, etc. #
@ -147,50 +151,53 @@
- "Fedora"
- "Ubuntu"
- name: Revert SELinux config to enforcing (AlmaLinux, Fedora, Rocky)
- name: Revert SELinux config to enforcing (AlmaLinux, Fedora, RHEL, Rocky)
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "Rocky"
- name: Remove iptables.conf file (AlmaLinux, Fedora, Rocky)
- name: Remove iptables.conf file (AlmaLinux, Fedora, RHEL, Rocky)
file:
path: /etc/modules-load.d/iptables.conf
state: absent
when: ansible_distribution in ["AlmaLinux", "Fedora", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"
- name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Revert firewall to default target DROP (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
firewalld:
zone: public
target: DROP
permanent: yes
state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, Rocky)
- name: Revert firewall to SSH default (AlmaLinux, Fedora, openSUSE Tumbleweed, RHEL, Rocky)
firewalld:
port: 22/tcp
permanent: yes
state: enabled
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "Rocky"]
when: ansible_distribution in ["AlmaLinux", "Fedora", "openSUSE Tumbleweed", "RedHat", "Rocky"]
tags:
- "AlmaLinux"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Rocky"
- name: Remove port.conf file to revert SSH to default port (openSUSE Tumbleweed)
@ -201,32 +208,34 @@
tags:
- "openSUSE Tumbleweed"
- name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
- name: Revert SSH Port to 22 (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu)
lineinfile:
path: /etc/ssh/sshd_config
line: "Port 64295"
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "RedHat", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
- name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, Rocky, Ubuntu)
- name: Revert Comment out Port(s) in sshd_config, can cause port conflicts on deploy (AlmaLinux, Debian, Fedora, openSUSE Tumbleweed, Raspbian, RHEL, Rocky, Ubuntu)
ansible.builtin.replace:
path: /etc/ssh/sshd_config
regexp: '^# (Port (?!22$)[0-9]+)'
replace: '\1'
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -235,13 +244,14 @@
path: /etc/sysctl.conf
line: "vm.max_map_count=262144"
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -249,13 +259,14 @@
user:
name: tpot
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -263,13 +274,14 @@
group:
name: tpot
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "Raspbian"
- "RedHat"
- "Rocky"
- "Ubuntu"
@ -298,7 +310,7 @@
tags:
- "openSUSE Tumbleweed"
- name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, Rocky, Ubuntu)
- name: Remove Docker Engine packages (AlmaLinux, Debian, Fedora, Raspbian, RHEL, Rocky, Ubuntu)
package:
name:
- docker-ce
@ -307,7 +319,7 @@
- docker-buildx-plugin
- docker-compose-plugin
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
@ -320,12 +332,13 @@
file:
path: /var/lib/docker
state: absent
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "Rocky", "Ubuntu"]
when: ansible_distribution in ["AlmaLinux", "Debian", "Fedora", "openSUSE Tumbleweed", "Raspbian", "RedHat", "Rocky", "Ubuntu"]
tags:
- "AlmaLinux"
- "Debian"
- "Fedora"
- "openSUSE Tumbleweed"
- "RedHat"
- "Raspbian"
- "Rocky"
- "Ubuntu"
@ -350,7 +363,7 @@
- "Raspbian"
- "Ubuntu"
- name: Remove Docker repository (AlmaLinux, Rocky)
- name: Remove Docker repository (AlmaLinux, RHEL, Rocky)
file:
path: /etc/yum.repos.d/docker-ce.repo
state: absent
@ -358,4 +371,5 @@
tags:
- "AlmaLinux"
- "Fedora"
- "RedHat"
- "Rocky"

View file

@ -23,12 +23,12 @@ if [ ${EUID} -eq 0 ];
fi
# Check if running on a supported distribution
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Rocky Linux" "Ubuntu")
mySUPPORTED_DISTRIBUTIONS=("AlmaLinux" "Debian GNU/Linux" "Fedora Linux" "openSUSE Tumbleweed" "Raspbian GNU/Linux" "Red Hat Enterprise Linux" "Rocky Linux" "Ubuntu")
myCURRENT_DISTRIBUTION=$(awk -F= '/^NAME/{print $2}' /etc/os-release | tr -d '"')
if [[ ! " ${mySUPPORTED_DISTRIBUTIONS[@]} " =~ " ${myCURRENT_DISTRIBUTION} " ]];
then
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, Rocky Linux and Ubuntu."
echo "### Only the following distributions are supported: AlmaLinux, Fedora, Debian, openSUSE Tumbleweed, RHEL, Rocky Linux and Ubuntu."
echo "### Please follow the T-Pot documentation on how to run T-Pot on macOS, Windows and other currently unsupported platforms."
echo
exit 1
@ -54,13 +54,18 @@ if [ "${myQST}" = "n" ];
fi
# Define tag for Ansible
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux")
myANSIBLE_DISTRIBUTIONS=("Fedora Linux" "Debian GNU/Linux" "Raspbian GNU/Linux" "Rocky Linux" "Red Hat Enterprise Linux")
if [[ "${myANSIBLE_DISTRIBUTIONS[@]}" =~ "${myCURRENT_DISTRIBUTION}" ]];
then
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
# special case AGAIN, /etc/os-release doesn't match Ansible's tagging conventions
if [[ "${myCURRENT_DISTRIBUTION}" == "Red Hat Enterprise Linux" ]]; then
myANSIBLE_TAG="RedHat"
else
myANSIBLE_TAG=$(echo ${myCURRENT_DISTRIBUTION} | cut -d " " -f 1)
fi
else
myANSIBLE_TAG=${myCURRENT_DISTRIBUTION}
fi
fi
# Check type of sudo access
if myANSIBLE_TAG="Debian";