mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-05-05 14:48:53 +00:00
242 lines
7.3 KiB
YAML
242 lines
7.3 KiB
YAML
---
|
|
################################
|
|
# T-Pot - Abort if run as root #
|
|
################################
|
|
|
|
- name: T-Pot Abort if run as root
|
|
hosts: all
|
|
gather_facts: true
|
|
|
|
pre_tasks:
|
|
- name: Check if running as root
|
|
assert:
|
|
that: ansible_user_id != 'root'
|
|
fail_msg: "T-Pot playbook should not be run as root."
|
|
success_msg: "Running as user: {{ ansible_user_id }}."
|
|
|
|
- name: Check if supported distribution
|
|
assert:
|
|
that: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
fail_msg: "T-Pot is not supported on this plattform: {{ ansible_distribution }}."
|
|
success_msg: "T-Pot will now install on {{ ansible_distribution }}."
|
|
|
|
######################################
|
|
# T-Pot - Remove group users, bashrc #
|
|
######################################
|
|
|
|
- name: T-Pot - Remove group users, bashrc
|
|
hosts: all
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
- name: Remove aliases (All)
|
|
blockinfile:
|
|
path: ~/.bashrc
|
|
block: |
|
|
alias dps='grc --colour=on docker ps -f status=running -f status=exited --format "table {{'{{'}}.Names{{'}}'}}\t{{'{{'}}.Status{{'}}'}}\t{{'{{'}}.Ports{{'}}'}}" | sort'
|
|
alias dpsw='watch -c bash -ic dps'
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
state: absent
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
- name: Remove current user from Docker, T-Pot group (All)
|
|
become: true
|
|
user:
|
|
name: "{{ ansible_user_id }}"
|
|
groups:
|
|
- docker
|
|
- tpot
|
|
state: present
|
|
remove: yes
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
- name: Check for non-root user id (All)
|
|
debug:
|
|
msg: "Detected user: '{{ ansible_user_id }}'"
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
failed_when: ansible_user_id == "root"
|
|
|
|
##################################################
|
|
# T-Pot - Remove configs, users and groups, etc. #
|
|
##################################################
|
|
|
|
- name: T-Pot - Remove configs, users and groups, etc.
|
|
hosts: all
|
|
gather_facts: true
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Remove T-Pot user (All)
|
|
user:
|
|
name: tpot
|
|
state: absent
|
|
remove: yes
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
- name: Revert SELinux config (Fedora)
|
|
lineinfile:
|
|
path: /etc/selinux/config
|
|
regexp: '^SELINUX='
|
|
line: 'SELINUX=enforcing'
|
|
state: present
|
|
when: ansible_distribution in ["Fedora"]
|
|
|
|
- name: Revert kernel module loading (Fedora)
|
|
command: modprobe -r iptable_filter
|
|
when: ansible_distribution in ["Fedora"]
|
|
|
|
- name: Remove iptables.conf (Fedora)
|
|
file:
|
|
path: /etc/modules-load.d/iptables.conf
|
|
state: absent
|
|
when: ansible_distribution in ["Fedora"]
|
|
|
|
- name: Revert DNSStubListener in resolved.conf (Fedora, Ubuntu)
|
|
lineinfile:
|
|
path: /etc/systemd/resolved.conf
|
|
regexp: '^.*DNSStubListener=.*'
|
|
line: '#DNSStubListener=yes'
|
|
state: present
|
|
notify: Restart Resolved
|
|
when: ansible_distribution in ["Fedora", "Ubuntu"]
|
|
|
|
- name: Revert SSH port change (Debian, Fedora, Ubuntu)
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
line: "Port 64295"
|
|
state: absent
|
|
notify: Restart SSH
|
|
when: ansible_distribution in ["Debian", "Fedora", "Ubuntu"]
|
|
|
|
- name: Revert SSH port change (openSUSE Tumbleweed)
|
|
file:
|
|
path: /etc/ssh/sshd_config.d/port.conf
|
|
state: absent
|
|
notify: Restart SSH
|
|
when: ansible_distribution in ["openSUSE Tumbleweed"]
|
|
|
|
- name: Remove T-Pot SSH port from Firewall (Fedora, openSUSE Tumbleweed)
|
|
firewalld:
|
|
port: 64295/tcp
|
|
permanent: yes
|
|
state: disabled
|
|
when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"]
|
|
|
|
- name: Remove T-Pot default target modification (Fedora, openSUSE Tumbleweed)
|
|
firewalld:
|
|
zone: public
|
|
target: default
|
|
permanent: yes
|
|
state: enabled
|
|
when: ansible_distribution in ["Fedora", "openSUSE Tumbleweed"]
|
|
|
|
handlers:
|
|
- name: Restart Resolved
|
|
service:
|
|
name: systemd-resolved
|
|
state: restarted
|
|
when: ansible_distribution in ["Fedora", "Ubuntu"]
|
|
|
|
- name: Restart SSH
|
|
service:
|
|
name: "{{ 'sshd' if ansible_distribution == 'Debian' else 'sshd' }}"
|
|
state: restarted
|
|
enabled: true
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
#######################################################
|
|
# T-Pot - Stop and prune everything related to Docker #
|
|
#######################################################
|
|
|
|
- name: T-Pot - Stop and prune everything related to Docker
|
|
hosts: all
|
|
gather_facts: true
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Stop all Docker containers (All)
|
|
docker_container:
|
|
state: absent
|
|
name: "*"
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
ignore_errors: true
|
|
|
|
- name: Prune everything related to Docker (All)
|
|
docker_prune:
|
|
builder_cache: true
|
|
containers: true
|
|
images: true
|
|
networks: true
|
|
volumes: true
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
ignore_errors: true
|
|
|
|
- name: Uninstall Docker Engine packages
|
|
package:
|
|
name:
|
|
- docker
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
- docker-compose
|
|
state: absent
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
- name: Remove Docker repository (Fedora)
|
|
file:
|
|
path: /etc/yum.repos.d/docker-ce.repo
|
|
state: absent
|
|
when: ansible_distribution == "Fedora"
|
|
|
|
- name: Remove Docker Engine repository (Debian, Ubuntu)
|
|
apt_repository:
|
|
filename: docker
|
|
state: absent
|
|
update_cache: yes
|
|
when: ansible_distribution in ["Debian", "Ubuntu"]
|
|
|
|
#- name: Remove Docker Engine GPG key (Debian, Ubuntu)
|
|
#file:
|
|
#path: /etc/apt/keyrings/docker.gpg
|
|
#state: absent
|
|
#when: ansible_distribution in ["Debian", "Ubuntu"]
|
|
|
|
- name: Remove Docker Engine GPG key folder (Debian, Ubuntu)
|
|
file:
|
|
path: /etc/apt/keyrings
|
|
state: absent
|
|
when: ansible_distribution in ["Debian", "Ubuntu"]
|
|
|
|
############################
|
|
# T-Pot - Cleanup packages #
|
|
############################
|
|
|
|
- name: T-Pot - Cleanup packages
|
|
hosts: all
|
|
gather_facts: true
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Uninstall recommended packages (Debian, Fedora, openSUSE Tumbleweed, Ubuntu)
|
|
package:
|
|
name:
|
|
- busybox-net-tools
|
|
- grc
|
|
- neovim
|
|
- net-tools
|
|
state: absent
|
|
update_cache: yes
|
|
when: ansible_distribution in ["Debian", "Fedora", "openSUSE Tumbleweed", "Ubuntu"]
|
|
|
|
- name: Restore conflicting packages (openSUSE Tumbleweed)
|
|
package:
|
|
name:
|
|
- cups
|
|
- net-tools
|
|
- postfix
|
|
- yast2-auth-client
|
|
state: present
|
|
update_cache: yes
|
|
when: ansible_distribution == "openSUSE Tumbleweed"
|