[Add Scan]
This commit is contained in:
@@ -4,7 +4,6 @@
|
||||
gather_facts: false
|
||||
vars:
|
||||
# Variables depuis Environment (non-sensibles)
|
||||
app_env: "{{ lookup('env', 'bw_client_id') }}"
|
||||
vaultwarden_url: "https://vault.jingoh.fr"
|
||||
bw_client_secret: "{{ lookup('env', 'bw_client_secret') }}"
|
||||
bw_client_password: "{{ lookup('env', 'bw_client_password') }}"
|
||||
|
||||
131
scan.yml
131
scan.yml
@@ -1,43 +1,53 @@
|
||||
---
|
||||
- name: Scan
|
||||
hosts:
|
||||
- tower
|
||||
hosts: tower
|
||||
#- localhost
|
||||
become: true
|
||||
gather_facts: false
|
||||
vars:
|
||||
user: sgratias
|
||||
user_mail: stephane.gratiasquiquandon@gmail.com
|
||||
token: !vault |
|
||||
$ANSIBLE_VAULT;1.2;AES256;prod
|
||||
30383538646164373137616166636632353964373362323735626239656337306139616265323138
|
||||
3834383331316466653565323632616163353964643637660a363262383461363234363738613034
|
||||
64383132373061653337313365333734646635396635313133613861303730303163383764653664
|
||||
6537633761353939330a356236623265383931643530316430303938303735306536343163323163
|
||||
62636236346362663036343765363830383738623563613161373637383239623134376163653662
|
||||
3565333032326133326232326633386332633639373862313463
|
||||
vaultwarden_url: "https://vault.jingoh.fr"
|
||||
bw_client_secret: "{{ lookup('env', 'bw_client_secret') }}"
|
||||
bw_client_password: "{{ lookup('env', 'bw_client_password') }}"
|
||||
bw_client_id: "{{ lookup('env', 'bw_client_id') }}"
|
||||
# password_monitoring_alert: "{{ lookup('env', 'password') }}"
|
||||
# user_monitoring_alert: "{{ lookup('env', 'username') }}"
|
||||
gitea_token: "{{ lookup('env', 'gitea_token') }}"
|
||||
user_mail: "{{ lookup('env', 'mail') }}"
|
||||
user: "{{ lookup('env', 'username') }}"
|
||||
target_network: "{{ lookup('env', 'target_network') }}"
|
||||
target_port: "{{ lookup('env', 'target_port') }}"
|
||||
# user: sgratias
|
||||
# user_mail: stephane.gratiasquiquandon@gmail.com
|
||||
# token: !vault |
|
||||
# $ANSIBLE_VAULT;1.2;AES256;prod
|
||||
# 30383538646164373137616166636632353964373362323735626239656337306139616265323138
|
||||
# 3834383331316466653565323632616163353964643637660a363262383461363234363738613034
|
||||
# 64383132373061653337313365333734646635396635313133613861303730303163383764653664
|
||||
# 6537633761353939330a356236623265383931643530316430303938303735306536343163323163
|
||||
# 62636236346362663036343765363830383738623563613161373637383239623134376163653662
|
||||
# 3565333032326133326232326633386332633639373862313463
|
||||
#TODO target in list
|
||||
# 163.172.0.0/24
|
||||
# 163.172.80.0/28
|
||||
target_network: 147.135.120.20/30
|
||||
target_port: 20-80
|
||||
# target_network: 147.135.120.20/30
|
||||
# target_port: 20-80
|
||||
# 163.172.0.0/20
|
||||
# 163.172.16.0/20
|
||||
# 163.172.31.0/20
|
||||
# 163.172.48.0/20
|
||||
# 163.172.63.254/20
|
||||
ansible_user: stephane
|
||||
# ansible_user: stephane
|
||||
# ansible_password: stephane
|
||||
# ansible_become_password: stephane
|
||||
username: jingohalert
|
||||
password: !vault |
|
||||
$ANSIBLE_VAULT;1.2;AES256;prod
|
||||
66346630333538386564396632636161316239326530653037666465616165393135666532643264
|
||||
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
|
||||
65366439343135636634393832636436353764303066653530346232323164376265313039373630
|
||||
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
|
||||
3130
|
||||
# apt-get install sshpass
|
||||
# username: jingohalert
|
||||
# password: !vault |
|
||||
# $ANSIBLE_VAULT;1.2;AES256;prod
|
||||
# 66346630333538386564396632636161316239326530653037666465616165393135666532643264
|
||||
# 3037363865363531636635306535663736353734333733340a363639636638396662616538343335
|
||||
# 65366439343135636634393832636436353764303066653530346232323164376265313039373630
|
||||
# 3863613961373430340a303866363962353262623030373061616134303366336237346631383539
|
||||
# 3130
|
||||
# # apt-get install sshpass
|
||||
|
||||
# #
|
||||
# # @author Stéphane Gratias (2021).
|
||||
@@ -49,12 +59,55 @@
|
||||
tasks:
|
||||
|
||||
|
||||
- ansible.builtin.command:
|
||||
cmd: bw logout
|
||||
delegate_to: localhost
|
||||
ignore_errors: true
|
||||
|
||||
- name: bitwarden token session
|
||||
ansible.builtin.shell: "{{ item }}"
|
||||
environment:
|
||||
BW_CLIENTID: "{{ bw_client_id }}"
|
||||
BW_CLIENTSECRET: "{{ bw_client_secret }}"
|
||||
BW_PASSWORD: "{{ bw_client_password }}"
|
||||
loop:
|
||||
- bw config server {{ vaultwarden_url }}
|
||||
- bw login --apikey
|
||||
- bw unlock --passwordenv BW_PASSWORD --raw
|
||||
delegate_to: localhost
|
||||
register: bw_session_result
|
||||
|
||||
- name: Get secret from Bitwarden
|
||||
command:
|
||||
argv:
|
||||
- bw
|
||||
- get
|
||||
- password
|
||||
- "{{ bw_requested_password_id }}"
|
||||
- --session
|
||||
- "{{ bw_session_result.results[-1].stdout | trim }}"
|
||||
delegate_to: localhost
|
||||
register: gitea_token_result
|
||||
no_log: true
|
||||
changed_when: false
|
||||
|
||||
# - name: Return all secrets from a path
|
||||
# ansible.builtin.debug:
|
||||
# msg: "{{ gitea_token_result.stdout }}"
|
||||
# delegate_to: localhost
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
gitea_token : "{{ gitea_token_result.stdout | trim }}"
|
||||
no_log: true
|
||||
delegate_to: localhost
|
||||
|
||||
|
||||
# - ansible.builtin.apt:
|
||||
# name: masscan
|
||||
# update_cache: true
|
||||
|
||||
- ansible.builtin.git:
|
||||
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
|
||||
repo: https://{{ user }}:{{ gitea_token }}@gitea.jingoh.fr/{{ user }}/scan.git
|
||||
dest: "{{ playbook_dir }}/scan"
|
||||
single_branch: yes
|
||||
force: true
|
||||
@@ -143,7 +196,7 @@
|
||||
git config user.name "{{ user }}"
|
||||
git add .
|
||||
git commit -m "Push scan with access token"
|
||||
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
|
||||
git push https://{{ user }}:{{ gitea_token}}@gitea.jingoh.fr/{{ user }}/scan.git
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/scan/"
|
||||
run_once: true
|
||||
@@ -173,16 +226,16 @@
|
||||
# msg: "{{ host_interfaces }}"
|
||||
|
||||
|
||||
# - name: NTFY when docker compose changed
|
||||
# uri:
|
||||
# url: "https://alert.jingoh.fr/scaleway"
|
||||
# method: POST
|
||||
# user: "{{ username }}"
|
||||
# password: "{{ password }}"
|
||||
# headers:
|
||||
# Title: "SCAN {{ target_port }}"
|
||||
# ta: "file_folder"
|
||||
# body: "{{ target_network }}"
|
||||
# status_code: 200
|
||||
# tags: test1
|
||||
# delegate_to: localhost
|
||||
- name: NTFY when docker compose changed
|
||||
uri:
|
||||
url: "http://alert/scaleway"
|
||||
method: POST
|
||||
# user: "{{ username }}"
|
||||
# password: "{{ password }}"
|
||||
headers:
|
||||
Title: "SCAN {{ target_port }}"
|
||||
ta: "file_folder"
|
||||
body: "{{ target_network }}"
|
||||
status_code: 200
|
||||
tags: test1
|
||||
delegate_to: localhost
|
||||
|
||||
Reference in New Issue
Block a user