sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[commmit staff]

Browse Source
This commit is contained in:
sgratias
2024-08-02 01:27:05 +02:00
parent 03d8bd09b5
commit 734bbf6905
2 changed files with 153 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
scan_https.yml Normal file
View File

@@ -0,0 +1,153 @@
---
- name: Scan
hosts: scale01
become: true
gather_facts: false
vars:
user: staffadmin
token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
35343365393734313034383961616333633265623037303436653739613935366666373237366562
3663316563663439363333396530376139663731346637390a366335333732303134316364363130
30313631343534643866383336623837363433303032376264373139306464313866313034663636
3961303030373531380a343061326437343066663665613833623533376437326630326432363566
37653135666331633532653436656461396131623736353962643632316135633562346631313036
6137356332636431643830666461333862613835336631333037
# 163.172.0.0/24
# 163.172.80.0/28
target_network: 163.172.80.0/28
ansible_user: stephane
ansible_password: stephane
ansible_become_password: stephane
username: jingohalert
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod
66346630333538386564396632636161316239326530653037666465616165393135666532643264
3037363865363531636635306535663736353734333733340a363639636638396662616538343335
65366439343135636634393832636436353764303066653530346232323164376265313039373630
3863613961373430340a303866363962353262623030373061616134303366336237346631383539
3130
# apt-get install sshpass
# #
# # @author Stéphane Gratias (2021).
#
# roles:
# - { role: geerlingguy.pip, tags: pip }
tasks:
- ansible.builtin.apt:
name: masscan
update_cache: true
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
dest: "{{ playbook_dir }}/scan"
single_branch: yes
force: true
delegate_to: localhost
# apt install masscan
- ansible.builtin.command:
cmd: "masscan {{ target_network }} -p443"
become: true
register: scan_output
# - debug:
# msg: "{{ item }}"
# loop: "{{ scan_output.stdout_lines }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- name: Get a cert from an https port
community.crypto.get_certificate:
host: "{{ item.split('on')[-1].strip() }}"
port: 443
delegate_to: localhost
run_once: true
loop: "{{ scan_output.stdout_lines }}"
ignore_errors: true
register: cert
tags: test
# item.subject.CN
- debug:
# msg: "{{ item.subject.CN }}"
msg: "{{ item.invocation.module_args.host}}"
loop: "{{ cert.results }}"
# - "{{ cert.not_after }}"
# - "{{ ansible_date_time.iso8601_basic }}"
tags: test
delegate_to: localhost
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/"
state: directory
loop: "{{ cert.results }}"
- name: Add a line to a file if the file does not exist, without passing regexp
ansible.builtin.lineinfile:
path: "{{ playbook_dir }}/scan/https/{{ item.invocation.module_args.host.split('.')[0] }}/{{ item.invocation.module_args.host.split('.')[1] }}/{{ item.invocation.module_args.host.split('.')[2] }}"
line: "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN | default('---') }} ---- {{ item.issuer| default('---')}}"
create: yes
loop: "{{ cert.results }}"
delegate_to: localhost
# - name: Copy file with owner and permissions
# ansible.builtin.copy:
# dest: "{{ playbook_dir }}/scan/scan_https_{{ target_network.split('/')[0] }}_{{ target_network.split('/')[-1] }}"
# content: |
# "{{ item.invocation.module_args.host }} ---- {{ item.subject.CN }} ---- {{ item.issuer}}"
# loop: "{{ cert.results }}"
# delegate_to: localhost
# # item.subject.CN
# - debug:
# msg: "{{ item.item.split('on')[-1].strip() }}"
# loop: "{{ cert.results }}"
# # - "{{ cert.not_after }}"
# # - "{{ ansible_date_time.iso8601_basic }}"
# tags: test
# delegate_to: localhost
- ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com"
git config user.name "staffadmin"
git add .
git commit -m "Push scan with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
args:
chdir: "{{ playbook_dir }}/scan/"
run_once: true
delegate_to: localhost
# - debug:
# msg: "{{ host_interfaces }}"
# - name: NTFY when docker compose changed
# uri:
# url: "https://alert.jingoh.fr/scaleway"
# method: POST
# user: "{{ username }}"
# password: "{{ password }}"
# headers:
# Title: "SCAN HTTPS "
# ta: "file_folder"
# body: "{{ target_network }}"
# status_code: 200
# tags: test1
# delegate_to: localhost
# when: fetch_files_backup.changed is true

27
swarm.yml
View File

@@ -326,33 +326,6 @@
- "traefik.enable=false"
networks:
- public
grafana:
image: grafana/grafana:latest
container_name: grafana
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
- public
volumes:
- grafana-lib:/var/lib/grafana
environment:
GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel"
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.grafana-rtr.entrypoints=websecure"
- "traefik.http.routers.grafana-rtr.rule=Host(`grafana2.jingoh.private`)"
# Middlewares
- "traefik.http.routers.grafana-rtr.middlewares=privatevpn,forward-auth"
# HTTP Services
- "traefik.http.routers.grafana-rtr.service=grafana-svc"
- "traefik.http.services.grafana-svc.loadbalancer.server.port=3000"
# TLS
- "traefik.http.routers.grafana-rtr.tls=true"
networks:
public:
external: true