[Add scan right creds]

2025-08-02 14:22:49 +02:00
parent a530906f99
commit bd4d3b4c43
3 changed files with 24 additions and 12 deletions
--- a/hardening-linux.yml
+++ b/hardening-linux.yml
@@ -0,0 +1,11 @@
+- hosts: all
+  become: true
+  roles:
+    # #! need change for iphone ssh access
+    # - name: devsec.hardening.ssh_hardening
+    # #! be carefull 
+    # - name: devsec.hardening.os_hardening
+
+# - community.general.ufw:
+#     state: enabled
+#     policy: allow
--- a/hardening-test.yml
+++ b/hardening-test.yml
--- a/scan.yml
+++ b/scan.yml
@@ -6,16 +6,16 @@
  become: true
  gather_facts: false
  vars: 
-
-    user: staffadmin
+    user: sgratias
+    user_mail: stephane.gratiasquiquandon@gmail.com
    token: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
-              36643134383530303633323430386137633665353639626562386164373661346162636434396661
-              6434313933346332663430663035616537643738323264360a396363613330373164366261343861
-              33663731336536303237653335633836343536356230383635653333633039653038393533343535
-              3436653339343363660a666135343230653833366264316537353232313831396464313163386264
-              36396461313831376361653765626464316635343964336363373836626639616361623631353163
-              3834386630323937316163666335373731643439623961643966
+              30383538646164373137616166636632353964373362323735626239656337306139616265323138
+              3834383331316466653565323632616163353964643637660a363262383461363234363738613034
+              64383132373061653337313365333734646635396635313133613861303730303163383764653664
+              6537633761353939330a356236623265383931643530316430303938303735306536343163323163
+              62636236346362663036343765363830383738623563613161373637383239623134376163653662
+              3565333032326133326232326633386332633639373862313463
  #TODO target in list
  # 163.172.0.0/24
  # 163.172.80.0/28 
@@ -54,7 +54,7 @@
  #     update_cache: true

  - ansible.builtin.git:
-      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
+      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
      dest: "{{ playbook_dir }}/scan"
      single_branch: yes
      force: true
@@ -139,11 +139,11 @@
    when: item.invocation is defined

  - ansible.builtin.shell: |
-      git config user.email "stephane.gratiasquiquandon@gmail.com"
-      git config user.name "staffadmin"
+      git config user.email "{{ user_mail }}"
+      git config user.name "{{ user }}"
      git add .
      git commit -m "Push scan with access token"
-      git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
+      git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
    args:
      chdir: "{{ playbook_dir }}/scan/"
    run_once: true
@@ -165,6 +165,7 @@
    loop: "{{ cert.results }}"
    when: 
      - item.subject.CN is not defined
+      - screenshot_all|default(false) is true

 # gowitness scan single --url "https://nuage.monassa.fr" --write-db