sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Add scan right creds]

Browse Source
This commit is contained in:
sgratias
2025-08-02 14:22:49 +02:00
parent a530906f99
commit bd4d3b4c43
3 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hardening-linux.yml Normal file
View File

@@ -0,0 +1,11 @@
- hosts: all
become: true
roles:
# #! need change for iphone ssh access
# - name: devsec.hardening.ssh_hardening
# #! be carefull
# - name: devsec.hardening.os_hardening
# - community.general.ufw:
# state: enabled
# policy: allow

0
hardening.yml → hardening-test.yml
View File

25
scan.yml
View File

@@ -6,16 +6,16 @@
become: true become: true
gather_facts: false gather_facts: false
vars: vars:
user: sgratias
user: staffadmin user_mail: stephane.gratiasquiquandon@gmail.com
token: !vault | token: !vault |
$ANSIBLE_VAULT;1.2;AES256;prod $ANSIBLE_VAULT;1.2;AES256;prod
36643134383530303633323430386137633665353639626562386164373661346162636434396661 30383538646164373137616166636632353964373362323735626239656337306139616265323138
6434313933346332663430663035616537643738323264360a396363613330373164366261343861 3834383331316466653565323632616163353964643637660a363262383461363234363738613034
33663731336536303237653335633836343536356230383635653333633039653038393533343535 64383132373061653337313365333734646635396635313133613861303730303163383764653664
3436653339343363660a666135343230653833366264316537353232313831396464313163386264 6537633761353939330a356236623265383931643530316430303938303735306536343163323163
36396461313831376361653765626464316635343964336363373836626639616361623631353163 62636236346362663036343765363830383738623563613161373637383239623134376163653662
3834386630323937316163666335373731643439623961643966 3565333032326133326232326633386332633639373862313463
#TODO target in list #TODO target in list
# 163.172.0.0/24 # 163.172.0.0/24
# 163.172.80.0/28 # 163.172.80.0/28
@@ -54,7 +54,7 @@
# update_cache: true # update_cache: true
- ansible.builtin.git: - ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
dest: "{{ playbook_dir }}/scan" dest: "{{ playbook_dir }}/scan"
single_branch: yes single_branch: yes
force: true force: true
@@ -139,11 +139,11 @@
when: item.invocation is defined when: item.invocation is defined
- ansible.builtin.shell: | - ansible.builtin.shell: |
git config user.email "stephane.gratiasquiquandon@gmail.com" git config user.email "{{ user_mail }}"
git config user.name "staffadmin" git config user.name "{{ user }}"
git add . git add .
git commit -m "Push scan with access token" git commit -m "Push scan with access token"
git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/{{ user }}/scan.git
args: args:
chdir: "{{ playbook_dir }}/scan/" chdir: "{{ playbook_dir }}/scan/"
run_once: true run_once: true
@@ -165,6 +165,7 @@
loop: "{{ cert.results }}" loop: "{{ cert.results }}"
when: when:
- item.subject.CN is not defined - item.subject.CN is not defined
- screenshot_all|default(false) is true
# gowitness scan single --url "https://nuage.monassa.fr" --write-db # gowitness scan single --url "https://nuage.monassa.fr" --write-db