MISP-maltego/ansible/plume.yaml

228 lines
5.5 KiB
YAML
Raw Normal View History

---
# Install MISP-maltego remote transform using ansible.
#
# DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS
# - Most people usually probably want to use the local transforms
# - Others the 'ATT&CK - MISP' from the Transform Hub
#
# First install your ubuntu system,
# Then run ansible-playbook -i inventory.txt plume.yaml
#
# Then configure your iTDS server
# - to create all the transforms and seeds and point to your docker.
# - export the objects, icons and machines to a mtz and associate to the seed
# Paired Configurations:
# - in Maltego > Export Config, and select
# -- Entities > MISP
# -- Icons > MISP + intelligence icons
# -- Machines
# Save as "paired_config.mtz", upload on TDS
- hosts: all
become: yes
vars:
misp_maltego_version: 1.4.4 # TODO change this !!!
host_locale: en_US.UTF-8
host_locale_dict: {
LANG: "{{ host_locale }}",
LC_COLLATE: "{{ host_locale }}",
LC_CTYPE: "{{ host_locale }}",
LC_MESSAGES: "{{ host_locale }}",
LC_MONETARY: "{{ host_locale }}",
LC_NUMERIC: "{{ host_locale }}",
LC_TIME: "{{ host_locale }}",
LC_ALL: "{{ host_locale }}",
}
tasks:
- name: install python3-pip
package:
name: python3-pip
state: present
- name: install python libs
pip:
executable: /usr/bin/pip3
name: ['canari', 'pymisp']
state: latest
# NGINX reverse proxy
# ######
- name: install nginx
package:
name: nginx
state: present
- name: letsencrypt certbot ppa
apt_repository:
repo: ppa:certbot/certbot
- name: letsencrypt certbot install
package:
name: ['certbot', 'python-certbot-nginx']
state: present
# FIXME generate the cert automagically, while answering the questions
# creates: /etc/letsencrypt/live/misp-maltego.misp-project.org/privkey.pem
# Requires input:
# - email address
# - agree terms
# - no sharing email with EFF
- name: nginx disable default config
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: nginx copy config
copy:
src: nginx.conf
dest: /etc/nginx/sites-available/plume
notify: restart nginx
- name: nginx enable plume config
file:
src: /etc/nginx/sites-available/plume
dest: /etc/nginx/sites-enabled/plume
state: link
notify: restart nginx
- name: letsencrypt auto-renew
cron:
name: "letsencrypt auto-renew SSL certificate"
special_time: daily
job: "/usr/sbin/certbot -q renew"
# PLUME
#######
- name: create nobody group - needed by plume
group:
name: nobody
state: present
- name: install canari plume
shell:
cmd: canari install-plume --accept-defaults
creates: /var/plume/canari.conf
environment:
LC_ALL: 'C.UTF-8'
LANG: 'C.UTF-8'
- name: Start service plume at boot
file:
src: /etc/init.d/plume
dest: /etc/rc{{item}}.d/S20plume
state: link
with_items:
- 3
- 4
- 5
# LATER migrate to systemd service
# use the public pip package
- name: install MISP-maltego
pip:
executable: pip3
name: ['MISP-maltego']
state: latest
notify: restart plume
# use local git repo instead, useful for development
# - name: bundle MISP-maltego
# delegate_to: 127.0.0.1
# command:
# cmd: python3 setup.py sdist
# chdir: ../
# become: no
# - name: copy MISP-maltego
# copy:
# src: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
# dest: /usr/local/src/
# - name: install MISP-maltego
# pip:
# executable: /usr/bin/pip3
# name: file:///usr/local/src/MISP_maltego-{{misp_maltego_version}}.tar.gz
# state: forcereinstall
# environment: "{{host_locale_dict}}"
# notify: restart plume
# - name: remove local MISP-maltego bundle
# delegate_to: 127.0.0.1
# file:
# path: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
# state: absent
# become: no
- name: load plume package
command:
cmd: canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults
chdir: /var/plume
creates: /var/plume/MISP_maltego.conf
environment:
LC_ALL: 'C.UTF-8'
LANG: 'C.UTF-8'
PLUME_ROOT: '/var/plume'
notify: restart plume
- name: Start service plume, if not started
service:
name: plume
state: started
# FIREWALLING
#############
- name: firewall logging
ufw:
logging: 'low'
- name: firewall inbound rate limited
ufw:
rule: limit
port: '2245' # ssh
proto: tcp
direction: in
- name: firewall inbound
ufw:
rule: allow
port: "{{item}}"
proto: tcp
direction: in
loop:
- '80' # nginx
- '443' # nginx plume
- '25324' # monitoring
- name: firewall outbound
ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto }}"
direction: out
loop:
- { port: '53', proto: 'udp'}
- { port: '123', proto: 'udp'}
- { port: '53', proto: 'tcp'}
- { port: '80', proto: 'tcp'}
- { port: '443', proto: 'tcp'}
- { port: '32526', proto: 'tcp'} # waagent
- name: firewall default rule
ufw:
state: enabled
default: deny
direction: '{{ item }}'
loop:
- incoming
- outgoing
handlers:
- name: restart plume
service:
name: plume
state: restarted
- name: restart nginx
service:
name: nginx
state: restarted