MISP-maltego/ansible/plume.yaml

---
# Install MISP-maltego remote transform using ansible.
#
# DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS
# - Most people usually probably want to use the local transforms 
# - Others the 'ATT&CK - MISP' form the Transform Hub 
#
# First install your ubuntu system, 
# Then run ansible-playbook -i inventory.txt plume.yaml
#
# Then configure your iTDS server 
# - to create all the transforms and seeds and point to your docker.
# - export the objects, icons and machines to a mtz and associate to the seed
#   Paired Configurations:
#   - in Maltego > Export Config, and select
#   -- Entities > MISP
#   -- Icons > MISP + intelligence icons
#   -- Machines
#   Save as "paired_config.mtz", upload on TDS

- hosts: all
  remote_user: ubuntu
  become: yes
  vars:
    misp_maltego_version: 1.4.1  # FIXME change this !!!
  tasks:
  - name: install python3-pip
    apt:
      name: python3-pip
      state: present
  - name: install python libs
    pip:
      executable: pip3
      name: ['canari', 'PyMISP']
      state: latest
  
  # use the public pip package
  - name: install MISP-maltego
    pip:
      executable: pip3
      name: ['MISP-maltego']
      state: latest
    
  # use local git repo instead, useful for development
  # - name: bundle MISP-maltego
  #   delegate_to: 127.0.0.1
  #   command: 
  #     cmd: python setup.py sdist
  #     chdir: ../
  #   become: no
  # - name: copy MISP-maltego
  #   copy:
  #     src: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
  #     dest: /usr/local/src/
  # - name: install MISP-maltego
  #   pip:
  #     executable: pip3
  #     name: file:///usr/local/src/MISP_maltego-{{misp_maltego_version}}.tar.gz
  #     state: forcereinstall
  # - name: remove local MISP-maltego bundle
  #   delegate_to: 127.0.0.1
  #   file:
  #     path: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
  #     state: absent
  #   become: no

  - name: create nobody group - needed by plume
    group:
      name: nobody
      state: present

  - name: install canari plume
    shell: 
      cmd: canari install-plume --accept-defaults
      creates: /var/plume/canari.conf
    environment:
      LC_ALL: 'C.UTF-8'
      LANG: 'C.UTF-8'
  # LATER maybe we want to run plume with TLS?

  - name: load plume package
    command: 
      cmd: canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults
      chdir: /var/plume
      creates: /var/plume/MISP_maltego.conf
    environment:
      LC_ALL: 'C.UTF-8'
      LANG: 'C.UTF-8'
      PLUME_ROOT: '/var/plume'
    notify: restart plume

  # FIXME /etc/init.d/plume start at boot

  handlers:
    - name: restart plume
      service:
        name: plume
        state: restarted
new: [install] docker and ansible scripts for remote transform server 2020-01-11 21:55:11 +01:00			`---`
			`# Install MISP-maltego remote transform using ansible.`
			`#`
			`# DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS`
			`# - Most people usually probably want to use the local transforms`
			`# - Others the 'ATT&CK - MISP' form the Transform Hub`
			`#`
			`# First install your ubuntu system,`
			`# Then run ansible-playbook -i inventory.txt plume.yaml`
			`#`
			`# Then configure your iTDS server`
			`# - to create all the transforms and seeds and point to your docker.`
			`# - export the objects, icons and machines to a mtz and associate to the seed`
			`# Paired Configurations:`
			`# - in Maltego > Export Config, and select`
			`# -- Entities > MISP`
			`# -- Icons > MISP + intelligence icons`
			`# -- Machines`
			`# Save as "paired_config.mtz", upload on TDS`

			`- hosts: all`
			`remote_user: ubuntu`
			`become: yes`
			`vars:`
			`misp_maltego_version: 1.4.1 # FIXME change this !!!`
			`tasks:`
			`- name: install python3-pip`
			`apt:`
			`name: python3-pip`
			`state: present`
			`- name: install python libs`
			`pip:`
			`executable: pip3`
			`name: ['canari', 'PyMISP']`
			`state: latest`

			`# use the public pip package`
			`- name: install MISP-maltego`
			`pip:`
			`executable: pip3`
			`name: ['MISP-maltego']`
			`state: latest`

			`# use local git repo instead, useful for development`
			`# - name: bundle MISP-maltego`
			`# delegate_to: 127.0.0.1`
			`# command:`
			`# cmd: python setup.py sdist`
			`# chdir: ../`
			`# become: no`
			`# - name: copy MISP-maltego`
			`# copy:`
			`# src: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz`
			`# dest: /usr/local/src/`
			`# - name: install MISP-maltego`
			`# pip:`
			`# executable: pip3`
			`# name: file:///usr/local/src/MISP_maltego-{{misp_maltego_version}}.tar.gz`
			`# state: forcereinstall`
			`# - name: remove local MISP-maltego bundle`
			`# delegate_to: 127.0.0.1`
			`# file:`
			`# path: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz`
			`# state: absent`
			`# become: no`

			`- name: create nobody group - needed by plume`
			`group:`
			`name: nobody`
			`state: present`

			`- name: install canari plume`
			`shell:`
			`cmd: canari install-plume --accept-defaults`
			`creates: /var/plume/canari.conf`
			`environment:`
			`LC_ALL: 'C.UTF-8'`
			`LANG: 'C.UTF-8'`
			`# LATER maybe we want to run plume with TLS?`

			`- name: load plume package`
			`command:`
			`cmd: canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults`
			`chdir: /var/plume`
			`creates: /var/plume/MISP_maltego.conf`
			`environment:`
			`LC_ALL: 'C.UTF-8'`
			`LANG: 'C.UTF-8'`
			`PLUME_ROOT: '/var/plume'`
			`notify: restart plume`

			`# FIXME /etc/init.d/plume start at boot`

			`handlers:`
			`- name: restart plume`
			`service:`
			`name: plume`
			`state: restarted`