provision.yml

---
- hosts: all
  vars_files:
    - provision-server.vars.yml
  tags: init
  tasks:
    - name: Update apt cache
      apt: update_cache=yes
    - name: Install Prerequisites
      apt: name=aptitude update_cache=yes state=latest force_apt_get=yes
    - name: Install required system packages
      apt: name={{ sys_packages }} state=latest
    - name: Disable password authentication for root
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin prohibit-password'
         # UFW Setup
    - name: UFW - Allow SSH connections
      ufw:
        rule: allow
        name: OpenSSH
    - name: Allow all access from RFC1918 networks to this host
      ufw:
        rule: allow
        src: '{{ item }}'
      loop:
        - 10.0.0.0/8
        - 172.16.0.0/12
        - 192.168.0.0/16
    - name: UFW - Deny all other incoming traffic by default
      ufw:
        state: enabled
        policy: deny
        direction: incoming
    - include: subtasks/ubuntu-network-hardening.yml
- hosts: all
  tags: cuckoo
  vars_files:
    - provision-server.vars.yml
  roles:
    - juju4.cuckoo_sandbox
- hosts: all
  tags: packer
  tasks:
    - name: copy script to install VBox ExtPack
      copy: src=scripts/install-vbox-extpack.sh dest=/tmp/install-vbox-extpack.sh
    - name: setting exec permission to VBox ExtPack script
      file: path=/tmp/install-vbox-extpack.sh mode=700
    - name: install VirtualBox Extension Pack
      shell: |
        set timeout 300
        spawn bash -c /tmp/install-vbox-extpack.sh

        expect "Do you agree to these license terms and conditions (y/n)? "
        send "y\n"

        expect "100%"
        exit 0
      args:
        executable: /usr/bin/expect
    #- shell: aa-disable /usr/sbin/tcpdump
- hosts: all
  tags: cuckoo
  tasks:
    - user:
        name: _cuckoo
        shell: /bin/bash
- hosts: all
  tags: cuckoo
  become: yes
  become_user: _cuckoo
  tasks:
    - name: cuckoo init dir
      stat:
        path: /var/_cuckoo/.cuckoo
      register: cuckoo_dir
    - name: init cuckoo
      script: scripts/init-cuckoo.sh
      # shell: source bin/activate; cuckoo init
      # args:
      #   chdir: /var/_cuckoo/env-cuckoo/
      when: not cuckoo_dir.stat.exists
    - ini_file: 
        dest: /var/_cuckoo/.cuckoo/conf/reporting.conf 
        section: mongodb 
        option: enabled 
        value: yes
    - ini_file: 
        dest: /var/_cuckoo/.cuckoo/conf/cuckoo.conf 
        section: remotecontrol 
        option: enabled 
        value: yes
- hosts: all
  tags: packer
  become: yes
  become_user: _cuckoo
  tasks:
    - git:
        repo: 'https://github.com/boxcutter/windows.git'
        dest: /var/_cuckoo/windows
    - git:
        repo: 'https://github.com/juju4/windows.git'
        dest: /var/_cuckoo/juju4-windows
    - git:
        repo: 'https://github.com/mwrock/packer-templates.git'
        dest: /var/_cuckoo/mwrock-packer-temlates
    - git:
        repo: 'https://github.com/ruzickap/packer-templates.git'
        dest: /var/_cuckoo/packer-templates
    # - name: create cuckoo guest image
    #   shell: tmux new-session -d -s "packer-session" 'HEADLESS=true make -f Makefile.cuckoo virtualbox/eval-win7x64-enterprise-cuckoo'
    #   args:
    #     chdir: /var/_cuckoo/juju4-windows
- hosts: all
  tags: vagrant
  tasks:
    - name: Add an Apt signing key, will not download if present
      apt_key:
        keyserver: keyserver.ubuntu.com
        id: D2BABDFD63EA9ECAB4E09C7228A873EA3C7C705F
        state: present
    - apt_repository:
        repo: deb https://vagrant-deb.linestarve.com/ any main 
        state: present
        filename: vagrant
    - apt:
        name: vagrant
        update_cache: yes
        state: latest
    - shell: vagrant plugin install winrm
    - shell: vagrant plugin install winrm-fs
- hosts: all
  tags: vagrant
  become: yes
  become_user: _cuckoo
  tasks:
    - file:
        path: /var/_cuckoo/guest
        state: directory
    - copy: src=scripts/Vagrantfile dest=/var/_cuckoo/guest/Vagrantfile
    - git:
        repo: https://github.com/nbeede/BoomBox.git
        dest: /var/_cuckoo/guest/BoomBox
    - file: 
        src: /var/_cuckoo/guest/BoomBox/Vagrant/scripts
        dest: /var/_cuckoo/guest/scripts
        state: link
    - shell: tmux new-session -d -s guest 'vagrant up ; VBoxManage snapshot "cuckoo1" take "snapshot1" --pause'
      args:
        chdir: /var/_cuckoo/guest
    #- shell: vagrant winrm -c 'route change 0.0.0.0  MASK 0.0.0.0 192.168.56.1  METRIC 10'
    #- shell: VBoxManage snapshot "cuckoo1" take "snapshot1" --pause

# - hosts: all
#   tags: misp
#   tasks:
#     - git:
#         repo: https://github.com/drbeni/docker-misp
#         dest: /opt/docker-misp