github.com/lunarobliq/gophish@v0.8.1-0.20230523153303-93511002234d/ansible-playbook/roles/gophish/tasks/main.yml (about) 1 - name: Change /etc/hostname 2 hostname: 3 name: "{{ hostname }}" 4 5 - name: Ensure ufw is installed on the machine 6 package: 7 name: ufw 8 state: present 9 10 - name: Allow TCP 22 for SSH. 11 ufw: 12 rule: allow 13 port: "22" 14 proto: tcp 15 16 - name: Allow TCP 80 for Gophish. 17 ufw: 18 rule: allow 19 port: "80" 20 proto: tcp 21 22 - name: Allow TCP 443 for Gophish. 23 ufw: 24 rule: allow 25 port: "443" 26 proto: tcp 27 28 - name: Enable ufw. 29 ufw: 30 state: enabled 31 policy: deny 32 when: enable_ufw_firewall 33 34 - name: Update APT package cache. 35 apt: 36 update_cache: yes 37 38 - name: Upgrade APT to the latest packages. 39 apt: 40 upgrade: safe 41 42 - name: Ensure /etc/ssl/csr folder exists 43 file: 44 path: /etc/ssl/csr 45 state: directory 46 mode: "0755" 47 48 - name: Ensure /etc/ssl/private folder exists 49 file: 50 path: /etc/ssl/private 51 state: directory 52 mode: "0755" 53 54 - name: Ensure /etc/ssl/crt folder exists 55 file: 56 path: /etc/ssl/crt 57 state: directory 58 mode: "0755" 59 60 - name: Install specified packages. 61 apt: 62 pkg: "{{ install_packages }}" 63 state: latest 64 65 - name: adding existing user '{{ gophish_user }}' to group ssl-cert 66 user: 67 name: "{{ gophish_user }}" 68 groups: ssl-cert 69 append: yes 70 71 - name: Ensure the cryptography Python package is installed 72 pip: 73 name: cryptography 74 75 - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) 76 openssl_privatekey: 77 path: "{{ gophish_ssl_cert_path }}" 78 79 - name: Generate an OpenSSL Certificate Signing Request 80 openssl_csr: 81 path: "{{ gophish_csr_path }}" 82 privatekey_path: "{{ gophish_ssl_cert_path }}" 83 common_name: "{{ gophish_domain }}" 84 85 - name: Generate a Self Signed OpenSSL certificate 86 openssl_certificate: 87 path: "{{ gophish_crt_path }}" 88 privatekey_path: "{{ gophish_ssl_cert_path }}" 89 csr_path: "{{ gophish_csr_path }}" 90 provider: selfsigned 91 92 - name: Update postfix main.cf configuration file. 93 template: 94 src: main.cf.j2 95 dest: /etc/postfix/main.cf 96 backup: yes 97 owner: root 98 group: root 99 mode: 0644 100 101 - name: Restart postfix. 102 service: 103 name: postfix 104 state: restarted 105 106 - name: Ensure postfix is started and enabled at boot. 107 service: 108 name: postfix 109 state: started 110 enabled: yes 111 112 - name: get latest release info 113 uri: 114 url: "https://api.github.com/repos/gophish/gophish/releases/latest" 115 return_content: true 116 register: latest_json_reponse 117 118 - name: Download latest Gophish .zip file. 119 get_url: 120 validate_certs: True 121 url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip" 122 dest: "/home/{{ gophish_user }}/gophish.zip" 123 mode: 0755 124 owner: "{{ gophish_user }}" 125 group: "{{ gophish_user }}" 126 127 - name: Ensure gophish user has permission for CRT file. 128 file: 129 path: "{{ gophish_crt_path }}" 130 mode: 0755 131 owner: "{{ gophish_user }}" 132 group: "{{ gophish_user }}" 133 134 - name: Ensure gophish user has permission for SSL certificate. 135 file: 136 path: "{{ gophish_ssl_cert_path }}" 137 mode: 0755 138 owner: "{{ gophish_user }}" 139 group: "{{ gophish_user }}" 140 141 - name: Create directory for gophish. 142 file: 143 path: "/home/{{ gophish_user }}/gophish_deploy" 144 state: directory 145 mode: 0755 146 owner: "{{ gophish_user }}" 147 group: "{{ gophish_user }}" 148 149 - name: Unzip gophish file. 150 unarchive: 151 src: "/home/{{ gophish_user }}/gophish.zip" 152 dest: "/home/{{ gophish_user }}/gophish_deploy" 153 remote_src: True # File is on target server and not locally. 154 owner: "{{ gophish_user }}" 155 group: "{{ gophish_user }}" 156 157 - name: Change ownership of Gophish folder and files. 158 file: 159 path: /home/{{ gophish_user }}/gophish_deploy 160 owner: "{{ gophish_user }}" 161 group: "{{ gophish_user }}" 162 recurse: True 163 164 - name: Ensure gophish binary is executable 165 file: 166 path: /home/{{ gophish_user }}/gophish_deploy/gophish 167 mode: 744 168 169 - name: Ensure gophish binary is allowed to bind to privileged ports using setcap 170 capabilities: 171 path: /home/{{ gophish_user }}/gophish_deploy/gophish 172 capability: cap_net_bind_service+eip 173 state: present 174 175 - name: Copy config.json file. 176 copy: 177 src: files/config.json 178 dest: "/home/{{ gophish_user }}/gophish_deploy/config.json" 179 owner: "{{ gophish_user }}" 180 group: "{{ gophish_user }}" 181 mode: 0644 182 183 - name: Ensure gophish service file is properly set 184 template: 185 src: gophish.service.j2 186 dest: /etc/systemd/system/gophish.service 187 mode: 644 188 189 - name: Ensure systemd to reread configs 190 systemd: 191 daemon_reload: yes 192 193 - name: Ensure gophish is properly started 194 service: 195 name: gophish.service 196 state: started 197 enabled: yes 198 199 - name: Ensure nginx is installed 200 package: 201 name: nginx 202 state: present 203 204 - name: Ensure nginx service file is properly set 205 template: 206 src: nginx.conf.j2 207 dest: /etc/nginx/nginx.conf 208 mode: 644 209 210 - name: Ensure nginx service is restarted 211 service: 212 name: nginx 213 state: reloaded 214 enabled: yes 215 216 - name: get Gophish log file which contain initial password 217 command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log 218 register: gophish_log 219 220 - name: display log file 221 debug: 222 msg: "{{ gophish_log }}" 223 224 - name: Reboot the box in 1 minute. 225 command: shutdown -r 1 226 when: reboot_box