provisioning.yml

---
- name: Setup IntSec VM 
  hosts: all
  become: yes
  become_user: root
  become_method: sudo
  vars:
      - desired_mininet_version: '2.2.1'
      - mininet_build_directory: '/tmp/mininet_build/'
      - desired_aircrackng_version: '1.2-rc4'
      - aircrackng_build_directory: '/tmp/aircrack-ng_build/'
  tasks:
    - name: Update apt cache
      apt: update_cache=yes cache_valid_time=3600
    - name: Install necessary tools
      apt: name={{ item }} state=latest
      with_items:
       - wireshark
       - git
       - bind9
       - vim
       - tshark
       - libnl-dev
       - pyrit
       - default-jdk
       - sslscan
    - name: Ensure bind9 daemon is disabled and not running
      service: name=bind9 state=stopped enabled=no
    - name: Ensure that bind9 can access the configuration files in the assignments directory (AppArmor)
      lineinfile: dest=/etc/apparmor.d/local/usr.sbin.named regexp=^/home/vagrant/assignments/ line='/home/vagrant/assignments/** rw,' create=yes
      notify: reload named apparmor profile
    - name: Check mininet version
      shell: mn --version
      register: current_mininet_version
      changed_when: current_mininet_version.stdout != desired_mininet_version 
      ignore_errors: yes
      failed_when: False
    - name: Ensure that github hostkey is present
      lineinfile: dest=/etc/ssh/ssh_known_hosts regexp=^github.com line='github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' create=yes
    - name: Obtain mininet from github
      git: repo=git://github.com/mininet/mininet version="{{ desired_mininet_version }}" dest="{{ mininet_build_directory }}{{desired_mininet_version}}/mininet"
      when: desired_mininet_version != current_mininet_version.stdout
    - name: Compile and install mininet
      shell: "{{ mininet_build_directory }}{{ desired_mininet_version }}/mininet/util/install.sh -a" 
      args:
          chdir: "{{ mininet_build_directory}}"
      when: desired_mininet_version != current_mininet_version.stdout
    - name: Check aircrack-ng installation
      stat: path=/usr/local/bin/aircrack-ng
      register: aircrackng_stat
    - name: Obtain aircrack-ng from github
      git: repo=git://github.com/aircrack-ng/aircrack-ng version="{{ desired_aircrackng_version }}" dest="{{ aircrackng_build_directory }}"
      when: aircrackng_stat.stat.exists == False
    - name: Build and install aircrack-ng
      shell: "make && make install"
      when: aircrackng_stat.stat.exists == False
      args:
        chdir: "{{ aircrackng_build_directory }}"
    - name: Check cowpatty installation
      stat: path=/usr/local/bin/cowpatty
      register: cowpatty_stat
    - name: Obtain cowpatty from willhackforsushi.com
      when: cowpatty_stat.stat.exists == False
      get_url: 
        url="http://www.willhackforsushi.com/code/cowpatty/4.6/cowpatty-4.6.tgz"
        dest="/tmp/"
      register: cowpatty
    - name: Unpack cowpatty
      when: cowpatty|changed
      unarchive:
        src="/tmp/cowpatty-4.6.tgz"
        dest="/tmp/"
    - name: Compile cowpatty
      shell: "make && make install"
      args: 
        chdir: "/tmp/cowpatty-4.6"
      when: cowpatty|changed
    - name: Copy nginx packages
      copy: src=packages/{{ item }} dest=/tmp/
      with_items:
        - "nginx-full_1.4.6-1ubuntu3.6_amd64.deb"
        - "nginx-common_1.4.6-1ubuntu3.6_all.deb"
    - name: Install nginx
      apt: deb=/tmp/{{ item }}
      with_items:
        - "nginx-common_1.4.6-1ubuntu3.6_all.deb"
        - "nginx-full_1.4.6-1ubuntu3.6_amd64.deb"
    - name: Ensure nginx daemon is disabled and not running
      service: name=nginx state=stopped enabled=no
    - name: Download metasploit
      get_url:
        url: https://s3.eu-central-1.amazonaws.com/ut-dacs-packages/metasploit.deb
        dest: /tmp/metasploit.deb
    - name: Install metasploit
      apt: deb=/tmp/metasploit.deb
    - name: Create metasploit directory
      file: path=/home/vagrant/.msf4 state=directory mode=0775 owner=vagrant group=vagrant
    - name: Initialize metasploit database
      shell: msfdb init
      args:
        creates: /home/vagrant/.msf4/db
      become_user: vagrant
    - name: Create users for SSH exercise
      user: name=sshuser password=$6$rounds=656000$pzZACWAoLzgn/5C1$HILhQqk0IJnKbTmprtTMXmqip1i0AZ8XCAq3S9J9SKYLqoczq79dKucUws/YEFexKrmohrf1jPoxbTR1M6ulT0
    - name: Create security limits
      lineinfile:
        dest=/etc/security/limits.d/sshuser.conf
        line='@sshuser - maxlogins 1'
        create=yes
    - name: Configure SSH
      lineinfile:
        dest=/etc/ssh/ssh_config
        line='KexAlgorithms diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org'
    - lineinfile:
        dest=/etc/ssh/ssh_config
        line='Ciphers aes256-ctr,blowfish-cbc'
    - lineinfile:
        dest=/etc/ssh/ssh_config
        line='MACs hmac-sha1'
    - lineinfile:
        dest=/etc/ssh/ssh_config
        line='HostKeyAlgorithms ssh-rsa,ssh-ed25519'
    - lineinfile:
        dest=/etc/motd
        line='The secret word of tonight is \"Gumbo\"!'
        create=yes
    - lineinfile:
        dest=/etc/pam.d/sshd
        state=absent
        regexp="^session.*pam_motd.so"

  handlers:
    - name: reload named apparmor profile
      shell: apparmor_parser -r /etc/apparmor.d/usr.sbin.named