Updated the Ansible Playbook (gophish#2138)

* Update Ansible role * lint Ansible role * Update Ansible Playbook README * use python3 packages instead python2
wakaka6 · Dec 23, 2021 · 0646f14 · 0646f14
1 parent ceab050
commit 0646f14
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 18 deletions.
diff --git a/ansible-playbook/README b/ansible-playbook/README
@@ -1,4 +1,4 @@
-Tested on Ubuntu 16.04.4.
+Tested on Ubuntu 20.04 LTS.
 
 Installs Postfix (to listen on localhost only) and the latest Linux gophish binary.  setcap is used to allow the gophish binary to listen on privileged ports without running as root.
 
@@ -17,7 +17,7 @@ ansible-playbook site.yml -i hosts -u root --private-key=private.key
 ansible-playbook site.yml -i hosts -u root --ask-pass
 
 # Log in as non-root user with SSH key (if root login has been disabled)
-ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
 
 # Logging in as non-root user without SSH keys
-ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass
diff --git a/ansible-playbook/roles/gophish/files/config.json b/ansible-playbook/roles/gophish/files/config.json
@@ -16,7 +16,7 @@
 	"migrations_prefix": "db/db_",
 	"contact_address": "",
 	"logging": {
-		"filename": "",
+		"filename": "gophish.log",
 		"level": ""
 	}
-}
+}
diff --git a/ansible-playbook/roles/gophish/tasks/main.yml b/ansible-playbook/roles/gophish/tasks/main.yml
@@ -10,19 +10,19 @@
 - name: Allow TCP 22 for SSH.
   ufw:
     rule: allow
-    port: '22'
+    port: "22"
     proto: tcp
 
 - name: Allow TCP 80 for Gophish.
   ufw:
     rule: allow
-    port: '80'
+    port: "80"
     proto: tcp
 
 - name: Allow TCP 443 for Gophish.
   ufw:
     rule: allow
-    port: '443'
+    port: "443"
     proto: tcp
 
 - name: Enable ufw.
@@ -43,19 +43,19 @@
   file:
     path: /etc/ssl/csr
     state: directory
-    mode: '0755'
-  
+    mode: "0755"
+
 - name: Ensure /etc/ssl/private folder exists
   file:
     path: /etc/ssl/private
     state: directory
-    mode: '0755'
+    mode: "0755"
 
 - name: Ensure /etc/ssl/crt folder exists
   file:
     path: /etc/ssl/crt
     state: directory
-    mode: '0755'
+    mode: "0755"
 
 - name: Install specified packages.
   apt:
@@ -64,7 +64,7 @@
 
 - name: adding existing user '{{ gophish_user }}' to group ssl-cert
   user:
-    name: '{{ gophish_user }}'
+    name: "{{ gophish_user }}"
     groups: ssl-cert
     append: yes
 
@@ -109,10 +109,16 @@
     state: started
     enabled: yes
 
+- name: get latest release info
+  uri:
+    url: "https://api.github.com/repos/gophish/gophish/releases/latest"
+    return_content: true
+  register: latest_json_reponse
+
 - name: Download latest Gophish .zip file.
   get_url:
     validate_certs: True
-    url: https://getgophish.com/releases/latest/linux/64
+    url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip"
     dest: "/home/{{ gophish_user }}/gophish.zip"
     mode: 0755
     owner: "{{ gophish_user }}"
@@ -144,7 +150,7 @@
   unarchive:
     src: "/home/{{ gophish_user }}/gophish.zip"
     dest: "/home/{{ gophish_user }}/gophish_deploy"
-    remote_src: True  # File is on target server and not locally.
+    remote_src: True # File is on target server and not locally.
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
 
@@ -155,6 +161,11 @@
     group: "{{ gophish_user }}"
     recurse: True
 
+- name: Ensure gophish binary is executable
+  file:
+    path: /home/{{ gophish_user }}/gophish_deploy/gophish
+    mode: 744
+
 - name: Ensure gophish binary is allowed to bind to privileged ports using setcap
   capabilities:
     path: /home/{{ gophish_user }}/gophish_deploy/gophish
@@ -202,6 +213,14 @@
     state: reloaded
     enabled: yes
 
+- name: get Gophish log file which contain initial password
+  command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log
+  register: gophish_log
+
+- name: display log file
+  debug:
+    msg: "{{ gophish_log }}"
+
 - name: Reboot the box in 1 minute.
   command: shutdown -r 1
-  when: reboot_box
+  when: reboot_box
diff --git a/ansible-playbook/roles/gophish/vars/main.yml b/ansible-playbook/roles/gophish/vars/main.yml
@@ -4,7 +4,8 @@ install_packages:
   - postfix
   - unzip
   - libcap2-bin
-  - python-pip
+  - python-is-python3
+  - python3-pip
 
 hostname: gophish
 gophish_user: ubuntu
@@ -15,4 +16,4 @@ gophish_ssl_cert_path: /etc/ssl/private/gophish.pem
 gophish_csr_path: /etc/ssl/csr/gophish.csr
 gophish_crt_path: /etc/ssl/crt/gophish.crt
 # Required if changing /etc/hostname to something different.
-reboot_box: true
+reboot_box: true