Spencer/Cuckoo-Report
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Init

Browse Source 
Signed-off-by: Pin <wf6DJd8a3xSSCZbn@protonmail.com>
This commit is contained in:
Pin
2021-04-29 15:20:18 -04:00
commit 3e9f51cf68
4 changed files with 433 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
tasks/main.yml Normal file
View File

@@ -0,0 +1,185 @@
---
- name:
package:
name: "{{ package_name }}"
state: present
loop:
- python
- python-pip
- python-dev
- libffi-dev
- libssl-dev
- python-virtualenv
- python-setuptools
- libjpeg-dev
- zlib1g-dev
- swig
- postgresql
- libpq-dev
- qemu-kvm
- libvirt-bin
- bridge-utils
- python-libvirt
- ubuntu-vm-builder
- tcpdump
- apparmor-utils
- volatility
- mongodb
- virt-manager
- inetsim
- curl
loop_control:
loop_var: package_name
- name: Disable AppArmor for Tcpdump
shell: aa-disable /usr/sbin/tcpdump || echo "Disabled"
- name: Create groups
group:
name: "{{ group_name }}"
state: present
loop:
- pcap
- cuckoo
loop_control:
loop_var: group_name
- name: Create the Cuckoo user
user:
name: cuckoo
comment: "Cuckoo user"
group: cuckoo
shell: /bin/bash
- name: Add groups to Cuckoo user
user:
name: cuckoo
groups: pcap,libvirt,libvirt-qemu
append: yes
- name: Change tcpdump to pcap group
file:
path: /usr/sbin/tcpdump
group: pcap
mode: "2755"
- name: Set cap for tcpdump binary
community.general.capabilities:
path: /usr/sbin/tcpdump
capability: cap_net_admin,cap_net_raw+eip
state: present
- name: Create Cuckoo Python Virt Env
file:
path: /opt/cuckoo-env
state: directory
owner: root
group: root
mode: "0744"
- name: Upgrade Pip
pip:
name:
- pip
- setuptools
virtualenv: /opt/cuckoo-env
virtualenv_python: python2
- name: Install m2crypto & Cuckoo
pip:
name:
- m2crypto
- cuckoo
virtualenv: /opt/cuckoo-env
virtualenv_python: python2
- name: Setting Activate Binary to executable
file:
path: /opt/cuckoo-env/bin/activate
mode: u+x,g+x
- name:
shell: /opt/cuckoo-env/bin/activate && /opt/cuckoo-env/bin/cuckoo init || echo "Created"
- name: Enabling MongoDB
ini_file:
path: /root/.cuckoo/conf/reporting.conf
section: mongodb
option: enabled
value: 'yes'
- name: Setting qemu as virtual machine provider
lineinfile:
path: /root/.cuckoo/conf/cuckoo.conf
state: present
regexp: '^machinery'
line: machinery = qemu
- name: Enabling memory dump
lineinfile:
path: /root/.cuckoo/conf/cuckoo.conf
state: present
regexp: '^memory_dump'
line: memory_dump = yes
- name: Configuring Cuckoo kvm
ini_file:
path: /root/.cuckoo/conf/qemu.conf
section: "{{ kvm_conf.section }}"
option: "{{ kvm_conf.option }}"
value: "{{ kvm_conf.value }}"
loop:
- option: label
value: win7
section: win7
- option: image
value: /var/lib/libvirt/images/win7.qcow2
section: win7
- option: snapshot
value: 1619566313
section: win7
- option: enable_kvm
value: 'no'
section: win7
- option: platform
value: linux
section: win7
- option: ip
value: 192.168.24.200
section: win7
- option: machines
value: win7
section: qemu
- option: interface
value: virbr1
section: qemu
loop_control:
loop_var: kvm_conf
tags:
- never
- conf_kvm
- name: Set correct listening IP address
lineinfile:
path: /root/.cuckoo/conf/cuckoo.conf
state: present
regexp: '^ip ='
line: "ip = {{ ansible_default_ipv4.address }}"
- name: Create ISO Folder
file:
path: /root/iso
state: directory
owner: root
group: root
mode: '0640'
- name: Copy Win10 ISO to host
copy:
src: ./Win10_20H2_v2_English_x64.iso
dest: /root/iso/Win10.iso
owner: root
group: root
mode: '0640'
...