Initial commit

tasks/Install-Docker-Debian18.yml

@@ -0,0 +1,4 @@
+---
+- name: Include Ubuntu20 Tasks
+  include_tasks: ./Install-Docker-Debian20.yml
+...

tasks/Install-Docker-Debian20.yml

@@ -0,0 +1,12 @@
+---
+- name: Install Docker and Docker Compose (and Pip)
+  package:
+    name: "{{ package_name }}"
+    state: present
+  loop:
+    - docker
+    - docker-compose
+    - python3-pip
+  loop_control:
+    loop_var: package_name
+...

tasks/Install-Docker-RedHat8.yml

@@ -0,0 +1,19 @@
+---
+- name: Download Docker CE Repository Defs
+  get_url:
+    url: https://download.docker.com/linux/centos/docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+
+- name: Install Docker
+  package:
+    name: docker-ce
+    state: present
+  notify:
+    - Init Docker
+
+- name: Install Docker Compose from GitHub Repo
+  get_url:
+    url: "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}"
+    dest: /usr/bin/docker-compose
+    mode: "0755"
+...

tasks/Setup-Certs.yml

@@ -0,0 +1,30 @@
+---
+- name: Create DVWA Certs Directory
+  file:
+    path: /opt/dvwa-docker/certs
+    state: directory
+    owner: root
+    group: root
+    mode: "0700"
+
+- name: Generate OpenSSL Priv Key
+  openssl_privatekey:
+    path: /opt/dvwa-docker/certs/key.priv
+    size: 4096
+    type: RSA
+
+- name: Generate OpenSSL CSR
+  openssl_csr:
+    path: /opt/dvwa-docker/certs/cert.csr
+    privatekey_path: /opt/dvwa-docker/certs/key.priv
+    country_name: US
+    organization_name: ACME
+    common_name: localhost
+
+- name: Generate Self Signed Cert
+  openssl_certificate:
+    path: /opt/dvwa-docker/certs/cert.crt
+    privatekey_path: /opt/dvwa-docker/certs/key.priv
+    csr_path: /opt/dvwa-docker/certs/cert.csr
+    provider: selfsigned
+...

tasks/Setup-DVWA-Docker-Network.yml

@@ -0,0 +1,14 @@
+---
+- name: Generate DVWA Network
+  community.docker.docker_network:
+    name: dvwa-net
+
+- name: Pull DVWA Network Information
+  community.docker.docker_network_info:
+    name: dvwa-net
+  register: docker_network_stdout
+
+- set_fact:
+    docker_network_base: '{{ docker_network_stdout.network.IPAM.Config[0].Subnet | regex_replace("^(.*)\.[0-9]{1,3}/[0-9]{2}$", "\1") }}'
+    docker_network_prefix: '{{ docker_network_stdout.network.IPAM.Config[0].Subnet | regex_replace("^.*\.[0-9]{1,3}/([0-9]{2})$", "\1") }}'
+...

tasks/Setup-Docker-Env.yml

@@ -0,0 +1,64 @@
+---
+- name: Pull Docker Images
+  community.docker.docker_image:
+    name: "{{ docker_image_name }}"
+    source: pull
+  loop:
+    - nginx:latest
+    - httpd:latest
+    - sagikazarmark/dvwa:latest
+    - owasp/modsecurity-crs:apache
+  loop_control:
+    loop_var: docker_image_name
+
+- name: Create DVWA Docker Service Directory
+  file:
+    path: /opt/dvwa-docker
+    state: directory
+    owner: root
+    group: root
+    mode: "0700"
+
+- name: Create Nginx Conf Directory
+  file:
+    path: /opt/dvwa-docker/nginx
+    state: directory
+    owner: root
+    group: root
+    mode: "0700"
+
+- name:
+  include_tasks: Setup-Certs.yml
+
+- name: Copy Compose File
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /opt/dvwa-docker/docker-compose.yml
+    owner: root
+    group: root
+    mode: "0600"
+  notify: Restart Docker DVWA
+
+- name: Copy Docker Compose Service File
+  template:
+    src: ../templates/docker-compose.service.j2
+    dest: /usr/lib/systemd/system/dvwa-docker.service
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart Docker DVWA
+
+- name: Copy Nginx Config Files
+  copy:
+    src: "../files/{{ nginx_conf_files }}"
+    dest: "/opt/dvwa-docker/nginx/{{ nginx_conf_files }}.template"
+    owner: root
+    group: root
+    mode: "0644"
+  loop:
+    - dvwa-proxy.conf
+    - default.conf
+  loop_control:
+    loop_var: nginx_conf_files
+  notify: Restart Docker DVWA
+...

tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: DVWA Harden Project
+  hosts: all
+  become: "true"
+  handlers:
+    - import_tasks: ../handlers/main.yml
+  tasks:
+    - name: Include OS Specific Docker Install
+      include_tasks: "Install-Docker-{{ ansible_os_family }}{{ ansible_distribution_major_version }}.yml"
+
+    - name: Flush handlers to Start Docker if Changed
+      meta: flush_handlers
+
+    - name: Ensure Docker Is Running
+      service:
+        name: docker
+        state: started
+
+    - name: Grab docker-compose Install Location
+      command: which docker-compose
+      register: dockercomposeshellstdout
+
+    - set_fact:
+        dockercompose_location: "{{ dockercomposeshellstdout.stdout }}"
+
+    - name: Upgrade Pip
+      pip:
+        name: pip
+        state: latest
+
+    - name: Install Docker Pip Packages (Needed for docker module)
+      pip:
+        name: "{{ pip_package }}"
+      loop:
+        - docker>4.4.4
+        - cryptography>=1.2.3
+      loop_control:
+        loop_var: pip_package
+
+    - name: Setup DVWA Docker ENV
+      include_tasks: Setup-DVWA-Docker-Network.yml
+
+    - name: Setup Docker ENV
+      include_tasks: Setup-Docker-Env.yml
+...