tom/ansible_burp_client
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

standalone burp role : initial version

Browse Source
This commit is contained in:
Thomas Constans
2024-01-30 15:38:19 +01:00
commit 1c345387cd
11 changed files with 310 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for tco.burp_client

76
files/notify_script Executable file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
echo "Running notify script: $@"
# Arguments specified by the burp binary come first.
# Normally, most of the following get set as you would expect.
# In the server_script_pre/post case, burp does not have a directory from
# which to read a log. In that case, it will set 'client' to the clientname,
# 'basedir' blank, and 'storagedir' to the log buffer.
client="$1" ; shift
basedir="$1" ; shift
storagedir="$1" ; shift
file="$1" ; shift
brv="$1" ; shift # one of backup/restore/verify/delete/list/unknown
warnings="$1" ; shift
# Arguments given by the user in the conf files come next.
sendmail="$1" ; shift
working="$basedir/working"
finishing="$basedir/finishing"
while [ "$#" -gt 0 ] ; do
case "$1" in
Subject:*)
w=""
[ -n "$warnings" -a "$warnings" != "0" ] \
&& w="($warnings warnings)"
h="$1"
h="${h//%c/$client}"
h="${h//%w/$w}"
h="${h//%b/$brv}"
;;
*) h="$1"
;;
esac
if [ -z "$headers" ] ; then
headers="$h"
else
headers=$(printf "%s\n%s\n" "$headers" "$h")
fi
shift
done
catcmd="gunzip -c"
# Look for a log to attach
if [ "$brv" = "backup" ] ; then
[ -z "$log" -a -f "$working/$file" ] && \
log="$working/$file" && id=$(cat "$working"/timestamp) && catcmd="cat"
[ -z "$log" -a -f "$working/$file.gz" ] && \
log="$working/$file.gz" && id=$(cat "$working"/timestamp)
[ -z "$log" -a -f "$finishing/$file" ] && \
log="$finishing/$file" && id=$(cat "$finishing"/timestamp) && catcmd="cat"
[ -z "$log" -a -f "$finishing/$file.gz" ] && \
log="$finishing/$file.gz" && id=$(cat "$finishing"/timestamp)
fi
[ -z "$log" -a -f "$storagedir/$file" ] && \
log="$storagedir/$file" && id=$(cat "$storagedir"/timestamp) && catcmd="cat"
[ -z "$log" -a -f "$storagedir/$file.gz" ] && \
log="$storagedir/$file.gz" && id=$(cat "$storagedir"/timestamp)
if [ -z "$log" -a -z "$basedir" -a -n "$storagedir" ] ; then
# This is the case where burp has no log directory and has given a buffer to
# log via the storagedir argument.
(echo "$headers" && echo && echo "$storagedir") | $sendmail
elif [ -z "$log" ] ; then
echo "$headers" && echo && echo "No log found to send in email" | $sendmail
else
# The normal case.
maximum_line_count=1000
(echo "$headers" && echo && echo "$id" && echo && echo "Last $maximum_line_count lines of $log:" && echo && ($catcmd "$log" 2>/dev/null || cat "$log") | tail -n "$maximum_line_count") | $sendmail
fi
exit 0

2
handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for tco.burp_client

61
meta/main.yml Normal file
View File

@@ -0,0 +1,61 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies:
- { role: tco.changelog, role_version: 0.1, myrole_name: ansible_burp_client }
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

84
tasks/main.yml Normal file
View File

@@ -0,0 +1,84 @@
---
- name: burp - remove old client
ansible.builtin.package:
name:
- burp-client
state: absent
- name: burp - set some variables
set_fact:
burp_password: "{{lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{ inventory_hostname }}_burp_password', 'password' ) }}"
burp_encryption_password: "{{lookup( 'viczem.keepass.keepass', '{{ group_names[0]}}/{{inventory_hostname }}_burp_encryption_password', 'password' ) }}"
- name: burp - ensure we have all needed vars
assert:
that:
- burp_password is defined
- burp_encryption_password is defined
- name: install burp repo
ansible.builtin.get_url:
url: https://copr.fedorainfracloud.org/coprs/yopito/burp2/repo/epel-{{ ansible_distribution_major_version }}/yopito-burp2-epel-{{ ansible_distribution_major_version }}.repo
dest: /etc/yum.repos.d/burp.repo
when: ansible_distribution != "Fedora"
- name: install burp repo
ansible.builtin.get_url:
url: https://copr.fedorainfracloud.org/coprs/yopito/burp2/repo/fedora-{{ ansible_distribution_major_version }}/yopito-burp2-fedora-{{ ansible_distribution_major_version }}.repo
dest: /etc/yum.repos.d/burp.repo
when: ansible_distribution == "Fedora"
- name: burp - install burp client
package:
name: "{{ burp_packages }}"
state: present
- name: burp - deploy configuration file
template:
src: burp.conf
dest: /etc/burp/burp.conf
mode: 0600
- name: burp - add client on burp server
template:
src: client_conf_file
dest: "/etc/burp/clientconfdir/{{ ansible_hostname }}"
delegate_to: "{{ burp_server }}"
- name: burp - do a burp list to generate certificate
command: burp -a l
args:
creates: /etc/burp/ssl_cert_ca.pem
- name: burp - create backup cronjob
vars:
minute: "{{ 59 | random(seed=inventory_hostname) }}"
cron:
name: "{{ item.name }}"
cron_file: burp
user: root
hour: "{{ item.hour | default('*')}}"
minute: "{{ minute }}"
weekday: "{{ item.weekday | default('*') }}"
job: "{{ item.job }}"
loop:
- { name: "burp backup", job: "/usr/sbin/burp -a t &> /dev/null" }
- { name: "burp report", job: "/usr/sbin/burp -a l", hour: 1, weekday: 1 }
tags: cron
- name: burp - deploy notify script
block:
- name: create dir
file:
path: /usr/share/burp/scripts
state: directory
- name: copy
copy:
src: notify_script
dest: /usr/share/burp/scripts/notify_script
mode: 0755

33
templates/burp.conf Normal file
View File

@@ -0,0 +1,33 @@
# {{ansible_managed}}
# this file was created from the role: {{ ansible_role_name }}
mode = client
server = {{ burp_server }}
port = 4971
status_port = 4972
pidfile = /var/run/burp.pid
cname = {{ burp_cname }}
password = {{ burp_password }}
protocol = 1
syslog = 0
stdout = 1
progress_counter = 1
server_can_restore = 0
encryption_password = {{ burp_encryption_password }}
cross_filesystem=/home
cross_all_filesystems=0
ca_burp_ca = /usr/sbin/burp_ca
ca_csr_dir = /etc/burp/CA-client
ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
ssl_cert = /etc/burp/ssl_cert-client.pem
ssl_key = /etc/burp/ssl_cert-client.key
ssl_key_password = password
ssl_peer_cn = burpserver
{% for inc in burp_folders %}
include = {{ inc }}
{% endfor %}
exclude_fs = sysfs
exclude_fs = tmpfs
nobackup = .nobackup
exclude_comp=bz2
exclude_comp=gz
stdout=0

5
templates/client_conf_file Normal file
View File

@@ -0,0 +1,5 @@
# {{ansible_managed}}
# this file was created from the role: {{ ansible_role_name }}
password={{ burp_password }}
directory={{ burp_server_directory }}
compression=zlib0

2
tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- tco.burp_client

2
vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for tco.burp_client