Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security automation workshop #2114

Merged
merged 3 commits into from
Feb 14, 2024
Merged

Fix security automation workshop #2114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
12bed27
fix security automation workshop
IPvSean Feb 14, 2024
597e728
fix security automation workshop
IPvSean Feb 14, 2024
af3ee49
Merge branch 'devel' of https://github.com/IPvSean/workshops into devel
IPvSean Feb 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions roles/manage_ec2_instances/tasks/inventory/addhost_security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
- name: ADD SPLUNK NODE TO INVENTORY
add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand Down Expand Up @@ -43,6 +44,7 @@
- name: ADD QRADAR NODE TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand Down Expand Up @@ -76,6 +78,7 @@
- name: ADD ATTACK SIMULATION NODE TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand Down Expand Up @@ -112,6 +115,7 @@
- name: ADD SNORT NODE TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand Down Expand Up @@ -141,6 +145,7 @@
- name: ADD Check Point CloudGuard Security Management TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand All @@ -167,6 +172,7 @@
- name: ADD Check Point NGFW TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
username: "{{ item.tags.Student }}"
Expand Down Expand Up @@ -195,6 +201,7 @@
- name: ADD WINDOWS WORKSTATION TO INVENTORY
ansible.builtin.add_host:
name: "{{ item.tags.Name }}"
student_number: "{{ item.tags.Index|int + 1 }}"
short_name: "{{ item.tags.short_name }}"
ansible_host: "{{ item.public_ip_address }}"
ansible_user: Administrator
Expand Down
31 changes: 31 additions & 0 deletions roles/populate_controller/tasks/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,35 @@
---
- name: Filter hosts containing student number
ansible.builtin.set_fact:
student_hosts: "{{ groups['security'] | select('search', 'student' ~ student_number ~ '-') | list }}"

- name: Debug hosts for
ansible.builtin.debug:
msg: "{{ student_hosts }}"

- name: Add devices into controller inventory
awx.awx.host:
name: "{{ hostvars[item].short_name }}"
enabled: true
inventory: "Workshop Inventory"
controller_username: admin
controller_password: "{{ admin_password }}"
controller_host: "https://{{ ansible_host }}"
validate_certs: false
variables:
ansible_host: "{{ hostvars[item].ansible_host }}"
private_ip: "{{ hostvars[item].private_ip }}"
private_ip2: "{{ hostvars[item].private_ip | default('') }}"
loop: "{{ student_hosts }}"

- name: use COP controller_configuration collection
include_role:
name: '{{ setup_controller }}'
loop:
- 'infra.controller_configuration.hosts'
- 'infra.controller_configuration.groups'
loop_control:
loop_var: setup_controller

# Teams
- name: Create analyst team
Expand Down
58 changes: 58 additions & 0 deletions roles/populate_controller/vars/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
controller_groups:
- name: attack
inventory: "Workshop Inventory"
hosts:
- "attacker"
variables:
ansible_user: "ec2-user"
- name: siem
inventory: "Workshop Inventory"
hosts:
- "qradar"
variables:
ansible_user: "admin"
ansible_httpapi_pass: "Ansible1!"
ansible_connection: "httpapi"
ansible_httpapi_use_ssl: "yes"
ansible_httpapi_validate_certs: "False"
ansible_network_os: "ibm.qradar.qradar"
- name: ids
inventory: "Workshop Inventory"
hosts:
- "snort"
variables:
ansible_user: "ec2-user"
- name: firewall
inventory: "Workshop Inventory"
hosts:
- "checkpoint_mgmt"
variables:
ansible_user: "admin"
ansible_password: "admin123"
ansible_network_os: "checkpoint"
ansible_connection: "httpapi"
ansible_httpapi_use_ssl: "yes"
ansible_httpapi_validate_certs: "no"
- name: checkpoint
inventory: "Workshop Inventory"
hosts:
- "checkpoint_mgmt"
variables:
ansible_user: "admin"
ansible_password: "admin123"
ansible_network_os: "checkpoint"
ansible_connection: "httpapi"
ansible_httpapi_use_ssl: "yes"
ansible_httpapi_validate_certs: "no"
- name: windows
inventory: "Workshop Inventory"
hosts:
- "windows_ws"
variables:
note: in production these passwords would be encrypted in vault
ansible_user: "Administrator"
ansible_password: "{{ windows_password }}"
ansible_port: "5986"
ansible_connection: "winrm"
ansible_winrm_server_cert_validation: "ignore"