From bc69328cd513b8b6394e60d4ed7be451ded48cec Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 8 Nov 2023 11:14:26 -0500 Subject: [PATCH 1/2] Use a variable for CyHy user information in the Packer configuration Instead of hardcoding the values everywhere they are (and will be) used it makes sense to put the user information into a variables file. --- packer/ansible/create_cyhy_user.yml | 8 +++++--- packer/ansible/vars/cyhy_user.yml | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 packer/ansible/vars/cyhy_user.yml diff --git a/packer/ansible/create_cyhy_user.yml b/packer/ansible/create_cyhy_user.yml index c5156305..547b7699 100644 --- a/packer/ansible/create_cyhy_user.yml +++ b/packer/ansible/create_cyhy_user.yml @@ -9,9 +9,9 @@ - name: Create the cyhy user ansible.builtin.user: home: /var/cyhy - name: cyhy + name: "{{ cyhy_user_username }}" shell: /bin/bash - uid: 2048 + uid: "{{ cyhy_user_uid }}" register: user_info - name: Modify permissions on the home directory @@ -22,4 +22,6 @@ - name: Add the SSH public key as an authorized key ansible.posix.authorized_key: key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOreUDnms12MPI0gh7K+YGaESYgC2TY1zA+kSK/g+n5+ cyhy - user: cyhy + user: "{{ cyhy_user_username }}" + vars_files: + - vars/cyhy_user.yml diff --git a/packer/ansible/vars/cyhy_user.yml b/packer/ansible/vars/cyhy_user.yml new file mode 100644 index 00000000..07a84fcd --- /dev/null +++ b/packer/ansible/vars/cyhy_user.yml @@ -0,0 +1,4 @@ +--- +# CyHy user information +cyhy_user_uid: 2048 +cyhy_user_username: cyhy From afbe339aabad3069e8dced16c588c76c021162e7 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 8 Nov 2023 14:19:44 -0500 Subject: [PATCH 2/2] Move creation of the /etc/cyhy directory to AMI build time It makes sense to put creation of this directory into AMI build time instead of having multiple Ansible roles in this project create the directory during deployment. --- ansible/roles/cyhy_commander/tasks/main.yml | 11 ----------- ansible/roles/cyhy_dashboard/tasks/main.yml | 7 ++----- ansible/roles/cyhy_reporter/tasks/main.yml | 6 ------ ansible/roles/nessus/tasks/main.yml | 8 -------- packer/ansible/create_credentials_directory.yml | 15 +++++++++++++++ packer/ansible/playbook.yml | 3 +++ 6 files changed, 20 insertions(+), 30 deletions(-) create mode 100644 packer/ansible/create_credentials_directory.yml diff --git a/ansible/roles/cyhy_commander/tasks/main.yml b/ansible/roles/cyhy_commander/tasks/main.yml index 2b38bb27..bd0b7948 100644 --- a/ansible/roles/cyhy_commander/tasks/main.yml +++ b/ansible/roles/cyhy_commander/tasks/main.yml @@ -10,17 +10,6 @@ mode: 0600 owner: cyhy -# -# Create the cyhy directory in etc for commander conf -# -- name: Create the /etc/cyhy directory - ansible.builtin.file: - group: cyhy - mode: 0755 - owner: cyhy - path: /etc/cyhy - state: directory - # # Copy the cyhy-commander conf file # diff --git a/ansible/roles/cyhy_dashboard/tasks/main.yml b/ansible/roles/cyhy_dashboard/tasks/main.yml index c1b6f085..0b2d756c 100644 --- a/ansible/roles/cyhy_dashboard/tasks/main.yml +++ b/ansible/roles/cyhy_dashboard/tasks/main.yml @@ -1,14 +1,11 @@ --- -- name: Create needed directories +- name: Create the /var/cyhy/web directory ansible.builtin.file: group: cyhy mode: 0750 owner: cyhy - path: "{{ item }}" + path: /var/cyhy/web state: directory - loop: - - /etc/cyhy - - /var/cyhy/web - name: Create secret key file for webd ansible.builtin.file: diff --git a/ansible/roles/cyhy_reporter/tasks/main.yml b/ansible/roles/cyhy_reporter/tasks/main.yml index 4dee132f..10321ff4 100644 --- a/ansible/roles/cyhy_reporter/tasks/main.yml +++ b/ansible/roles/cyhy_reporter/tasks/main.yml @@ -2,12 +2,6 @@ # # Set up /etc/cyhy/cyhy.conf # -- name: Create the /etc/cyhy directory - ansible.builtin.file: - mode: 0755 - path: /etc/cyhy - state: directory - - name: Create /etc/cyhy/cyhy.conf ansible.builtin.template: dest: /etc/cyhy/cyhy.conf diff --git a/ansible/roles/nessus/tasks/main.yml b/ansible/roles/nessus/tasks/main.yml index 24151907..b19ba7e4 100644 --- a/ansible/roles/nessus/tasks/main.yml +++ b/ansible/roles/nessus/tasks/main.yml @@ -94,14 +94,6 @@ name: nessusd state: started -- name: Create /etc/cyhy directory - ansible.builtin.file: - group: cyhy - mode: 0750 - owner: cyhy - path: /etc/cyhy - state: directory - - name: Create the configuration file for Nessus API access ansible.builtin.template: dest: /etc/cyhy/nessus_api.yml diff --git a/packer/ansible/create_credentials_directory.yml b/packer/ansible/create_credentials_directory.yml new file mode 100644 index 00000000..3b3ab0e6 --- /dev/null +++ b/packer/ansible/create_credentials_directory.yml @@ -0,0 +1,15 @@ +--- +- hosts: cyhy_commander,cyhy_dashboard,cyhy_reporter,nessus + name: Create the directory used for cyhy-commander, cyhy-core, and Nessus credentials + become: yes + become_method: ansible.builtin.sudo + tasks: + - name: Create the /etc/cyhy directory + ansible.builtin.file: + group: "{{ cyhy_user_username }}" + mode: 0750 + owner: "{{ cyhy_user_username }}" + path: /etc/cyhy + state: directory + vars_files: + - vars/cyhy_user.yml diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index b960b930..59a4e60b 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -8,6 +8,9 @@ - name: Import cyhy user creation playbook ansible.builtin.import_playbook: create_cyhy_user.yml +- name: Import credentials directory creation playbook + ansible.builtin.import_playbook: create_credentials_directory.yml + - name: Import the nmap host playbook ansible.builtin.import_playbook: nmap.yml