diff options
| author | heqnx <root@heqnx.com> | 2025-05-25 11:50:46 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-05-25 11:50:46 +0300 |
| commit | 7c8ed923df3c02338dfbf826fd6fd9a23dac502e (patch) | |
| tree | 929ee32e5a6f32e952bb8fcad33f704a371af9ff | |
| parent | e905a6a60ceb43ef2bfa8f0f61c23630955caf1f (diff) | |
| download | ansible-playbooks-7c8ed923df3c02338dfbf826fd6fd9a23dac502e.tar.gz ansible-playbooks-7c8ed923df3c02338dfbf826fd6fd9a23dac502e.zip | |
moved unorganized playbooks into old folder
| -rw-r--r-- | attackbox/handlers/main.yaml | 26 | ||||
| -rw-r--r-- | attackbox/inventory.ini | 2 | ||||
| -rw-r--r-- | old/attackbox/ansible.cfg (renamed from attackbox/ansible.cfg) | 0 | ||||
| -rw-r--r-- | old/attackbox/handlers/main.yaml (renamed from sliver-c2/handlers/main.yaml) | 23 | ||||
| -rw-r--r-- | old/attackbox/inventory.yaml | 14 | ||||
| -rw-r--r-- | old/attackbox/playbook.yaml (renamed from attackbox/playbook.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/apt_packages.yaml (renamed from attackbox/tasks/apt_packages.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/chrome_install.yaml (renamed from attackbox/tasks/chrome_install.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/generate_readme.yaml (renamed from attackbox/tasks/generate_readme.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/github_repos.yaml (renamed from attackbox/tasks/github_repos.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/go_tools.yaml (renamed from attackbox/tasks/go_tools.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/golang_install.yaml (renamed from attackbox/tasks/golang_install.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/tasks/harden.yaml (renamed from attackbox/tasks/harden.yaml) | 21 | ||||
| -rw-r--r-- | old/attackbox/tasks/tor_install.yaml (renamed from attackbox/tasks/tor_install.yaml) | 0 | ||||
| -rw-r--r-- | old/attackbox/templates/index.html.j2 | 0 | ||||
| -rw-r--r-- | old/attackbox/templates/jail.local.j2 (renamed from attackbox/templates/jail.local.j2) | 0 | ||||
| -rw-r--r-- | old/attackbox/templates/nginx.conf.j2 | 57 | ||||
| -rw-r--r-- | old/attackbox/templates/readme.txt.j2 (renamed from attackbox/templates/readme.txt.j2) | 0 | ||||
| -rw-r--r-- | old/attackbox/templates/sslh.cfg.j2 | 15 | ||||
| -rw-r--r-- | old/attackbox/templates/sslh.j2 | 3 | ||||
| -rw-r--r-- | old/attackbox/templates/torrc.j2 (renamed from attackbox/templates/torrc.j2) | 0 | ||||
| -rw-r--r-- | old/attackbox/vars/packages.yaml (renamed from attackbox/vars/packages.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/ansible.cfg (renamed from sliver-c2/ansible.cfg) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/handlers/main.yaml | 70 | ||||
| -rw-r--r-- | old/sliver-c2/inventory.yaml | 15 | ||||
| -rw-r--r-- | old/sliver-c2/playbook.yaml | 16 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/apt_packages.yaml (renamed from sliver-c2/tasks/apt_packages.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/golang_install.yaml (renamed from sliver-c2/tasks/golang_install.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/harden.yaml (renamed from sliver-c2/tasks/harden.yaml) | 21 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/sliver_configure.yaml (renamed from sliver-c2/tasks/sliver_configure.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/sliver_install.yaml (renamed from sliver-c2/tasks/sliver_install.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/sliver_systemd.yaml (renamed from sliver-c2/tasks/sliver_systemd.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/tasks/ssh_nginx_setup.yaml | 76 | ||||
| -rw-r--r-- | old/sliver-c2/templates/index.html.j2 | 0 | ||||
| -rw-r--r-- | old/sliver-c2/templates/jail.local.j2 (renamed from sliver-c2/templates/jail.local.j2) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/templates/nginx.conf.j2 | 57 | ||||
| -rw-r--r-- | old/sliver-c2/templates/server.json.j2 (renamed from sliver-c2/templates/server.json.j2) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/templates/sliver.service.j2 (renamed from sliver-c2/templates/sliver.service.j2) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/templates/sslh.j2 | 3 | ||||
| -rw-r--r-- | old/sliver-c2/vars/packages.yaml (renamed from sliver-c2/vars/packages.yaml) | 0 | ||||
| -rw-r--r-- | old/sliver-c2/vars/sliver.yaml (renamed from sliver-c2/vars/sliver.yaml) | 0 | ||||
| -rw-r--r-- | sliver-c2/inventory.ini | 2 | ||||
| -rw-r--r-- | sliver-c2/playbook.yaml | 15 |
43 files changed, 355 insertions, 81 deletions
diff --git a/attackbox/handlers/main.yaml b/attackbox/handlers/main.yaml deleted file mode 100644 index dfb2e24..0000000 --- a/attackbox/handlers/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ -- name: update grub - command: update-grub - -- name: reload fail2ban - command: fail2ban-client reload - -- name: restart ssh - systemd: - name: ssh - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart fail2ban - systemd: - name: fail2ban - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart tor - systemd: - name: tor - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' diff --git a/attackbox/inventory.ini b/attackbox/inventory.ini deleted file mode 100644 index 7053718..0000000 --- a/attackbox/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[servers] -server01 ansible_host=10.11.12.13 ansible_user=root ansible_ssh_private_key_file=id_rsa diff --git a/attackbox/ansible.cfg b/old/attackbox/ansible.cfg index 8395bb7..8395bb7 100644 --- a/attackbox/ansible.cfg +++ b/old/attackbox/ansible.cfg diff --git a/sliver-c2/handlers/main.yaml b/old/attackbox/handlers/main.yaml index 0987034..d0c15e9 100644 --- a/sliver-c2/handlers/main.yaml +++ b/old/attackbox/handlers/main.yaml @@ -4,6 +4,18 @@ - name: reload fail2ban command: fail2ban-client reload +- name: enable ufw + ufw: + state: enabled + policy: deny + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + - name: reload systemd command: systemctl daemon-reload when: ansible_facts['service_mgr'] == 'systemd' @@ -15,6 +27,13 @@ enabled: true when: ansible_facts['service_mgr'] == 'systemd' +- name: enable unattended-upgrades service + systemd: + name: unattended-upgrades + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + - name: restart fail2ban systemd: name: fail2ban @@ -22,9 +41,9 @@ enabled: true when: ansible_facts['service_mgr'] == 'systemd' -- name: sliver systemd handler +- name: restart tor systemd: - name: sliver + name: tor state: restarted enabled: true when: ansible_facts['service_mgr'] == 'systemd' diff --git a/old/attackbox/inventory.yaml b/old/attackbox/inventory.yaml new file mode 100644 index 0000000..0c2cbad --- /dev/null +++ b/old/attackbox/inventory.yaml @@ -0,0 +1,14 @@ +all: + hosts: + server01: + ansible_host: 10.11.12.13 + ansible_user: root + ansible_ssh_private_key_file: id_rsa + # ssh + nginx multiplexing with sslh + #public_sslh_port: 443 + #internal_nginx_port: 8080 + #internal_sshd_port: 22 + children: + servers: + hosts: + server01: {} diff --git a/attackbox/playbook.yaml b/old/attackbox/playbook.yaml index dbd436c..dbd436c 100644 --- a/attackbox/playbook.yaml +++ b/old/attackbox/playbook.yaml diff --git a/attackbox/tasks/apt_packages.yaml b/old/attackbox/tasks/apt_packages.yaml index 4ed8331..4ed8331 100644 --- a/attackbox/tasks/apt_packages.yaml +++ b/old/attackbox/tasks/apt_packages.yaml diff --git a/attackbox/tasks/chrome_install.yaml b/old/attackbox/tasks/chrome_install.yaml index 4b9bf4f..4b9bf4f 100644 --- a/attackbox/tasks/chrome_install.yaml +++ b/old/attackbox/tasks/chrome_install.yaml diff --git a/attackbox/tasks/generate_readme.yaml b/old/attackbox/tasks/generate_readme.yaml index 691d08b..691d08b 100644 --- a/attackbox/tasks/generate_readme.yaml +++ b/old/attackbox/tasks/generate_readme.yaml diff --git a/attackbox/tasks/github_repos.yaml b/old/attackbox/tasks/github_repos.yaml index 042ea6c..042ea6c 100644 --- a/attackbox/tasks/github_repos.yaml +++ b/old/attackbox/tasks/github_repos.yaml diff --git a/attackbox/tasks/go_tools.yaml b/old/attackbox/tasks/go_tools.yaml index 18c0346..18c0346 100644 --- a/attackbox/tasks/go_tools.yaml +++ b/old/attackbox/tasks/go_tools.yaml diff --git a/attackbox/tasks/golang_install.yaml b/old/attackbox/tasks/golang_install.yaml index e67d508..e67d508 100644 --- a/attackbox/tasks/golang_install.yaml +++ b/old/attackbox/tasks/golang_install.yaml diff --git a/attackbox/tasks/harden.yaml b/old/attackbox/tasks/harden.yaml index 75f21bb..ad2b950 100644 --- a/attackbox/tasks/harden.yaml +++ b/old/attackbox/tasks/harden.yaml @@ -114,12 +114,7 @@ shell: dpkg-reconfigure --priority=low unattended-upgrades args: creates: /etc/apt/apt.conf.d/50unattended-upgrades - -- name: enable unattended-upgrades service - systemd: - name: unattended-upgrades - enabled: true - state: started + notify: restart unattended-upgrades - name: disable ipv6 in grub lineinfile: @@ -133,11 +128,9 @@ rule: allow port: 22 proto: tcp - -- name: enable ufw - ufw: - state: enabled - policy: deny + notify: + - enable ufw + - restart ufw - name: deploy custom fail2ban jail.local template: @@ -149,9 +142,3 @@ notify: - restart fail2ban - reload fail2ban - -- name: enable and start fail2ban - systemd: - name: fail2ban - enabled: true - state: started diff --git a/attackbox/tasks/tor_install.yaml b/old/attackbox/tasks/tor_install.yaml index 54f8384..54f8384 100644 --- a/attackbox/tasks/tor_install.yaml +++ b/old/attackbox/tasks/tor_install.yaml diff --git a/old/attackbox/templates/index.html.j2 b/old/attackbox/templates/index.html.j2 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/old/attackbox/templates/index.html.j2 diff --git a/attackbox/templates/jail.local.j2 b/old/attackbox/templates/jail.local.j2 index dd548df..dd548df 100644 --- a/attackbox/templates/jail.local.j2 +++ b/old/attackbox/templates/jail.local.j2 diff --git a/old/attackbox/templates/nginx.conf.j2 b/old/attackbox/templates/nginx.conf.j2 new file mode 100644 index 0000000..a735338 --- /dev/null +++ b/old/attackbox/templates/nginx.conf.j2 @@ -0,0 +1,57 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + server { + listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server; + server_name _; + + root /var/www/html; + index index.html; + + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + location / { + try_files $uri $uri/ =404; + } + + location ~ /\.(?!well-known) { + deny all; + } + } +} diff --git a/attackbox/templates/readme.txt.j2 b/old/attackbox/templates/readme.txt.j2 index 46ea8dc..46ea8dc 100644 --- a/attackbox/templates/readme.txt.j2 +++ b/old/attackbox/templates/readme.txt.j2 diff --git a/old/attackbox/templates/sslh.cfg.j2 b/old/attackbox/templates/sslh.cfg.j2 new file mode 100644 index 0000000..7020ed8 --- /dev/null +++ b/old/attackbox/templates/sslh.cfg.j2 @@ -0,0 +1,15 @@ +verbose: true +foreground: false +inetd: false + +listen: + host: "0.0.0.0" + port: {{ sslh_listen_port }} + +protocols: + ssh: + host: "127.0.0.1" + port: {{ ssh_port }} + http: + host: "127.0.0.1" + port: {{ nginx_port }} diff --git a/old/attackbox/templates/sslh.j2 b/old/attackbox/templates/sslh.j2 new file mode 100644 index 0000000..8820a74 --- /dev/null +++ b/old/attackbox/templates/sslh.j2 @@ -0,0 +1,3 @@ +RUN=yes +DAEMON=/usr/sbin/sslh +DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}" diff --git a/attackbox/templates/torrc.j2 b/old/attackbox/templates/torrc.j2 index b12f93c..b12f93c 100644 --- a/attackbox/templates/torrc.j2 +++ b/old/attackbox/templates/torrc.j2 diff --git a/attackbox/vars/packages.yaml b/old/attackbox/vars/packages.yaml index fc96103..fc96103 100644 --- a/attackbox/vars/packages.yaml +++ b/old/attackbox/vars/packages.yaml diff --git a/sliver-c2/ansible.cfg b/old/sliver-c2/ansible.cfg index 8395bb7..8395bb7 100644 --- a/sliver-c2/ansible.cfg +++ b/old/sliver-c2/ansible.cfg diff --git a/old/sliver-c2/handlers/main.yaml b/old/sliver-c2/handlers/main.yaml new file mode 100644 index 0000000..38b1dd4 --- /dev/null +++ b/old/sliver-c2/handlers/main.yaml @@ -0,0 +1,70 @@ +- name: update grub + command: update-grub + +- name: reload fail2ban + command: fail2ban-client reload + +- name: enable ufw + ufw: + state: enabled + policy: deny + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: reload systemd + command: systemctl daemon-reload + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart ssh + systemd: + name: ssh + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: enable unattended-upgrades service + systemd: + name: unattended-upgrades + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart ufw + systemd: + name: ufw + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart fail2ban + systemd: + name: fail2ban + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: sliver systemd handler + systemd: + name: sliver + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart nginx + systemd: + name: nginx + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: restart sslh + systemd: + name: sslh + state: restarted + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/old/sliver-c2/inventory.yaml b/old/sliver-c2/inventory.yaml new file mode 100644 index 0000000..a330281 --- /dev/null +++ b/old/sliver-c2/inventory.yaml @@ -0,0 +1,15 @@ +all: + hosts: + server01: + ansible_host: 192.168.133.34 + ansible_user: root + ansible_ssh_private_key_file: id_rsa + sliver_server: 127.0.0.1 + # ssh + nginx multiplexing with sslh + #public_sslh_port: 443 + #internal_nginx_port: 8080 + #internal_sshd_port: 22 + children: + servers: + hosts: + server01: {} diff --git a/old/sliver-c2/playbook.yaml b/old/sliver-c2/playbook.yaml new file mode 100644 index 0000000..a6629da --- /dev/null +++ b/old/sliver-c2/playbook.yaml @@ -0,0 +1,16 @@ +- name: sliver setup + hosts: servers + become: true + vars_files: + - vars/packages.yaml + - vars/sliver.yaml + tasks: + - import_tasks: tasks/ssh_nginx_setup.yaml + - import_tasks: tasks/apt_packages.yaml + #- import_tasks: tasks/golang_install.yaml + #- import_tasks: tasks/harden.yaml + #- import_tasks: tasks/sliver_install.yaml + #- import_tasks: tasks/sliver_systemd.yaml + #- import_tasks: tasks/sliver_configure.yaml + handlers: + - import_tasks: handlers/main.yaml diff --git a/sliver-c2/tasks/apt_packages.yaml b/old/sliver-c2/tasks/apt_packages.yaml index 3f600c2..3f600c2 100644 --- a/sliver-c2/tasks/apt_packages.yaml +++ b/old/sliver-c2/tasks/apt_packages.yaml diff --git a/sliver-c2/tasks/golang_install.yaml b/old/sliver-c2/tasks/golang_install.yaml index e67d508..e67d508 100644 --- a/sliver-c2/tasks/golang_install.yaml +++ b/old/sliver-c2/tasks/golang_install.yaml diff --git a/sliver-c2/tasks/harden.yaml b/old/sliver-c2/tasks/harden.yaml index 7ac157c..ec09ea2 100644 --- a/sliver-c2/tasks/harden.yaml +++ b/old/sliver-c2/tasks/harden.yaml @@ -114,12 +114,7 @@ shell: dpkg-reconfigure --priority=low unattended-upgrades args: creates: /etc/apt/apt.conf.d/50unattended-upgrades - -- name: enable unattended-upgrades service - systemd: - name: unattended-upgrades - enabled: true - state: started + notify: restart unattended-upgrades - name: disable ipv6 in grub lineinfile: @@ -133,11 +128,9 @@ rule: allow port: 22 proto: tcp - -- name: enable ufw - ufw: - state: enabled - policy: deny + notify: + - reload ufw + - restart ufw - name: deploy custom fail2ban jail.local template: @@ -149,9 +142,3 @@ notify: - restart fail2ban - reload fail2ban - -- name: enable and start fail2ban - systemd: - name: fail2ban - enabled: true - state: started diff --git a/sliver-c2/tasks/sliver_configure.yaml b/old/sliver-c2/tasks/sliver_configure.yaml index bf4797e..bf4797e 100644 --- a/sliver-c2/tasks/sliver_configure.yaml +++ b/old/sliver-c2/tasks/sliver_configure.yaml diff --git a/sliver-c2/tasks/sliver_install.yaml b/old/sliver-c2/tasks/sliver_install.yaml index 3f0e029..3f0e029 100644 --- a/sliver-c2/tasks/sliver_install.yaml +++ b/old/sliver-c2/tasks/sliver_install.yaml diff --git a/sliver-c2/tasks/sliver_systemd.yaml b/old/sliver-c2/tasks/sliver_systemd.yaml index 3b29f0f..3b29f0f 100644 --- a/sliver-c2/tasks/sliver_systemd.yaml +++ b/old/sliver-c2/tasks/sliver_systemd.yaml diff --git a/old/sliver-c2/tasks/ssh_nginx_setup.yaml b/old/sliver-c2/tasks/ssh_nginx_setup.yaml new file mode 100644 index 0000000..beb0910 --- /dev/null +++ b/old/sliver-c2/tasks/ssh_nginx_setup.yaml @@ -0,0 +1,76 @@ +- block: + - name: install required packages + apt: + name: + - openssl + - nginx + - sslh + - ufw + state: present + update_cache: true + + - name: deploy index.html + template: + src: index.html.j2 + dest: /var/www/html/index.html + owner: www-data + group: www-data + mode: '0644' + + - name: ensure /var/www/html directory permissions + file: + path: /var/www/html + state: directory + owner: www-data + group: www-data + mode: '0755' + + - name: generate self-signed ssl certificate + command: > + openssl req -x509 -nodes -days 365 -newkey rsa:2048 + -keyout /etc/ssl/private/nginx-selfsigned.key + -out /etc/ssl/certs/nginx-selfsigned.crt + -subj "/CN=localhost" + args: + creates: /etc/ssl/certs/nginx-selfsigned.crt + + - name: deploy nginx.conf + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0644' + notify: restart nginx + + - name: deploy sslh config file + template: + src: sslh.j2 + dest: /etc/default/sslh + owner: root + group: root + mode: '0644' + notify: restart sslh + + - name: allow ssh port and enable ufw + ufw: + rule: allow + port: "{{ internal_sshd_port }}" + proto: tcp + notify: + - enable ufw + - restart ufw + + - name: allow http port and enable ufw + ufw: + rule: allow + port: "{{ public_sslh_port }}" + proto: tcp + notify: + - enable ufw + - restart ufw + + when: + - public_sslh_port is defined + - internal_nginx_port is defined + - internal_sshd_port is defined diff --git a/old/sliver-c2/templates/index.html.j2 b/old/sliver-c2/templates/index.html.j2 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/old/sliver-c2/templates/index.html.j2 diff --git a/sliver-c2/templates/jail.local.j2 b/old/sliver-c2/templates/jail.local.j2 index dd548df..dd548df 100644 --- a/sliver-c2/templates/jail.local.j2 +++ b/old/sliver-c2/templates/jail.local.j2 diff --git a/old/sliver-c2/templates/nginx.conf.j2 b/old/sliver-c2/templates/nginx.conf.j2 new file mode 100644 index 0000000..a735338 --- /dev/null +++ b/old/sliver-c2/templates/nginx.conf.j2 @@ -0,0 +1,57 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_tokens off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + server { + listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server; + server_name _; + + root /var/www/html; + index index.html; + + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + add_header X-XSS-Protection "1; mode=block"; + + location / { + try_files $uri $uri/ =404; + } + + location ~ /\.(?!well-known) { + deny all; + } + } +} diff --git a/sliver-c2/templates/server.json.j2 b/old/sliver-c2/templates/server.json.j2 index 9c59062..9c59062 100644 --- a/sliver-c2/templates/server.json.j2 +++ b/old/sliver-c2/templates/server.json.j2 diff --git a/sliver-c2/templates/sliver.service.j2 b/old/sliver-c2/templates/sliver.service.j2 index c45687d..c45687d 100644 --- a/sliver-c2/templates/sliver.service.j2 +++ b/old/sliver-c2/templates/sliver.service.j2 diff --git a/old/sliver-c2/templates/sslh.j2 b/old/sliver-c2/templates/sslh.j2 new file mode 100644 index 0000000..8820a74 --- /dev/null +++ b/old/sliver-c2/templates/sslh.j2 @@ -0,0 +1,3 @@ +RUN=yes +DAEMON=/usr/sbin/sslh +DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}" diff --git a/sliver-c2/vars/packages.yaml b/old/sliver-c2/vars/packages.yaml index d670cca..d670cca 100644 --- a/sliver-c2/vars/packages.yaml +++ b/old/sliver-c2/vars/packages.yaml diff --git a/sliver-c2/vars/sliver.yaml b/old/sliver-c2/vars/sliver.yaml index 5ef0e6c..5ef0e6c 100644 --- a/sliver-c2/vars/sliver.yaml +++ b/old/sliver-c2/vars/sliver.yaml diff --git a/sliver-c2/inventory.ini b/sliver-c2/inventory.ini deleted file mode 100644 index 7babd5e..0000000 --- a/sliver-c2/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[servers] -server01 ansible_host=10.11.12.13 ansible_user=root ansible_ssh_private_key_file=id_rsa sliver_server=127.0.0.1 diff --git a/sliver-c2/playbook.yaml b/sliver-c2/playbook.yaml deleted file mode 100644 index 2447e16..0000000 --- a/sliver-c2/playbook.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- name: sliver setup - hosts: servers - become: true - vars_files: - - vars/packages.yaml - - vars/sliver.yaml - tasks: - - import_tasks: tasks/apt_packages.yaml - - import_tasks: tasks/golang_install.yaml - - import_tasks: tasks/harden.yaml - - import_tasks: tasks/sliver_install.yaml - - import_tasks: tasks/sliver_systemd.yaml - - import_tasks: tasks/sliver_configure.yaml - handlers: - - import_tasks: handlers/main.yaml |