moved unorganized playbooks into old folder

7 files changed, 171 insertions, 0 deletions

diff --git a/old/attackbox/templates/index.html.j2 b/old/attackbox/templates/index.html.j2
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/old/attackbox/templates/index.html.j2
diff --git a/old/attackbox/templates/jail.local.j2 b/old/attackbox/templates/jail.local.j2
new file mode 100644
index 0000000..dd548df
--- /dev/null
+++ b/old/attackbox/templates/jail.local.j2
@@ -0,0 +1,46 @@
+[INCLUDES]
+#before = paths-distro.conf
+before = paths-debian.conf
+
+[DEFAULT]
+#ignoreself = true
+#ignoreip = 127.0.0.1/8 ::1
+ignorecommand =
+bantime  = 1h
+findtime  = 10m
+maxretry = 3
+maxmatches = %(maxretry)s
+backend = auto
+usedns = warn
+logencoding = auto
+enabled = false
+mode = normal
+filter = %(__name__)s[mode=%(mode)s]
+destemail = root@localhost
+sender = root@<fq-hostname>
+mta = sendmail
+protocol = tcp
+chain = <known/chain>
+port = 0:65535
+fail2ban_agent = Fail2Ban/%(fail2ban_version)s
+banaction = iptables-multiport
+banaction_allports = iptables-allports
+action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+action_mw = %(action_)s
+            %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+action_mwl = %(action_)s
+             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
+action_xarf = %(action_)s
+             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
+action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
+                %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
+action_blocklist_de  = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
+action_abuseipdb = abuseipdb
+action = %(action_)s
+
+[sshd]
+mode = aggressive
+enabled = true
+port = ssh
+logpath = %(sshd_log)s
+backend = %(sshd_backend)s
diff --git a/old/attackbox/templates/nginx.conf.j2 b/old/attackbox/templates/nginx.conf.j2
new file mode 100644
index 0000000..a735338
--- /dev/null
+++ b/old/attackbox/templates/nginx.conf.j2
@@ -0,0 +1,57 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    server_tokens off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log warn;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options DENY;
+    add_header X-XSS-Protection "1; mode=block";
+
+    server {
+        listen 127.0.0.1:{{ internal_nginx_port }} ssl default_server;
+        server_name _;
+    
+        root /var/www/html;
+        index index.html;
+    
+        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+    
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+    
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options DENY;
+        add_header X-XSS-Protection "1; mode=block";
+    
+        location / {
+            try_files $uri $uri/ =404;
+        }
+    
+        location ~ /\.(?!well-known) {
+            deny all;
+        }
+    }
+}
diff --git a/old/attackbox/templates/readme.txt.j2 b/old/attackbox/templates/readme.txt.j2
new file mode 100644
index 0000000..46ea8dc
--- /dev/null
+++ b/old/attackbox/templates/readme.txt.j2
@@ -0,0 +1,20 @@
+- [ generated on: {{ ansible_date_time.date }} {{ ansible_date_time.time }}
+
+-- [ tools
+
+--- [ github repos cloned to /opt/tools
+{% for repo in github_repos %}
+- {{ repo }}
+{% endfor %}
+
+--- [ go tools installed
+{% for tool in go_tools %}
+- {{ tool }}
+{% endfor %}
+
+-- [ package manager
+
+--- [ apt packages installed
+{% for pkg in apt_packages %}
+- {{ pkg }}
+{% endfor %}
diff --git a/old/attackbox/templates/sslh.cfg.j2 b/old/attackbox/templates/sslh.cfg.j2
new file mode 100644
index 0000000..7020ed8
--- /dev/null
+++ b/old/attackbox/templates/sslh.cfg.j2
@@ -0,0 +1,15 @@
+verbose: true
+foreground: false
+inetd: false
+
+listen:
+  host: "0.0.0.0"
+  port: {{ sslh_listen_port }}
+
+protocols:
+  ssh:
+    host: "127.0.0.1"
+    port: {{ ssh_port }}
+  http:
+    host: "127.0.0.1"
+    port: {{ nginx_port }}
diff --git a/old/attackbox/templates/sslh.j2 b/old/attackbox/templates/sslh.j2
new file mode 100644
index 0000000..8820a74
--- /dev/null
+++ b/old/attackbox/templates/sslh.j2
@@ -0,0 +1,3 @@
+RUN=yes
+DAEMON=/usr/sbin/sslh
+DAEMON_OPTS="--user sslh --listen 0.0.0.0:{{ public_sslh_port }} --ssh 127.0.0.1:{{ internal_sshd_port }} --http 127.0.0.1:{{ internal_nginx_port }}"
diff --git a/old/attackbox/templates/torrc.j2 b/old/attackbox/templates/torrc.j2
new file mode 100644
index 0000000..b12f93c
--- /dev/null
+++ b/old/attackbox/templates/torrc.j2
@@ -0,0 +1,30 @@
+Log notice file /var/log/tor/notices.log
+Log info file /var/log/tor/info.log
+Log warn file /var/log/tor/warn.log
+SafeLogging 1
+
+RunAsDaemon 1
+
+DataDirectory /var/lib/tor
+
+UseEntryGuards 1
+
+ExitRelay 0
+
+ExcludeNodes {us},{gb},{ca},{nz},{au},{dk},{fr},{nl},{no},{de},{be},{it},{es},{se},{cn},{ru},{ir}
+StrictNodes 1
+
+SOCKSPort 127.0.0.1:9050
+
+DNSPort 127.0.0.1:5353
+TransPort 9040
+VirtualAddrNetworkIPv4 10.192.0.0/10
+AutomapHostsOnResolve 1
+
+HardwareAccel 1
+Sandbox 1
+NoExec 1
+KeepAlivePeriod 60
+ClientRejectInternalAddresses 1
+NewCircuitPeriod 30
+MaxCircuitDirtiness 600