removing old dir

7 files changed, 0 insertions, 343 deletions

diff --git a/old/sliver-c2/tasks/apt_packages.yaml b/old/sliver-c2/tasks/apt_packages.yaml
deleted file mode 100644
index 3f600c2..0000000
--- a/old/sliver-c2/tasks/apt_packages.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: install apt packages
-  apt:
-    name: "{{ apt_packages }}"
-    state: present
-    update_cache: true
diff --git a/old/sliver-c2/tasks/golang_install.yaml b/old/sliver-c2/tasks/golang_install.yaml
deleted file mode 100644
index e67d508..0000000
--- a/old/sliver-c2/tasks/golang_install.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-- name: download and extract golang
-  block:
-    - name: get latest golang version
-      shell: |
-        curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1
-      register: latest_golang
-      changed_when: false
-
-    - name: download golang
-      get_url:
-        url: "https://golang.org/dl/{{ latest_golang.stdout }}"
-        dest: /tmp/golang.tar.gz
-
-    - name: extract golang to /usr/local
-      unarchive:
-        src: /tmp/golang.tar.gz
-        dest: /usr/local
-        remote_src: yes
-
-    - name: remove tarball
-      file:
-        path: /tmp/golang.tar.gz
-        state: absent
-
-    - name: set system-wide go environment variables
-      copy:
-        dest: /etc/profile.d/go_env.sh
-        content: |
-          export GOPATH=/root/go
-          export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin
-        owner: root
-        group: root
-        mode: '0644'
diff --git a/old/sliver-c2/tasks/harden.yaml b/old/sliver-c2/tasks/harden.yaml
deleted file mode 100644
index ec09ea2..0000000
--- a/old/sliver-c2/tasks/harden.yaml
+++ /dev/null
@@ -1,144 +0,0 @@
-- name: fail if system is not debian/ubuntu
-  ansible.builtin.assert:
-    that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()"
-    fail_msg: "this playbook supports only debian-based systems"
-
-- name: remove snap and snapd
-  apt:
-    name:
-      - snap
-      - snapd
-    state: absent
-    purge: true
-
-- name: clean apt cache
-  apt:
-    autoclean: true
-
-- name: clear /etc/issue and /etc/motd
-  copy:
-    content: ""
-    dest: "{{ item }}"
-  loop:
-    - /etc/issue
-    - /etc/motd
-
-- name: check if /etc/update-motd.d directory exists
-  stat:
-    path: /etc/update-motd.d
-  register: motd_dir
-
-- name: find files in /etc/update-motd.d
-  find:
-    paths: /etc/update-motd.d
-    file_type: file
-  register: motd_files
-  when: motd_dir.stat.exists
-
-- name: remove execute permissions from all files in /etc/update-motd.d
-  file:
-    path: "{{ item.path }}"
-    mode: u-x,g-x,o-x
-  loop: "{{ motd_files.files }}"
-  when: motd_dir.stat.exists
-
-- name: enforce root-only cron/at
-  file:
-    path: "{{ item }}"
-    state: touch
-    owner: root
-    group: root
-    mode: '0600'
-  loop:
-    - /etc/cron.allow
-    - /etc/at.allow
-
-- name: remove deny files for cron and at
-  file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - /etc/cron.deny
-    - /etc/at.deny
-
-- name: backup sshd_config
-  copy:
-    src: /etc/ssh/sshd_config
-    dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}"
-    remote_src: yes
-
-- name: harden sshd_config
-  copy:
-    dest: /etc/ssh/sshd_config
-    content: |
-      Port 22
-      Banner /etc/issue
-      UsePAM yes
-      Protocol 2
-      Subsystem sftp /usr/lib/openssh/sftp-server
-      LogLevel verbose
-      PrintMotd no
-      AcceptEnv LANG LC_*
-      MaxSessions 5
-      StrictModes yes
-      Compression no
-      MaxAuthTries 3
-      IgnoreRhosts yes
-      PrintLastLog yes
-      AddressFamily inet
-      X11Forwarding no
-      PermitRootLogin yes
-      AllowTcpForwarding no
-      ClientAliveInterval 1200
-      AllowAgentForwarding no
-      PermitEmptyPasswords no
-      ClientAliveCountMax 0
-      GSSAPIAuthentication no
-      KerberosAuthentication no
-      IgnoreUserKnownHosts yes
-      PermitUserEnvironment no
-      ChallengeResponseAuthentication no
-      MACs hmac-sha2-512,hmac-sha2-256
-      Ciphers aes128-ctr,aes192-ctr,aes256-ctr
-
-- name: regenerate SSH host keys
-  shell: |
-    rm -f /etc/ssh/ssh_host_*key*
-    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
-    ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
-  args:
-    creates: /etc/ssh/ssh_host_ed25519_key
-  notify: restart ssh
-
-- name: enable unattended-upgrades
-  shell: dpkg-reconfigure --priority=low unattended-upgrades
-  args:
-    creates: /etc/apt/apt.conf.d/50unattended-upgrades
-  notify: restart unattended-upgrades
-
-- name: disable ipv6 in grub
-  lineinfile:
-    path: /etc/default/grub
-    regexp: '^GRUB_CMDLINE_LINUX='
-    line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"'
-  notify: update grub
-
-- name: allow ssh port and enable ufw
-  ufw:
-    rule: allow
-    port: 22
-    proto: tcp
-  notify:
-    - reload ufw
-    - restart ufw
-
-- name: deploy custom fail2ban jail.local
-  template:
-    src: templates/jail.local.j2
-    dest: /etc/fail2ban/jail.local
-    owner: root
-    group: root
-    mode: '0644'
-  notify:
-    - restart fail2ban
-    - reload fail2ban
diff --git a/old/sliver-c2/tasks/sliver_configure.yaml b/old/sliver-c2/tasks/sliver_configure.yaml
deleted file mode 100644
index bf4797e..0000000
--- a/old/sliver-c2/tasks/sliver_configure.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-- name: ensure .sliver config directory exists
-  file:
-    path: "{{ install_path }}/.sliver/configs"
-    state: directory
-    owner: root
-    group: root
-    mode: '0700'
-
-- name: deploy custom server.json config
-  template:
-    src: server.json.j2
-    dest: "{{ install_path }}/.sliver/configs/server.json"
-    owner: root
-    group: root
-    mode: '0600'
-    force: true
-
-- name: ensure sliver client config directory exists
-  file:
-    path: "{{ install_path }}/.sliver-client/configs"
-    state: directory
-    owner: root
-    group: root
-    mode: '0700'
-
-- name: generate sliver operator profiles
-  loop: "{{ sliver_operators }}"
-  loop_control:
-    loop_var: operator
-  command: /opt/sliver/sliver-server operator --name {{ operator }} --lhost {{ sliver_server }} --save /root/.sliver-client/configs
-  notify: sliver systemd handler
-
-- name: fix permissions for .sliver-client directory
-  file:
-    path: /root/.sliver-client
-    state: directory
-    recurse: true
-    owner: root
-    group: root
-
diff --git a/old/sliver-c2/tasks/sliver_install.yaml b/old/sliver-c2/tasks/sliver_install.yaml
deleted file mode 100644
index 3f0e029..0000000
--- a/old/sliver-c2/tasks/sliver_install.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-- name: import sliver gpg key
-  shell: |
-    gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4449039C
-
-- name: get latest sliver-server binary URL
-  shell: |
-    curl -sSLf https://api.github.com/repos/BishopFox/sliver/releases/latest \
-    | grep -i browser_download_url \
-    | grep -i sliver-server_linux \
-    | grep -v sig \
-    | head -1 \
-    | cut -d '"' -f 4
-  register: sliver_url
-  changed_when: false
-
-- name: create sliver directory
-  file:
-    path: "{{ install_path }}"
-    state: directory
-    mode: '0755'
-
-- name: download sliver-server binary
-  get_url:
-    url: "{{ sliver_url.stdout }}"
-    dest: "{{ install_path }}/sliver-server"
-    mode: '0755'
-
-- name: symlink sliver binaries
-  file:
-    src: "{{ install_path }}/{{ item }}"
-    dest: "/usr/local/bin/{{ item }}"
-    state: link
-    force: true
-  loop:
-    - sliver-server
diff --git a/old/sliver-c2/tasks/sliver_systemd.yaml b/old/sliver-c2/tasks/sliver_systemd.yaml
deleted file mode 100644
index 3b29f0f..0000000
--- a/old/sliver-c2/tasks/sliver_systemd.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: copy sliver systemd service template
-  template:
-    src: sliver.service.j2
-    dest: /etc/systemd/system/sliver.service
-    owner: root
-    group: root
-    mode: '0600'
-  notify:
-    - reload systemd
-    - sliver systemd handler
diff --git a/old/sliver-c2/tasks/ssh_nginx_setup.yaml b/old/sliver-c2/tasks/ssh_nginx_setup.yaml
deleted file mode 100644
index beb0910..0000000
--- a/old/sliver-c2/tasks/ssh_nginx_setup.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
-- block: 
-  - name: install required packages
-    apt:
-      name:
-        - openssl
-        - nginx
-        - sslh
-        - ufw
-      state: present
-      update_cache: true
-  
-  - name: deploy index.html
-    template:
-      src: index.html.j2
-      dest: /var/www/html/index.html
-      owner: www-data
-      group: www-data
-      mode: '0644'
-  
-  - name: ensure /var/www/html directory permissions
-    file:
-      path: /var/www/html
-      state: directory
-      owner: www-data
-      group: www-data
-      mode: '0755'
-
-  - name: generate self-signed ssl certificate
-    command: >
-      openssl req -x509 -nodes -days 365 -newkey rsa:2048
-      -keyout /etc/ssl/private/nginx-selfsigned.key
-      -out /etc/ssl/certs/nginx-selfsigned.crt
-      -subj "/CN=localhost"
-    args:
-      creates: /etc/ssl/certs/nginx-selfsigned.crt
-  
-  - name: deploy nginx.conf
-    template:
-      src: nginx.conf.j2
-      dest: /etc/nginx/nginx.conf
-      owner: root
-      group: root
-      mode: '0644'
-    notify: restart nginx
-  
-  - name: deploy sslh config file
-    template:
-      src: sslh.j2
-      dest: /etc/default/sslh
-      owner: root
-      group: root
-      mode: '0644'
-    notify: restart sslh
-
-  - name: allow ssh port and enable ufw
-    ufw:
-      rule: allow
-      port: "{{ internal_sshd_port }}"
-      proto: tcp
-    notify: 
-      - enable ufw
-      - restart ufw
-  
-  - name: allow http port and enable ufw
-    ufw:
-      rule: allow
-      port: "{{ public_sslh_port }}"
-      proto: tcp
-    notify:
-      - enable ufw
-      - restart ufw
-
-  when:
-    - public_sslh_port is defined
-    - internal_nginx_port is defined
-    - internal_sshd_port is defined