diff options
author | heqnx <root@heqnx.com> | 2025-05-25 08:23:11 +0300 |
---|---|---|
committer | heqnx <root@heqnx.com> | 2025-05-25 08:23:11 +0300 |
commit | 56b09942c04c191b7581a26e1375226d40709a34 (patch) | |
tree | 4042a01a25b62ac16571b1dc86daf9fe2c6313d9 /sliver-c2/templates | |
parent | bcd55b16115ed51075686a68402134680ac80ae9 (diff) | |
download | ansible-playbooks-56b09942c04c191b7581a26e1375226d40709a34.tar.gz ansible-playbooks-56b09942c04c191b7581a26e1375226d40709a34.zip |
added sliver ansible playbook
Diffstat (limited to 'sliver-c2/templates')
-rw-r--r-- | sliver-c2/templates/jail.local.j2 | 46 | ||||
-rw-r--r-- | sliver-c2/templates/server.json.j2 | 18 | ||||
-rw-r--r-- | sliver-c2/templates/sliver.service.j2 | 14 |
3 files changed, 78 insertions, 0 deletions
diff --git a/sliver-c2/templates/jail.local.j2 b/sliver-c2/templates/jail.local.j2 new file mode 100644 index 0000000..dd548df --- /dev/null +++ b/sliver-c2/templates/jail.local.j2 @@ -0,0 +1,46 @@ +[INCLUDES] +#before = paths-distro.conf +before = paths-debian.conf + +[DEFAULT] +#ignoreself = true +#ignoreip = 127.0.0.1/8 ::1 +ignorecommand = +bantime = 1h +findtime = 10m +maxretry = 3 +maxmatches = %(maxretry)s +backend = auto +usedns = warn +logencoding = auto +enabled = false +mode = normal +filter = %(__name__)s[mode=%(mode)s] +destemail = root@localhost +sender = root@<fq-hostname> +mta = sendmail +protocol = tcp +chain = <known/chain> +port = 0:65535 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s +banaction = iptables-multiport +banaction_allports = iptables-allports +action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mw = %(action_)s + %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mwl = %(action_)s + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_xarf = %(action_)s + xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] +action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] + %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] +action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] +action_abuseipdb = abuseipdb +action = %(action_)s + +[sshd] +mode = aggressive +enabled = true +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s diff --git a/sliver-c2/templates/server.json.j2 b/sliver-c2/templates/server.json.j2 new file mode 100644 index 0000000..9c59062 --- /dev/null +++ b/sliver-c2/templates/server.json.j2 @@ -0,0 +1,18 @@ +{ + "daemon_mode": false, + "daemon": { + "host": "{{ sliver_server }}", + "port": 31337 + }, + "logs": { + "level": 4, + "grpc_unary_payloads": false, + "grpc_stream_payloads": false, + "tls_key_logger": false + }, + "jobs": { + "multiplayer": null + }, + "watch_tower": null, + "go_proxy": "" +} diff --git a/sliver-c2/templates/sliver.service.j2 b/sliver-c2/templates/sliver.service.j2 new file mode 100644 index 0000000..11cc2bd --- /dev/null +++ b/sliver-c2/templates/sliver.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=Sliver +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=on-failure +RestartSec=3 +User=root +ExecStart={{ install_path }}/sliver-server daemon + +[Install] +WantedBy=multi-user.target |