8 files changed, 0 insertions, 294 deletions

diff --git a/attackbox/tasks/apt_packages.yaml b/attackbox/tasks/apt_packages.yaml
deleted file mode 100644
index 4ed8331..0000000
--- a/attackbox/tasks/apt_packages.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: install apt packages
-  apt:
-    name: "{{ apt_packages }}"
-    state: present
-    update_cache: yes
diff --git a/attackbox/tasks/chrome_install.yaml b/attackbox/tasks/chrome_install.yaml
deleted file mode 100644
index 4b9bf4f..0000000
--- a/attackbox/tasks/chrome_install.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-- name: remove old google signing key
-  file:
-    path: /etc/apt/trusted.gpg.d/google-signing-key.gpg
-    state: absent
-
-- name: download and install google signing key
-  shell: |
-    curl -sSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/trusted.gpg.d/google-signing-key.gpg
-
-- name: add google chrome repo
-  copy:
-    dest: /etc/apt/sources.list.d/google-chrome.list
-    content: |
-      deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/google-signing-key.gpg] https://dl.google.com/linux/chrome/deb stable main
-
-- name: update apt cache
-  apt:
-    update_cache: yes
-
-- name: install google chrome
-  apt:
-    name: google-chrome-stable
-    state: present
-
diff --git a/attackbox/tasks/generate_readme.yaml b/attackbox/tasks/generate_readme.yaml
deleted file mode 100644
index 691d08b..0000000
--- a/attackbox/tasks/generate_readme.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: generate ~/README.txt on the target server
-  ansible.builtin.template:
-    src: templates/readme.txt.j2
-    dest: "{{ ansible_env.HOME }}/README.txt"
-    owner: "{{ ansible_user | default('root') }}"
-    group: "{{ ansible_user | default('root') }}"
-    mode: '0644'
diff --git a/attackbox/tasks/github_repos.yaml b/attackbox/tasks/github_repos.yaml
deleted file mode 100644
index 042ea6c..0000000
--- a/attackbox/tasks/github_repos.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-- name: ensure /opt/tools exists
-  ansible.builtin.file:
-    path: /opt/tools
-    state: directory
-    owner: root
-    group: root
-    mode: '0755'
-
-- name: clone github repos into /opt/tools
-  ansible.builtin.git:
-    repo: "{{ item }}"
-    dest: "/opt/tools/{{ item | basename | regex_replace('\\.git$', '') }}"
-    update: yes
-    force: yes
-  loop: "{{ github_repos }}"
diff --git a/attackbox/tasks/go_tools.yaml b/attackbox/tasks/go_tools.yaml
deleted file mode 100644
index 18c0346..0000000
--- a/attackbox/tasks/go_tools.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-- name: install go tools
-  ansible.builtin.command:
-    cmd: "/usr/local/go/bin/go install -trimpath -v {{ item }}"
-  environment:
-    GOBIN: /usr/local/bin
-  loop: "{{ go_tools }}"
diff --git a/attackbox/tasks/golang_install.yaml b/attackbox/tasks/golang_install.yaml
deleted file mode 100644
index e67d508..0000000
--- a/attackbox/tasks/golang_install.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-- name: download and extract golang
-  block:
-    - name: get latest golang version
-      shell: |
-        curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1
-      register: latest_golang
-      changed_when: false
-
-    - name: download golang
-      get_url:
-        url: "https://golang.org/dl/{{ latest_golang.stdout }}"
-        dest: /tmp/golang.tar.gz
-
-    - name: extract golang to /usr/local
-      unarchive:
-        src: /tmp/golang.tar.gz
-        dest: /usr/local
-        remote_src: yes
-
-    - name: remove tarball
-      file:
-        path: /tmp/golang.tar.gz
-        state: absent
-
-    - name: set system-wide go environment variables
-      copy:
-        dest: /etc/profile.d/go_env.sh
-        content: |
-          export GOPATH=/root/go
-          export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin
-        owner: root
-        group: root
-        mode: '0644'
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml
deleted file mode 100644
index 75f21bb..0000000
--- a/attackbox/tasks/harden.yaml
+++ /dev/null
@@ -1,157 +0,0 @@
-- name: fail if system is not debian/ubuntu
-  ansible.builtin.assert:
-    that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()"
-    fail_msg: "this playbook supports only debian-based systems"
-
-- name: remove snap and snapd
-  apt:
-    name:
-      - snap
-      - snapd
-    state: absent
-    purge: true
-
-- name: clean apt cache
-  apt:
-    autoclean: yes
-
-- name: clear /etc/issue and /etc/motd
-  copy:
-    content: ""
-    dest: "{{ item }}"
-  loop:
-    - /etc/issue
-    - /etc/motd
-
-- name: check if /etc/update-motd.d directory exists
-  stat:
-    path: /etc/update-motd.d
-  register: motd_dir
-
-- name: find files in /etc/update-motd.d
-  find:
-    paths: /etc/update-motd.d
-    file_type: file
-  register: motd_files
-  when: motd_dir.stat.exists
-
-- name: remove execute permissions from all files in /etc/update-motd.d
-  file:
-    path: "{{ item.path }}"
-    mode: u-x,g-x,o-x
-  loop: "{{ motd_files.files }}"
-  when: motd_dir.stat.exists
-
-- name: enforce root-only cron/at
-  file:
-    path: "{{ item }}"
-    state: touch
-    owner: root
-    group: root
-    mode: '0600'
-  loop:
-    - /etc/cron.allow
-    - /etc/at.allow
-
-- name: remove deny files for cron and at
-  file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - /etc/cron.deny
-    - /etc/at.deny
-
-- name: backup sshd_config
-  copy:
-    src: /etc/ssh/sshd_config
-    dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}"
-    remote_src: yes
-
-- name: harden sshd_config
-  copy:
-    dest: /etc/ssh/sshd_config
-    content: |
-      Port 22
-      Banner /etc/issue
-      UsePAM yes
-      Protocol 2
-      Subsystem sftp /usr/lib/openssh/sftp-server
-      LogLevel verbose
-      PrintMotd no
-      AcceptEnv LANG LC_*
-      MaxSessions 5
-      StrictModes yes
-      Compression no
-      MaxAuthTries 3
-      IgnoreRhosts yes
-      PrintLastLog yes
-      AddressFamily inet
-      X11Forwarding no
-      PermitRootLogin yes
-      AllowTcpForwarding no
-      ClientAliveInterval 1200
-      AllowAgentForwarding no
-      PermitEmptyPasswords no
-      ClientAliveCountMax 0
-      GSSAPIAuthentication no
-      KerberosAuthentication no
-      IgnoreUserKnownHosts yes
-      PermitUserEnvironment no
-      ChallengeResponseAuthentication no
-      MACs hmac-sha2-512,hmac-sha2-256
-      Ciphers aes128-ctr,aes192-ctr,aes256-ctr
-
-- name: regenerate SSH host keys
-  shell: |
-    rm -f /etc/ssh/ssh_host_*key*
-    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
-    ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
-  args:
-    creates: /etc/ssh/ssh_host_ed25519_key
-  notify: restart ssh
-
-- name: enable unattended-upgrades
-  shell: dpkg-reconfigure --priority=low unattended-upgrades
-  args:
-    creates: /etc/apt/apt.conf.d/50unattended-upgrades
-
-- name: enable unattended-upgrades service
-  systemd:
-    name: unattended-upgrades
-    enabled: true
-    state: started
-
-- name: disable ipv6 in grub
-  lineinfile:
-    path: /etc/default/grub
-    regexp: '^GRUB_CMDLINE_LINUX='
-    line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"'
-  notify: update grub
-
-- name: allow ssh port and enable ufw
-  ufw:
-    rule: allow
-    port: 22
-    proto: tcp
-
-- name: enable ufw
-  ufw:
-    state: enabled
-    policy: deny
-
-- name: deploy custom fail2ban jail.local
-  template:
-    src: templates/jail.local.j2
-    dest: /etc/fail2ban/jail.local
-    owner: root
-    group: root
-    mode: '0644'
-  notify:
-    - restart fail2ban
-    - reload fail2ban
-
-- name: enable and start fail2ban
-  systemd:
-    name: fail2ban
-    enabled: true
-    state: started
diff --git a/attackbox/tasks/tor_install.yaml b/attackbox/tasks/tor_install.yaml
deleted file mode 100644
index 54f8384..0000000
--- a/attackbox/tasks/tor_install.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-- name: install tor and required packages
-  apt:
-    name:
-      - tor
-      - tor-geoipdb
-      - torsocks
-      - proxychains
-    state: present
-    update_cache: yes
-
-- name: check if /etc/tor/torrc exists
-  stat:
-    path: /etc/tor/torrc
-  register: torrc_stat
-
-- name: back up /etc/tor/torrc
-  copy:
-    src: /etc/tor/torrc
-    dest: /etc/tor/torrc.bak
-    remote_src: yes
-    force: no
-  when:
-    - torrc_stat.stat.exists
-
-- name: deploy custom tor configuration
-  template:
-    src: templates/torrc.j2
-    dest: /etc/tor/torrc
-    owner: debian-tor
-    group: debian-tor
-    mode: '0644'
-  notify: restart tor
-
-- name: check if tor is routing traffic correctly
-  command: curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
-  register: tor_check
-  changed_when: false
-
-- name: print tor check json response
-  debug:
-    msg: "tor check response: {{ tor_check.stdout }}"
-
-- name: verify tor is active
-  fail:
-    msg: "tor is not routing traffic correctly: istor is {{ tor_check.stdout | from_json | json_query('IsTor') }}"
-  when:
-    - tor_check.stdout | from_json | json_query('IsTor') != true