aboutsummaryrefslogtreecommitdiff
path: root/roles/sliver-c2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/sliver-c2')
-rw-r--r--roles/sliver-c2/handlers/main.yaml70
-rw-r--r--roles/sliver-c2/tasks/apt_install.yaml5
-rw-r--r--roles/sliver-c2/tasks/golang_install.yaml33
-rw-r--r--roles/sliver-c2/tasks/main.yaml5
-rw-r--r--roles/sliver-c2/tasks/sliver_configure.yaml40
-rw-r--r--roles/sliver-c2/tasks/sliver_install.yaml35
-rw-r--r--roles/sliver-c2/tasks/sliver_systemd.yaml10
-rw-r--r--roles/sliver-c2/templates/server.json.j218
-rw-r--r--roles/sliver-c2/templates/sliver.service.j215
-rw-r--r--roles/sliver-c2/vars/main.yaml28
10 files changed, 259 insertions, 0 deletions
diff --git a/roles/sliver-c2/handlers/main.yaml b/roles/sliver-c2/handlers/main.yaml
new file mode 100644
index 0000000..38b1dd4
--- /dev/null
+++ b/roles/sliver-c2/handlers/main.yaml
@@ -0,0 +1,70 @@
+- name: update grub
+ command: update-grub
+
+- name: reload fail2ban
+ command: fail2ban-client reload
+
+- name: enable ufw
+ ufw:
+ state: enabled
+ policy: deny
+
+- name: restart ufw
+ systemd:
+ name: ufw
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: reload systemd
+ command: systemctl daemon-reload
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: restart ssh
+ systemd:
+ name: ssh
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: enable unattended-upgrades service
+ systemd:
+ name: unattended-upgrades
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: restart ufw
+ systemd:
+ name: ufw
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: restart fail2ban
+ systemd:
+ name: fail2ban
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: sliver systemd handler
+ systemd:
+ name: sliver
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: restart nginx
+ systemd:
+ name: nginx
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: restart sslh
+ systemd:
+ name: sslh
+ state: restarted
+ enabled: true
+ when: ansible_facts['service_mgr'] == 'systemd'
diff --git a/roles/sliver-c2/tasks/apt_install.yaml b/roles/sliver-c2/tasks/apt_install.yaml
new file mode 100644
index 0000000..4004daf
--- /dev/null
+++ b/roles/sliver-c2/tasks/apt_install.yaml
@@ -0,0 +1,5 @@
+- name: install apt packages
+ apt:
+ name: "{{ apt_packages }}"
+ state: present
+ update_cache: yes \ No newline at end of file
diff --git a/roles/sliver-c2/tasks/golang_install.yaml b/roles/sliver-c2/tasks/golang_install.yaml
new file mode 100644
index 0000000..e67d508
--- /dev/null
+++ b/roles/sliver-c2/tasks/golang_install.yaml
@@ -0,0 +1,33 @@
+- name: download and extract golang
+ block:
+ - name: get latest golang version
+ shell: |
+ curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1
+ register: latest_golang
+ changed_when: false
+
+ - name: download golang
+ get_url:
+ url: "https://golang.org/dl/{{ latest_golang.stdout }}"
+ dest: /tmp/golang.tar.gz
+
+ - name: extract golang to /usr/local
+ unarchive:
+ src: /tmp/golang.tar.gz
+ dest: /usr/local
+ remote_src: yes
+
+ - name: remove tarball
+ file:
+ path: /tmp/golang.tar.gz
+ state: absent
+
+ - name: set system-wide go environment variables
+ copy:
+ dest: /etc/profile.d/go_env.sh
+ content: |
+ export GOPATH=/root/go
+ export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin
+ owner: root
+ group: root
+ mode: '0644'
diff --git a/roles/sliver-c2/tasks/main.yaml b/roles/sliver-c2/tasks/main.yaml
new file mode 100644
index 0000000..55e353f
--- /dev/null
+++ b/roles/sliver-c2/tasks/main.yaml
@@ -0,0 +1,5 @@
+- import_tasks: tasks/apt_install.yaml
+- import_tasks: tasks/golang_install.yaml
+- import_tasks: tasks/sliver_install.yaml
+- import_tasks: tasks/sliver_systemd.yaml
+- import_tasks: tasks/sliver_configure.yaml
diff --git a/roles/sliver-c2/tasks/sliver_configure.yaml b/roles/sliver-c2/tasks/sliver_configure.yaml
new file mode 100644
index 0000000..b90d955
--- /dev/null
+++ b/roles/sliver-c2/tasks/sliver_configure.yaml
@@ -0,0 +1,40 @@
+- name: ensure .sliver config directory exists
+ file:
+ path: "{{ install_path }}/.sliver/configs"
+ state: directory
+ owner: root
+ group: root
+ mode: '0700'
+
+- name: ensure .sliver-client config directory exists
+ file:
+ path: "/root/.sliver-client/configs"
+ state: directory
+ owner: root
+ group: root
+ mode: '0700'
+
+- name: deploy custom server.json config
+ template:
+ src: server.json.j2
+ dest: "{{ install_path }}/.sliver/configs/server.json"
+ owner: root
+ group: root
+ mode: '0600'
+ force: true
+
+- name: generate sliver operator profiles
+ loop: "{{ sliver_operators }}"
+ loop_control:
+ loop_var: operator
+ command: /opt/sliver/sliver-server operator --name {{ operator }} --lhost {{ sliver_server }} --save /root/.sliver-client/configs
+ notify: sliver systemd handler
+
+- name: fix permissions for .sliver-client directory
+ file:
+ path: /root/.sliver-client
+ state: directory
+ recurse: true
+ owner: root
+ group: root
+
diff --git a/roles/sliver-c2/tasks/sliver_install.yaml b/roles/sliver-c2/tasks/sliver_install.yaml
new file mode 100644
index 0000000..3f0e029
--- /dev/null
+++ b/roles/sliver-c2/tasks/sliver_install.yaml
@@ -0,0 +1,35 @@
+- name: import sliver gpg key
+ shell: |
+ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4449039C
+
+- name: get latest sliver-server binary URL
+ shell: |
+ curl -sSLf https://api.github.com/repos/BishopFox/sliver/releases/latest \
+ | grep -i browser_download_url \
+ | grep -i sliver-server_linux \
+ | grep -v sig \
+ | head -1 \
+ | cut -d '"' -f 4
+ register: sliver_url
+ changed_when: false
+
+- name: create sliver directory
+ file:
+ path: "{{ install_path }}"
+ state: directory
+ mode: '0755'
+
+- name: download sliver-server binary
+ get_url:
+ url: "{{ sliver_url.stdout }}"
+ dest: "{{ install_path }}/sliver-server"
+ mode: '0755'
+
+- name: symlink sliver binaries
+ file:
+ src: "{{ install_path }}/{{ item }}"
+ dest: "/usr/local/bin/{{ item }}"
+ state: link
+ force: true
+ loop:
+ - sliver-server
diff --git a/roles/sliver-c2/tasks/sliver_systemd.yaml b/roles/sliver-c2/tasks/sliver_systemd.yaml
new file mode 100644
index 0000000..3b29f0f
--- /dev/null
+++ b/roles/sliver-c2/tasks/sliver_systemd.yaml
@@ -0,0 +1,10 @@
+- name: copy sliver systemd service template
+ template:
+ src: sliver.service.j2
+ dest: /etc/systemd/system/sliver.service
+ owner: root
+ group: root
+ mode: '0600'
+ notify:
+ - reload systemd
+ - sliver systemd handler
diff --git a/roles/sliver-c2/templates/server.json.j2 b/roles/sliver-c2/templates/server.json.j2
new file mode 100644
index 0000000..9c59062
--- /dev/null
+++ b/roles/sliver-c2/templates/server.json.j2
@@ -0,0 +1,18 @@
+{
+ "daemon_mode": false,
+ "daemon": {
+ "host": "{{ sliver_server }}",
+ "port": 31337
+ },
+ "logs": {
+ "level": 4,
+ "grpc_unary_payloads": false,
+ "grpc_stream_payloads": false,
+ "tls_key_logger": false
+ },
+ "jobs": {
+ "multiplayer": null
+ },
+ "watch_tower": null,
+ "go_proxy": ""
+}
diff --git a/roles/sliver-c2/templates/sliver.service.j2 b/roles/sliver-c2/templates/sliver.service.j2
new file mode 100644
index 0000000..c45687d
--- /dev/null
+++ b/roles/sliver-c2/templates/sliver.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Sliver
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=3
+User=root
+Environment=SLIVER_ROOT_DIR={{ install_path }}/.sliver
+ExecStart={{ install_path }}/sliver-server daemon
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/sliver-c2/vars/main.yaml b/roles/sliver-c2/vars/main.yaml
new file mode 100644
index 0000000..ba9786a
--- /dev/null
+++ b/roles/sliver-c2/vars/main.yaml
@@ -0,0 +1,28 @@
+apt_packages:
+ - binutils-mingw-w64
+ - build-essential
+ - curl
+ - fail2ban
+ - gcc
+ - git
+ - g++-mingw-w64
+ - gpg
+ - libpcap-dev
+ - mingw-w64
+ - musl
+ - musl-dev
+ - nmap
+ - openssl
+ - python3
+ - python3-pip
+ - tmux
+ - ufw
+ - unattended-upgrades
+ - wget
+install_path: /opt/sliver
+sliver_operators:
+ - operator01
+ - operator02
+ - operator03
+ - operator04
+ - operator05
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-28 00:00:53 +0000