diff options
Diffstat (limited to 'sliver-c2')
| -rw-r--r-- | sliver-c2/ansible.cfg | 3 | ||||
| -rw-r--r-- | sliver-c2/handlers/main.yaml | 30 | ||||
| -rw-r--r-- | sliver-c2/inventory.ini | 2 | ||||
| -rw-r--r-- | sliver-c2/playbook.yaml | 15 | ||||
| -rw-r--r-- | sliver-c2/tasks/apt_packages.yaml | 5 | ||||
| -rw-r--r-- | sliver-c2/tasks/golang_install.yaml | 33 | ||||
| -rw-r--r-- | sliver-c2/tasks/harden.yaml | 157 | ||||
| -rw-r--r-- | sliver-c2/tasks/sliver_configure.yaml | 40 | ||||
| -rw-r--r-- | sliver-c2/tasks/sliver_install.yaml | 35 | ||||
| -rw-r--r-- | sliver-c2/tasks/sliver_systemd.yaml | 10 | ||||
| -rw-r--r-- | sliver-c2/templates/jail.local.j2 | 46 | ||||
| -rw-r--r-- | sliver-c2/templates/server.json.j2 | 18 | ||||
| -rw-r--r-- | sliver-c2/templates/sliver.service.j2 | 15 | ||||
| -rw-r--r-- | sliver-c2/vars/packages.yaml | 21 | ||||
| -rw-r--r-- | sliver-c2/vars/sliver.yaml | 7 |
15 files changed, 0 insertions, 437 deletions
diff --git a/sliver-c2/ansible.cfg b/sliver-c2/ansible.cfg deleted file mode 100644 index 8395bb7..0000000 --- a/sliver-c2/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[ssh_connection] -;scp_if_ssh = true -transfer_method = scp diff --git a/sliver-c2/handlers/main.yaml b/sliver-c2/handlers/main.yaml deleted file mode 100644 index 0987034..0000000 --- a/sliver-c2/handlers/main.yaml +++ /dev/null @@ -1,30 +0,0 @@ -- name: update grub - command: update-grub - -- name: reload fail2ban - command: fail2ban-client reload - -- name: reload systemd - command: systemctl daemon-reload - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart ssh - systemd: - name: ssh - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: restart fail2ban - systemd: - name: fail2ban - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' - -- name: sliver systemd handler - systemd: - name: sliver - state: restarted - enabled: true - when: ansible_facts['service_mgr'] == 'systemd' diff --git a/sliver-c2/inventory.ini b/sliver-c2/inventory.ini deleted file mode 100644 index 7babd5e..0000000 --- a/sliver-c2/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[servers] -server01 ansible_host=10.11.12.13 ansible_user=root ansible_ssh_private_key_file=id_rsa sliver_server=127.0.0.1 diff --git a/sliver-c2/playbook.yaml b/sliver-c2/playbook.yaml deleted file mode 100644 index 2447e16..0000000 --- a/sliver-c2/playbook.yaml +++ /dev/null @@ -1,15 +0,0 @@ -- name: sliver setup - hosts: servers - become: true - vars_files: - - vars/packages.yaml - - vars/sliver.yaml - tasks: - - import_tasks: tasks/apt_packages.yaml - - import_tasks: tasks/golang_install.yaml - - import_tasks: tasks/harden.yaml - - import_tasks: tasks/sliver_install.yaml - - import_tasks: tasks/sliver_systemd.yaml - - import_tasks: tasks/sliver_configure.yaml - handlers: - - import_tasks: handlers/main.yaml diff --git a/sliver-c2/tasks/apt_packages.yaml b/sliver-c2/tasks/apt_packages.yaml deleted file mode 100644 index 3f600c2..0000000 --- a/sliver-c2/tasks/apt_packages.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: install apt packages - apt: - name: "{{ apt_packages }}" - state: present - update_cache: true diff --git a/sliver-c2/tasks/golang_install.yaml b/sliver-c2/tasks/golang_install.yaml deleted file mode 100644 index e67d508..0000000 --- a/sliver-c2/tasks/golang_install.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- name: download and extract golang - block: - - name: get latest golang version - shell: | - curl -sSL https://golang.org/dl/ | awk -F '"' '/dl\/.*linux-amd64.*tar.gz/{print $(NF-1)}' | awk -F '/' '{print $3}' | head -1 - register: latest_golang - changed_when: false - - - name: download golang - get_url: - url: "https://golang.org/dl/{{ latest_golang.stdout }}" - dest: /tmp/golang.tar.gz - - - name: extract golang to /usr/local - unarchive: - src: /tmp/golang.tar.gz - dest: /usr/local - remote_src: yes - - - name: remove tarball - file: - path: /tmp/golang.tar.gz - state: absent - - - name: set system-wide go environment variables - copy: - dest: /etc/profile.d/go_env.sh - content: | - export GOPATH=/root/go - export PATH=$PATH:/usr/local/go/bin:$GOPATH:$GOPATH/bin - owner: root - group: root - mode: '0644' diff --git a/sliver-c2/tasks/harden.yaml b/sliver-c2/tasks/harden.yaml deleted file mode 100644 index 7ac157c..0000000 --- a/sliver-c2/tasks/harden.yaml +++ /dev/null @@ -1,157 +0,0 @@ -- name: fail if system is not debian/ubuntu - ansible.builtin.assert: - that: "'debian' in ansible_facts.os_family.lower() or 'ubuntu' in ansible_facts.distribution.lower()" - fail_msg: "this playbook supports only debian-based systems" - -- name: remove snap and snapd - apt: - name: - - snap - - snapd - state: absent - purge: true - -- name: clean apt cache - apt: - autoclean: true - -- name: clear /etc/issue and /etc/motd - copy: - content: "" - dest: "{{ item }}" - loop: - - /etc/issue - - /etc/motd - -- name: check if /etc/update-motd.d directory exists - stat: - path: /etc/update-motd.d - register: motd_dir - -- name: find files in /etc/update-motd.d - find: - paths: /etc/update-motd.d - file_type: file - register: motd_files - when: motd_dir.stat.exists - -- name: remove execute permissions from all files in /etc/update-motd.d - file: - path: "{{ item.path }}" - mode: u-x,g-x,o-x - loop: "{{ motd_files.files }}" - when: motd_dir.stat.exists - -- name: enforce root-only cron/at - file: - path: "{{ item }}" - state: touch - owner: root - group: root - mode: '0600' - loop: - - /etc/cron.allow - - /etc/at.allow - -- name: remove deny files for cron and at - file: - path: "{{ item }}" - state: absent - loop: - - /etc/cron.deny - - /etc/at.deny - -- name: backup sshd_config - copy: - src: /etc/ssh/sshd_config - dest: "/etc/ssh/sshd_config.bak_{{ ansible_date_time.iso8601_basic }}" - remote_src: yes - -- name: harden sshd_config - copy: - dest: /etc/ssh/sshd_config - content: | - Port 22 - Banner /etc/issue - UsePAM yes - Protocol 2 - Subsystem sftp /usr/lib/openssh/sftp-server - LogLevel verbose - PrintMotd no - AcceptEnv LANG LC_* - MaxSessions 5 - StrictModes yes - Compression no - MaxAuthTries 3 - IgnoreRhosts yes - PrintLastLog yes - AddressFamily inet - X11Forwarding no - PermitRootLogin yes - AllowTcpForwarding no - ClientAliveInterval 1200 - AllowAgentForwarding no - PermitEmptyPasswords no - ClientAliveCountMax 0 - GSSAPIAuthentication no - KerberosAuthentication no - IgnoreUserKnownHosts yes - PermitUserEnvironment no - ChallengeResponseAuthentication no - MACs hmac-sha2-512,hmac-sha2-256 - Ciphers aes128-ctr,aes192-ctr,aes256-ctr - -- name: regenerate SSH host keys - shell: | - rm -f /etc/ssh/ssh_host_*key* - ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" - ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" - args: - creates: /etc/ssh/ssh_host_ed25519_key - notify: restart ssh - -- name: enable unattended-upgrades - shell: dpkg-reconfigure --priority=low unattended-upgrades - args: - creates: /etc/apt/apt.conf.d/50unattended-upgrades - -- name: enable unattended-upgrades service - systemd: - name: unattended-upgrades - enabled: true - state: started - -- name: disable ipv6 in grub - lineinfile: - path: /etc/default/grub - regexp: '^GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="ipv6.disable=1"' - notify: update grub - -- name: allow ssh port and enable ufw - ufw: - rule: allow - port: 22 - proto: tcp - -- name: enable ufw - ufw: - state: enabled - policy: deny - -- name: deploy custom fail2ban jail.local - template: - src: templates/jail.local.j2 - dest: /etc/fail2ban/jail.local - owner: root - group: root - mode: '0644' - notify: - - restart fail2ban - - reload fail2ban - -- name: enable and start fail2ban - systemd: - name: fail2ban - enabled: true - state: started diff --git a/sliver-c2/tasks/sliver_configure.yaml b/sliver-c2/tasks/sliver_configure.yaml deleted file mode 100644 index bf4797e..0000000 --- a/sliver-c2/tasks/sliver_configure.yaml +++ /dev/null @@ -1,40 +0,0 @@ -- name: ensure .sliver config directory exists - file: - path: "{{ install_path }}/.sliver/configs" - state: directory - owner: root - group: root - mode: '0700' - -- name: deploy custom server.json config - template: - src: server.json.j2 - dest: "{{ install_path }}/.sliver/configs/server.json" - owner: root - group: root - mode: '0600' - force: true - -- name: ensure sliver client config directory exists - file: - path: "{{ install_path }}/.sliver-client/configs" - state: directory - owner: root - group: root - mode: '0700' - -- name: generate sliver operator profiles - loop: "{{ sliver_operators }}" - loop_control: - loop_var: operator - command: /opt/sliver/sliver-server operator --name {{ operator }} --lhost {{ sliver_server }} --save /root/.sliver-client/configs - notify: sliver systemd handler - -- name: fix permissions for .sliver-client directory - file: - path: /root/.sliver-client - state: directory - recurse: true - owner: root - group: root - diff --git a/sliver-c2/tasks/sliver_install.yaml b/sliver-c2/tasks/sliver_install.yaml deleted file mode 100644 index 3f0e029..0000000 --- a/sliver-c2/tasks/sliver_install.yaml +++ /dev/null @@ -1,35 +0,0 @@ -- name: import sliver gpg key - shell: | - gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4449039C - -- name: get latest sliver-server binary URL - shell: | - curl -sSLf https://api.github.com/repos/BishopFox/sliver/releases/latest \ - | grep -i browser_download_url \ - | grep -i sliver-server_linux \ - | grep -v sig \ - | head -1 \ - | cut -d '"' -f 4 - register: sliver_url - changed_when: false - -- name: create sliver directory - file: - path: "{{ install_path }}" - state: directory - mode: '0755' - -- name: download sliver-server binary - get_url: - url: "{{ sliver_url.stdout }}" - dest: "{{ install_path }}/sliver-server" - mode: '0755' - -- name: symlink sliver binaries - file: - src: "{{ install_path }}/{{ item }}" - dest: "/usr/local/bin/{{ item }}" - state: link - force: true - loop: - - sliver-server diff --git a/sliver-c2/tasks/sliver_systemd.yaml b/sliver-c2/tasks/sliver_systemd.yaml deleted file mode 100644 index 3b29f0f..0000000 --- a/sliver-c2/tasks/sliver_systemd.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- name: copy sliver systemd service template - template: - src: sliver.service.j2 - dest: /etc/systemd/system/sliver.service - owner: root - group: root - mode: '0600' - notify: - - reload systemd - - sliver systemd handler diff --git a/sliver-c2/templates/jail.local.j2 b/sliver-c2/templates/jail.local.j2 deleted file mode 100644 index dd548df..0000000 --- a/sliver-c2/templates/jail.local.j2 +++ /dev/null @@ -1,46 +0,0 @@ -[INCLUDES] -#before = paths-distro.conf -before = paths-debian.conf - -[DEFAULT] -#ignoreself = true -#ignoreip = 127.0.0.1/8 ::1 -ignorecommand = -bantime = 1h -findtime = 10m -maxretry = 3 -maxmatches = %(maxretry)s -backend = auto -usedns = warn -logencoding = auto -enabled = false -mode = normal -filter = %(__name__)s[mode=%(mode)s] -destemail = root@localhost -sender = root@<fq-hostname> -mta = sendmail -protocol = tcp -chain = <known/chain> -port = 0:65535 -fail2ban_agent = Fail2Ban/%(fail2ban_version)s -banaction = iptables-multiport -banaction_allports = iptables-allports -action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(action_)s - %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(action_)s - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_xarf = %(action_)s - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] -action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] -action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] -action_abuseipdb = abuseipdb -action = %(action_)s - -[sshd] -mode = aggressive -enabled = true -port = ssh -logpath = %(sshd_log)s -backend = %(sshd_backend)s diff --git a/sliver-c2/templates/server.json.j2 b/sliver-c2/templates/server.json.j2 deleted file mode 100644 index 9c59062..0000000 --- a/sliver-c2/templates/server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "daemon_mode": false, - "daemon": { - "host": "{{ sliver_server }}", - "port": 31337 - }, - "logs": { - "level": 4, - "grpc_unary_payloads": false, - "grpc_stream_payloads": false, - "tls_key_logger": false - }, - "jobs": { - "multiplayer": null - }, - "watch_tower": null, - "go_proxy": "" -} diff --git a/sliver-c2/templates/sliver.service.j2 b/sliver-c2/templates/sliver.service.j2 deleted file mode 100644 index c45687d..0000000 --- a/sliver-c2/templates/sliver.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Sliver -After=network.target -StartLimitIntervalSec=0 - -[Service] -Type=simple -Restart=on-failure -RestartSec=3 -User=root -Environment=SLIVER_ROOT_DIR={{ install_path }}/.sliver -ExecStart={{ install_path }}/sliver-server daemon - -[Install] -WantedBy=multi-user.target diff --git a/sliver-c2/vars/packages.yaml b/sliver-c2/vars/packages.yaml deleted file mode 100644 index d670cca..0000000 --- a/sliver-c2/vars/packages.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apt_packages: - - binutils-mingw-w64 - - build-essential - - curl - - fail2ban - - gcc - - git - - g++-mingw-w64 - - gpg - - libpcap-dev - - mingw-w64 - - musl - - musl-dev - - nmap - - openssl - - python3 - - python3-pip - - tmux - - ufw - - unattended-upgrades - - wget diff --git a/sliver-c2/vars/sliver.yaml b/sliver-c2/vars/sliver.yaml deleted file mode 100644 index 5ef0e6c..0000000 --- a/sliver-c2/vars/sliver.yaml +++ /dev/null @@ -1,7 +0,0 @@ -install_path: /opt/sliver -sliver_operators: - - operator01 - - operator02 - - operator03 - - operator04 - - operator05 |