Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to using ansible-role-assessment-tool and ansible-role-burp-suite-pro instead of the monolithic ansible-role-kali #52

Merged
merged 21 commits into from
Jan 5, 2021
Merged

Switch to using ansible-role-assessment-tool and ansible-role-burp-suite-pro instead of the monolithic ansible-role-kali #52

merged 21 commits into from
Jan 5, 2021

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Dec 30, 2020
edited
Loading

🗣 Description

This pull request switches to using cisagov/ansible-role-assessment-tool and cisagov/ansible-role-burp-suite-pro instead of the monolithic cisagov/ansible-role-kali.

As a result of functionality added to cisagov/ansible-role-assessment-tool when splitting it out from cisagov/ansible-role-kali, this also adds Python virtual environments for the Python tools installed from source. See cisagov/ansible-role-assessment-tool#1 for more details.

💭 Motivation and Context

cisagov/ansible-role-kali had become too large and monolithic. It was doing too many things, and it was becoming difficult to add functionality. It is better for Ansible roles to serve a single purpose, so I never liked having such a monster role. It made sense to split it up before adding support for Python virtual environments.

🧪 Testing

I successfully built and deployed a new Kali AMI to our staging COOL environment.

✅ Checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.
  • Finalize version
  • Build a new production Kali AMI using the code in this PR.
  • Archive cisagov/ansible-role-kali.

jsf9k added 11 commits December 28, 2020 15:10
@jsf9k
Bump version from 0.2.1 to 0.3.0
a8f04e0
@jsf9k
Bump version from 0.3.0 to 0.3.0-rc.1
ddf7051
@jsf9k
Remove the ansible-role-kali role and add the ansible-role-assessment…
9750597 
…-tool role
@jsf9k
Add the private_role_vars Ansible variable
f9b8462 
This is necessary when using ansible-role-assessment-tool multiple
times.
@jsf9k
Modify to install assessor tools here vice monolithic ansible-role-kali
e4ffdf4
@jsf9k
Update terraform build user code
419bdfb 
This code now has to pull from ansible-role-burp-suite-pro's remote
state instead of ansible-role-kali's remote state.
@jsf9k
Set the corresponding Ansible env var instead of the private_role_var…
25f0b1b 
…s config option

The config option is not being set, possibly because the JSON argument
to --extra-vars is not being interpreted correctly and is interpreting
all vars as strings.
@jsf9k
Identify some tools as using Python 2
7d283dc
@jsf9k
Remove old code that was commented out
14d69ba
@jsf9k
Add third_party_bucket_name role var for Burp Suite Pro role
4d69d15 
This is necessary to define the appropriate bucket to use when building staging and production AMIs.
@jsf9k
Edit comment to refer to correct issues
c616e3a 
This is necessary since the issue has been transferred to this repo from another one.
@jsf9k jsf9k added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Dec 30, 2020
@jsf9k jsf9k self-assigned this Dec 30, 2020
@jsf9k jsf9k mentioned this pull request Dec 30, 2020
Closed
@jsf9k jsf9k marked this pull request as ready for review December 30, 2020 20:58
@jsf9k jsf9k requested a review from dav3r as a code owner December 30, 2020 20:58
dav3r
dav3r approved these changes Dec 31, 2020
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks outstanding! Thanks for all of the effort you put into this. Our future selves will be most pleased! 🥇

src/assessor_tools.yml
Comment on lines +273 to +274
# The misspelling here is intentional. See
# https://github.com/SimplySecurity/SimplyEmail/blob/master/setup/requirments.txt.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Helpful comment! 👍

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SimplySecurity/SimplyEmail#49 if that ever got merged (probably very unlikely), we would need to undo the customization.

jsf9k added 5 commits December 31, 2020 12:50
@jsf9k
Move Cobalt Strike code into assessor_tools.yml playbook
4b391c4 
Also use cisagov/ansible-role-assessment-tool to install the Cobalt
Strike addons.
@jsf9k
Add cisagov/ansible-role-server-setup as an assessment tool
d6834f4
@jsf9k
Move ysoserial installation into its own section
abb3123 
This is done because ysoserial requires a Java implementation be
installed as well.
@jsf9k
Separate Aquatone, Cobalt Strike, dns-profile-randomizer, and ysoseri…
5026288 
…al tasks into their own files

Also update the version of the ansible-lint pre-commit hook.  The
older version incorrectly flags an error when using
ansible.builtin.import_tasks.
@jsf9k
Bump version from 0.3.0-rc.2 to 0.3.0-rc.3
87361d7
@jsf9k jsf9k force-pushed the improvement/monolithic-kali-role-is-no-more branch from 5def692 to 87361d7 Compare December 31, 2020 20:44
@jsf9k jsf9k requested a review from dav3r December 31, 2020 21:03
dav3r
dav3r approved these changes Jan 4, 2021
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still 👍 👍

mcdonnnj
mcdonnnj approved these changes Jan 5, 2021
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work here. Making assessment tool installation modular is a fantastic addition, and I am always glad to see a move away from a monolithic project. Everything here LGTM ✔

hillaryj
hillaryj approved these changes Jan 5, 2021
View reviewed changes
Copy link
Contributor

@hillaryj hillaryj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@jsf9k jsf9k merged commit 9541840 into develop Jan 5, 2021
@jsf9k jsf9k deleted the improvement/monolithic-kali-role-is-no-more branch January 5, 2021 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hillaryj hillaryj hillaryj approved these changes

@dav3r dav3r dav3r approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@jsf9k jsf9k

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsf9k @hillaryj @dav3r @mcdonnnj