ansible
/
security_ansible_playbook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
security_ansible_playbook/playbooks/vuln-scanner.yaml

166 lines
4.3 KiB
YAML
Raw Permalink Blame History

---
- name: Deploy Vulnerability Scanner (Simple Version)
hosts: security_servers
become: true
vars:
openvas_admin_user: "admin"
openvas_admin_password: "ChangeMe123!"
pre_tasks:
- name: Set non-interactive mode
set_fact:
ansible_env: "{{ ansible_env | combine({'DEBIAN_FRONTEND': 'noninteractive', 'NEEDRESTART_MODE': 'a'}) }}"
- name: Fix dpkg interruption issue
shell: |
export DEBIAN_FRONTEND=noninteractive
export NEEDRESTART_MODE=a
# Kill any hanging processes
pkill -f "apt-get|dpkg|unattended-upgrade" || true
sleep 5
# Remove all locks
rm -f /var/lib/dpkg/lock*
rm -f /var/lib/apt/lists/lock
rm -f /var/cache/apt/archives/lock
# Fix dpkg interruption
dpkg --configure -a
# Fix broken packages
apt-get -f install -y
# Clean up
apt-get autoremove -y
apt-get autoclean
echo "Package system recovery completed"
environment:
DEBIAN_FRONTEND: noninteractive
NEEDRESTART_MODE: a
timeout: 600
ignore_errors: true
- name: Verify package system is working
shell: |
export DEBIAN_FRONTEND=noninteractive
apt-get update
echo "Package system is functional"
environment:
DEBIAN_FRONTEND: noninteractive
timeout: 300
ignore_errors: true
tasks:
- name: Update package cache (with retries)
apt:
update_cache: yes
cache_valid_time: 300
environment:
DEBIAN_FRONTEND: noninteractive
retries: 3
delay: 10
- name: Install essential security tools (one by one to avoid conflicts)
apt:
name: "{{ item }}"
state: present
force_apt_get: true
environment:
DEBIAN_FRONTEND: noninteractive
loop:
- curl
- wget
- nmap
- python3-pip
retries: 3
delay: 5
ignore_errors: true
- name: Install Docker for containerized OpenVAS
apt:
name: "{{ item }}"
state: present
force_apt_get: true
environment:
DEBIAN_FRONTEND: noninteractive
loop:
- docker.io
- docker-compose
retries: 3
delay: 5
- name: Start Docker service
systemd:
name: docker
state: started
enabled: yes
- name: Create OpenVAS directory
file:
path: /opt/openvas
state: directory
mode: '0755'
- name: Create docker-compose for OpenVAS
copy:
dest: /opt/openvas/docker-compose.yml
content: |
version: '3'
services:
openvas:
image: mikesplain/openvas:latest
container_name: openvas
ports:
- "443:443"
- "9392:9392"
environment:
- OV_PASSWORD={{ openvas_admin_password }}
volumes:
- openvas_data:/var/lib/openvas
restart: unless-stopped
volumes:
openvas_data:
- name: Deploy OpenVAS container
shell: |
cd /opt/openvas
docker-compose up -d
args:
creates: /opt/openvas/.deployed
- name: Mark deployment complete
file:
path: /opt/openvas/.deployed
state: touch
- name: Configure firewall
ufw:
rule: allow
port: "{{ item }}"
loop:
- 443
- 9392
- name: Create vulnerability scan script
copy:
dest: /usr/local/bin/vuln-scan.sh
mode: '0755'
content: |
#!/bin/bash
TARGET=${1:-127.0.0.1}
REPORT="/tmp/scan_$(date +%Y%m%d_%H%M%S).txt"
echo "Scanning $TARGET..." | tee $REPORT
nmap -sV -sC --script vuln $TARGET | tee -a $REPORT
echo "Report saved to: $REPORT"
- name: Display deployment info
debug:
msg:
- "OpenVAS deployed via Docker"
- "Web Interface: https://{{ ansible_default_ipv4.address }}:443"
- "Username: admin"
- "Password: {{ openvas_admin_password }}"
- "Scan tool: /usr/local/bin/vuln-scan.sh <target>"
- "Wait 5-10 minutes for OpenVAS to fully initialize"
Reference in New Issue View Git Blame Copy Permalink