Skip to content

Commit

Permalink
Merge pull request #84 from cisagov/lineage/skeleton
Browse files Browse the repository at this point in the history
⚠️ CONFLICT! Lineage pull request for: skeleton
  • Loading branch information
jmorrowomni authored Jul 10, 2023
2 parents d2ae19c + 38c7765 commit 335c612
Show file tree
Hide file tree
Showing 15 changed files with 137 additions and 111 deletions.
7 changes: 3 additions & 4 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
---
# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
# for a list of the configuration elements that can exist in this
# file.
# See https://ansible-lint.readthedocs.io/configuring/ for a list of
# the configuration elements that can exist in this file.
enable_list:
# Useful checks that one must opt-into. See here for more details:
# https://ansible-lint.readthedocs.io/en/latest/rules.html
# https://ansible-lint.readthedocs.io/rules/
- fcqn-builtins
- no-log-password
- no-same-owner
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@ jobs:
- id: setup-go
uses: actions/setup-go@v4
with:
go-version: "1.19"
# There is no expectation for actual Go code so we disable caching as
# it relies on the existence of a go.sum file.
cache: false
go-version: "1.20"
- name: Lookup Go cache directory
id: go-cache
run: |
Expand Down
41 changes: 30 additions & 11 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,35 +31,54 @@ repos:

# Text file hooks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.33.0
rev: v0.34.0
hooks:
- id: markdownlint
args:
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.0.0-alpha.6
rev: v3.0.0-alpha.9-for-vscode
hooks:
- id: prettier
- repo: https://github.com/adrienverge/yamllint
rev: v1.30.0
rev: v1.32.0
hooks:
- id: yamllint
args:
- --strict

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.22.0
rev: 0.23.1
hooks:
- id: check-github-actions
- id: check-github-workflows

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v3.2.1
rev: v3.3.2
hooks:
- id: validate_manifest

# Go hooks
- repo: https://github.com/TekWizely/pre-commit-golang
rev: v1.0.0-rc.1
hooks:
# Style Checkers
- id: go-critic
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Build
- id: go-build-repo-mod
# Go Mod Tidy
- id: go-mod-tidy-repo
# Go Test
- id: go-test-repo-mod
# Go Vet
- id: go-vet-repo-mod
# GoSec
- id: go-sec-repo-mod

# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
Expand Down Expand Up @@ -98,7 +117,7 @@ repos:
name: bandit (everything else)
exclude: tests
- repo: https://github.com/psf/black
rev: 23.1.0
rev: 23.3.0
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
Expand All @@ -112,31 +131,31 @@ repos:
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.1.1
rev: v1.3.0
hooks:
- id: mypy
- repo: https://github.com/asottile/pyupgrade
rev: v3.3.1
rev: v3.4.0
hooks:
- id: pyupgrade

# Ansible hooks
- repo: https://github.com/ansible-community/ansible-lint
rev: v5.4.0
rev: v6.17.0
hooks:
- id: ansible-lint
# files: molecule/default/playbook.yml

# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.77.1
rev: v1.80.0
hooks:
- id: terraform_fmt
- id: terraform_validate

# Docker hooks
- repo: https://github.com/IamTheFij/docker-pre-commit
rev: v2.1.1
rev: v3.0.1
hooks:
- id: docker-compose-check

Expand Down
4 changes: 2 additions & 2 deletions setup-env
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ done
eval set -- "$PARAMS"

# Check to see if pyenv is installed
if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then
if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then
echo "pyenv and pyenv-virtualenv are required."
if [[ "$OSTYPE" == "darwin"* ]]; then
cat << 'END_OF_LINE'
Expand Down Expand Up @@ -186,5 +186,5 @@ else:
END_OF_LINE
)"

# Qapla
# Qapla'
echo "Success!"
4 changes: 2 additions & 2 deletions src/aws.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- hosts: all
name: AWS-specific roles
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
- name: Install Amazon EFS utilities
ansible.builtin.include_role:
Expand All @@ -11,7 +11,7 @@
# Note that we use the same GID for the efs_users group on all
# instances. This helps us avoid UID/GID collisions with
# files written to the EFS share.
efs_users_gid: 2048
amazon_efs_utils_efs_users_gid: 2048
- name: Install Amazon SSM Agent
ansible.builtin.include_role:
name: amazon_ssm_agent
Expand Down
2 changes: 1 addition & 1 deletion src/base.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- hosts: all
name: Setup base image
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
- name: Install and configure automated security updates
ansible.builtin.include_role:
Expand Down
2 changes: 1 addition & 1 deletion src/cloud_init.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
- hosts: all
name: Enable all cloud-init services
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
- name: Enable all cloud-init services
ansible.builtin.service:
Expand Down
58 changes: 29 additions & 29 deletions src/cobalt_strike.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- hosts: all
name: Install Cobalt Strike
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
- name: Install OpenJDK
ansible.builtin.include_role:
Expand All @@ -11,7 +11,7 @@
ansible.builtin.include_role:
name: cobalt_strike
vars:
bucket_name: "{{ build_bucket }}"
cobalt_strike_bucket_name: "{{ build_bucket }}"
- name: Install ServerSetup script
ansible.builtin.include_role:
name: server_setup
Expand All @@ -28,61 +28,61 @@
name:
- python3-boto3
- name: Install some Cobalt Strike addons
vars:
# Group ownership for the Cobalt Strike addons
#
# Note that this means that the vnc.yml playbook _must_ run
# before this one, so that the wheel group has been created.
group: wheel
block:
# This tool requires a JRE, but we have already installed one
# above
- name: Install C2concealer
ansible.builtin.include_role:
name: assessment_tool
vars:
archive_src: "https://github.com/FortyNorthSecurity/C2concealer/\
tarball/master"
install_dir: /tools/C2concealer
pip_extra_args: "--editable"
pip_packages:
assessment_tool_archive_src: "https://github.com/FortyNorthSecurity/\
C2concealer/tarball/master"
assessment_tool_install_dir: /tools/C2concealer
assessment_tool_pip_extra_args: "--editable"
assessment_tool_pip_packages:
- .
unarchive_extra_opts:
assessment_tool_unarchive_extra_opts:
- --strip-components=1
- name: Install CobaltStrike-Toolkit
ansible.builtin.include_role:
name: assessment_tool
vars:
archive_src: "https://github.com/killswitch-GUI/\
assessment_tool_archive_src: "https://github.com/killswitch-GUI/\
CobaltStrike-Toolkit/tarball/master"
install_dir: /tools/CobaltStrike-Toolkit
powershell: yes
unarchive_extra_opts:
assessment_tool_install_dir: /tools/CobaltStrike-Toolkit
assessment_tool_powershell: yes
assessment_tool_unarchive_extra_opts:
- --strip-components=1
- name: Install Malleable-C2-Profiles
ansible.builtin.include_role:
name: assessment_tool
vars:
archive_src: "https://github.com/rsmudge/Malleable-C2-Profiles/\
tarball/master"
install_dir: /tools/Malleable-C2-Profiles
unarchive_extra_opts:
assessment_tool_archive_src: "https://github.com/rsmudge/\
Malleable-C2-Profiles/tarball/master"
assessment_tool_install_dir: /tools/Malleable-C2-Profiles
assessment_tool_unarchive_extra_opts:
- --strip-components=1
- name: Install Malleable-C2-Randomizer
ansible.builtin.include_role:
name: assessment_tool
vars:
archive_src: "https://github.com/bluscreenofjeff/\
assessment_tool_archive_src: "https://github.com/bluscreenofjeff/\
Malleable-C2-Randomizer/tarball/master"
install_dir: /tools/Malleable-C2-Randomizer
unarchive_extra_opts:
assessment_tool_install_dir: /tools/Malleable-C2-Randomizer
assessment_tool_unarchive_extra_opts:
- --strip-components=1
- name: Install SourcePoint
ansible.builtin.include_role:
name: assessment_tool
vars:
archive_src: https://github.com/Tylous/SourcePoint/tarball/main
go: yes
install_dir: /tools/SourcePoint
unarchive_extra_opts:
assessment_tool_archive_src: https://github.com/Tylous/SourcePoint/tarball/main
assessment_tool_go: yes
assessment_tool_install_dir: /tools/SourcePoint
assessment_tool_unarchive_extra_opts:
- --strip-components=1
vars:
# Group ownership for the Cobalt Strike addons
#
# Note that this means that the vnc.yml playbook _must_ run
# before this one, so that the wheel group has been created.
group: wheel
2 changes: 1 addition & 1 deletion src/python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- hosts: all
name: Install pip3/python3 and remove pip2/python2
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
# If pip were to be installed first, then the OS _could_ pull
# different Python packages than what would be installed via the
Expand Down
87 changes: 45 additions & 42 deletions src/requirements.yml
Original file line number Diff line number Diff line change
@@ -1,43 +1,46 @@
---
- name: amazon_efs_utils
src: https://github.com/cisagov/ansible-role-amazon-efs-utils
- name: amazon_ssm_agent
src: https://github.com/cisagov/ansible-role-amazon-ssm-agent
- name: assessment_tool
src: https://github.com/cisagov/ansible-role-assessment-tool
- name: automated_security_updates
src: https://github.com/cisagov/ansible-role-automated-security-updates
- name: banner
src: https://github.com/cisagov/ansible-role-banner
- name: chrony_aws
src: https://github.com/cisagov/ansible-role-chrony-aws
- name: clamav
src: https://github.com/cisagov/ansible-role-clamav
- name: cloudwatch_agent
src: https://github.com/cisagov/ansible-role-cloudwatch-agent
- name: cobalt_strike
src: https://github.com/cisagov/ansible-role-cobalt-strike
- name: htop
src: https://github.com/cisagov/ansible-role-htop
- name: nvme
src: https://github.com/cisagov/ansible-role-nvme
- name: openjdk
src: https://github.com/cisagov/ansible-role-openjdk
- name: persist_journald
src: https://github.com/cisagov/ansible-role-persist-journald
- name: pip
src: https://github.com/cisagov/ansible-role-pip
- name: python
src: https://github.com/cisagov/ansible-role-python
- name: remove_python2
src: https://github.com/cisagov/ansible-role-remove-python2
- name: server_setup
src: https://github.com/cisagov/ansible-role-server-setup
- name: ufw
src: https://github.com/cisagov/ansible-role-ufw
- name: upgrade
src: https://github.com/cisagov/ansible-role-upgrade
- name: vnc
src: https://github.com/cisagov/ansible-role-vnc-server
- name: xfce_cool
src: https://github.com/cisagov/ansible-role-xfce-cool
collections:
- community.general
roles:
- name: amazon_efs_utils
src: https://github.com/cisagov/ansible-role-amazon-efs-utils
- name: amazon_ssm_agent
src: https://github.com/cisagov/ansible-role-amazon-ssm-agent
- name: assessment_tool
src: https://github.com/cisagov/ansible-role-assessment-tool
- name: automated_security_updates
src: https://github.com/cisagov/ansible-role-automated-security-updates
- name: banner
src: https://github.com/cisagov/ansible-role-banner
- name: chrony_aws
src: https://github.com/cisagov/ansible-role-chrony-aws
- name: clamav
src: https://github.com/cisagov/ansible-role-clamav
- name: cloudwatch_agent
src: https://github.com/cisagov/ansible-role-cloudwatch-agent
- name: cobalt_strike
src: https://github.com/cisagov/ansible-role-cobalt-strike
- name: htop
src: https://github.com/cisagov/ansible-role-htop
- name: nvme
src: https://github.com/cisagov/ansible-role-nvme
- name: openjdk
src: https://github.com/cisagov/ansible-role-openjdk
- name: persist_journald
src: https://github.com/cisagov/ansible-role-persist-journald
- name: pip
src: https://github.com/cisagov/ansible-role-pip
- name: python
src: https://github.com/cisagov/ansible-role-python
- name: remove_python2
src: https://github.com/cisagov/ansible-role-remove-python2
- name: server_setup
src: https://github.com/cisagov/ansible-role-server-setup
- name: ufw
src: https://github.com/cisagov/ansible-role-ufw
- name: upgrade
src: https://github.com/cisagov/ansible-role-upgrade
- name: vnc_server
src: https://github.com/cisagov/ansible-role-vnc-server
- name: xfce_cool
src: https://github.com/cisagov/ansible-role-xfce-cool
2 changes: 1 addition & 1 deletion src/ufw.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- hosts: all
name: Install and configure UFW
become: yes
become_method: sudo
become_method: ansible.builtin.sudo
tasks:
- name: Install UFW
ansible.builtin.include_role:
Expand Down
Loading

0 comments on commit 335c612

Please sign in to comment.