Last active
March 6, 2025 19:29
-
-
Save HauptJ/5ee9849b541b51be03fe4b230d037350 to your computer and use it in GitHub Desktop.
Ansible Playbook to install and configure T-POT on Debian 11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: all | |
become: true | |
vars_prompt: | |
- name: ssh_username | |
prompt: Enter SSH username | |
private: false | |
- name: tpot_username | |
prompt: Enter TPOT username | |
private: false | |
- name: ssh_key_name | |
prompt: Enter SSH key name | |
private: false | |
- name: password_salt | |
prompt: Enter password salt | |
private: false | |
- name: password | |
prompt: Enter password | |
private: true | |
vars: | |
TPOT_FLAVOR: STANDARD | |
tasks: | |
- name: Ensure aptitude is installed | |
apt: | |
name: aptitude | |
state: latest | |
update_cache: true | |
- name: Update apt and install required system packages | |
apt: | |
pkg: | |
- curl | |
- vim | |
- git | |
state: latest | |
update_cache: true | |
- name: Setup passwordless sudo | |
lineinfile: | |
path: /etc/sudoers | |
state: present | |
regexp: '^%sudo' | |
line: '%sudo ALL=(ALL) NOPASSWD: ALL' | |
validate: '/usr/sbin/visudo -cf %s' | |
- name: Create a new regular user with sudo privileges | |
ansible.builtin.user: | |
name: "{{ ssh_username }}" | |
password: "{{ password | password_hash('sha512', password_salt) }}" | |
state: present | |
groups: sudo | |
append: true | |
create_home: true | |
shell: /bin/bash | |
- name: Set authorized key for remote user | |
ansible.posix.authorized_key: | |
user: "{{ ssh_username }}" | |
state: present | |
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/{{ ssh_key_name }}.pub') }}" | |
- name: Cloning T-Pot install directory | |
ansible.builtin.git: | |
repo: "https://github.com/telekom-security/tpotce.git" | |
dest: /root/tpot | |
- name: Copy T-Pot configuration file | |
ansible.builtin.copy: | |
src: /root/tpot/iso/installer/tpot.conf.dist | |
dest: /root/tpot.conf | |
owner: root | |
group: root | |
mode: 0644 | |
remote_src: true | |
- name: Configure T-Pot configuration file | |
ansible.builtin.lineinfile: | |
path: /root/tpot.conf | |
state: present | |
regexp: "{{ item.regexp }}" | |
line: "{{ item.line }}" | |
loop: | |
- { regexp: '^myCONF_TPOT_FLAVOR', line: 'myCONF_TPOT_FLAVOR=''{{ TPOT_FLAVOR }}'''} | |
- { regexp: '^myCONF_WEB_USER', line: 'myCONF_WEB_USER=''{{ tpot_username }}'''} | |
- { regexp: '^myCONF_WEB_PW', line: 'myCONF_WEB_PW=''{{ password }}'''} | |
- name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed. | |
ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf | |
- name: Disable password authentication for root | |
ansible.builtin.lineinfile: | |
path: /etc/ssh/sshd_config | |
state: present | |
regexp: '^#?PermitRootLogin' | |
line: 'PermitRootLogin prohibit-password' | |
- name: Reboot | |
ansible.builtin.reboot: | |
ignore_errors: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment