109 lines
2.3 KiB
YAML
109 lines
2.3 KiB
YAML
- name: load distribution-specific variables
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- '{{ ansible_os_family }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure burp server is installed
|
|
package:
|
|
name={{ burp_server_package }}
|
|
state=present
|
|
tags:
|
|
- install
|
|
- name: check burp version
|
|
burp_version:
|
|
- debug: var=burp_version
|
|
- name: load burp version-specific variables
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- burp{{ burp_version[0] }}.yml
|
|
- burp-defaults.yml
|
|
|
|
- name: ensure burp user exists
|
|
user:
|
|
name=burp
|
|
system=yes
|
|
home=/dev/null
|
|
createhome=no
|
|
shell=/sbin/nologin
|
|
tags:
|
|
- user
|
|
|
|
- name: ensure tmpfiles.d directory exists
|
|
file:
|
|
path=/etc/tmpfiles.d
|
|
mode=0755
|
|
state=directory
|
|
- name: ensure burp tmpfiles are configured
|
|
copy:
|
|
src=burp.tmpfiles.conf
|
|
dest=/etc/tmpfiles.d/burp.conf
|
|
mode=0644
|
|
notify: process tmpfiles
|
|
- meta: flush_handlers
|
|
- name: ensure burp persistent state directory exists
|
|
file:
|
|
path=/var/lib/burp
|
|
owner=root
|
|
group=burp
|
|
mode=0770
|
|
state=directory
|
|
- name: ensure burp volume is mounted
|
|
mount:
|
|
name=/var/spool/burp
|
|
src={{ burp_backup_volume }}
|
|
fstype={{ burp_backup_volume_fstype }}
|
|
opts=noatime
|
|
state=mounted
|
|
when: burp_backup_volume is defined
|
|
- name: ensure burp directory permissions are correct
|
|
file:
|
|
path=/var/spool/burp
|
|
owner=root
|
|
group=burp
|
|
mode=0770
|
|
state=directory
|
|
- name: ensure burp server is configured
|
|
template:
|
|
src=burp-server.conf.j2
|
|
dest=/etc/burp/burp-server.conf
|
|
owner=root
|
|
group=burp
|
|
mode=0640
|
|
notify: restart burp server
|
|
- name: ensure burp dh params are set
|
|
command:
|
|
burp_ca --dhfile /etc/burp/dhfile.pem
|
|
creates=/etc/burp/dhfile.pem
|
|
- name: ensure burp dh params file permissions are correct
|
|
file:
|
|
path=/etc/burp/dhfile.pem
|
|
mode=0600
|
|
owner=burp
|
|
group=burp
|
|
|
|
- import_tasks: ca.yml
|
|
|
|
- name: ensure burp server starts at boot
|
|
service:
|
|
name=burp
|
|
enabled=yes
|
|
- meta: flush_handlers
|
|
- name: ensure burp server is running
|
|
service:
|
|
name=burp
|
|
state=started
|
|
|
|
- name: ensure burp is allowed through the firewall
|
|
firewalld:
|
|
port=4971/tcp
|
|
immediate=yes
|
|
permanent=no
|
|
state=enabled
|
|
notify: save firewalld configuration
|
|
tags:
|
|
- firewalld
|