CentOS7にCowrieをAnsibleで入れてみる
環境
- CentOS Linux release 7.5.1804 (Core)
- Cowrie
ファイルの準備
※対象ホスト(target)とのansible疎通は取れている前提です
以下のファイルを準備する
- hosts
- site.yml
- host_vars/target
- roles/setup_cowrie/tasks/main.yml
hosts
[targets]
target ansible_host=192.168.1.1
[all:vars]
ansible_ssh_user=root
ansible_ssh_private_key_file=./ssh_target.key
site.yml
- hosts: target
gather_facts: True
roles:
- setup_cowrie
ユーザ(cowrie)のパスワード、適宜修正
host_vars/target
cowrie_password: P@ssword
roles/setup_cowrie/tasks/main.yml
- name: install modules
tags: cowrie
yum:
name: "@Development Tools"
state: present
- name: install modules
tags: cowrie
with_items:
- python-devel
- python-setuptools
- python-virtualenv
- epel-release
yum:
name: "{{ item }}"
state: present
- name: install modules
tags: cowrie
yum:
name: python-pip
state: present
- name: upgrade pip
tags: cowrie
pip:
name: pip
extra_args: --upgrade
- name: useradd cowrie
tags: cowrie
user:
name: cowrie
state: present
password: "{{ cowrie_password | password_hash('sha512') }}"
update_password: on_create
- name: mkdir
tags: cowrie
become: yes
become_user: cowrie
file:
path: /home/cowrie/cowrie
state: directory
mode: 0755
- name: git clone by cowrie
tags: cowrie
become: yes
become_user: cowrie
git:
repo: http://github.com/micheloosterhof/cowrie
dest: /home/cowrie/cowrie
- name: install packages
tags: cowrie
become: yes
become_user: cowrie
shell: /bin/bash -lc "cd /home/cowrie/cowrie&&virtualenv cowrie-env&&source cowrie-env/bin/activate&&pip install --upgrade pip&&pip install --upgrade -r requirements.txt&&deactivate"
playbookの実行
以下のコマンドでplaybookを実行
$ ansible-playbook -i hosts site.yml
起動
# su - cowrie
$ ./cowrie/bin/cowrie start
課題
cowrie.serviceおよびcowrie.socketがうまく動かないので
当面手動で起動・停止対応することにする