Azure development

Azure/Ansible/roles/wef/tasks/main.yml

@@ -0,0 +1,136 @@
+---
+
+# This needs to be made idempodent
+- name: Set HostOnly DNS Address
+  win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: wef_join_domain
+  changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
+
+- debug: msg="{{ wef_join_domain.stdout_lines }}"
+
+- name: Reboot After Joining the Domain
+  win_reboot:
+    msg: "Joining the domain. Rebooting..."
+    pre_reboot_delay: 15
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Download Microsoft ATA
+  win_get_url:
+    url: http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso
+    dest: "C:\\Users\\vagrant\\AppData\\Local\\Temp\\Microsoft ATA 1.9.iso"
+    timeout: 3600
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+
+- name: Downloading the Palantir WEF Configuration
+  win_shell: ".\\download_palantir_wef.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: palantir_wef
+  failed_when: "'Exception' in palantir_wef.stdout"
+
+- debug: msg="{{ palantir_wef.stdout_lines }}"
+
+- name: Installing WEF Subscriptions
+  win_shell: ".\\install-wefsubscriptions.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: wef_subscriptions
+  failed_when: "'Exception' in wef_subscriptions.stdout"
+
+- debug: msg="{{ wef_subscriptions.stdout_lines }}"
+
+- name: Installing the Splunk Universal Forwarder
+  win_shell: ".\\install-splunkuf.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: splunkuf
+  failed_when: "'Exception' in splunkuf.stdout"
+
+- debug: msg="{{ splunkuf.stdout_lines }}"
+
+- name: Install Splunk Windows TA
+  win_shell: ".\\install-windows_ta.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: windowsta
+  failed_when: "'Exception' in windowsta.stdout"
+
+- debug: msg="{{ windowsta.stdout_lines }}"
+
+- name: Installing the Powershell Log Transcription Share
+  win_shell: ".\\configure-pslogstranscriptsshare.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: pstranscriptshare
+  failed_when: "'Exception' in pstranscriptshare.stdout"
+
+- debug: msg="{{ pstranscriptshare.stdout_lines }}"
+
+- name: Installing Microsoft Advanced Threat Analytics
+  win_shell: ".\\install-microsoft-ata.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: windowsata
+  failed_when: "'Exception' in windowsata.stdout"
+
+- debug: msg="{{ windowsata.stdout_lines }}"
+
+- name: Configure WEF with raw Commands
+  win_shell: "{{ item }}"
+  with_items:
+    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
+
+- name: Disable password complexity policy
+  win_shell: |
+      secedit /export /cfg C:\secpol.cfg
+      (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+      secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+      rm -force C:\secpol.cfg -confirm:$false
+  become: yes
+  become_method: enable
+
+- name: Add Ansible user
+  win_user:
+    name: ansible
+    password: Ansible123
+    groups:
+      - Administrators
+
+- name: Switch to Ansible user
+  set_fact:
+    ansible_user: ansible
+    ansible_password: Ansible123
+
+- name: Change password for vagrant account back to vagrant
+  win_user:
+    name: vagrant
+    password: vagrant
+