trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
5791b99c8fb8b6de6552e91e5ed6da5607e90401
DetectionLab/Azure/Ansible/roles/wef/tasks/main.yml
Chris Long 5791b99c8f Azure development
2020-06-14 18:45:18 -07:00

137 lines
3.9 KiB
YAML
Raw Blame History

---
# This needs to be made idempodent
- name: Set HostOnly DNS Address
win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
- name: Install git
win_chocolatey:
name: git
state: present
- name: Check if existing DetectionLab directory
win_stat:
path: 'c:\DetectionLab'
register: dir
- name: Git clone Detectionlab
win_shell: git clone https://github.com/clong/DetectionLab.git
args:
chdir: 'c:\'
when: not dir.stat.exists
- name: Copy scripts to c:\vagrant
win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
- name: Join the Domain
win_shell: .\\provision.ps1
args:
chdir: 'c:\vagrant\scripts'
register: wef_join_domain
changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
- debug: msg="{{ wef_join_domain.stdout_lines }}"
- name: Reboot After Joining the Domain
win_reboot:
msg: "Joining the domain. Rebooting..."
pre_reboot_delay: 15
reboot_timeout: 600
post_reboot_delay: 60
- name: Download Microsoft ATA
win_get_url:
url: http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso
dest: "C:\\Users\\vagrant\\AppData\\Local\\Temp\\Microsoft ATA 1.9.iso"
timeout: 3600
- name: Clear Event Logs
win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- name: Downloading the Palantir WEF Configuration
win_shell: ".\\download_palantir_wef.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: palantir_wef
failed_when: "'Exception' in palantir_wef.stdout"
- debug: msg="{{ palantir_wef.stdout_lines }}"
- name: Installing WEF Subscriptions
win_shell: ".\\install-wefsubscriptions.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: wef_subscriptions
failed_when: "'Exception' in wef_subscriptions.stdout"
- debug: msg="{{ wef_subscriptions.stdout_lines }}"
- name: Installing the Splunk Universal Forwarder
win_shell: ".\\install-splunkuf.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: splunkuf
failed_when: "'Exception' in splunkuf.stdout"
- debug: msg="{{ splunkuf.stdout_lines }}"
- name: Install Splunk Windows TA
win_shell: ".\\install-windows_ta.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: windowsta
failed_when: "'Exception' in windowsta.stdout"
- debug: msg="{{ windowsta.stdout_lines }}"
- name: Installing the Powershell Log Transcription Share
win_shell: ".\\configure-pslogstranscriptsshare.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: pstranscriptshare
failed_when: "'Exception' in pstranscriptshare.stdout"
- debug: msg="{{ pstranscriptshare.stdout_lines }}"
- name: Installing Microsoft Advanced Threat Analytics
win_shell: ".\\install-microsoft-ata.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: windowsata
failed_when: "'Exception' in windowsata.stdout"
- debug: msg="{{ windowsata.stdout_lines }}"
- name: Configure WEF with raw Commands
win_shell: "{{ item }}"
with_items:
- "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
- name: Disable password complexity policy
win_shell: |
secedit /export /cfg C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
rm -force C:\secpol.cfg -confirm:$false
become: yes
become_method: enable
- name: Add Ansible user
win_user:
name: ansible
password: Ansible123
groups:
- Administrators
- name: Switch to Ansible user
set_fact:
ansible_user: ansible
ansible_password: Ansible123
- name: Change password for vagrant account back to vagrant
win_user:
name: vagrant
password: vagrant
Reference in New Issue View Git Blame Copy Permalink