config.yml 3.38 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
---

- name: Change password of default user
  shell: "/var/www/MISP/app/Console/cake Password admin@admin.test {{ lookup('password', '{{playbook_dir}}/secrets/passwords/misp_admin') }}"

- name: Configure MISP
  shell: '/var/www/MISP/app/Console/cake Admin setSetting {{item.var}} {{item.value}}'
  with_items:
    - {"var":"Plugin.CustomAuth_enable","value":"true"}
    - {"var":"Plugin.CustomAuth_header","value":"X_REMOTE_USER"}
    - {"var":"Plugin.CustomAuth_disable_logout","value":"true"}
    - {"var":"MISP.external_baseurl","value":"https://{{soctoolsproxy}}:6443"}
    - {"var":"MISP.live","value":"true"}

- name: Init default user
  shell: '/var/www/MISP/app/Console/cake user_init | /usr/bin/tail -n1'
  register: init_output
  ignore_errors: True

20
21
22
23
24
25
26
- name: Change file ownership and group
  file:
    path: /var/www/MISP/app/Config/config.php
    owner: apache
    group: apache
    mode: '0640'

27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
- name: Set API key fact
  set_fact:
   misp_api_key: "{{ init_output.stdout }}"
  when: '"initialised" not in init_output.stdout'

- name: Get API key
  shell: '/var/www/MISP/app/Console/cake Admin getAuthkey admin@admin.test | /usr/bin/tail -n1'
  register: get_output
  ignore_errors: True
  when: '"initialised" in init_output.stdout'

- name: Set API key fact
  set_fact:
   misp_api_key: "{{ get_output.stdout }}"
  when: '"initialised" in init_output.stdout'   

- name: add users
  uri:
   url: "https://{{soctoolsproxy}}:6443/admin/users/add/1"
   method: POST
   body_format: json
   headers:
    Authorization: "{{misp_api_key}}"
    Accept: "application/json"
    Content-type: "application/json"
   body: '{"email": "{{item.email}}","org_id": "1","role_id": "1","external_auth_key":"{{item.email}}","external_auth_required":"1","change_pw": "0","external_auth_key":"{{item.email}}"}'    
  ignore_errors: yes #Ignore error when user already exists
  with_items:
    - "{{soctools_users}}"

- name: Get user API key
  shell: '/var/www/MISP/app/Console/cake Admin getAuthkey {{soctools_users[0].email}} | /usr/bin/tail -n1'
  register: user_key

- name: Store user API key
  copy:
    content: "{{ user_key.stdout }}"
    dest: "{{playbook_dir}}/secrets/tokens/misp"
  delegate_to: 127.0.0.1

- name: Enable feed
  uri:
   url: "https://{{soctoolsproxy}}:6443/feeds/edit/1"
   method: POST
   body_format: json
   headers:
    Authorization: "{{misp_api_key}}"
    Accept: "application/json"
    Content-type: "application/json"
   body: '{"enabled": true, "caching_enabled": true, "distribution": "1","publish": true}'

- name: Fetch feed
  shell: '/var/www/MISP/app/Console/cake Server {{item}} 1 all&'
  with_items:
    - fetchFeed
    - cacheFeed

- name: Add example event
  uri:
   url: "https://{{soctoolsproxy}}:6443/events"
   method: POST
   body_format: json
   headers:
    Authorization: "{{misp_api_key}}"
    Accept: "application/json"
    Content-type: "application/json"
   body: '{"Event":{"date":"{{ansible_date_time.date}}","threat_level_id":"1","info":"testevent","published":true,"analysis":"0","distribution":"0","Attribute":[{"type":"domain","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"example.evil"},{"type":"ip-dst","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"10.10.10.10"}]}}'

- name: Set Autostart for supervisord services
  replace:
    path: /etc/supervisord.conf
    regexp: '^autostart=false$'
    replace: 'autostart=true'