emdee/base_role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first

Browse source
This commit is contained in:
embed@git.macaw.me 2024-01-06 01:38:28 +00:00
commit b50fd16591
197 changed files with 41663 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

151
handlers/main.yml Normal file
View file

@ -0,0 +1,151 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: update facts
shell: |
# {{USR_LOCAL}}/bin/testforge_local_bin.bash
true
# old base
- name: "update locales"
command: |
locale-gen --update
- name: "update env"
command: |
env-update
- name: "update eix"
# now done monthly
command: |
echo eix-update
- name: "update peruser facts"
# broken this is yaml
# /usr/local/bin/testforge_local_bin.bash {{item|expanduser}}
command: |
true
with_items:
- "~{{BOX_USER_NAME}}/{{ BASE_USER_CONFIG_DIR }}/facts.d"
# the tar step just before this may have added certificates to
# /usr/local/share and we may need to run this. Run it anyway
- name: "update-ca-certificates"
shell: |
# morons: this return rc=0 even when there is an exception - with java7 -
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
update-ca-certificates -f -v > /tmp/U$$.log 2>&1
retval=$?
[ $retval -eq 0 ] && exit 0
if grep Exception: /tmp/U$$.log ; then
retval=1
cat /tmp/$$.log
else
retval=0
fi
exit $retval
# FixMe: was unused
- name: "chmod /usr/local"
shell: |
# there are some exceptions in usr/local
# chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" {{USR_LOCAL}}
chmod -R g+rw,o-w {{USR_LOCAL}}
# was TESTF_
# this should not be needed but it still is because we execute src/var_local_*sh
# as BOX_USER so they need to be writable - *before* the src/ files are run.
chmod a+x {{VAR_LOCAL}}/*bin/*sh {{VAR_LOCAL}}/src/*sh
chmod g+rw {{USR_LOCAL}}/*bin/*sh {{USR_LOCAL}}/src/*sh
# was unused - not
- name: chmod /usr/local
shell: |
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
#? chmod -R g+rw,o-w {{USR_LOCAL}}
# FixMe: it breaks lynis - fix it here
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
{{USR_LOCAL}}/src \
{{USR_LOCAL}}/share \
{{USR_LOCAL}}/bin \
{{USR_LOCAL}}/{{BASE_LIB}} \
{{USR_LOCAL}}/net
exit 0
# was in testforge - to fix problems caused by taring
- name: chmod /var/local
shell: |
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
#? chmod -R g+rw,o-w {{VAR_LOCAL}}
# FixMe: it breaks lynis - fix it here
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
{{VAR_LOCAL}}/src \
{{VAR_LOCAL}}/share \
{{VAR_LOCAL}}/bin \
{{VAR_LOCAL}}/{{BASE_LIB}} \
{{VAR_LOCAL}}/net
exit 0
# FixMe: somethings strange in /var/local/etc
# drwxr-xr-x 2 1056888 1049089 4096 Nov 30 13:38 w3af
# FixMe: was PENT_
# FixMe: unused
- name: "strange ownership - coming from tar?"
shell: |
chown -R {{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}} {{VAR_LOCAL}}/src {{VAR_LOCAL}}/bin {{VAR_LOCAL}}/net
- name: summary of logs
debug:
# lookup('vars', item ) returns a list of strings?; map yields generators
# |map(attribute='stdout')|list|join('\n') -> 'str object' has no attribute 'stdout'
msg: "{{ lookup('vars', item ) }}"
when:
- lookup('vars', item, default=[])|length > 0
# base proxy
with_items:
# proxy
- proxy_log_hourly
# testforge
- testforge_log_hourly
- testforge_log_daily
- testforge_log_weekly
- testforge_log_monthly
- testforge_log_test
# pydev
- pydev_log_test
# text
- text_log_test
- text_log_hourly
# testing
- testing_log_test
# harden
- harden_log_hourly
- harden_log_daily
- harden_log_weekly
- harden_log_monthly
- harden_log_test
# logging
- logging_log_daily
- logging_log_test
# hostvms
- hostvms_log_bin
- hostvms_log_test
# pentest
- pentest_log_weekly
- pentest_log_test
# privacy
- privacy_log_hourly
- privacy_log_daily
- privacy_log_weekly
- privacy_log_monthly
- privacy_log_test
# gpgkey
- gpgkey_log_weekly
# trading
- trading_log_test
# update
- update_log_daily
- update_log_test