Skip to content

Latest commit

 

History

History
77 lines (70 loc) · 3.12 KB

init_ansible_playbooks.md

File metadata and controls

77 lines (70 loc) · 3.12 KB
Raw

Init Ansible playbooks

Init Ansible playbooks

hosts.ini

This file specify the IP address for each playbook. If you used the provided IP addresses in the Terraform playbook there is no action items. If you modified the IP addresses please open this file and set the correct IP addresses. ansible_hosts_ini

group_vars/all.yml

  1. cp group_vars/all.yml.example group_vars/all.yml
  2. vim group_vars/all.yml and set:
  3. internal_domain - The domain for the CORP subnet resources
  4. external_domain - The domain for external accessible resources
  5. ansible_init_group_vars_all

group_vars/corp.yml

  1. cp group_vars/corp.yml.example group_vars/corp.yml
  2. vim group_vars/corp.yml and set:
  3. Users 1. user_list - Set password for each user. This password will be used for Windows share users, e-mail, and macOS VNC.
  4. Mail server 1. db_hMailServer_password - Set the password for the hMailServer database password
  5. macOS 1. vnc_admin_password - VNC password for the ec2-user (default AWS user) admin account
  6. Logstash 1. elastic_version - Logstash version to use the Logstash ingestor
  7. ansible_corp_vars

group_vars/sec_tools.yml

  1. cp group_vars/sec_tools.yml.example group_vars/sec_tools.yml
  2. uuid - Copy output
  3. vim group_vars/sec_tools.yml and set:
  4. Arkmie 1. monitoring_interface - Interface for Arkmie to monitor 1. arkmie_version - Version of Armkie to download and install 1. arkmie_admin_user - Set the Arkmie admin username 1. arkmie_admin_password - Set the Arkmie admin password 1. arkmie_regular_user - Set the Arkmie workshop user username 1. arkmie_regular_password - Set the Arkmie workshop user password 1. elasticsearch_oss_version - Specify the version of Elasticsearch to install
  5. Log ingestor 1. confluent_version - Version of Confluent suite/Kafka to install
  6. Splunk 1. splunk_hec_token - Set this to the output of uuid from above
  7. Osquery 1. osquery_version - Version of Osquery to install on endpoints
  8. Filebeat 1. filebeat_version - Version of Filebeat to install on endpoints
  9. Winlogbeat 1. winlogbeat_version - Version of Winlogbeat to install on endpoints
  10. ansible_sec_tools_vars

group_vars/windows.yml

Get Administrator password

  1. Login into AWS webGUI console
  2. Services > Compute > EC2
  3. Select the Windows file server EC2 instance
  4. Actions > Security > Get Windows Password
  5. Paste the contents of terraform/ssh_keys/id_rsa into the text box
  6. Get Windows password
  7. Select "Decrypt Password"
  8. Win password

Setup group_vars/windows.yml

  1. cp group_vars/windows.yml.example group_vars/windows.yml
  2. vim group_vars/windows.yml and set:
  3. ansible_password - Set to the password from AWS prompt above
  4. ansible_windows_vars

References