From 0646f14c99040199686c6aca4edbf4f15965aa2e Mon Sep 17 00:00:00 2001
From: Bilal Retiat <bilal.retiat@gmail.com>
Date: Thu, 23 Dec 2021 19:13:43 +0100
Subject: [PATCH] Updated the Ansible Playbook (#2138)

* Update Ansible role
* lint Ansible role
* Update Ansible Playbook README
* use python3 packages instead python2
---
 ansible-playbook/README                       |  6 +--
 .../roles/gophish/files/config.json           |  4 +-
 ansible-playbook/roles/gophish/tasks/main.yml | 41 ++++++++++++++-----
 ansible-playbook/roles/gophish/vars/main.yml  |  5 ++-
 4 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/ansible-playbook/README b/ansible-playbook/README
index 210def0c..69244b7b 100644
--- a/ansible-playbook/README
+++ b/ansible-playbook/README
@@ -1,4 +1,4 @@
-Tested on Ubuntu 16.04.4.
+Tested on Ubuntu 20.04 LTS.
 
 Installs Postfix (to listen on localhost only) and the latest Linux gophish binary.  setcap is used to allow the gophish binary to listen on privileged ports without running as root.
 
@@ -17,7 +17,7 @@ ansible-playbook site.yml -i hosts -u root --private-key=private.key
 ansible-playbook site.yml -i hosts -u root --ask-pass
 
 # Log in as non-root user with SSH key (if root login has been disabled)
-ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
 
 # Logging in as non-root user without SSH keys
-ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass
diff --git a/ansible-playbook/roles/gophish/files/config.json b/ansible-playbook/roles/gophish/files/config.json
index efdd72be..92ed9329 100644
--- a/ansible-playbook/roles/gophish/files/config.json
+++ b/ansible-playbook/roles/gophish/files/config.json
@@ -16,7 +16,7 @@
 	"migrations_prefix": "db/db_",
 	"contact_address": "",
 	"logging": {
-		"filename": "",
+		"filename": "gophish.log",
 		"level": ""
 	}
-}
\ No newline at end of file
+}
diff --git a/ansible-playbook/roles/gophish/tasks/main.yml b/ansible-playbook/roles/gophish/tasks/main.yml
index 8608e365..5cf3e801 100644
--- a/ansible-playbook/roles/gophish/tasks/main.yml
+++ b/ansible-playbook/roles/gophish/tasks/main.yml
@@ -10,19 +10,19 @@
 - name: Allow TCP 22 for SSH.
   ufw:
     rule: allow
-    port: '22'
+    port: "22"
     proto: tcp
 
 - name: Allow TCP 80 for Gophish.
   ufw:
     rule: allow
-    port: '80'
+    port: "80"
     proto: tcp
 
 - name: Allow TCP 443 for Gophish.
   ufw:
     rule: allow
-    port: '443'
+    port: "443"
     proto: tcp
 
 - name: Enable ufw.
@@ -43,19 +43,19 @@
   file:
     path: /etc/ssl/csr
     state: directory
-    mode: '0755'
-  
+    mode: "0755"
+
 - name: Ensure /etc/ssl/private folder exists
   file:
     path: /etc/ssl/private
     state: directory
-    mode: '0755'
+    mode: "0755"
 
 - name: Ensure /etc/ssl/crt folder exists
   file:
     path: /etc/ssl/crt
     state: directory
-    mode: '0755'
+    mode: "0755"
 
 - name: Install specified packages.
   apt:
@@ -64,7 +64,7 @@
 
 - name: adding existing user '{{ gophish_user }}' to group ssl-cert
   user:
-    name: '{{ gophish_user }}'
+    name: "{{ gophish_user }}"
     groups: ssl-cert
     append: yes
 
@@ -109,10 +109,16 @@
     state: started
     enabled: yes
 
+- name: get latest release info
+  uri:
+    url: "https://api.github.com/repos/gophish/gophish/releases/latest"
+    return_content: true
+  register: latest_json_reponse
+
 - name: Download latest Gophish .zip file.
   get_url:
     validate_certs: True
-    url: https://getgophish.com/releases/latest/linux/64
+    url: "https://github.com/gophish/gophish/releases/download/{{ latest_json_reponse.json.tag_name }}/gophish-{{ latest_json_reponse.json.tag_name }}-linux-64bit.zip"
     dest: "/home/{{ gophish_user }}/gophish.zip"
     mode: 0755
     owner: "{{ gophish_user }}"
@@ -144,7 +150,7 @@
   unarchive:
     src: "/home/{{ gophish_user }}/gophish.zip"
     dest: "/home/{{ gophish_user }}/gophish_deploy"
-    remote_src: True  # File is on target server and not locally.
+    remote_src: True # File is on target server and not locally.
     owner: "{{ gophish_user }}"
     group: "{{ gophish_user }}"
 
@@ -155,6 +161,11 @@
     group: "{{ gophish_user }}"
     recurse: True
 
+- name: Ensure gophish binary is executable
+  file:
+    path: /home/{{ gophish_user }}/gophish_deploy/gophish
+    mode: 744
+
 - name: Ensure gophish binary is allowed to bind to privileged ports using setcap
   capabilities:
     path: /home/{{ gophish_user }}/gophish_deploy/gophish
@@ -202,6 +213,14 @@
     state: reloaded
     enabled: yes
 
+- name: get Gophish log file which contain initial password
+  command: cat /home/{{ gophish_user }}/gophish_deploy/gophish.log
+  register: gophish_log
+
+- name: display log file
+  debug:
+    msg: "{{ gophish_log }}"
+
 - name: Reboot the box in 1 minute.
   command: shutdown -r 1
-  when: reboot_box
\ No newline at end of file
+  when: reboot_box
diff --git a/ansible-playbook/roles/gophish/vars/main.yml b/ansible-playbook/roles/gophish/vars/main.yml
index eaa42565..2f72b849 100644
--- a/ansible-playbook/roles/gophish/vars/main.yml
+++ b/ansible-playbook/roles/gophish/vars/main.yml
@@ -4,7 +4,8 @@ install_packages:
   - postfix
   - unzip
   - libcap2-bin
-  - python-pip
+  - python-is-python3
+  - python3-pip
 
 hostname: gophish
 gophish_user: ubuntu
@@ -15,4 +16,4 @@ gophish_ssl_cert_path: /etc/ssl/private/gophish.pem
 gophish_csr_path: /etc/ssl/csr/gophish.csr
 gophish_crt_path: /etc/ssl/crt/gophish.crt
 # Required if changing /etc/hostname to something different.
-reboot_box: true
\ No newline at end of file
+reboot_box: true