Backup authorized keys before nuking

hosts

@@ -0,0 +1,17 @@
+[forensics]
+10.8.2.12 ansible_user=administrator
+
+[database]
+10.8.2.3 ansible_user=administrator
+
+[workstations]
+10.8.1.10 ansible_user=administrator
+10.8.1.40 ansible_user=administrator
+
+[workstations:children]
+web
+
+[web]
+10.8.1.90 ansible_user=administrator
+
+

roles/immortal/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: restart ufw
+  service: name=ufw state=restarted
+  become: yes

roles/immortal/tasks/main.yml

@@ -20,13 +20,58 @@
     src: /etc/passwd
     dest: "{{ inventory_hostname }}"
 
+- name: Collect disk space data
+  block:
+    - name: lsblk
+      shell: lsblk
+      register: lsblk_output
+      become: yes
+    - name: Store results
+      copy:
+        content: "{{lsblk_output.stdout}}"
+        dest: "{{ inventory_hostname }}/lsblk.out"
+      delegate_to: localhost
+      become: no
+
+- name: Collect netstat
+  block:
+    - name: Run command
+      shell: netstat -peanut
+      register: netstat_output
+      become: yes
+    - name: Store results
+      copy:
+        content: "{{netstat_output.stdout}}"
+        dest: "{{ inventory_hostname }}/netstat.out"
+      delegate_to: localhost
+      become: no
+- name: Collect process data
+  block:
+    - name: Run command
+      shell: ps aux
+      register: ps_output
+      become: yes
+    - name: Store results
+      copy:
+        content: "{{ps_output.stdout}}"
+        dest: "{{ inventory_hostname }}/ps.out"
+      delegate_to: localhost
+      become: no
 - name: Get users
   get_users:
     #min_uid: "{{ (ansible_os_family == 'RedHat') | ternary(500,1000) }}"
     min_uid: 1000
     max_uid: 65000
+  become: yes
   register: users_list 
 
+- name: Backup all users authorized keys
+  fetch:
+    src: "{{item['dir']}}/.ssh/authorized_keys"
+    dest: "{{ inventory_hostname }}"
+  ignore_errors: yes
+  loop: "{{ users_list.users }}"
+
 - name: Give root exclusively the current controller user's SSH key
   ansible.posix.authorized_key:
     user: root
@@ -54,7 +99,6 @@
 
     - name: Disable firewalld if RHEL based
       shell: "systemctl disable firewalld; systemctl stop firewalld"
-        
       when: ansible_os_family == "RedHat"
       
     - name: Ensure UFW is installed
@@ -62,6 +106,12 @@
         name: ufw
         state: present
 
+    - name: Ensure UFW is disabled
+      ufw: state=disabled
+    
+    - name: Reset UFW
+      ufw: state=reset
+
     - name: Configure ufw defaults
       ufw: direction={{ item.direction }} policy={{ item.policy }}
       with_items:

setup.yml

@@ -1,20 +1,35 @@
 ---
 
 - hosts: all
+  handlers:
+    - import_tasks: handlers.yml
   vars_prompt:
     - name: password
       prompt: "Enter new root and admin password"
   roles:
    - immortal
+  become: yes
 
 - hosts: web
+  handlers:
+    - import_tasks: handlers.yml
   roles:
     - web
+  become: yes
 
 - hosts: database
+  handlers:
+    - import_tasks: handlers.yml
   roles:
     - database
+  become: yes
 
 - hosts: all
+  vars:
+    pip_install_packages:
+      - name: docker
+
   roles:
+    - geerlingguy.pip
     - geerlingguy.docker
+  become: yes