Check the documentation added in:
https://github.com/CoffeeITWorks/ansible-generic-help#getting-started
Full list of roles: https://github.com/grke/burp/wiki/Automated-deploy-and-maintenance
Install ansible on your control machine (See getting-started) Install python-minimal (for Ubuntu 16.04+) on remote machine (or in local if you are using ansible locally)
Copy example inventory and files: https://github.com/CoffeeITWorks/ansible-generic-help/tree/master/example1 (You can download the repo and copy the example1 dir)
See also Quickstart.md
Example playbook
---
- name: burp2 servers
become: yes
become_method: sudo
# environment: "{{ proxy_env }}" # example to use behind proxy
hosts: burp2_servers
# Define the list of servers and add tags so you will be able to filter the call to a tag:
roles:
- role: coffeeitworks.burp2_server
tags:
- "burp2_server_all"
- "burp2_server"
Install this role, example:
ansible-galaxy install -r requirements.yml
- downloading role 'burp2_server', owned by CoffeeITWorks
- downloading role from https://github.com/CoffeeITWorks/ansible_burp2_server/archive/master.tar.gz
- extracting coffeeitworks.burp2_server to /home/pablo/.ansible/roles/coffeeitworks.burp2_server
- coffeeitworks.burp2_server (master) was installed successfully
Modify the ip address in inventory/test
run ansible-playbook:
ansible-playbook -i inventory/ roles.burp2_servers.yml -v -u pablo --ask-pass
Later you will be able to customize some vars adding your own values in group_vars
variables or host_vars
.
Install this role if you wanna use it with centos > 8
- src: https://github.com/robertdebock/ansible-role-powertools
name: ansible-role-powertools
ansible burp2_server deploy and maintenance role.
This roles builds burp version specified on defaults/main.yml. Also configures it to get it working and maintained in a centralized way.
See FEATURES.md
Install the role on the system:
ansible-galaxy install coffeeitworks.burp2_server
Checkout more info at: https://github.com/CoffeeITWorks/ansible-generic-help#installing-roles
We have an inventory and a playbook to call the roles, but we must customize the variables before running the playbook.
Here we will organize the variables files into the group_vars
directory:
mkdir -p group_vars/burp2_servers
Inside it you can add a file with the name of the group or the host where you want to add specific options of this role.
example file group_vars/burp2_servers/burp2_server_vars.yml
Check also all vars in defaults/main.yml
you can override any default using your host/group_vars
Burp-ui agent was moved to another role: https://github.com/CoffeeITWorks/ansible_burpui_agent
It's very recommended to use burpui-agent with python3, if you know role to add python3/pip3 on centos please contact me to update this information.
(Enabled by default)
burp_manual_delete_enabled: true
(Enabled by default)
burp_server_autoupgrade_enabled: true
(Enabled by default)
Since version 2.1.10
- Add the ability for the client to connect to different server ports
according to whether it is doing backup/restore/verify/list/delete. These ports are based on: CoffeeITWorks#11 Compatible since burp 2.1.10
burp_server_port_per_operation_bool: true
# Default optional vars to change:
# These are not needed to be changed, but showing here the
# defaults that we have in defaults/main.yml
burp_server_port_operation_restore: 4975
burp_server_port_operation_verify: 4976
burp_server_port_operation_list: 4977
burp_server_port_operation_delete: 4978
This option will setup /etc/burp/burp.conf
for burp-ui-agent
when used with burp_module_agent: true
to benefit the performance of burp-ui
Check also burp_server_ports_per_operation:
on defaults/main.yml
to change
max_children per operation
Example:
burp_repos:
- { repo: "http://host/group/repo.git", version: "master", dir: "linux_clients"}
You just need files per client, example:
-
client1 file content:
password = clientpassword dedup_group = trusty . incexc/profile_lnxsrv
Optional list of clients to add on specific execution
burp2_add_manual_clients:
- name: client_name
profile: profile name to use (optional), default: profile_lnxsrv (these files are in incexc/ dir).
password: client_password (optional), default: burp_client_password var
- name: second_client
You can use it as a fixed list or a dinamic specifying it during ansible-playbook
command execution:
http://docs.ansible.com/ansible/playbooks_variables.html#passing-variables-on-the-command-line
Example using json like var in command line:
--extra-vars '{ "burp2_add_manual_clients": [ { "name": "test_manual" }, { "name": "test_manual2", "profile": "profile_win6x" } ] }'
It will create the files:
ansible@ubuntuburp2:~$ cat /etc/burp/clientconfdir/test_manual2
# Ansible managed
password = password
# More configuration files can be read, using syntax like the following
# (without the leading '# ').
. incexc/profile_win6x
ansible@ubuntuburp2:~$ cat /etc/burp/clientconfdir/test_manual
# Ansible managed
password = password
# More configuration files can be read, using syntax like the following
# (without the leading '# ').
. incexc/profile_lnxsrv
Check defaults/main.yml
file, to copy the content and create your own profiles with profiles_templates var
A small example:
# See also files/incexc, those in this repo are copied to /etc/burp/clientconfdir/incexc
# This template create each template in: /etc/burp/clientconfdir/incexc/name
profiles_templates:
- name: profile_lnxsrv
content:
- "#hard_quota No permitir backups a clientes con mas de xxGb en el backup total"
- "#hard_quota Do not allow to backup clients with more than xxGb in the whole backup"
- "hard_quota=65Gb"
- ""
- "#soft_quota enviar WARNING backups a de clientes con mas de xxGb en el backup total"
- "#soft_quota send WARNING to backups clients with more than xxGb in the whole backup"
- "soft_quota=50Gb"
- ""
- ". lnxsrv_global_inclusions"
- ". lnxsrv_global_exclusions"
- ". compressed_exclusions"
- ". audio_compressed_exclusions"
- ". generic_excluded_extensions"
- ""
- "cross_all_filesystems=1"
- "dedup_group = lnxsrv"
burp_server_custom_lines:
- "someextra=line"
See https://burp.grke.org/docs/manpage.html
There is now a feature to allow you to remove a client from a list, variable used is:
burp_remove_clients:
- name: client_to_remove
- name: other_client_to_remove
You can use this variable in a static var file like: group_vars
, or at runtime. Example:
ansible-playbook --extra-vars '{ "burp_remove_clients": [ { "name": "test_manual" }, { "name": "test_manual2" } ] }' -i inventory roles.burp_servers.yml -u user -k
You can choose between [systemd, supervisor, systemd_unprivileged] using var:
burp_sv_type: systemd
All systemd installs service 'burp-server' name. And you can use systemctl start/stop burp-server
to control the service.
To restart installed services/daemons you should use:
sudo supervisorctl restart buiagent/burp-server/burp-restore (depends on the service you want to restart)
you can also use supervisorctl shell:
sudo supervisorctl
And then interactively use all options.
Logs:
Also supervisord allow proper stdout and stderror to logs redirection, so all logs are under /var/logs/supervisor
Logs are also rotated by logrotate automatically.
Please note when using compiled version of burp with this role, after you upgrade your linux distribution is very recommended to run recompile and install of burp.
Example to run it once:
ansible-playbook -i production burp-servers.yml -l client -e "burp_force_reinstall=yes"
The variable burp_force_reinstall: yes
will do it for you.
MIT
This role was created by Diego Daguerre with collaboration of Pablo Estigarribia (pablodav at gmail) Actually main developer is Pablo Estigarribia.
Main page: http://burp.grke.org/
Now there is only need to modify these to group/host vars:
burpsrcext: "zip"
burp_version: "master"
- compile optimizations.
Now this role compiles with some better configurations for performance improvements, you can also change the variable burp_configure_line
with your own configure flags too.
See CoffeeITWorks#24
- Add backup script tool from @deajan
backup_script_tool is added as optional installation, you can use var install_backup_tool_script: true
to install, see defaults/main.yml vars for more options.
CoffeeITWorks#26
See https://github.com/grke/burp/wiki/Utils#backup-tool-script
To upgrade previous version or also upgrade from apt/yum/dnf/zypper installation to this role, you can run the playbook located in: resources/upgrade.yml
And run it
ansible-playbook -i inventory upgrade.yml -u username -k
Put your name here.
How to test this role?
I have prepared an script and molecule tests, just install docker in your system and start it, then run the script: Disable selinux to allow setattr commands when using restore (disable and restart, permissive doesn't works too)
sudo systemctl start docker
./run_local_molecule_basic.sh
Once tests are done, clean the created instances with (after a reboot also use destroy):
./run_local_molecule_destroy.sh
As it uses docker images, you don't need to install anything.
For burp maintainers and developers, there is also a separate role to perform tests on any burp server: https://github.com/CoffeeITWorks/ansible_burp2_tests