coffeeitworks / ansible_burp2_client Goto Github PK

View Code? Open in Web Editor NEW

6.0 6.0 3.0 97 KB

burp2 deployment client

License: MIT License

Shell 15.20% Jinja 84.80%

ansible-role backup-client burp-client

ansible_burp2_client's People

Contributors

Stargazers

Watchers

Forkers

timbrd planet-winter guimaluf

ansible_burp2_client's Issues

Add tweaks from timbrd

@timbrd

I have noticed some tweaks with include/excludes in your fork that could be interesting to have in this role.

Also some duplicated work as I have recently added centos7 and fedora support.

Could you please sync your repo and check if you could create pull request with your changes?

TASK [coffeeitworks.burp2_client : Test client line] **********************************************************************************************************************************************
[DEPRECATION WARNING]: evaluating burp_client_test as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS
configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [elliot.rootway.com]

add option to install burp from system package

just need a switch:

- include: build-burp.yml 
  when: not burp_install_from_system_package

and a new yml:

- include: install-burp-package.yml
  when: burp_install_from_system_package

maybe also a variable:

burp_system_packages_names:
  - burp-server
  - burp-client

/bin/sh: burp: command not found on read burp installed version task

I'm installing burp in CentOS using both server and client burp roles.
However, I'm getting

TASK [coffeeitworks.burp2_client : read burp installed version] *******************************
fatal: [example.com]: FAILED! => {
    "changed": false,
    "cmd": "burp -V",
    "delta": "0:00:00.003200",
    "end": "2021-05-18 09:28:37.151225",
    "rc": 127,
    "start": "2021-05-18 09:28:37.148025"
}

STDERR:

/bin/sh: burp: command not found


MSG:

non-zero return code

I'm using the defaults variables which installs burp on /usr/local/sbin. It seems to be an ansible normal and expected behaviour.

Remember that sudo sanitizes the environment when switching users, which is why you end up with a minimal default PATH.

This only happens when become: true is set.

(venv) [gb637@seed ]$ ansible -m shell gb637-backup -a "which burp"
gb637-backup | CHANGED | rc=0 >>
/usr/local/sbin/burp
(venv) [gb637@seed ]$ ansible -m shell gb637-backup -a "which burp" -b
gb637-backup | FAILED | rc=1 >>
which: no burp in (/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/)non-zero return code
(venv) [gb637@seed ]$

I believe a sane solution would be to add become: false to that specific task.

This affects burp2_server role as well: CoffeeITWorks/ansible_burp2_server#76

Centos8 instructions

https://github.com/grke/burp/pull/831/files

change compile options

@deajan
You have added this:

https://github.com/grke/burp/wiki/Performance-Tips#optional-compile-time-improvements

When compiling burp, you can optimize it for your actual processor architecture, and add a certain degree of parallelism that will give a little performance improvement (expect 5%).
Add the following CFLAGS to your configure statement

CFLAGS="-O2 -march=native -mtune=native -mfpmath=sse -floop-parallelize-all -ftree-parallelize-loops=4" ./configure

Be aware that using -march and -mtune will make your compiled burp work only with the actual processor you compiled with. Omit those parameters if you want to compile for other cpus.

This role compliles burp so I think it could help on default compilation.

What do you think?
Should I add these compile commands to the role?

Add multiple ports setup for different operations

references:
grke/burp#566
http://burp.grke.org/docs/manpage.html

On server:

Add multiple max_children or max_status_children

On client:



       port=[port number]
	      Defines  the  TCP  port on the server that we will
	      send requests to. If this option is set, it is the
	      default for these options, which can be overridden
	      individually: port_backup, port_restore, port_ver‐
	      ify, port_list, port_delete. If this option is not
	      set, you will need to set all of the port  options
	      separately.

       port_backup=[port number]
	      Defines  the  TCP  port on the server that we will
	      send backup requests to. If not set,  it	defaults
	      to the port option.

       port_restore=[port number]
	      Defines  the  TCP  port on the server that we will
	      send restore requests to. If not set, it	defaults
	      to the port option.

       port_verify=[port number]
	      Defines  the  TCP  port on the server that we will
	      send verify requests to. If not set,  it	defaults
	      to the port_restore option.

       port_list=[port number]
	      Defines  the  TCP  port on the server that we will
	      send list requests to. If not set, it defaults  to
	      the port option.

       port_delete=[port number]
	      Defines  the  TCP  port on the server that we will
	      send delete requests to. If not set,  it	defaults
	      to the port option.

       status_port=[port number]
	      Defines  the TCP port that the server is listening
	      on for status requests.

building burp client on Debian 10. make install places burp in /usr/sbin/ not burp_bin_path

The current configure line variable needs to include sbindir to point to burp_bin_path or change path in os dependent vars file.
In:

- name: Make install
  shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates={{ burp_bin_path }}

with:

burp_usr_path: '/usr/local'
burp_bin_path: "{{ burp_usr_path }}/sbin/burp"

and without:
burp_configure_line: "CFLAGS='-O2 -march=native -mtune=native -mfpmath=sse' sbindir={{ burp_bin_path }} ./configure "

Please note I have left out some CFLAGS: -floop-parallelize-all -ftree-parallelize-loops=4 as they both didn't run on my FreeBSD VM. Might be that I don't have the predefined 4 Cores.

freebsd support

Issue and Branch to merge changes from @planet-winter from merge request #12 before moving to master

Migrate molecule tests to v2 tests

Create burp2_win_client

burp2_win_client could be useful for large deployments with windows servers.

Centos 7 Support

Agent can't be install on Centos 7 . Many files need to be edited before to perform succesful install.

for next version 2.2.12+ burp version will be different

based on comments in grke/burp#675

burp -V will be the next command line to get burp version.

Need to have 2 different modes to get burp version:

burp -v for version <= 2.2.10
burp -V for version > 2.2.10

Debian 9 stretch

Debian 9 changes libraries and produce an error with burp (client) installed and maintained with this role:

# burp -a l
burp: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by burp)
burp: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by burp)

OpenSSL has been updated.

Debian 9 has a burp package into repository:

Package: burp
Version: 2.0.54-1
Priority: extra
Section: utils
Maintainer: Calogero Lo Leggio <[email protected]>
Installed-Size: 681 kB
Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.15), libncurses5 (>= 6), librsync1 (>= 0.9.6), libssl1.1 (>= 1.1.0), libtinfo5 (>= 6), zlib1g (>= 1:1.1.4), lsb-base (>= 3.0-6)

and ansible see the Debian 9 Stretch by this way:

        "ansible_distribution": "Debian",
        "ansible_distribution_major_version": "9",
        "ansible_distribution_release": "stretch",
        "ansible_distribution_version": "9.0",

Updates to burp 3.1.2 and openssl3 support

Add optional var to change the client path to use

Modify tasks to select client burp.conf path.

Upgrade default burp version to 2.1.28

new stable release

Issues with client certificates

Hello, I'm having a weird issue, and I don't know how to tackle it... I must admit certificates authorities are quite a mystery for me, I know the fundamentals, but when a problem arises like know, I'm completely lost.

I have installed more than 60 clients without problems, all of them are the exact same version of ubuntu (20.04) and they are working all just perfect... well, all except one.

Playbook finishes apparently without errors but I cannot see on the /etc/burp/ directory anything but this:

# ls -al
total 16
drwxr-xr-x   3 root root 4096 Mar 10 18:58 .
drwxr-xr-x 108 root root 4096 Mar 10 18:37 ..
drwxr-xr-x   2 root root 4096 Mar 10 18:37 CA-client
-rw-r--r--   1 root root  666 Mar 10 18:37 burp.conf

I've reviewed burp.conf and even compared with diff with another burp.conf client on any working node and it's ok. On the server, I've make sure I have the config file for that node on /etc/burp/clientconfdir and the parameters (password mainly) are just like the other working nodes.

If I run burp -a b

# burp -ab
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_key /etc/burp/ssl_cert-client.key: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_cert_ca /etc/burp/ssl_cert_ca.pem: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Connecting to bck01.example.com:4971
2021-03-10 18:59:24 +0100: burp[595545] unexpected command in authorise_client(): e:001D:unable to authorise on server

On other places I saw perhaps there is no connection with the server, but I can ping and telnet to the 4971 port just fine. I'm using a non-firewalled and dedicated LAN just for this purpose, so no firewall is involved either.

So, I don't know where to go now. I don't know why didn't create the certificates and why it can't connect to the server...

Could anyone shred some light, please?