coffeeitworks / ansible_burp2_client Goto Github PK
View Code? Open in Web Editor NEWburp2 deployment client
License: MIT License
burp2 deployment client
License: MIT License
I have noticed some tweaks with include/excludes in your fork that could be interesting to have in this role.
Also some duplicated work as I have recently added centos7 and fedora support.
Could you please sync your repo and check if you could create pull request with your changes?
TASK [coffeeitworks.burp2_client : Test client line] **********************************************************************************************************************************************
[DEPRECATION WARNING]: evaluating burp_client_test as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS
configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [elliot.rootway.com]
just need a switch:
- include: build-burp.yml
when: not burp_install_from_system_package
and a new yml:
- include: install-burp-package.yml
when: burp_install_from_system_package
maybe also a variable:
burp_system_packages_names:
- burp-server
- burp-client
I'm installing burp in CentOS using both server and client burp roles.
However, I'm getting
TASK [coffeeitworks.burp2_client : read burp installed version] *******************************
fatal: [example.com]: FAILED! => {
"changed": false,
"cmd": "burp -V",
"delta": "0:00:00.003200",
"end": "2021-05-18 09:28:37.151225",
"rc": 127,
"start": "2021-05-18 09:28:37.148025"
}
STDERR:
/bin/sh: burp: command not found
MSG:
non-zero return code
I'm using the defaults variables which installs burp on /usr/local/sbin
. It seems to be an ansible normal and expected behaviour.
Remember that sudo sanitizes the environment when switching users, which is why you end up with a minimal default PATH.
This only happens when become: true
is set.
(venv) [gb637@seed ]$ ansible -m shell gb637-backup -a "which burp"
gb637-backup | CHANGED | rc=0 >>
/usr/local/sbin/burp
(venv) [gb637@seed ]$ ansible -m shell gb637-backup -a "which burp" -b
gb637-backup | FAILED | rc=1 >>
which: no burp in (/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/)non-zero return code
(venv) [gb637@seed ]$
I believe a sane solution would be to add become: false
to that specific task.
This affects burp2_server role as well: CoffeeITWorks/ansible_burp2_server#76
@deajan
You have added this:
https://github.com/grke/burp/wiki/Performance-Tips#optional-compile-time-improvements
When compiling burp, you can optimize it for your actual processor architecture, and add a certain degree of parallelism that will give a little performance improvement (expect 5%).
Add the following CFLAGS to your configure statement
CFLAGS="-O2 -march=native -mtune=native -mfpmath=sse -floop-parallelize-all -ftree-parallelize-loops=4" ./configure
Be aware that using -march and -mtune will make your compiled burp work only with the actual processor you compiled with. Omit those parameters if you want to compile for other cpus.
This role compliles burp so I think it could help on default compilation.
What do you think?
Should I add these compile commands to the role?
references:
grke/burp#566
http://burp.grke.org/docs/manpage.html
On server:
Add multiple max_children or max_status_children
On client:
port=[port number]
Defines the TCP port on the server that we will
send requests to. If this option is set, it is the
default for these options, which can be overridden
individually: port_backup, port_restore, port_ver‐
ify, port_list, port_delete. If this option is not
set, you will need to set all of the port options
separately.
port_backup=[port number]
Defines the TCP port on the server that we will
send backup requests to. If not set, it defaults
to the port option.
port_restore=[port number]
Defines the TCP port on the server that we will
send restore requests to. If not set, it defaults
to the port option.
port_verify=[port number]
Defines the TCP port on the server that we will
send verify requests to. If not set, it defaults
to the port_restore option.
port_list=[port number]
Defines the TCP port on the server that we will
send list requests to. If not set, it defaults to
the port option.
port_delete=[port number]
Defines the TCP port on the server that we will
send delete requests to. If not set, it defaults
to the port option.
status_port=[port number]
Defines the TCP port that the server is listening
on for status requests.
The current configure line variable needs to include sbindir
to point to burp_bin_path or change path in os dependent vars file.
In:
- name: Make install
shell: cd {{ download_dir }}/{{ burpsrc }} && make install creates={{ burp_bin_path }}
with:
burp_usr_path: '/usr/local'
burp_bin_path: "{{ burp_usr_path }}/sbin/burp"
and without:
burp_configure_line: "CFLAGS='-O2 -march=native -mtune=native -mfpmath=sse' sbindir={{ burp_bin_path }} ./configure "
Please note I have left out some CFLAGS: -floop-parallelize-all -ftree-parallelize-loops=4
as they both didn't run on my FreeBSD VM. Might be that I don't have the predefined 4 Cores.
Issue and Branch to merge changes from @planet-winter from merge request #12 before moving to master
burp2_win_client could be useful for large deployments with windows servers.
Agent can't be install on Centos 7 . Many files need to be edited before to perform succesful install.
based on comments in grke/burp#675
burp -V will be the next command line to get burp version.
Need to have 2 different modes to get burp version:
burp -v for version <= 2.2.10
burp -V for version > 2.2.10
Debian 9 changes libraries and produce an error with burp (client) installed and maintained with this role:
# burp -a l
burp: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by burp)
burp: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by burp)
OpenSSL has been updated.
Debian 9 has a burp package into repository:
Package: burp
Version: 2.0.54-1
Priority: extra
Section: utils
Maintainer: Calogero Lo Leggio <[email protected]>
Installed-Size: 681 kB
Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.15), libncurses5 (>= 6), librsync1 (>= 0.9.6), libssl1.1 (>= 1.1.0), libtinfo5 (>= 6), zlib1g (>= 1:1.1.4), lsb-base (>= 3.0-6)
and ansible see the Debian 9 Stretch by this way:
"ansible_distribution": "Debian",
"ansible_distribution_major_version": "9",
"ansible_distribution_release": "stretch",
"ansible_distribution_version": "9.0",
Modify tasks to select client burp.conf path.
new stable release
Hello, I'm having a weird issue, and I don't know how to tackle it... I must admit certificates authorities are quite a mystery for me, I know the fundamentals, but when a problem arises like know, I'm completely lost.
I have installed more than 60 clients without problems, all of them are the exact same version of ubuntu (20.04) and they are working all just perfect... well, all except one.
Playbook finishes apparently without errors but I cannot see on the /etc/burp/
directory anything but this:
# ls -al
total 16
drwxr-xr-x 3 root root 4096 Mar 10 18:58 .
drwxr-xr-x 108 root root 4096 Mar 10 18:37 ..
drwxr-xr-x 2 root root 4096 Mar 10 18:37 CA-client
-rw-r--r-- 1 root root 666 Mar 10 18:37 burp.conf
I've reviewed burp.conf and even compared with diff
with another burp.conf client on any working node and it's ok. On the server, I've make sure I have the config file for that node on /etc/burp/clientconfdir
and the parameters (password mainly) are just like the other working nodes.
If I run burp -a b
# burp -ab
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_key /etc/burp/ssl_cert-client.key: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Could not find ssl_cert_ca /etc/burp/ssl_cert_ca.pem: No such file or directory
2021-03-10 18:59:23 +0100: burp[595545] Connecting to bck01.example.com:4971
2021-03-10 18:59:24 +0100: burp[595545] unexpected command in authorise_client(): e:001D:unable to authorise on server
On other places I saw perhaps there is no connection with the server, but I can ping and telnet to the 4971 port just fine. I'm using a non-firewalled and dedicated LAN just for this purpose, so no firewall is involved either.
So, I don't know where to go now. I don't know why didn't create the certificates and why it can't connect to the server...
Could anyone shred some light, please?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.