An Ansible role for installing Cobalt Strike.
In order to execute the Molecule tests for this Ansible role in GitHub Actions, a build user must exist in AWS. The accompanying Terraform code will create the user with the appropriate name and permissions. This only needs to be run once per project, per AWS account. This user can also be used to run the Molecule tests on your local machine.
Before the build user can be created, you will need a profile in your
AWS credentials file that allows you to read and write your remote
Terraform state. (You almost certainly do not want to use local
Terraform state for this long-lived build user.) If the build user is
to be created in the CISA COOL environment, for example, then you will
need the cool-terraform-backend profile.
The easiest way to set up the Terraform remote state profile is to
make use of our
aws-profile-sync
utility. Follow the usage instructions in that repository before
continuing with the next steps, and note that you will need to know
where your team stores their remote profile data in order to use
aws-profile-sync.
To create the build user, follow these instructions:
cd terraform
terraform init --upgrade=true
terraform applyOnce the user is created you will need to update the repository's
secrets
with the new encrypted environment variables. This should be done
using the
terraform-to-secrets
tool available in the development
guide. Instructions for
how to use this tool can be found in the "Terraform IAM Credentials
to GitHub Secrets"
section.
of the Project Setup README.
If you have appropriate permissions for the repository you can view existing secrets on the appropriate page in the repository's settings.
None.
| Variable | Description | Default | Required |
|---|---|---|---|
| cobalt_strike_bucket_name | The name of the AWS S3 bucket where the Cobalt Strike tarball and license files are stored. | cisa-cool-third-party-production |
No |
| cobalt_strike_license_object_name | The name of the AWS S3 object that is the Cobalt Strike license. | cobaltstrike.license |
No |
This role can be installed via the command:
ansible-galaxy install --role-file path/to/requirements.ymlwhere requirements.yml looks like:
---
- name: cobalt_strike
src: https://github.com/cisagov/ansible-role-cobalt-strikeand may contain other roles as well.
For more information about installing Ansible roles via a YAML file,
please see the ansible-galaxy
documentation.
Here's how to use it in a playbook:
- hosts: all
become: true
become_method: sudo
tasks:
- name: Install Cobalt Strike
ansible.builtin.include_role:
name: cobalt_strikeWe welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
Shane Frasier - jeremy.frasier@gwe.cisa.dhs.gov