Skip to content

Ansible

Jump to bottom
Mathias Stuhlmacher edited this page Aug 7, 2023 · 6 revisions

Ansible

About

The Ansible playbook and role (ansible) were made for installing DFIRTrack on a Ubuntu server. The following distributions are currently tested:

  • Ubuntu 20.04 LTS
  • Ubuntu 22.04 LTS

Beside the installation of DFIRTrack several tasks are executed alongside. It is planned to build another role that only takes the minimum needed steps for successful plain installation.

Usage

Pre-execution steps

Fast testing

For fast testing the playbook may be executed with the default values. It was created with every option predefined. So for first testing you may skip this section.

Attention:

The used default deployment user is called "forensics". If you wish to change, edit the variable ansible_ssh_user in ansible/group_vars/all.

Production usage

For production usage (not publicly available!!!) it is recommended to think about the following values before executing:

  • django secret key (there are many instructions in the wild how to generate it properly),
  • path for the project (<PROJECT_DIR>),
  • path for logging,
  • path and project name (needed separately) for markdown documentation,
  • dedicated user for PostgreSQL database,
  • password for PostgreSQL database (default and dedicated user),
  • path for database backup,
  • URL for reaching the web interface (<FQDN>),
  • service name for nginx logging,
  • path for nginx static web server files,
  • organization name and unit for self signed SSL certificates.

Execution of Ansible playbook

  • change to ansible directory of DFIRTrack repo,
  • add destination host to hosts file like it is addressed by your ssh config,
  • execute ansible: ansible-playbook -i hosts [-k] -K dfirtrack.yml,
  • confirm or change the default values while executing.

Post-execution steps

  • login to destination host,
  • source the virtual environment: source <PROJECT_DIR>/venv/bin/activate,
  • change to project folder: cd <PROJECT_DIR>,
  • create superuser: python3 manage.py createsuperuser,
  • login to web interface (https://<FQDN>),
  • additional administration is possible due to admin UI (https://<FQDN>/admin).

Background information

Tasks

The following tasks are executed:

  • clone DFIRTrack repository to a desired destination on destination host,
  • install and prepare django project,
  • copy and customize main project configuration file settings.py / local_settings.py,
  • prepare folders for logging and markdown documentation (in mkdocs style),
  • configure PostgreSQL database (including users and passwords),
  • prepare cronjob for database backup,
  • install and configure nginx reverse proxy server including self signed SSL certificates,
  • install WSGI server gunicorn as service,
  • install django-q task queue as service,
  • configure firewall ufw.
Clone this wiki locally