initial commit

Author: Wolfgang Hotwagner

README.md

@@ -0,0 +1,35 @@
+# Ansible-Role: atb-ansible-healthcheck
+
+Installs a client-script for the vulnerable healthcheckd service.
+
+
+## Requirements
+
+- Debian or Ubuntu
+
+## Role Variables
+
+```yaml
+healthcheck_status: "OK"
+healthcheck_wrapper_path: "/usr/local/bin"
+healthcheck_wrapper_mode: "0755"
+```
+
+## Example Playbook
+
+```yaml
+- hosts: localhost
+  roles:
+    vars:
+        healthcheck_wrapper_path: "/media/health"
+        healthcheck_wrapper_mode: "0777"
+        healthcheck_server: 192.168.100.23
+```
+
+## License
+
+GPL-3.0
+
+## Author
+
+- Wolfgang Hotwagner

defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# defaults file for atb-ansible-healthcheck
+healthcheck_status: "OK"
+healthcheck_wrapper_path: "/usr/local/bin"
+healthcheck_wrapper_mode: "0755"

files/healthcheck

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+
+import socket
+from sys import argv
+
+target_port = 1881
+
+if len(argv) < 3 or len(argv) > 4 :
+    print(f"usage: {argv[0]} <host> <status> [<port>]")
+    exit(1)
+
+target_host = argv[1]
+
+if len(argv) == 4:
+    target_port = argv[3]
+
+host = socket.gethostname().encode() + b'\r\n'
+status = argv[2].encode() + b'\r\n'
+
+with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+    s.connect((target_host, target_port))
+    data = s.recv(1024)
+    s.sendall(host)
+    data = s.recv(1024)
+    s.sendall(status)
+
+exit(0)

meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Wolfgang Hotwagner
+  description:  Installs a client-script for the vulnerable healthcheckd service.
+  company: Austrian Institute of Technology
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: GPL-3.0-only
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

tasks/main.yml

@@ -0,0 +1,33 @@
+# tasks file for atb-ansible-healthcheck
+- name: ensure cron installed
+  ansible.builtin.apt:
+    name: cron
+    update_cache: true
+
+- name: deploy healthcheck script
+  ansible.builtin.copy:
+    src: healthcheck
+    dest: /usr/local/bin/healthcheck
+    owner: root
+    group: root
+    mode: 0755
+
+- name: create destination directory
+  ansible.builtin.file:
+    path: "{{healthcheck_wrapper_path}}"
+    state: directory
+    recurse: yes
+
+- name: deploy cron-wrapper
+  ansible.builtin.template:
+    src: wrapper.j2
+    dest: "{{healthcheck_wrapper_path}}/healthcheck_cron.sh"
+    owner: root
+    group: root
+    mode: "{{healthcheck_wrapper_mode}}"
+
+- name: Create cron-job
+  ansible.builtin.cron:
+    name: "healthcheck"
+    job: "{{healthcheck_wrapper_path}}/healthcheck_cron.sh"
+    minute: "*/10"

templates/wrapper.j2

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/local/bin/healthcheck {{ healthcheck_server }} {{ healthcheck_status }}