ben/mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean repository: organized structure and GitOps setup

Browse Source 
- Organized root directory structure
- Moved orphan files to proper locations
- Updated .gitignore to ignore temporary files
- Set up Gitea Runner for GitOps automation
- Fixed Tailscale access issues
- Added workflow for automated Nomad deployment
This commit is contained in:
Houzhong Xu
2025-10-09 06:13:45 +00:00
commit 89ee6f7967
306 changed files with 30781 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
deployment/ansible/playbooks/test/README.md Normal file
View File

@@ -0,0 +1,110 @@
# Kali Linux Ansible 测试套件
本目录包含用于测试Kali Linux系统的Ansible playbook集合。
## 测试Playbook列表
### 1. kali-health-check.yml
**用途**: Kali Linux快速健康检查
**描述**: 执行基本的系统状态检查包括系统信息、更新状态、磁盘空间、关键工具安装状态、网络连接、系统负载和SSH服务状态。
**运行方式**:
```bash
cd /root/mgmt/configuration
ansible-playbook -i inventories/production/inventory.ini playbooks/test/kali-health-check.yml
```
### 2. kali-security-tools.yml
**用途**: Kali Linux安全工具测试
**描述**: 专门测试各种Kali Linux安全工具的安装和基本功能包括
- Nmap
- Metasploit Framework
- Wireshark
- John the Ripper
- Hydra
- SQLMap
- Aircrack-ng
- Burp Suite
- Netcat
- Curl
**运行方式**:
```bash
cd /root/mgmt/configuration
ansible-playbook -i inventories/production/inventory.ini playbooks/test/kali-security-tools.yml
```
### 3. test-kali.yml
**用途**: Kali Linux完整系统测试
**描述**: 执行全面的系统测试,包括:
- 系统基本信息收集
- 网络连接测试
- 包管理器测试
- Kali工具检查
- 系统安全性检查
- 系统性能测试
- 网络工具测试
- 生成详细测试报告
**运行方式**:
```bash
cd /root/mgmt/configuration
ansible-playbook -i inventories/production/inventory.ini playbooks/test/test-kali.yml
```
### 4. kali-full-test-suite.yml
**用途**: Kali Linux完整测试套件
**描述**: 按顺序执行所有上述测试,提供全面的系统测试覆盖。
**运行方式**:
```bash
cd /root/mgmt/configuration
ansible-playbook playbooks/test/kali-full-test-suite.yml
```
## 测试结果
### 健康检查
- 直接在终端显示测试结果
- 无额外文件生成
### 安全工具测试
- 终端显示测试结果摘要
- 在Kali系统上生成 `/tmp/kali_security_tools_report.md` 报告文件
### 完整系统测试
- 终端显示测试进度
- 在Kali系统上生成 `/tmp/kali_test_results/` 目录,包含:
- `system_info.txt`: 系统基本信息
- `tool_check.txt`: Kali工具检查结果
- `security_check.txt`: 系统安全检查
- `performance.txt`: 系统性能信息
- `network_tools.txt`: 网络工具测试
- `kali_test.log`: 完整测试日志
- `README.md`: 测试报告摘要
## 前提条件
1. 确保Kali系统在inventory中正确配置
2. 确保Ansible可以连接到Kali系统
3. 确保有足够的权限在Kali系统上执行测试
## 注意事项
1. 某些测试可能需要网络连接
2. 完整系统测试可能需要较长时间
3. 测试结果文件会保存在Kali系统的临时目录中
4. 建议定期清理测试结果文件以节省磁盘空间
## 故障排除
如果测试失败,请检查:
1. 网络连接是否正常
2. Ansible inventory配置是否正确
3. SSH连接是否正常
4. Kali系统是否正常运行
5. 是否有足够的权限执行测试
## 自定义测试
您可以根据需要修改playbook中的测试内容或添加新的测试任务。所有playbook都使用模块化设计便于扩展和维护。

50
deployment/ansible/playbooks/test/kali-full-test-suite.yml Normal file
View File

@@ -0,0 +1,50 @@
---
- name: Kali Linux 完整测试套件
hosts: localhost
gather_facts: no
tasks:
- name: 显示测试开始信息
debug:
msg: "开始执行 Kali Linux 完整测试套件"
- name: 执行Kali快速健康检查
command: "ansible-playbook -i ../inventories/production/inventory.ini kali-health-check.yml"
args:
chdir: "/root/mgmt/configuration/playbooks/test"
register: health_check_result
- name: 显示健康检查结果
debug:
msg: "健康检查完成,退出码: {{ health_check_result.rc }}"
- name: 执行Kali安全工具测试
command: "ansible-playbook -i ../inventories/production/inventory.ini kali-security-tools.yml"
args:
chdir: "/root/mgmt/configuration/playbooks/test"
register: security_tools_result
- name: 显示安全工具测试结果
debug:
msg: "安全工具测试完成,退出码: {{ security_tools_result.rc }}"
- name: 执行Kali完整系统测试
command: "ansible-playbook -i ../inventories/production/inventory.ini test-kali.yml"
args:
chdir: "/root/mgmt/configuration/playbooks/test"
register: full_test_result
- name: 显示完整测试结果
debug:
msg: "完整系统测试完成,退出码: {{ full_test_result.rc }}"
- name: 显示测试完成信息
debug:
msg: |
Kali Linux 完整测试套件执行完成!
测试结果摘要:
- 健康检查: {{ '成功' if health_check_result.rc == 0 else '失败' }}
- 安全工具测试: {{ '成功' if security_tools_result.rc == 0 else '失败' }}
- 完整系统测试: {{ '成功' if full_test_result.rc == 0 else '失败' }}
详细测试结果请查看各测试生成的报告文件。

86
deployment/ansible/playbooks/test/kali-health-check.yml Normal file
View File

@@ -0,0 +1,86 @@
---
- name: Kali Linux 快速健康检查
hosts: kali
become: yes
gather_facts: yes
tasks:
- name: 显示系统基本信息
debug:
msg: |
=== Kali Linux 系统信息 ===
主机名: {{ ansible_hostname }}
操作系统: {{ ansible_distribution }} {{ ansible_distribution_version }}
内核版本: {{ ansible_kernel }}
架构: {{ ansible_architecture }}
CPU核心数: {{ ansible_processor_vcpus }}
内存总量: {{ ansible_memtotal_mb }} MB
- name: 修复损坏的依赖关系
command: apt --fix-broken install -y
when: ansible_os_family == "Debian"
ignore_errors: yes
- name: 检查系统更新状态
apt:
update_cache: yes
upgrade: dist
check_mode: yes
register: update_check
changed_when: false
ignore_errors: yes
- name: 显示系统更新状态
debug:
msg: "{% if update_check.changed %}系统有可用更新{% else %}系统已是最新{% endif %}"
- name: 检查磁盘空间
command: "df -h /"
register: disk_space
- name: 显示根分区磁盘空间
debug:
msg: "根分区使用情况: {{ disk_space.stdout_lines[1] }}"
- name: 检查关键Kali工具
command: "which {{ item }}"
loop:
- nmap
- metasploit-framework
- wireshark
register: tool_check
ignore_errors: yes
changed_when: false
- name: 显示工具检查结果
debug:
msg: "{% for result in tool_check.results %}{{ result.item }}: {% if result.rc == 0 %}已安装{% else %}未安装{% endif %}{% endfor %}"
- name: 检查网络连接
uri:
url: https://httpbin.org/get
method: GET
timeout: 5
register: network_test
ignore_errors: yes
- name: 显示网络连接状态
debug:
msg: "{% if network_test.failed %}网络连接测试失败{% else %}网络连接正常{% endif %}"
- name: 检查系统负载
command: "uptime"
register: uptime
- name: 显示系统负载
debug:
msg: "系统负载: {{ uptime.stdout }}"
- name: 检查SSH服务状态
systemd:
name: ssh
register: ssh_service
- name: 显示SSH服务状态
debug:
msg: "SSH服务状态: {{ ssh_service.status.ActiveState }}"

228
deployment/ansible/playbooks/test/kali-security-tools.yml Normal file
View File

@@ -0,0 +1,228 @@
---
- name: Kali Linux 安全工具测试
hosts: kali
become: yes
gather_facts: yes
vars:
test_results: []
tasks:
- name: 初始化测试结果
set_fact:
test_results: []
- name: 测试Nmap
block:
- name: 检查Nmap是否安装
command: "which nmap"
register: nmap_check
ignore_errors: yes
changed_when: false
- name: 测试Nmap基本功能
command: "nmap -sn 127.0.0.1"
register: nmap_test
when: nmap_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Nmap测试结果
set_fact:
test_results: "{{ test_results + ['Nmap: ' + ('✓ 正常工作' if nmap_check.rc == 0 and nmap_test.rc == 0 else '✗ 未安装或异常')] }}"
- name: 测试Metasploit Framework
block:
- name: 检查Metasploit是否安装
command: "which msfconsole"
register: msf_check
ignore_errors: yes
changed_when: false
- name: 测试Metasploit版本
command: "msfconsole --version"
register: msf_version
when: msf_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Metasploit测试结果
set_fact:
test_results: "{{ test_results + ['Metasploit: ' + ('✓ 正常工作' if msf_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Wireshark
block:
- name: 检查Wireshark是否安装
command: "which wireshark"
register: wireshark_check
ignore_errors: yes
changed_when: false
- name: 检查tshark是否可用
command: "which tshark"
register: tshark_check
when: wireshark_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Wireshark测试结果
set_fact:
test_results: "{{ test_results + ['Wireshark: ' + ('✓ 正常工作' if wireshark_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试John the Ripper
block:
- name: 检查John是否安装
command: "which john"
register: john_check
ignore_errors: yes
changed_when: false
- name: 测试John版本
command: "john --version"
register: john_version
when: john_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录John测试结果
set_fact:
test_results: "{{ test_results + ['John the Ripper: ' + ('✓ 正常工作' if john_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Hydra
block:
- name: 检查Hydra是否安装
command: "which hydra"
register: hydra_check
ignore_errors: yes
changed_when: false
- name: 测试Hydra帮助
command: "hydra -h"
register: hydra_help
when: hydra_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Hydra测试结果
set_fact:
test_results: "{{ test_results + ['Hydra: ' + ('✓ 正常工作' if hydra_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试SQLMap
block:
- name: 检查SQLMap是否安装
command: "which sqlmap"
register: sqlmap_check
ignore_errors: yes
changed_when: false
- name: 测试SQLMap版本
command: "sqlmap --version"
register: sqlmap_version
when: sqlmap_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录SQLMap测试结果
set_fact:
test_results: "{{ test_results + ['SQLMap: ' + ('✓ 正常工作' if sqlmap_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Aircrack-ng
block:
- name: 检查Aircrack-ng是否安装
command: "which airmon-ng"
register: aircrack_check
ignore_errors: yes
changed_when: false
- name: 测试Aircrack-ng版本
command: "airmon-ng --version"
register: aircrack_version
when: aircrack_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Aircrack-ng测试结果
set_fact:
test_results: "{{ test_results + ['Aircrack-ng: ' + ('✓ 正常工作' if aircrack_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Burp Suite
block:
- name: 检查Burp Suite是否安装
command: "which burpsuite"
register: burp_check
ignore_errors: yes
changed_when: false
- name: 记录Burp Suite测试结果
set_fact:
test_results: "{{ test_results + ['Burp Suite: ' + ('✓ 正常工作' if burp_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Netcat
block:
- name: 检查Netcat是否安装
command: "which nc"
register: nc_check
ignore_errors: yes
changed_when: false
- name: 测试Netcat基本功能
command: "nc -z 127.0.0.1 22"
register: nc_test
when: nc_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Netcat测试结果
set_fact:
test_results: "{{ test_results + ['Netcat: ' + ('✓ 正常工作' if nc_check.rc == 0 else '✗ 未安装')] }}"
- name: 测试Curl
block:
- name: 检查Curl是否安装
command: "which curl"
register: curl_check
ignore_errors: yes
changed_when: false
- name: 测试Curl基本功能
command: "curl -s -o /dev/null -w '%{http_code}' https://httpbin.org/get"
register: curl_test
when: curl_check.rc == 0
ignore_errors: yes
changed_when: false
- name: 记录Curl测试结果
set_fact:
test_results: "{{ test_results + ['Curl: ' + ('✓ 正常工作' if curl_check.rc == 0 else '✗ 未安装')] }}"
- name: 显示所有测试结果
debug:
msg: |
=== Kali Linux 安全工具测试结果 ===
{% for result in test_results %}
{{ result }}
{% endfor %}
- name: 生成测试报告
copy:
content: |
# Kali Linux 安全工具测试报告
**测试时间**: {{ ansible_date_time.iso8601 }}
**测试主机**: {{ ansible_hostname }}
## 测试结果
{% for result in test_results %}
{{ result }}
{% endfor %}
## 建议
{% for result in test_results %}
{% if '✗' in result %}
- {{ result.split(':')[0] }} 未安装,可以使用以下命令安装: `sudo apt install {{ result.split(':')[0].lower().replace(' ', '-') }}`
{% endif %}
{% endfor %}
dest: "/tmp/kali_security_tools_report.md"

260
deployment/ansible/playbooks/test/test-kali.yml Normal file
View File

@@ -0,0 +1,260 @@
---
- name: Kali Linux 系统测试
hosts: kali
become: yes
gather_facts: yes
vars:
test_results_dir: "/tmp/kali_test_results"
test_log_file: "{{ test_results_dir }}/kali_test.log"
tasks:
- name: 创建测试结果目录
file:
path: "{{ test_results_dir }}"
state: directory
mode: '0755'
- name: 初始化测试日志
copy:
content: "Kali Linux 系统测试日志 - {{ ansible_date_time.iso8601 }}\n\n"
dest: "{{ test_log_file }}"
- name: 记录系统基本信息
block:
- name: 获取系统信息
setup:
register: system_info
- name: 记录系统信息到日志
copy:
content: |
=== 系统基本信息 ===
主机名: {{ ansible_hostname }}
操作系统: {{ ansible_distribution }} {{ ansible_distribution_version }}
内核版本: {{ ansible_kernel }}
架构: {{ ansible_architecture }}
CPU核心数: {{ ansible_processor_vcpus }}
内存总量: {{ ansible_memtotal_mb }} MB
磁盘空间: {{ ansible_mounts | map(attribute='size_total') | sum | human_readable }}
dest: "{{ test_results_dir }}/system_info.txt"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] 系统基本信息收集完成"
- name: 测试网络连接
block:
- name: 测试网络连通性
uri:
url: https://www.google.com
method: GET
timeout: 10
register: network_test
ignore_errors: yes
- name: 记录网络测试结果
lineinfile:
path: "{{ test_log_file }}"
line: "{% if network_test.failed %}[✗] 网络连接测试失败{% else %}[✓] 网络连接测试成功{% endif %}"
- name: 测试包管理器
block:
- name: 更新包列表
apt:
update_cache: yes
changed_when: false
- name: 记录包管理器测试结果
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] APT包管理器工作正常"
- name: 检查Kali工具
block:
- name: 检查常见Kali工具是否安装
command: "which {{ item }}"
loop:
- nmap
- metasploit-framework
- wireshark
- john
- hydra
- sqlmap
- burpsuite
- aircrack-ng
register: tool_check
ignore_errors: yes
changed_when: false
- name: 记录工具检查结果
copy:
content: |
=== Kali工具检查结果 ===
{% for result in tool_check.results %}
{{ result.item }}: {% if result.rc == 0 %}已安装{% else %}未安装{% endif %}
{% endfor %}
dest: "{{ test_results_dir }}/tool_check.txt"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] Kali工具检查完成"
- name: 测试系统安全性
block:
- name: 检查防火墙状态
command: "ufw status"
register: firewall_status
ignore_errors: yes
changed_when: false
- name: 检查SSH配置
command: "grep -E '^PermitRootLogin|^PasswordAuthentication' /etc/ssh/sshd_config"
register: ssh_config
ignore_errors: yes
changed_when: false
- name: 记录安全检查结果
copy:
content: |
=== 系统安全检查 ===
防火墙状态:
{{ firewall_status.stdout }}
SSH配置:
{{ ssh_config.stdout }}
dest: "{{ test_results_dir }}/security_check.txt"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] 系统安全检查完成"
- name: 测试系统性能
block:
- name: 获取CPU使用率
command: "top -bn1 | grep 'Cpu(s)'"
register: cpu_usage
changed_when: false
- name: 获取内存使用情况
command: "free -h"
register: memory_usage
changed_when: false
- name: 获取磁盘使用情况
command: "df -h"
register: disk_usage
changed_when: false
- name: 记录性能测试结果
copy:
content: |
=== 系统性能信息 ===
CPU使用率:
{{ cpu_usage.stdout }}
内存使用情况:
{{ memory_usage.stdout }}
磁盘使用情况:
{{ disk_usage.stdout }}
dest: "{{ test_results_dir }}/performance.txt"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] 系统性能测试完成"
- name: 测试网络工具
block:
- name: 测试ping命令
command: "ping -c 4 8.8.8.8"
register: ping_test
ignore_errors: yes
changed_when: false
- name: 测试nslookup命令
command: "nslookup google.com"
register: nslookup_test
ignore_errors: yes
changed_when: false
- name: 记录网络工具测试结果
copy:
content: |
=== 网络工具测试 ===
Ping测试结果:
{{ ping_test.stdout }}
NSlookup测试结果:
{{ nslookup_test.stdout }}
dest: "{{ test_results_dir }}/network_tools.txt"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] 网络工具测试完成"
- name: 生成测试报告
block:
- name: 创建测试报告
copy:
content: |
# Kali Linux 系统测试报告
**测试时间**: {{ ansible_date_time.iso8601 }}
**测试主机**: {{ ansible_hostname }}
## 测试结果摘要
{% if network_test.failed %}- [✗] 网络连接测试失败{% else %}- [✓] 网络连接测试成功{% endif %}
- [✓] APT包管理器工作正常
- [✓] Kali工具检查完成
- [✓] 系统安全检查完成
- [✓] 系统性能测试完成
- [✓] 网络工具测试完成
## 详细结果
请查看以下文件获取详细测试结果:
- system_info.txt: 系统基本信息
- tool_check.txt: Kali工具检查结果
- security_check.txt: 系统安全检查
- performance.txt: 系统性能信息
- network_tools.txt: 网络工具测试
- kali_test.log: 完整测试日志
## 建议
{% for result in tool_check.results %}
{% if result.rc != 0 %}
- 建议安装 {{ result.item }} 工具: `sudo apt install {{ result.item }}`
{% endif %}
{% endfor %}
dest: "{{ test_results_dir }}/README.md"
- name: 记录到主日志
lineinfile:
path: "{{ test_log_file }}"
line: "[✓] 测试报告生成完成"
- name: 显示测试结果位置
debug:
msg: "Kali Linux 系统测试完成!测试结果保存在 {{ test_results_dir }} 目录中"
- name: 显示测试日志最后几行
command: "tail -10 {{ test_log_file }}"
register: log_tail
- name: 输出测试日志摘要
debug:
msg: "{{ log_tail.stdout_lines }}"