diff --git a/LIBVIRT_README.md b/LIBVIRT_README.md deleted file mode 100644 index 8240618..0000000 --- a/LIBVIRT_README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Detection Lab Libvirt build - -## Intro - -This page contains the instruction to build DetectionLab for Qemu/LibVirt. This is the provider for you *if*: -* You are familiar with LibVirt, virt-manager and Qemu and prefer this software stack instead of VirtualBox -* You are willing to spend a bit more time thinkering with the build process as it is less hands-off than the official DetectionLab - -A [step-by-step guide is available here](https://selorasec.wordpress.com/2019/12/03/ad-in-a-box-for-pocs-and-iocs-on-the-cheap-detectionlab-on-libvirt/#Setting_Up_Vagrant). - -## Prequisite -### LibVirt - -The `libvirt` and `virt-manager` installation walkthrough and documentation is out of scope of this project. To follow along, you need an already working installation of `libvirt`, `virt-manager`, and `QEMU+kvm`. - -### Packer - -1. The [Virtio drivers](https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/) ISO needs to be location in the `DetectionLab/Packer/` directory. - -* This is a direct [link to the latest version of the virtio drivers ISO](https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso). -* There's also a "stable" version available [here](https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso). - -2. Edit the windows_X.json files -* Make sure the following user-defined variables are pointing to the right thing: - * `virtio_win_iso` : The ISO containing thethe lastest VirtIO drivers - * `packer_build_dir` : Where to output the QCOW2 images. It's a temporary directory, the .box files will still be in DetectionLab/Packer - -3. Build the images -``` -env TMPDIR=/path/to/large/storage/ PACKER_LOG=1 PACKER_LOG_PATH="packer_build.log" packer build --only=qemu windows_2016.json -env TMPDIR=/path/to/large/storage/ PACKER_LOG=1 PACKER_LOG_PATH="packer_build.log" packer build --only=qemu windows_10.json -``` - -### Vagrant -1. Install the necessary plugins: -* `vagrant plugin install vagrant-reload vagrant-libvirt vagrant-winrm-syncedfolders` -* See the guide for ubuntu as the vagrant packages comes with a ton on unofficial & outdated plugins that will cause problems -2. Add the previously built windows .box files -* `vagrant box add windows_10_libvirt.box --name windows_10_libvirt` -* `vagrant box add windows_2016_libvirt.box --name windows_2016_libvirt` -3. Build: `vagrant up --provider libvirt --no-parallel --provision` - -#### Notes: -The libvirt builder is highly experimental. This sections describes the tradeoffs and the differences between the vanilla DetectionLab. - -- No pre-built images and integration with the build.sh script for now. This means building the Windows base boxes with Packer (> 1h) and provisioning with Vagrant manually (> 1h). Fortunately, the process is relatively straightforward. -- The boxes will have two network adapters -The vagrant-libvirt provider works by binding to a "management" network adapter IP addresses. The way vagrant finds the VM's IP address is by probing the dnsmasq lease file of libvirt's host. There's probably a better way, but this is the best I could do that just works (tm) so far. Here's what the configuration looks like: - -* Management Network: Isolated network, no NAT, no internet access, with DHCP. -* Detectionlab Network: 192.168.38.0/24, with NAT, with internet access, with DHCP. - -- The synced folder is using an old, slow and buggy plugin. While this barely works, it's enough to push the provisioning scripts to the Windows instances. Any modifications to the `vm.synced_folder` in the VagrantFile libvirt provider will likely break the provisionning process - -- The graphical and input settings assume the use of virt-manager with the SPICE viewer on Windows and the VNC viewer on Linux (logger). The spice agent for copy/pasting and other quality of life improvement, like auto-resolution changes is *NOT* installed on the Windows hosts. *Guacamole* is a better way to access your VMs. diff --git a/Packer/windows_10.json b/Packer/windows_10.json index 9036bdf..fdee3e0 100644 --- a/Packer/windows_10.json +++ b/Packer/windows_10.json @@ -1,52 +1,8 @@ { "builders": [ - { - "type": "qemu", - "vm_name":"windows_10", - "communicator": "winrm", - "iso_url": "{{user `iso_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "headless": true, - "boot_wait": "6m", - "boot_command": "", - "winrm_username": "vagrant", - "winrm_password": "vagrant", - "winrm_timeout": "4h", - "shutdown_timeout": "2h", - "shutdown_command": "a:/sysprep.bat", - - "accelerator": "kvm", - "disk_size": "{{user `disk_size`}}", - - "output_directory": "{{ user `packer_build_dir`}}", - - "qemuargs": [ - [ "-m", "2048"], - [ "-smp", "2"], - [ "-drive", "file={{ user `virtio_win_iso` }},media=cdrom,index=3" ], - [ "-drive", "file={{ user `packer_build_dir`}}/{{ .Name }},if=virtio,cache=writeback,discard=ignore,format=qcow2,index=1" ] - ], - - "floppy_files": [ - "{{user `autounattend_virtio`}}", - "./floppy/WindowsPowershell.lnk", - "./floppy/PinTo10.exe", - "./scripts/fixnetwork.ps1", - "./scripts/rearm-windows.ps1", - "./scripts/disable-screensaver.ps1", - "./scripts/disable-winrm.ps1", - "./scripts/enable-winrm.ps1", - "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1", - "./scripts/unattend.xml", - "./scripts/sysprep.bat" - ] - - }, { "type": "vmware-iso", - "vm_name":"windows_10", + "vm_name": "windows_10", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", @@ -88,7 +44,7 @@ }, { "type": "virtualbox-iso", - "vm_name":"windows_10", + "vm_name": "windows_10", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", @@ -132,6 +88,57 @@ "2" ] ] + }, + { + "type": "qemu", + "vm_name": "windows_10", + "communicator": "winrm", + "iso_url": "{{user `iso_url`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "headless": false, + "boot_wait": "6m", + "boot_command": "", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "4h", + "shutdown_timeout": "2h", + "shutdown_command": "a:/sysprep.bat", + "accelerator": "kvm", + "disk_size": "{{user `disk_size`}}", + "output_directory": "{{ user `packer_build_dir`}}", + "qemuargs": [ + [ + "-m", + "2048" + ], + [ + "-smp", + "2" + ], + [ + "-drive", + "file={{ user `virtio_win_iso` }},media=cdrom,index=3" + ], + [ + "-drive", + "file={{ user `packer_build_dir`}}/{{ .Name }},if=virtio,cache=writeback,discard=ignore,format=qcow2,index=1" + ] + ], + "floppy_files": [ + "{{user `autounattend_virtio`}}", + "./floppy/WindowsPowershell.lnk", + "./floppy/PinTo10.exe", + "./scripts/fixnetwork.ps1", + "./scripts/rearm-windows.ps1", + "./scripts/disable-screensaver.ps1", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", + "./scripts/microsoft-updates.bat", + "./scripts/win-updates.ps1", + "./scripts/unattend.xml", + "./scripts/sysprep.bat" + ] } ], "provisioners": [ @@ -188,6 +195,6 @@ "disk_size": "61440", "virtio_win_iso": "./virtio-win.iso", "autounattend_virtio": "./answer_files/10_virtio/Autounattend.xml", - "packer_build_dir": "/media/packer_build_dir/win10" + "packer_build_dir": "./win10" } -} +} \ No newline at end of file diff --git a/Packer/windows_2016.json b/Packer/windows_2016.json index 91b8192..845c2da 100644 --- a/Packer/windows_2016.json +++ b/Packer/windows_2016.json @@ -1,49 +1,7 @@ { "builders": [ { - "type": "qemu", - "vm_name":"windows_10", - "communicator": "winrm", - "iso_url": "{{user `iso_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "headless": true, - "boot_wait": "6m", - "boot_command": "", - "winrm_username": "vagrant", - "winrm_password": "vagrant", - "winrm_timeout": "4h", - "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", - - "accelerator": "kvm", - "disk_size": "{{user `disk_size`}}", - - "output_directory": "{{ user `packer_build_dir`}}", - - "qemuargs": [ - [ "-m", "2048"], - [ "-smp", "2"], - [ "-drive", "file={{ user `virtio_win_iso` }},media=cdrom,index=3" ], - [ "-drive", "file={{ user `packer_build_dir`}}/{{ .Name }},if=virtio,cache=writeback,discard=ignore,format=qcow2,index=1" ] - ], - - "floppy_files": [ - "{{user `autounattend_virtio`}}", - "./floppy/WindowsPowershell.lnk", - "./floppy/WindowsPowershell.lnk", - "./floppy/PinTo10.exe", - "./scripts/unattend.xml", - "./scripts/sysprep.bat", - "./scripts/disable-screensaver.ps1", - "./scripts/disable-winrm.ps1", - "./scripts/enable-winrm.ps1", - "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1" - ] - - }, - { - "vm_name":"WindowsServer2016", + "vm_name": "WindowsServer2016", "type": "vmware-iso", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", @@ -82,7 +40,7 @@ } }, { - "vm_name":"WindowsServer2016", + "vm_name": "WindowsServer2016", "type": "virtualbox-iso", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", @@ -124,6 +82,55 @@ "2" ] ] + }, + { + "type": "qemu", + "vm_name": "windows_10", + "communicator": "winrm", + "iso_url": "{{user `iso_url`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "headless": false, + "boot_wait": "6m", + "boot_command": "", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "4h", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "accelerator": "kvm", + "disk_size": "{{user `disk_size`}}", + "output_directory": "{{ user `packer_build_dir`}}", + "qemuargs": [ + [ + "-m", + "2048" + ], + [ + "-smp", + "2" + ], + [ + "-drive", + "file={{ user `virtio_win_iso` }},media=cdrom,index=3" + ], + [ + "-drive", + "file={{ user `packer_build_dir`}}/{{ .Name }},if=virtio,cache=writeback,discard=ignore,format=qcow2,index=1" + ] + ], + "floppy_files": [ + "{{user `autounattend_virtio`}}", + "./floppy/WindowsPowershell.lnk", + "./floppy/WindowsPowershell.lnk", + "./floppy/PinTo10.exe", + "./scripts/unattend.xml", + "./scripts/sysprep.bat", + "./scripts/disable-screensaver.ps1", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", + "./scripts/microsoft-updates.bat", + "./scripts/win-updates.ps1" + ] } ], "provisioners": [ @@ -172,6 +179,6 @@ "autounattend": "./answer_files/2016/Autounattend.xml", "virtio_win_iso": "./virtio-win.iso", "autounattend_virtio": "./answer_files/2016_virtio/Autounattend.xml", - "packer_build_dir": "/media/packer_build_dir/win2016" + "packer_build_dir": "./win2016" } -} +} \ No newline at end of file diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile index cce7dc4..f62afa1 100644 --- a/Vagrant/Vagrantfile +++ b/Vagrant/Vagrantfile @@ -1,26 +1,13 @@ -libvirt_win10_box = "../Boxes/windows_10_libvirt.box" -libvirt_win2016_box = "../Boxes/windows_2016_libvirt.box" + Vagrant.configure("2") do |config| config.vm.provider "libvirt" do |libvirt| - # This is required for Vagrant to properly configure the network interfaces. - # See libvirt's README section for more information - libvirt.management_network_name = "VagrantMgmt" - libvirt.management_network_address = "192.168.123.0/24" - libvirt.management_network_mode = "none" - - libvirt.cpu_mode = "host-passthrough" - - # Which storage pool path to use. Default to /var/lib/libvirt/images or ~/.local/share/libvirt/images depending on if you are running a system or user QEMU/KVM session. - #libvirt.storage_pool_path = '/media/storage_nvme/system_session_vm_pool' - libvirt.storage_pool_name = 'default' end config.vm.define "logger" do |cfg| - cfg.vm.box = "generic/ubuntu1604" - + cfg.vm.box = "bento/ubuntu-18.04" cfg.vm.hostname = "logger" cfg.vm.provision :shell, path: "bootstrap.sh" cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8" @@ -51,7 +38,16 @@ Vagrant.configure("2") do |config| lv.video_vram = 32768 lv.memory = 4096 lv.cpus = 2 - + # This is required for Vagrant to properly configure the network interfaces. + # See https://github.com/clong/DetectionLab/wiki/LibVirt-Support for more information + lv.management_network_name = "VagrantMgmt" + lv.management_network_address = "192.168.123.0/24" + lv.management_network_mode = "none" + lv.cpu_mode = "host-passthrough" + # Which storage pool path to use. Default to /var/lib/libvirt/images or ~/.local/share/libvirt/images depending on if you are running a system or user QEMU/KVM session. + #libvirt.storage_pool_path = '/media/storage_nvme/system_session_vm_pool' + lv.storage_pool_name = 'default' + override.vm.box = "generic/ubuntu1604" override.vm.synced_folder './', '/vagrant', type: 'rsync' end end @@ -114,18 +110,12 @@ Vagrant.configure("2") do |config| lv.video_type = "qxl" lv.input :type => "tablet", :bus => "usb" - override.vm.box = libvirt_win2016_box + override.vm.box = "../Boxes/windows_2016_libvirt.box" lv.video_vram = 32768 lv.memory = 3072 lv.cpus = 2 - # This is NOT the right semantic for Vagrant synced folder. It's a dirty hack around : + # This is NOT the right semantic for Vagrant synced folder. It's a workaround: # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11 - # If dest is /vagrant, it'll upload in C:\vagrant\Vagrant.... - # It's like 'cp /my/dir /my/dir2' vs 'cp /my/dir /my/dir2/' - # - # The Winrm synced folder plugin is also excruciatingly slow. Would gladly replace with something else - # that works with linux host and windows guest... - override.vm.synced_folder '.', '/', type: 'winrm' end end @@ -185,18 +175,10 @@ Vagrant.configure("2") do |config| lv.graphics_type = "spice" lv.video_type = "qxl" lv.input :type => "tablet", :bus => "usb" - override.vm.box = libvirt_win2016_box + override.vm.box = "../Boxes/windows_2016_libvirt.box" lv.video_vram = 32768 lv.memory = 2048 lv.cpus = 2 - # This is NOT the right semantic for Vagrant synced folder. It's a dirty hack around : - # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11 - # If dest is /vagrant, it'll upload in C:\vagrant\Vagrant.... - # It's like 'cp /my/dir /my/dir2' vs 'cp /my/dir /my/dir2/' - # - # The Winrm synced folder plugin is also excruciatingly slow. Would gladly replace with something else - # that works with linux host and windows guest... - override.vm.synced_folder '.', '/', type: 'winrm' end end @@ -252,18 +234,10 @@ Vagrant.configure("2") do |config| lv.graphics_type = "spice" lv.video_type = "qxl" lv.input :type => "tablet", :bus => "usb" - override.vm.box = libvirt_win10_box + override.vm.box = "../Boxes/windows_10_libvirt.box" lv.video_vram = 32768 lv.memory = 2048 lv.cpus = 2 - # This is NOT the right semantic for Vagrant synced folder. It's a dirty hack around : - # https://github.com/Cimpress-MCP/vagrant-winrm-syncedfolders/issues/11 - # If dest is /vagrant, it'll upload in C:\vagrant\Vagrant.... - # It's like 'cp /my/dir /my/dir2' vs 'cp /my/dir /my/dir2/' - # - # The Winrm synced folder plugin is also excruciatingly slow. Would gladly replace with something else - # that works with linux host and windows guest... - override.vm.synced_folder '.', '/', type: 'winrm' end end