diff --git a/README.md b/README.md index 57bc648..95bfd0e 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ OSX 10.12.5 | 1.9.3 | 1.0.0 | VMWare Fusion (8.5.8) OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.9) OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.10) OSX 10.12.6 | 2.0.3 | 1.2.1 | VMWare Fusion (10.1.1) +OSX 10.13.6 | 2.1.2 | 1.2.4 | VMWare Fusion (10.1.2) Ubuntu 16.04 | 2.0.1 | 1.1.3 | Virtualbox (5.1) Ubuntu 16.04 | 2.0.2 | N/A | Virtualbox (5.2) Ubuntu 16.04 | 2.0.3 | 1.2.1 | Virtualbox (5.2) @@ -53,19 +54,19 @@ Ubuntu 16.04 | 2.0.3 | 1.2.1 | Virtualbox (5.2) DetectionLab now contains build scripts for \*NIX, MacOS, and Windows users! There is a single build script that supports 3 different options: -- `./build.sh ` - Builds the entire lab from scratch. Takes 3-5 hours depending on hardware resources and bandwidth -- `./build.sh --vagrant-only` - Downloads pre-built Packer boxes from https://detectionlab.network and builds the lab from those boxes. This option is recommended if you have more bandwidth than time or are having trouble building boxes. -- `./build.sh --packer-only` - This option only builds the Packer boxes and will not use Vagrant to start up the lab. +- `./build.sh ` - Builds the entire lab from scratch. Takes 3-5 hours depending on hardware resources and bandwidth +- `./build.sh --vagrant-only` - Downloads pre-built Packer boxes from https://detectionlab.network and builds the lab from those boxes. This option is recommended if you have more bandwidth than time or are having trouble building boxes. +- `./build.sh --packer-only` - This option only builds the Packer boxes and will not use Vagrant to start up the lab. Windows users will want to use the following script: -- `./build.ps1 -ProviderName=` - Builds the entire lab from scratch. Takes 3-5 hours depending on hardware resources and bandwidth -- `./build.ps1 -ProviderName= -VagrantOnly` - Downloads pre-built Packer boxes from https://detectionlab.network and builds the lab from those boxes. This option is recommended if you have more bandwidth than time or are having trouble building boxes. +- `./build.ps1 -ProviderName=` - Builds the entire lab from scratch. Takes 3-5 hours depending on hardware resources and bandwidth +- `./build.ps1 -ProviderName= -VagrantOnly` - Downloads pre-built Packer boxes from https://detectionlab.network and builds the lab from those boxes. This option is recommended if you have more bandwidth than time or are having trouble building boxes. --- ## Building DetectionLab from Scratch 1. Determine which Vagrant provider you want to use. - * Note: Virtualbox is free, the [VMWare vagrant plugin](https://www.vagrantup.com/vmware/#buy-now) is $80. + * Note: Virtualbox is free, the [VMWare Desktop vagrant plugin](https://www.vagrantup.com/vmware/#buy-now) is $80. **NOTE:** If you'd like to save time, you can skip the building of the Packer boxes and download the boxes directly from https://detectionlab.network and put them into the `Boxes` directory: @@ -107,7 +108,7 @@ $ packer build --only=[vmware|virtualbox]-iso windows_2016.json ## Basic Vagrant Usage Vagrant commands must be run from the "Vagrant" folder. -* Bring up all Detection Lab hosts: `vagrant up` (optional `--provider=[virtualbox|vmware_fusion|vmware_workstation]`) +* Bring up all Detection Lab hosts: `vagrant up` (optional `--provider=[virtualbox|vmware_desktop]`) * Bring up a specific host: `vagrant up ` * Restart a specific host: `vagrant reload ` * Restart a specific host and re-run the provision process: `vagrant reload --provision` diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh index 5fa90f2..775250b 100644 --- a/Vagrant/bootstrap.sh +++ b/Vagrant/bootstrap.sh @@ -1,168 +1,229 @@ #! /bin/bash -# Install key and apt source for MongoDB -apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 -echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list +install_mongo_db_apt_key() { + # Install key and apt source for MongoDB + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 + echo "deb http://repo.mongodb.org/apt/ubuntu $(lsb_release -sc)/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list +} -# Install prerequisites and useful tools -apt-get update -apt-get install -y jq whois build-essential git docker docker-compose unzip mongodb-org +apt_install_prerequisites() { + # Install prerequisites and useful tools + apt-get update + apt-get install -y jq whois build-essential git docker docker-compose unzip mongodb-org +} -# Fix static IP if it's not set correctly -ETH1_IP=$(ifconfig eth1 | grep 'inet addr' | cut -d ':' -f 2 | cut -d ' ' -f 1) -if [ "$ETH1_IP" != "192.168.38.5" ]; then - echo "Incorrect IP Address settings detected. Attempting to fix." - ifdown eth1 - ip addr flush dev eth1 - ifup eth1 +fix_eth1_static_ip() { + # Fix static IP if it's not set correctly ETH1_IP=$(ifconfig eth1 | grep 'inet addr' | cut -d ':' -f 2 | cut -d ' ' -f 1) - if [ "$ETH1_IP" == "192.168.38.5" ]; then - echo "The static IP has been fixed and set to 192.168.38.5" - else - echo "Failed to fix the broken static IP for eth1. Exiting because this will cause problems with other VMs." - exit 1 + if [ "$ETH1_IP" != "192.168.38.5" ]; then + echo "Incorrect IP Address settings detected. Attempting to fix." + ifdown eth1 + ip addr flush dev eth1 + ifup eth1 + ETH1_IP=$(ifconfig eth1 | grep 'inet addr' | cut -d ':' -f 2 | cut -d ' ' -f 1) + if [ "$ETH1_IP" == "192.168.38.5" ]; then + echo "The static IP has been fixed and set to 192.168.38.5" + else + echo "Failed to fix the broken static IP for eth1. Exiting because this will cause problems with other VMs." + exit 1 + fi fi -fi +} +install_python() { # Install Python 3.6.4 -echo "Installing Python v3.6.4..." -wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz -tar -xvf Python-3.6.4.tgz -cd Python-3.6.4 -./configure && make && make install -cd /home/vagrant - -# Install Golang v1.8 -echo "Installing GoLang v1.8..." -wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz -tar -xvf go1.8.linux-amd64.tar.gz -mv go /usr/local -mkdir /home/vagrant/.go -chown vagrant:vagrant /home/vagrant/.go -mkdir /root/.go -echo 'export GOPATH=$HOME/.go' >> /home/vagrant/.bashrc -echo 'export GOROOT=/usr/local/go' >> /home/vagrant/.bashrc -echo 'export GOPATH=$HOME/.go' >> /root/.bashrc -echo '/home/vagrant/.bashrc' >> /root/.bashrc -source ~/.bashrc -sudo update-alternatives --install "/usr/bin/go" "go" "/usr/local/go/bin/go" 0 -sudo update-alternatives --set go /usr/local/go/bin/go -/usr/bin/go get -u github.com/howeyc/gopass - -# Check if Splunk is already installed -if [ -f "/opt/splunk/bin/splunk" ] - then echo "Splunk is already installed" +if ! which /usr/local/bin/python3.6 > /dev/null; then + echo "Installing Python v3.6.4..." + wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz + tar -xvf Python-3.6.4.tgz + cd Python-3.6.4 || exit + ./configure && make && make install + cd /home/vagrant || exit else - echo "Installing Splunk..." - # Get Splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below - dig @8.8.8.8 splunk.com - # Download Splunk - wget --progress=bar:force -O splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.1&product=splunk&filename=splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb&wget=true' - dpkg -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb - /opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt --seed-passwd changeme - /opt/splunk/bin/splunk add index wineventlog -auth 'admin:changeme' - /opt/splunk/bin/splunk add index osquery -auth 'admin:changeme' - /opt/splunk/bin/splunk add index osquery-status -auth 'admin:changeme' - /opt/splunk/bin/splunk add index sysmon -auth 'admin:changeme' - /opt/splunk/bin/splunk add index powershell -auth 'admin:changeme' - /opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_483.tgz -auth 'admin:changeme' - /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_607.tgz -auth 'admin:changeme' - # Add a Splunk TCP input on port 9997 - echo -e "[splunktcp://9997]\nconnection_host = ip" > /opt/splunk/etc/apps/search/local/inputs.conf - # Add props.conf and transforms.conf - cp /vagrant/resources/splunk_server/props.conf /opt/splunk/etc/apps/search/local/ - cp /vagrant/resources/splunk_server/transforms.conf /opt/splunk/etc/apps/search/local/ - # Skip Splunk Tour and Change Password Dialog - touch /opt/splunk/etc/.ui_login - # Enable SSL Login for Splunk - echo '[settings] - enableSplunkWebSSL = true' > /opt/splunk/etc/system/local/web.conf - # Reboot Splunk to make changes take effect - /opt/splunk/bin/splunk restart - /opt/splunk/bin/splunk enable boot-start + echo "Python seems to be downloaded already.. Skipping." fi +} -# Install Fleet -echo "Installing Fleet..." -echo -e "\n127.0.0.1 kolide" >> /etc/hosts -git clone https://github.com/kolide/kolide-quickstart.git -cd kolide-quickstart -cp /vagrant/resources/fleet/server.* . -sed -i 's/ -it//g' demo.sh -sed -i 's#kolide/fleet:latest#kolide/fleet:1.0.8#g' docker-compose.yml -./demo.sh up simple -# Set the enrollment secret to match what we deploy to Windows hosts -docker run --rm --network=kolidequickstart_default mysql:5.7 mysql -h mysql -u kolide --password=kolide -e 'update app_configs set osquery_enroll_secret = "enrollmentsecret" where id=1;' --batch kolide -# Set snapshot events to be split into multiple events -docker run --rm --network=kolidequickstart_default mysql:5.7 mysql -h mysql -u kolide --password=kolide -e 'insert into options (name, type, value) values ("logger_snapshot_event_type", 2, "true");' --batch kolide -echo "Updated enrollment secret" -cd /home/vagrant +install_golang() { + if [ ! -f "go1.8.linux-amd64.tar.gz" ]; then + # Install Golang v1.8 + echo "Installing GoLang v1.8..." + wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz + tar -xvf go1.8.linux-amd64.tar.gz + mv go /usr/local + mkdir /home/vagrant/.go + chown vagrant:vagrant /home/vagrant/.go + mkdir /root/.go + echo 'export GOPATH=$HOME/.go' >> /home/vagrant/.bashrc + echo 'export GOROOT=/usr/local/go' >> /home/vagrant/.bashrc + echo 'export GOPATH=$HOME/.go' >> /root/.bashrc + echo '/home/vagrant/.bashrc' >> /root/.bashrc + source /root/.bashrc + sudo update-alternatives --install "/usr/bin/go" "go" "/usr/local/go/bin/go" 0 + sudo update-alternatives --set go /usr/local/go/bin/go + /usr/bin/go get -u github.com/howeyc/gopass + else + echo "GoLang seems to be downloaded already.. Skipping." + fi +} -# Import Palantir osquery configs into Fleet -echo "Downloading Palantir configs..." -git clone https://github.com/palantir/osquery-configuration.git -git clone https://github.com/kolide/configimporter.git -cd configimporter -go build -cd /home/vagrant -# Modify the config to work with config importer -cat /home/vagrant/osquery-configuration/Endpoints/Windows/osquery.conf | sed 's#packs/#../packs/#g' | grep -v unwanted-chrome-extensions | grep -v security-tooling-checks | grep -v performance-metrics | grep -v logger_snapshot_event_type > /home/vagrant/osquery-configuration/Endpoints/Windows/osquery_to_import.conf -# Install configimporter -echo "Installing configimporter" -echo "Sleeping for 5" -sleep 5 -export CONFIGIMPORTER_PASSWORD='admin123#' -cd /home/vagrant/osquery-configuration/Endpoints/Windows/ -# Fleet requires you to login before importing packs -# Login -curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure -sleep 1 -curl 'https://192.168.38.5:8412/setup' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'authority: 192.168.38.5:8412' --compressed --insecure -sleep 1 -# Setup organization name and email address -curl 'https://192.168.38.5:8412/api/v1/setup' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/setup' -H 'authority: 192.168.38.5:8412' --data-binary '{"kolide_server_url":"https://192.168.38.5:8412","org_info":{"org_name":"detectionlab"},"admin":{"admin":true,"email":"example@example.com","password":"admin123#","password_confirmation":"admin123#","username":"admin"}}' --compressed --insecure -sleep 3 -# Import all Windows configs -/home/vagrant/configimporter/configimporter -host https://localhost:8412 -user 'admin' -config osquery_to_import.conf +install_splunk() { + # Check if Splunk is already installed + if [ -f "/opt/splunk/bin/splunk" ]; then + echo "Splunk is already installed" + else + echo "Installing Splunk..." + # Get Splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below + dig @8.8.8.8 splunk.com + # Download Splunk + wget --progress=bar:force -O splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true' + dpkg -i splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb + /opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt --seed-passwd changeme + /opt/splunk/bin/splunk add index wineventlog -auth 'admin:changeme' + /opt/splunk/bin/splunk add index osquery -auth 'admin:changeme' + /opt/splunk/bin/splunk add index osquery-status -auth 'admin:changeme' + /opt/splunk/bin/splunk add index sysmon -auth 'admin:changeme' + /opt/splunk/bin/splunk add index powershell -auth 'admin:changeme' + /opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz -auth 'admin:changeme' + /opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz -auth 'admin:changeme' + # Add a Splunk TCP input on port 9997 + echo -e "[splunktcp://9997]\nconnection_host = ip" > /opt/splunk/etc/apps/search/local/inputs.conf + # Add props.conf and transforms.conf + cp /vagrant/resources/splunk_server/props.conf /opt/splunk/etc/apps/search/local/ + cp /vagrant/resources/splunk_server/transforms.conf /opt/splunk/etc/apps/search/local/ + # Skip Splunk Tour and Change Password Dialog + touch /opt/splunk/etc/.ui_login + # Enable SSL Login for Splunk + echo '[settings] + enableSplunkWebSSL = true' > /opt/splunk/etc/system/local/web.conf + # Reboot Splunk to make changes take effect + /opt/splunk/bin/splunk restart + /opt/splunk/bin/splunk enable boot-start + fi +} -# Get auth token -TOKEN=$(curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure | grep token | cut -d '"' -f 4) -# Set all packs to be targeted to Windows hosts -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/1' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure -sleep 1 -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/2' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure -sleep 1 -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/3' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure -sleep 1 -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/4' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure -sleep 1 -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure -# Rename primary pack -curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/5/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"name":"windows-pack"}' --compressed --insecure -# Add Splunk monitors for Fleet -/opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme' -/opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme' +install_fleet() { + # Install Fleet + if [ -f "/home/vagrant/kolide-quickstart" ]; then + echo "Fleet is already installed" + else + echo "Installing Fleet..." + echo -e "\n127.0.0.1 kolide" >> /etc/hosts + git clone https://github.com/kolide/kolide-quickstart.git + cd kolide-quickstart || echo "Something went wrong while trying to clone the kolide-quickstart repository" + cp /vagrant/resources/fleet/server.* . + sed -i 's/ -it//g' demo.sh + sed -i 's#kolide/fleet:latest#kolide/fleet:1.0.8#g' docker-compose.yml + ./demo.sh up simple + # Set the enrollment secret to match what we deploy to Windows hosts + docker run --rm --network=kolidequickstart_default mysql:5.7 mysql -h mysql -u kolide --password=kolide -e 'update app_configs set osquery_enroll_secret = "enrollmentsecret" where id=1;' --batch kolide + # Set snapshot events to be split into multiple events + docker run --rm --network=kolidequickstart_default mysql:5.7 mysql -h mysql -u kolide --password=kolide -e 'insert into options (name, type, value) values ("logger_snapshot_event_type", 2, "true");' --batch kolide + echo "Updated enrollment secret" + cd /home/vagrant || exit + fi +} -# Install Mitre's Caldera -echo "Installing Caldera..." -cd /home/vagrant -git clone https://github.com/mitre/caldera.git -cd /home/vagrant/caldera/caldera -pip3.6 install -r requirements.txt +download_palantir_osquery_config() { + if [ -f /home/vagrant/osquery-configuration ]; then + echo "osquery configs have already been downloaded" + else + # Import Palantir osquery configs into Fleet + echo "Downloading Palantir configs..." + git clone https://github.com/palantir/osquery-configuration.git + git clone https://github.com/kolide/configimporter.git + cd configimporter || exit + go build + cd /home/vagrant || exit + fi +} -# Add a Systemd service for MongoDB -# https://www.howtoforge.com/tutorial/install-mongodb-on-ubuntu-16.04/ -cp /vagrant/resources/caldera/mongod.service /lib/systemd/system/mongod.service -# Create Systemd service for Caldera -cp /vagrant/resources/caldera/caldera.service /lib/systemd/system/caldera.service -# Enable replication -echo 'replication: - replSetName: caldera' >> /etc/mongod.conf -service mongod start -systemctl enable mongod.service -cd /home/vagrant/caldera -mkdir -p dep/crater/crater -wget https://github.com/mitre/caldera-crater/releases/download/v0.1.0/CraterMainWin8up.exe -O /home/vagrant/caldera/dep/crater/crater/CraterMain.exe -service caldera start -systemctl enable caldera.service +import_osquery_config_into_fleet() { + if [ -f "/home/vagrant/osquery-configuration/Endpoints/Windows/osquery_to_import.conf" ]; then + echo "The osquery configuration has already been imported into Fleet" + else + # Modify the config to work with config importer + cat /home/vagrant/osquery-configuration/Endpoints/Windows/osquery.conf | sed 's#packs/#../packs/#g' | grep -v unwanted-chrome-extensions | grep -v security-tooling-checks | grep -v performance-metrics | grep -v logger_snapshot_event_type > /home/vagrant/osquery-configuration/Endpoints/Windows/osquery_to_import.conf + # Install configimporter + echo "Installing configimporter" + echo "Sleeping for 5" + sleep 5 + export CONFIGIMPORTER_PASSWORD='admin123#' + cd /home/vagrant/osquery-configuration/Endpoints/Windows/ || exit + # Fleet requires you to login before importing packs + # Login + curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure + sleep 1 + curl 'https://192.168.38.5:8412/setup' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'authority: 192.168.38.5:8412' --compressed --insecure + sleep 1 + # Setup organization name and email address + curl 'https://192.168.38.5:8412/api/v1/setup' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/setup' -H 'authority: 192.168.38.5:8412' --data-binary '{"kolide_server_url":"https://192.168.38.5:8412","org_info":{"org_name":"detectionlab"},"admin":{"admin":true,"email":"example@example.com","password":"admin123#","password_confirmation":"admin123#","username":"admin"}}' --compressed --insecure + sleep 3 + # Import all Windows configs + /home/vagrant/configimporter/configimporter -host https://localhost:8412 -user 'admin' -config osquery_to_import.conf + + # Get auth token + TOKEN=$(curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure | grep token | cut -d '"' -f 4) + # Set all packs to be targeted to Windows hosts + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/1' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure + sleep 1 + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/2' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure + sleep 1 + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/3' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure + sleep 1 + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/4' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure + sleep 1 + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure + # Rename primary pack + curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/5/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"name":"windows-pack"}' --compressed --insecure + # Add Splunk monitors for Fleet + /opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme' + /opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme' + fi +} + +install_caldera() { + if [ -f "/lib/systemd/system/caldera.service" ]; then + echo "Caldera is already installed... Skipping" + else + # Install Mitre's Caldera + echo "Installing Caldera..." + cd /home/vagrant || exit + git clone https://github.com/mitre/caldera.git + cd /home/vagrant/caldera/caldera || exit + pip3.6 install -r requirements.txt + + # Add a Systemd service for MongoDB + # https://www.howtoforge.com/tutorial/install-mongodb-on-ubuntu-16.04/ + cp /vagrant/resources/caldera/mongod.service /lib/systemd/system/mongod.service + # Create Systemd service for Caldera + cp /vagrant/resources/caldera/caldera.service /lib/systemd/system/caldera.service + # Enable replication + echo 'replication: + replSetName: caldera' >> /etc/mongod.conf + service mongod start + systemctl enable mongod.service + cd /home/vagrant/caldera || exit + mkdir -p dep/crater/crater + wget https://github.com/mitre/caldera-crater/releases/download/v0.1.0/CraterMainWin8up.exe -O /home/vagrant/caldera/dep/crater/crater/CraterMain.exe + service caldera start + systemctl enable caldera.service + fi +} + +main() { + install_mongo_db_apt_key + apt_install_prerequisites + fix_eth1_static_ip + install_python + install_golang + install_splunk + install_fleet + download_palantir_osquery_config + import_osquery_config_into_fleet + install_caldera +} + +main +exit 0 diff --git a/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_483.tgz b/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_483.tgz deleted file mode 100755 index 101260b..0000000 Binary files a/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_483.tgz and /dev/null differ diff --git a/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz b/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz new file mode 100644 index 0000000..7cfb67c Binary files /dev/null and b/Vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_500.tgz differ diff --git a/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_607.tgz b/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_607.tgz deleted file mode 100644 index 9ac442f..0000000 Binary files a/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_607.tgz and /dev/null differ diff --git a/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz b/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz new file mode 100644 index 0000000..1778082 Binary files /dev/null and b/Vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_800.tgz differ diff --git a/Vagrant/scripts/install-windows_ta.ps1 b/Vagrant/scripts/install-windows_ta.ps1 index 67c221b..fead3ea 100755 --- a/Vagrant/scripts/install-windows_ta.ps1 +++ b/Vagrant/scripts/install-windows_ta.ps1 @@ -9,7 +9,7 @@ If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_wind } # Install Windows TA (this only needs to be done on the WEF server) -$windowstaPath = "C:\vagrant\resources\splunk_forwarder\splunk-add-on-for-microsoft-windows_483.tgz" +$windowstaPath = "C:\vagrant\resources\splunk_forwarder\splunk-add-on-for-microsoft-windows_500.tgz" $inputsPath = "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local\inputs.conf" Write-Host "Installing the Windows TA" Start-Process -FilePath "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" -ArgumentList "install app $windowstaPath -auth admin:changeme" -NoNewWindow diff --git a/build.ps1 b/build.ps1 index 6bc24b3..1cbae75 100644 --- a/build.ps1 +++ b/build.ps1 @@ -9,7 +9,7 @@ DetectionLab deployment. It checks: * If Packer and Vagrant are installed - * If VirtualBox or VMWare are installed + * If VirtualBox or VMware are installed * If the proper vagrant plugins are available * Various aspects of system health @@ -20,7 +20,7 @@ https://github.com/clong/DetectionLab/issues .PARAMETER ProviderName - The Hypervisor you're using for the lab. Valid options are 'virtualbox' or 'vmware_workstation' + The Hypervisor you're using for the lab. Valid options are 'virtualbox' or 'vmware_desktop' .PARAMETER PackerPath The full path to the packer executable. Default is C:\Hashicorp\packer.exe @@ -33,11 +33,11 @@ This builds the DetectionLab using virtualbox and the default path for packer (C:\Hashicorp\packer.exe) .EXAMPLE - build.ps1 -ProviderName vmware_workstation -PackerPath 'C:\packer.exe' + build.ps1 -ProviderName vmware_desktop -PackerPath 'C:\packer.exe' - This builds the DetectionLab using Vmware and sets the packer path to 'C:\packer.exe' + This builds the DetectionLab using VMware and sets the packer path to 'C:\packer.exe' .EXAMPLE - build.ps1 -ProviderName vmware_workstation -VagrantOnly + build.ps1 -ProviderName vmware_desktop -VagrantOnly This command builds the DetectionLab using vmware and skips the packer process, downloading the boxes instead. #> @@ -45,7 +45,7 @@ [cmdletbinding()] Param( # Vagrant provider to use. - [ValidateSet('virtualbox', 'vmware_workstation')] + [ValidateSet('virtualbox', 'vmware_desktop)] [string]$ProviderName, [string]$PackerPath = 'C:\Hashicorp\packer.exe', [switch]$VagrantOnly @@ -120,26 +120,32 @@ function check_virtualbox_installed { } function check_vmware_workstation_installed { Write-Verbose '[check_vmware_workstation_installed] Running..' - if (install_checker -Name "VMWare Workstation") { - Write-Verbose '[check_vmware_workstation_installed] Vmware found.' + if (install_checker -Name "VMware Workstation") { + Write-Verbose '[check_vmware_workstation_installed] VMware Workstation found.' return $true } else { - Write-Verbose '[check_vmware_workstation_installed] Vmware not found.' + Write-Verbose '[check_vmware_workstation_installed] VMware Workstation not found.' return $false } } function check_vmware_vagrant_plugin_installed { Write-Verbose '[check_vmware_vagrant_plugin_installed] Running..' - if (vagrant plugin list | Select-String 'vagrant-vmware-workstation') { - Write-Verbose '[check_vmware_vagrant_plugin_installed] VMware vagrant plugin found.' + if (vagrant plugin list | Select-String 'vagrant-vmware-desktop') { + Write-Verbose 'The vagrant VMware Workstation plugin is no longer supported.' + Write-Verbose 'Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html' + return $false + } + if (vagrant plugin list | Select-String 'vagrant-vmware-desktop') { + Write-Verbose '[check_vmware_vagrant_plugin_installed] Vagrant VMware Desktop plugin found.' return $true } else { - Write-Host 'VMWare Workstation is installed, but the Vagrant plugin is not.' + Write-Host 'VMware Workstation is installed, but the Vagrant plugin is not.' Write-Host 'Visit https://www.vagrantup.com/vmware/index.html#buy-now for more information on how to purchase and install it' - Write-Host 'VMWare Workstation will not be listed as a provider until the Vagrant plugin has been installed.' + Write-Host 'VMware Workstation will not be listed as a provider until the Vagrant plugin has been installed.' + Write-Host 'NOTE: The plugin does not work with trial versions of VMware Workstation' return $false } } @@ -154,17 +160,17 @@ function list_providers { } if (check_vmware_workstation_installed) { if (check_vmware_vagrant_plugin_installed) { - Write-Host '[*] vmware_workstation' + Write-Host '[*] vmware_desktop' } } if ((-Not (check_virtualbox_installed)) -and (-Not (check_vmware_workstation_installed))) { Write-Error 'You need to install a provider such as VirtualBox or VMware Workstation to continue.' break } - while (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_workstation')) { + while (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_desktop')) { $ProviderName = Read-Host 'Which provider would you like to use?' Write-Debug "ProviderName = $ProviderName" - if (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_workstation')) { + if (-Not ($ProviderName -eq 'virtualbox' -or $ProviderName -eq 'vmware_desktop')) { Write-Error "Please choose a valid provider. $ProviderName is not a valid option" } } @@ -222,7 +228,7 @@ function preflight_checks { Write-Verbose '[preflight_checks] Running..' # Check to see that no boxes exist if (-Not ($VagrantOnly)) { - Write-Verbose '[preflight_checks] Checking if packer is installed' + Write-Verbose '[preflight_checks] Checking if Packer is installed' check_packer # Check Packer Version against known bad @@ -235,7 +241,7 @@ function preflight_checks { break } } - Write-Verbose '[preflight_checks] Checking if vagrant is installed' + Write-Verbose '[preflight_checks] Checking if Vagrant is installed' check_vagrant Write-Verbose '[preflight_checks] Checking for pre-existing boxes..' @@ -425,7 +431,7 @@ if ($ProviderName -eq $Null -or $ProviderName -eq "") { } # Set Provider variable for use deployment functions -if ($ProviderName -eq 'vmware_workstation') { +if ($ProviderName -eq 'vmware_desktop') { $PackerProvider = 'vmware' } else { diff --git a/build.sh b/build.sh index 237146e..9f06a5d 100755 --- a/build.sh +++ b/build.sh @@ -8,7 +8,7 @@ # https://github.com/clong/DetectionLab/issues print_usage() { - echo "Usage: ./build.sh " + echo "Usage: ./build.sh " exit 0 } @@ -54,16 +54,24 @@ check_vmware_fusion_installed() { } # Returns 0 if not installed or 1 if installed -check_vmware_vagrant_plugin_installed() { - VAGRANT_VMWARE_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-fusion')" - if [ "$VAGRANT_VMWARE_PLUGIN_PRESENT" -eq 0 ]; then - (echo >&2 "VMWare Fusion is installed, but the Vagrant plugin is not.") - (echo >&2 "Visit https://www.vagrantup.com/vmware/index.html#buy-now for more information on how to purchase and install it") - (echo >&2 "VMWare Fusion will not be listed as a provider until the Vagrant plugin has been installed.") +check_vmware_desktop_vagrant_plugin_installed() { + LEGACY_PLUGIN_CHECK="$(vagrant plugin list | grep -c 'vagrant-vmware-fusion')" + if [ "$LEGACY_PLUGIN_CHECK" -gt 0 ]; then + (echo >&2 "The VMware Fusion Vagrant plugin is deprecated and is no longer supported by the DetectionLab build script.") + (echo >&2 "Please upgrade to the VMware Desktop plugin: https://www.vagrantup.com/docs/vmware/installation.html") + (echo >&2 "NOTE: The VMware plugin does not work with trial versions of VMware Fusion") echo "0" - else - echo "$VAGRANT_VMWARE_PLUGIN_PRESENT" fi + VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')" + if [ "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then + (echo >&2 "VMWare Fusion is installed, but the vagrant-vmware-desktop plugin is not.") + (echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.") + (echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it") + (echo >&2 "VMWare Fusion will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.") + echo "0" +else + echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" +fi } # List the available Vagrant providers present on the system @@ -75,7 +83,7 @@ list_providers() { # Detect Providers on OSX VBOX_PRESENT=$(check_virtualbox_installed) VMWARE_FUSION_PRESENT=$(check_vmware_fusion_installed) - VAGRANT_VMWARE_PLUGIN_PRESENT=$(check_vmware_vagrant_plugin_installed) + VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT=$(check_vmware_desktop_vagrant_plugin_installed) else # Assume the only other available provider is VirtualBox VBOX_PRESENT=$(check_virtualbox_installed) @@ -85,8 +93,8 @@ list_providers() { if [ "$VBOX_PRESENT" == "1" ]; then (echo >&2 "virtualbox") fi - if [[ $VMWARE_FUSION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_PLUGIN_PRESENT -eq 1 ]]; then - (echo >&2 "vmware_fusion") + if [[ $VMWARE_FUSION_PRESENT -eq 1 ]] && [[ $VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT -eq 1 ]]; then + (echo >&2 "vmware_desktop") fi if [[ $VBOX_PRESENT -eq 0 ]] && [[ $VMWARE_FUSION_PRESENT -eq 0 ]]; then (echo >&2 "You need to install a provider such as VirtualBox or VMware Fusion to continue.") @@ -95,8 +103,8 @@ list_providers() { (echo >&2 -e "\\nWhich provider would you like to use?") read -r PROVIDER # Sanity check - if [[ "$PROVIDER" != "virtualbox" ]] && [[ "$PROVIDER" != "vmware_fusion" ]]; then - (echo >&2 "Please choose a valid provider. \"$PROVIDER\" is not a valid option") + if [[ "$PROVIDER" != "virtualbox" ]] && [[ "$PROVIDER" != "vmware_desktop" ]]; then + (echo >&2 "Please choose a valid provider. \"$PROVIDER\" is not a valid option.") exit 1 fi echo "$PROVIDER" @@ -200,29 +208,22 @@ preflight_checks() { # Builds a box using Packer packer_build_box() { BOX="$1" - if [ "$PROVIDER" == "vmware_fusion" ]; then - PROVIDER="vmware" - fi cd "$DL_DIR/Packer" || exit 1 (echo >&2 "Using Packer to build the $BOX Box. This can take 90-180 minutes depending on bandwidth and hardware.") - PACKER_LOG=1 PACKER_LOG_PATH="$DL_DIR/Packer/packer_build.log" $(which packer) build --only="$PROVIDER-iso" "$BOX".json >&2 + PACKER_LOG=1 PACKER_LOG_PATH="$DL_DIR/Packer/packer_build.log" $(which packer) build --only="$PACKER_PROVIDER-iso" "$BOX".json >&2 echo "$?" } # Moves the boxes from the Packer directory to the Boxes directory move_boxes() { - # Hacky workaround for VMware - if [ "$PROVIDER" == "vmware_fusion" ]; then - PROVIDER="vmware" - fi mv "$DL_DIR"/Packer/*.box "$DL_DIR"/Boxes # Ensure Windows 10 box exists - if [ ! -f "$DL_DIR"/Boxes/windows_10_"$PROVIDER".box ]; then + if [ ! -f "$DL_DIR"/Boxes/windows_10_"$PACKER_PROVIDER".box ]; then (echo >&2 "Windows 10 box is missing from the Boxes directory. Qutting.") exit 1 fi # Ensure Windows 2016 box exists - if [ ! -f "$DL_DIR"/Boxes/windows_2016_"$PROVIDER".box ]; then + if [ ! -f "$DL_DIR"/Boxes/windows_2016_"$PACKER_PROVIDER".box ]; then (echo >&2 "Windows 2016 box is missing from the Boxes directory. Qutting.") exit 1 fi @@ -298,9 +299,11 @@ parse_cli_arguments() { case "$1" in virtualbox) PROVIDER="$1" + PACKER_PROVIDER="$1" ;; - vmware_fusion) + vmware_desktop) PROVIDER="$1" + PACKER_PROVIDER="vmware" ;; *) echo "\"$1\" is not a valid provider. Listing available providers:" @@ -377,57 +380,44 @@ download_boxes() { if [ "$PROVIDER" == "virtualbox" ]; then wget "https://www.detectionlab.network/windows_2016_virtualbox.box" -O "$DL_DIR"/Boxes/windows_2016_virtualbox.box wget "https://www.detectionlab.network/windows_10_virtualbox.box" -O "$DL_DIR"/Boxes/windows_10_virtualbox.box - elif [ "$PROVIDER" == "vmware_fusion" ]; then + elif [ "$PROVIDER" == "vmware_desktop" ]; then wget "https://www.detectionlab.network/windows_2016_vmware.box" -O "$DL_DIR"/Boxes/windows_2016_vmware.box wget "https://www.detectionlab.network/windows_10_vmware.box" -O "$DL_DIR"/Boxes/windows_10_vmware.box fi - # Hacky workaround - if [ "$PROVIDER" == "vmware_fusion" ]; then - PROVIDER="vmware" - fi - # Ensure Windows 10 box exists - if [ ! -f "$DL_DIR"/Boxes/windows_10_"$PROVIDER".box ]; then + if [ ! -f "$DL_DIR"/Boxes/windows_10_"$PACKER_PROVIDER".box ]; then (echo >&2 "Windows 10 box is missing from the Boxes directory. Qutting.") exit 1 fi # Ensure Windows 2016 box exists - if [ ! -f "$DL_DIR"/Boxes/windows_2016_"$PROVIDER".box ]; then + if [ ! -f "$DL_DIR"/Boxes/windows_2016_"$PACKER_PROVIDER".box ]; then (echo >&2 "Windows 2016 box is missing from the Boxes directory. Qutting.") exit 1 fi # Verify hashes of VirtualBox boxes - if [ "$PROVIDER" == "virtualbox" ]; then - if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_10_"$PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "ad78b3406dd2c0e3418d1dd61e2abc2c" ]; then + if [ "$PACKER_PROVIDER" == "virtualbox" ]; then + if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_10_"$PACKER_PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "ad78b3406dd2c0e3418d1dd61e2abc2c" ]; then (echo >&2 "Hash mismatch on windows_10_virtualbox.box") fi - if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_2016_"$PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "f352c852ed1b849dab18442caef83712" ]; then + if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_2016_"$PACKER_PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "f352c852ed1b849dab18442caef83712" ]; then (echo >&2 "Hash mismatch on windows_2016_virtualbox.box") fi # Verify hashes of VMware boxes - elif [ "$PROVIDER" == "vmware" ]; then - if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_10_"$PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "14e1c4cc15e1dc47aead906b25c5b3cc" ]; then + elif [ "$PACKER_PROVIDER" == "vmware" ]; then + if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_10_"$PACKER_PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "14e1c4cc15e1dc47aead906b25c5b3cc" ]; then (echo >&2 "Hash mismatch on windows_10_vmware.box") exit 1 fi - if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_2016_"$PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "da1111c765b2fdc2ce012b6348cf74e2" ]; then + if [ "$("$MD5TOOL" "$DL_DIR"/Boxes/windows_2016_"$PACKER_PROVIDER".box | cut -d ' ' -f "$CUT_INDEX")" != "da1111c765b2fdc2ce012b6348cf74e2" ]; then (echo >&2 "Hash mismatch on windows_2016_vmware.box") exit 1 fi - # Reset PROVIDER variable if using VMware - if [ "$PROVIDER" == "vmware" ]; then - PROVIDER="vmware_fusion" - fi fi } build_vagrant_hosts() { LAB_HOSTS=("logger" "dc" "wef" "win10") - # Change provider back to original selection if using vmware_fusion - if [ "$PROVIDER" == "vmware" ]; then - PROVIDER="vmware_fusion" - fi # Vagrant up each box and attempt to reload one time if it fails for VAGRANT_HOST in "${LAB_HOSTS[@]}"; do