Fix lint errors, update packer files

2020-06-25 23:11:59 -07:00
parent 5c22a8a2a4
commit 21477e376a
16 changed files with 33 additions and 1170 deletions
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -43,3 +43,4 @@ jobs:
        uses: docker://github/super-linter:v2.1.1
        env:
          VALIDATE_ALL_CODEBASE: true
          VALIDATE_MARKDOWN: false
--- a/.gitignore
+++ b/.gitignore
@@ -8,5 +8,4 @@ Boxes/*
 *.tfstate
 *.tfstate.*
 *.tfvars
-Azure/Ansible/inventory.yml
+inventory.yml
 Azure/Ansible/inventory.yml.bak
--- a/ESXi/Packer/_common/minimize.sh
+++ b/ESXi/Packer/_common/minimize.sh
@@ -6,18 +6,18 @@ esac
 # Whiteout root
 count=$(df --sync -kP / | tail -n1  | awk -F ' ' '{print $4}')
-count=$(($count-1))
+count=$((count-1))
 dd if=/dev/zero of=/tmp/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed";
 rm /tmp/whitespace
 # Whiteout /boot
 count=$(df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}')
-count=$(($count-1))
+count=$((count-1))
 dd if=/dev/zero of=/boot/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed";
 rm /boot/whitespace
 set +e
-swapuuid="`/sbin/blkid -o value -l -s UUID -t TYPE=swap`";
+swapuuid="$(/sbin/blkid -o value -l -s UUID -t TYPE=swap)";
 case "$?" in
    2|0) ;;
    *) exit 1 ;;
@@ -27,7 +27,7 @@ set -e
 if [ "x${swapuuid}" != "x" ]; then
    # Whiteout the swap partition to reduce box size
    # Swap is disabled till reboot
-    swappart="`readlink -f /dev/disk/by-uuid/$swapuuid`";
+    swappart="$(readlink -f /dev/disk/by-uuid/"$swapuuid")";
    /sbin/swapoff "$swappart";
    dd if=/dev/zero of="$swappart" bs=1M || echo "dd exit code $? is suppressed";
    /sbin/mkswap -U "$swapuuid" "$swappart";
--- a/ESXi/Packer/_common/sshd.sh
+++ b/ESXi/Packer/_common/sshd.sh
@@ -3,6 +3,7 @@
 SSHD_CONFIG="/etc/ssh/sshd_config"
 # ensure that there is a trailing newline before attempting to concatenate
 # shellcheck disable=SC1003
 sed -i -e '$a\' "$SSHD_CONFIG"
 USEDNS="UseDNS no"
--- a/ESXi/Packer/_common/vmware.sh
+++ b/ESXi/Packer/_common/vmware.sh
@@ -12,15 +12,15 @@ vmware-iso|vmware-vmx)
    mkdir -p /tmp/vmware;
    mkdir -p /tmp/vmware-archive;
-    mount -o loop $HOME_DIR/linux.iso /tmp/vmware;
+    mount -o loop "$HOME_DIR"/linux.iso /tmp/vmware;
-    TOOLS_PATH="`ls /tmp/vmware/VMwareTools-*.tar.gz`";
+    TOOLS_PATH="$(ls /tmp/vmware/VMwareTools-*.tar.gz)";
-    VER="`echo "${TOOLS_PATH}" | cut -f2 -d'-'`";
+    VER="$(echo "${TOOLS_PATH}" | cut -f2 -d'-')";
-    MAJ_VER="`echo ${VER} | cut -d '.' -f 1`";
+    MAJ_VER="$(echo "${VER}" | cut -d '.' -f 1)";
    echo "VMware Tools Version: $VER";
-    tar xzf ${TOOLS_PATH} -C /tmp/vmware-archive;
+    tar xzf "${TOOLS_PATH}" -C /tmp/vmware-archive;
    if [ "${MAJ_VER}" -lt "10" ]; then
        /tmp/vmware-archive/vmware-tools-distrib/vmware-install.pl --default;
    else
@@ -29,6 +29,6 @@ vmware-iso|vmware-vmx)
    umount /tmp/vmware;
    rm -rf  /tmp/vmware;
    rm -rf  /tmp/vmware-archive;
-    rm -f $HOME_DIR/*.iso;
+    rm -f "$HOME_DIR"/*.iso;
    ;;
 esac
--- a/ESXi/Packer/scripts/cleanup.sh
+++ b/ESXi/Packer/scripts/cleanup.sh
@@ -12,7 +12,7 @@ dpkg --list \
 dpkg --list \
    | awk '{ print $2 }' \
    | grep 'linux-image-.*-generic' \
-    | grep -v `uname -r` \
+    | grep -v "$(uname -r)" \
    | xargs apt-get -y purge;
 # Delete Linux source
--- a/ESXi/Packer/scripts/networking.sh
+++ b/ESXi/Packer/scripts/networking.sh
@@ -1,7 +1,7 @@
 #!/bin/sh -eux
-ubuntu_version="`lsb_release -r | awk '{print $2}'`";
+ubuntu_version="$(lsb_release -r | awk '{print $2}')";
-major_version="`echo $ubuntu_version | awk -F. '{print $1}'`";
+major_version="$(echo "$ubuntu_version" | awk -F. '{print $1}')";
 if [ "$major_version" -ge "18" ]; then
 echo "Create netplan config for eth0"
--- a/ESXi/Packer/scripts/update.sh
+++ b/ESXi/Packer/scripts/update.sh
@@ -1,8 +1,8 @@
 #!/bin/sh -eux
 export DEBIAN_FRONTEND=noninteractive
-ubuntu_version="`lsb_release -r | awk '{print $2}'`";
+ubuntu_version="$(lsb_release -r | awk '{print $2}')";
-major_version="`echo $ubuntu_version | awk -F. '{print $1}'`";
+major_version="$(echo "$ubuntu_version" | awk -F. '{print $1}')";
 # Disable release-upgrades
 sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades;
--- a/ESXi/Packer/scripts/vagrant.sh
+++ b/ESXi/Packer/scripts/vagrant.sh
@@ -1,14 +1,14 @@
 #!/bin/bash -eux
 pubkey_url="https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub";
-mkdir -p $HOME_DIR/.ssh;
+mkdir -p "$HOME_DIR"/.ssh;
 if command -v wget >/dev/null 2>&1; then
-    wget --no-check-certificate "$pubkey_url" -O $HOME_DIR/.ssh/authorized_keys;
+    wget --no-check-certificate "$pubkey_url" -O "$HOME_DIR"/.ssh/authorized_keys;
 elif command -v curl >/dev/null 2>&1; then
-    curl --insecure --location "$pubkey_url" > $HOME_DIR/.ssh/authorized_keys;
+    curl --insecure --location "$pubkey_url" > "$HOME_DIR"/.ssh/authorized_keys;
 else
    echo "Cannot download vagrant public key";
    exit 1;
 fi
-chown -R vagrant $HOME_DIR/.ssh;
+chown -R vagrant "$HOME_DIR"/.ssh;
-chmod -R go-rwsx $HOME_DIR/.ssh;
+chmod -R go-rwsx "$HOME_DIR"/.ssh;
--- a/ESXi/Packer/windows_10_esxi.json
+++ b/ESXi/Packer/windows_10_esxi.json
@@ -92,8 +92,7 @@
    "esxi_host": "",
    "esxi_username": "",
    "esxi_password": "",
-    "iso_checksum": "ab4862ba7d1644c27f27516d24cb21e6b39234eb3301e5f1fb365a78b22f79b3",
+    "iso_checksum": "sha256:ab4862ba7d1644c27f27516d24cb21e6b39234eb3301e5f1fb365a78b22f79b3",
    "iso_checksum_type": "sha256",
    "iso_url": "https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
    "autounattend": "../../Packer/answer_files/10/Autounattend.xml",
    "disk_size": "61440"
--- a/ESXi/Packer/windows_2016_esxi.json
+++ b/ESXi/Packer/windows_2016_esxi.json
@@ -80,8 +80,7 @@
    "esxi_username": "",
    "esxi_password": "",
    "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO",
-    "iso_checksum_type": "md5",
+    "iso_checksum": "md5:70721288BBCDFE3239D8F8C0FAE55F1F",
    "iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F",
    "autounattend": "../../Packer/answer_files/2016/Autounattend.xml"
  }
 }
--- a/Packer/windows_10.json
+++ b/Packer/windows_10.json
@@ -188,8 +188,7 @@
    }
  ],
  "variables": {
-    "iso_checksum": "9ef81b6a101afd57b2dbfa44d5c8f7bc94ff45b51b82c5a1f9267ce2e63e9f53",
+    "iso_checksum": "sha256:9ef81b6a101afd57b2dbfa44d5c8f7bc94ff45b51b82c5a1f9267ce2e63e9f53",
    "iso_checksum_type": "sha256",
    "iso_url": "https://software-download.microsoft.com/download/pr/18363.418.191007-0143.19h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
    "autounattend": "./answer_files/10/Autounattend.xml",
    "disk_size": "61440",
--- a/Packer/windows_2016.json
+++ b/Packer/windows_2016.json
@@ -173,8 +173,7 @@
  ],
  "variables": {
    "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO",
-    "iso_checksum_type": "md5",
+    "iso_checksum": "md5:70721288BBCDFE3239D8F8C0FAE55F1F",
    "iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F",
    "disk_size": "61440",
    "autounattend": "./answer_files/2016/Autounattend.xml",
    "virtio_win_iso": "./virtio-win.iso",
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 ![DetectionLab](./img/DetectionLab.png)
 # Detection Lab
 ![DetectionLab](./img/DetectionLab.png)
 DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing.
 [![CircleCI](https://circleci.com/gh/clong/DetectionLab/tree/master.svg?style=shield)](https://circleci.com/gh/clong/DetectionLab/tree/master)
@@ -37,15 +38,15 @@ NOTE: This lab has not been hardened in any way and runs with default vagrant cr
 ## Requirements for VMware or Virtualbox
 * 55GB+ of free disk space
 * 16GB+ of RAM
-* Packer 1.3.2 or newer
+* Packer 1.6.0 or newer
-* Vagrant 2.2.7 or newer
+* Vagrant 2.2.9 or newer
 * Virtualbox or VMWare Fusion/Workstation
 ---
 ## Building Detection Lab
-Please view the quickstart guides based on the operating system you are using. The AWS/Terraform DetectionLab can be launched from any operating system.
+Please view the quickstart guides based on the operating system you are using. The AWS and Azure deployment options for DetectionLab can be launched from any operating system.
 * [AWS via Terraform](https://github.com/clong/DetectionLab/wiki/Quickstart---AWS-(Terraform))
 * [Azure via Terraform & Ansible](https://github.com/clong/DetectionLab/tree/master/Azure)
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -10,7 +10,7 @@ sed -i 's/nameserver 127.0.0.53/nameserver 8.8.8.8/g' /etc/resolv.conf && chattr
 # Get a free Maxmind license here: https://www.maxmind.com/en/geolite2/signup
 # Required for the ASNgen app to work: https://splunkbase.splunk.com/app/3531/
 export MAXMIND_LICENSE=
-if [ -z "$MAXMIND_LICENSE" ]; then
+if [ -n "$MAXMIND_LICENSE" ]; then
  echo "Note: You have not entered a MaxMind license key on line 5 of bootstrap.sh, so the ASNgen Splunk app may not work correctly."
  echo "However, it is not required and everything else should function correctly."
 fi
--- a/Vagrant/resources/suricata/suricata.yaml
+++ b/Vagrant/resources/suricata/suricata.yaml