From 518101dc40d63b8e198fda3463f6b6b0a94f1c92 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 15 Jun 2020 00:29:45 -0700 Subject: [PATCH] Azure bugfixes --- .gitignore | 2 ++ Azure/Ansible/group_vars/all.yml | 4 +-- Azure/Ansible/group_vars/linux.yml | 4 --- Azure/Ansible/roles/wef/tasks/main.yml | 26 --------------- Azure/Ansible/roles/win10/tasks/main.yml | 29 ++--------------- Azure/README.md | 1 + Azure/Terraform/files/winrm.ps1 | 7 ++++ Azure/Terraform/locals.tf | 2 +- Azure/build_ansible_inventory.sh | 41 ++++++++++++++++++++++++ 9 files changed, 56 insertions(+), 60 deletions(-) delete mode 100644 Azure/Ansible/group_vars/linux.yml create mode 100755 Azure/build_ansible_inventory.sh diff --git a/.gitignore b/.gitignore index a744ddf..7a15876 100755 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ Boxes/* *.tfstate *.tfstate.* *.tfvars +Azure/Ansible/inventory.yml +Azure/Ansible/inventory.yml.bak diff --git a/Azure/Ansible/group_vars/all.yml b/Azure/Ansible/group_vars/all.yml index 8a021b0..ac6bdb2 100644 --- a/Azure/Ansible/group_vars/all.yml +++ b/Azure/Ansible/group_vars/all.yml @@ -1,5 +1,5 @@ -ansible_user: vagrant -ansible_password: Vagrant123 +ansible_user: ansible +ansible_password: Ansible123 ansible_port: 5985 ansible_connection: winrm ansible_winrm_transport: basic diff --git a/Azure/Ansible/group_vars/linux.yml b/Azure/Ansible/group_vars/linux.yml deleted file mode 100644 index 57418b3..0000000 --- a/Azure/Ansible/group_vars/linux.yml +++ /dev/null @@ -1,4 +0,0 @@ -ansible_user: vagrant -ansible_password: vagrant -ansible_port: 22 -ansible_connection: ssh diff --git a/Azure/Ansible/roles/wef/tasks/main.yml b/Azure/Ansible/roles/wef/tasks/main.yml index f078252..3681b50 100644 --- a/Azure/Ansible/roles/wef/tasks/main.yml +++ b/Azure/Ansible/roles/wef/tasks/main.yml @@ -1,5 +1,4 @@ --- - # This needs to be made idempodent - name: Set HostOnly DNS Address win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8" @@ -108,29 +107,4 @@ - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}" - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force" -- name: Disable password complexity policy - win_shell: | - secedit /export /cfg C:\secpol.cfg - (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg - secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY - rm -force C:\secpol.cfg -confirm:$false - become: yes - become_method: enable - -- name: Add Ansible user - win_user: - name: ansible - password: Ansible123 - groups: - - Administrators - -- name: Switch to Ansible user - set_fact: - ansible_user: ansible - ansible_password: Ansible123 - -- name: Change password for vagrant account back to vagrant - win_user: - name: vagrant - password: vagrant diff --git a/Azure/Ansible/roles/win10/tasks/main.yml b/Azure/Ansible/roles/win10/tasks/main.yml index d47e327..3cc8c02 100644 --- a/Azure/Ansible/roles/win10/tasks/main.yml +++ b/Azure/Ansible/roles/win10/tasks/main.yml @@ -51,36 +51,11 @@ state: present install_args: "ADDLOCAL=ClassicStartMenu" -- name: DetectionLab Menu +- name: Import ClassicShell config win_shell: | - "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\"" + "C:\Program Files\Classic Shell\ClassicStartMenu.exe -xml c:\vagrant\resources\windows\MenuSettings.xml" regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg -- name: Disable password complexity policy - win_shell: | - secedit /export /cfg C:\secpol.cfg - (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg - secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY - rm -force C:\secpol.cfg -confirm:$false - become: yes - become_method: enable - -- name: Add Ansible user - win_user: - name: ansible - password: Ansible123 - groups: - - Administrators - -- name: Switch to Ansible user - set_fact: - ansible_user: ansible - ansible_password: Ansible123 - -- name: Change password for vagrant account back to vagrant - win_user: - name: vagrant - password: vagrant diff --git a/Azure/README.md b/Azure/README.md index e5f3170..01eebf4 100644 --- a/Azure/README.md +++ b/Azure/README.md @@ -62,6 +62,7 @@ We're going to use Ansible to fininsh provisioning the rest of the Windows hosts 1. **(5 Minutes)** - Configure the `inventory.yml` file 1. Navigate to `Azure/Ansible` and open `inventory.yml` for editing. 2. Take the `public_ip` values from `terraform output` and replace the `x.x.x.x` values with the public IP of each host + NOTE: I've added a script at `DetectionLab/Azure/build_ansible_inventory.sh` to help automate this. Now that Ansible is configured for provisioning, there are two ways to go about this: diff --git a/Azure/Terraform/files/winrm.ps1 b/Azure/Terraform/files/winrm.ps1 index cb7413a..2aee1c8 100644 --- a/Azure/Terraform/files/winrm.ps1 +++ b/Azure/Terraform/files/winrm.ps1 @@ -1,3 +1,10 @@ + secedit /export /cfg C:\secpol.cfg +(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg +secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY +rm -force C:\secpol.cfg -confirm:$false +net user ansible Ansible123 /add /y +net localgroup administrators ansible /add +net user vagrant vagrant powershell.exe -c "Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private" Enable-PSRemoting -Force winrm quickconfig -q diff --git a/Azure/Terraform/locals.tf b/Azure/Terraform/locals.tf index 8e3cc92..1fb4054 100644 --- a/Azure/Terraform/locals.tf +++ b/Azure/Terraform/locals.tf @@ -2,5 +2,5 @@ locals { fleet_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8412" splunk_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8000" ata_url = "https://${azurerm_public_ip.wef-publicip.ip_address}" - guacamole_url = "https://${azurerm_public_ip.wef-publicip.ip_address}:8080/guacamole" + guacamole_url = "http://${azurerm_public_ip.logger-publicip.ip_address}:8080/guacamole" } \ No newline at end of file diff --git a/Azure/build_ansible_inventory.sh b/Azure/build_ansible_inventory.sh new file mode 100755 index 0000000..e777d45 --- /dev/null +++ b/Azure/build_ansible_inventory.sh @@ -0,0 +1,41 @@ +#! /bin/bash + +# This script is used to populate the Azure Ansible inventory.yml with +# the results of "terraform output" + +if [ ! -d "./Terraform" ]; then + echo "This script needs to be run from the DetectionLab/Azure folder" + exit 1 +fi + +if [ ! -d "./Ansible" ]; then + echo "This script needs to be run from the DetectionLab/Azure folder" + exit 1 +fi + +if ! which terraform >/dev/null; then + echo "Terraform needs to be accessible from PATH." + exit 1 +fi + +cd ./Terraform +TF_OUTPUT=$(terraform output) + +DC_IP=$(echo $TF_OUTPUT | egrep -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ') +WEF_IP=$(echo $TF_OUTPUT | egrep -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ') +WIN10_IP=$(echo $TF_OUTPUT | egrep -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ') + +# Don't update unless there's default values in inventory.yml +GREP_COUNT=$(egrep -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml) +if [ $GREP_COUNT -ne 3 ]; then + echo "This script is expecting the default values of x.x.x.x, y.y.y.y, and z.z.z.z for the dc, wef, and win10 hosts respectively in Ansible/inventory.yml." + echo "You can restore the file to this state by running 'git checkout -- Ansible/inventory.yml'" + echo "Rerun this script once that is complete." + exit 1 +fi + +echo "Replacing the default values in DetectionLab/Azure/Ansible/inventory.yml..." +sed -i.bak "s/x.x.x.x/$DC_IP/g; s/y.y.y.y/$WEF_IP/g; s/z.z.z.z/$WIN10_IP/g" ../Ansible/inventory.yml + +echo "Displaying the updated inventory.yml below!" +cat ../Ansible/inventory.yml