Azure bugfixes

2020-06-15 00:29:45 -07:00
parent 8829697fab
commit 518101dc40
9 changed files with 56 additions and 60 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,5 @@ Boxes/*
 *.tfstate
 *.tfstate.*
 *.tfvars
+Azure/Ansible/inventory.yml
+Azure/Ansible/inventory.yml.bak
--- a/Azure/Ansible/group_vars/all.yml
+++ b/Azure/Ansible/group_vars/all.yml
@@ -1,5 +1,5 @@
-ansible_user: vagrant
-ansible_password: Vagrant123
+ansible_user: ansible
+ansible_password: Ansible123
 ansible_port: 5985
 ansible_connection: winrm
 ansible_winrm_transport: basic
--- a/Azure/Ansible/group_vars/linux.yml
+++ b/Azure/Ansible/group_vars/linux.yml
@@ -1,4 +0,0 @@
-ansible_user: vagrant
-ansible_password: vagrant
-ansible_port: 22
-ansible_connection: ssh
--- a/Azure/Ansible/roles/wef/tasks/main.yml
+++ b/Azure/Ansible/roles/wef/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
-
 # This needs to be made idempodent
 - name: Set HostOnly DNS Address
  win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
@@ -108,29 +107,4 @@
    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"

- name: Disable password complexity policy
-  win_shell: |
-      secedit /export /cfg C:\secpol.cfg
-      (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
-      secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
-      rm -force C:\secpol.cfg -confirm:$false
-  become: yes
-  become_method: enable
-
- name: Add Ansible user
-  win_user:
-    name: ansible
-    password: Ansible123
-    groups:
-      - Administrators
-
- name: Switch to Ansible user
-  set_fact:
-    ansible_user: ansible
-    ansible_password: Ansible123
-
- name: Change password for vagrant account back to vagrant
-  win_user:
-    name: vagrant
-    password: vagrant

--- a/Azure/Ansible/roles/win10/tasks/main.yml
+++ b/Azure/Ansible/roles/win10/tasks/main.yml
@@ -51,36 +51,11 @@
    state: present
    install_args: "ADDLOCAL=ClassicStartMenu"

- name: DetectionLab Menu
+- name: Import ClassicShell config
  win_shell: |
-      "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe -xml c:\\vagrant\\resources\\windows\\MenuSettings.xml\""
+      "C:\Program Files\Classic Shell\ClassicStartMenu.exe -xml c:\vagrant\resources\windows\MenuSettings.xml"
      regedit /s c:\vagrant\resources\windows\MenuStyle_Default_Win7.reg

- name: Disable password complexity policy
-  win_shell: |
-      secedit /export /cfg C:\secpol.cfg
-      (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
-      secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
-      rm -force C:\secpol.cfg -confirm:$false
-  become: yes
-  become_method: enable
-
- name: Add Ansible user
-  win_user:
-    name: ansible
-    password: Ansible123
-    groups:
-      - Administrators
-
- name: Switch to Ansible user
-  set_fact:
-    ansible_user: ansible
-    ansible_password: Ansible123
-
- name: Change password for vagrant account back to vagrant
-  win_user:
-    name: vagrant
-    password: vagrant



--- a/Azure/README.md
+++ b/Azure/README.md
@@ -62,6 +62,7 @@ We're going to use Ansible to fininsh provisioning the rest of the Windows hosts
 1. **(5 Minutes)** - Configure the `inventory.yml` file
   1. Navigate to `Azure/Ansible` and open `inventory.yml` for editing. 
   2. Take the `public_ip` values from `terraform output` and replace the `x.x.x.x` values with the public IP of each host
+   NOTE: I've added a script at `DetectionLab/Azure/build_ansible_inventory.sh` to help automate this.

 Now that Ansible is configured for provisioning, there are two ways to go about this:

--- a/Azure/Terraform/files/winrm.ps1
+++ b/Azure/Terraform/files/winrm.ps1
@@ -1,3 +1,10 @@
+ secedit /export /cfg C:\secpol.cfg
+(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+rm -force C:\secpol.cfg -confirm:$false
+net user ansible Ansible123 /add /y
+net localgroup administrators ansible /add
+net user vagrant vagrant 
 powershell.exe -c "Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private"
 Enable-PSRemoting -Force
 winrm quickconfig -q
--- a/Azure/Terraform/locals.tf
+++ b/Azure/Terraform/locals.tf
@@ -2,5 +2,5 @@ locals {
  fleet_url  = "https://${azurerm_public_ip.logger-publicip.ip_address}:8412"
  splunk_url = "https://${azurerm_public_ip.logger-publicip.ip_address}:8000"
  ata_url    = "https://${azurerm_public_ip.wef-publicip.ip_address}"
-  guacamole_url = "https://${azurerm_public_ip.wef-publicip.ip_address}:8080/guacamole"
+  guacamole_url = "http://${azurerm_public_ip.logger-publicip.ip_address}:8080/guacamole"
 }
--- a/Azure/build_ansible_inventory.sh
+++ b/Azure/build_ansible_inventory.sh
@@ -0,0 +1,41 @@
+#! /bin/bash
+
+# This script is used to populate the Azure Ansible inventory.yml with 
+# the results of "terraform output"
+
+if [ ! -d "./Terraform" ]; then
+  echo "This script needs to be run from the DetectionLab/Azure folder"
+  exit 1
+fi
+
+if [ ! -d "./Ansible" ]; then
+  echo "This script needs to be run from the DetectionLab/Azure folder"
+  exit 1
+fi
+
+if ! which terraform >/dev/null; then
+  echo "Terraform needs to be accessible from PATH."
+  exit 1
+fi
+
+cd ./Terraform
+TF_OUTPUT=$(terraform output)
+
+DC_IP=$(echo $TF_OUTPUT | egrep -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WEF_IP=$(echo $TF_OUTPUT | egrep -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WIN10_IP=$(echo $TF_OUTPUT | egrep -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+
+# Don't update unless there's default values in inventory.yml
+GREP_COUNT=$(egrep -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
+if [ $GREP_COUNT -ne 3 ]; then
+  echo "This script is expecting the default values of x.x.x.x, y.y.y.y, and z.z.z.z for the dc, wef, and win10 hosts respectively in Ansible/inventory.yml."
+  echo "You can restore the file to this state by running 'git checkout -- Ansible/inventory.yml'"
+  echo "Rerun this script once that is complete."
+  exit 1
+fi
+
+echo "Replacing the default values in DetectionLab/Azure/Ansible/inventory.yml..."
+sed -i.bak "s/x.x.x.x/$DC_IP/g; s/y.y.y.y/$WEF_IP/g; s/z.z.z.z/$WIN10_IP/g" ../Ansible/inventory.yml
+
+echo "Displaying the updated inventory.yml below!"
+cat ../Ansible/inventory.yml