trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Powershell script to resolve expiration issues

Browse Source
This commit is contained in:
Chris Long
2020-05-19 00:26:19 -07:00
parent d686a50f81
commit 6312f4740b
7 changed files with 48 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Packer/scripts/install-aws-ena.ps1
View File

@@ -1,10 +0,0 @@
# Installs the AWS Enhanced Networking for Windows
Write-Host "Installing the AWS Enhanced Networking Driver"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$url="https://s3.amazonaws.com/ec2-windows-drivers-downloads/ENA/Latest/AwsEnaNetworkDriver.zip"
(New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\AwsEnaNetworkDriver.zip")
Expand-Archive -Path $env:TEMP\AwsEnaNetworkDriver.zip -DestinationPath $env:TEMP\AwsEnaNetworkDriver -Force
. $env:TEMP\AwsEnaNetworkDriver\install.ps1
rm $env:TEMP\AwsEnaNetworkDriver.zip
rm -recurse $env:TEMP\AwsEnaNetworkDriver

3
Packer/windows_10.json
View File

@@ -154,8 +154,7 @@
{ {
"type": "powershell", "type": "powershell",
"scripts": [ "scripts": [
"./scripts/debloat-windows.ps1", "./scripts/debloat-windows.ps1"
"./scripts/install-aws-ena.ps1"
] ]
}, },
{ {

10
Terraform/main.tf
View File

@@ -207,8 +207,7 @@ resource "aws_instance" "dc" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"choco install -force -y winpcap", "choco install -force -y winpcap",
"powershell -c \"$ifindex = get-netipinterface | where-object InterfaceAlias -eq 'Ethernet' | where-object AddressFamily -eq 2 | select-object -ExpandProperty ifIndex; set-dnsclientserveraddress -InterfaceIndex $ifindex -ServerAddresses ('127.0.0.1','8.8.8.8')\"", "ipconfig /renew",
"ipconfig /all",
"powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.103 wef.windomain.local'\"", "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.103 wef.windomain.local'\"",
] ]
@@ -242,6 +241,9 @@ resource "aws_instance" "wef" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"choco install -force -y winpcap", "choco install -force -y winpcap",
"powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 dc.windomain.local'\"",
"powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 windomain.local'\"",
"ipconfig /renew",
] ]
connection { connection {
@@ -274,7 +276,9 @@ resource "aws_instance" "win10" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"choco install -force -y winpcap", "choco install -force -y winpcap",
"cscript c:\\windows\\system32\\slmgr.vbs /ato", "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 dc.windomain.local'\"",
"powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' ' 192.168.38.102 windomain.local'\"",
"ipconfig /renew",
] ]
connection { connection {

32
Vagrant/scripts/fix-windows-expiration.ps1 Normal file
View File

@@ -0,0 +1,32 @@
# Purpose: Re-arms the expiration timer on expiring Windows eval images and fixes activation issues
# Check to see if there are days left on the timer or if it's just expired
$regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)|grace time expired"
if ($regex.Matches.Value -eq "grace time expired") {
# If it shows expired, it's likely it wasn't properly activated
Write-Host "It appears Windows was not properly activated. Attempting to resolve..."
try {
# The TrustedInstaller service MUST be running for activation to succeed
Set-Service TrustedInstaller -StartupType Automatic
Start-Service TrustedInstaller
Start-Sleep 10
# Attempt to activate
cscript c:\windows\system32\slmgr.vbs /ato
} catch {
Write-Host "Something went wrong trying to reactivate Windows..."
}
# If activation was successful, the regex should match 90 or 180 (Win10 or Win2016)
$regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)"
}
$days_left = $regex.Matches.Groups[1].Value
if ($days_left -as [int] -lt 30) {
write-host "Less than 30 days remaining before Windows expiration. Attempting to rearm..."
try {
cscript c:\windows\system32\slmgr.vbs /rearm
} catch {
Write-Host "Something went wrong trying to re-arm the image..."
}
} else {
Write-Host "$days_left days left until expiration, no need to rearm."
}

7
Vagrant/scripts/provision.ps1
View File

@@ -7,6 +7,9 @@ $box = $box.ComputerName.ToString().ToLower()
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..."
c:\windows\system32\tzutil.exe /s "UTC" c:\windows\system32\tzutil.exe /s "UTC"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..."
. c:\vagrant\scripts\fix-windows-expiration.ps1
# Ping DetectionLab server for usage statistics # Ping DetectionLab server for usage statistics
curl -userAgent "DetectionLab-$box" "https://detectionlab.network/$box" -UseBasicParsing | out-null curl -userAgent "DetectionLab-$box" "https://detectionlab.network/$box" -UseBasicParsing | out-null
@@ -44,14 +47,12 @@ if ($env:COMPUTERNAME -imatch 'vagrant') {
} else { } else {
. c:\vagrant\scripts\join-domain.ps1 . c:\vagrant\scripts\join-domain.ps1
} }
Write-Host -fore red 'Hint: vagrant reload' $box '--provision'
} else { } else {
Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!" Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!"
if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) { if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) {
Write-Host 'Install bginfo' Write-Host 'Installing bginfo...'
. c:\vagrant\scripts\install-bginfo.ps1 . c:\vagrant\scripts\install-bginfo.ps1
} }

4
ci/manual_machine_bootstrap.sh
View File

@@ -40,8 +40,8 @@ sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
# Install Packer # Install Packer
mkdir /opt/packer mkdir /opt/packer
cd /opt/packer || exit 1 cd /opt/packer || exit 1
wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip wget --progress=bar:force https://releases.hashicorp.com/packer/1.5.6/packer_1.5.6_linux_amd64.zip
unzip packer_1.4.1_linux_amd64.zip unzip packer_1.5.6_linux_amd64.zip
cp packer /usr/local/bin/packer cp packer /usr/local/bin/packer
# Make the Packer images headless # Make the Packer images headless

9
ci/manual_machine_bootstrap_vmware.sh
View File

@@ -2,11 +2,6 @@
# This script is used to manually prepare an Ubuntu 16.04 server for DetectionLab building # This script is used to manually prepare an Ubuntu 16.04 server for DetectionLab building
# Put this code in bootstrap.sh
# echo -e " eth1:\n dhcp4: true\n nameservers:\n addresses: [8.8.8.8,8.8.4.4]" >> /etc/netplan/01-netcfg.yaml
# netplan apply
# sed -i 's/nameserver 127.0.0.53/nameserver 8.8.8.8/g' /etc/resolv.conf && chattr +i /etc/resolv.conf
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
export SERIALNUMBER="SECRET" export SERIALNUMBER="SECRET"
export LICENSEFILE="SECRET" export LICENSEFILE="SECRET"
@@ -52,8 +47,8 @@ sed -i 's/v.gui = true/v.gui = false/g' Vagrantfile
# Install Packer # Install Packer
mkdir /opt/packer mkdir /opt/packer
cd /opt/packer || exit 1 cd /opt/packer || exit 1
wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip wget --progress=bar:force https://releases.hashicorp.com/packer/1.5.6/packer_1.5.6_linux_amd64.zip
unzip packer_1.4.1_linux_amd64.zip unzip packer_1.5.6_linux_amd64.zip
cp packer /usr/local/bin/packer cp packer /usr/local/bin/packer
# Make the Packer images headless # Make the Packer images headless