diff --git a/Packer/scripts/debloat-windows.ps1 b/Packer/scripts/debloat-windows.ps1 index 686943c..0a58025 100755 --- a/Packer/scripts/debloat-windows.ps1 +++ b/Packer/scripts/debloat-windows.ps1 @@ -8,21 +8,27 @@ if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip") Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force - #Write-Host Disable scheduled tasks - #. $env:TEMP\Debloat-Windows-10-master\utils\disable-scheduled-tasks.ps1 - #Write-Host Block telemetry - #. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1 - #Write-Host Disable services - #. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1 + # Disable Windows Defender Write-host Disable Windows Defender - #. $env:TEMP\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1 - Uninstall-WindowsFeature Windows-Defender-Features + $os = (gwmi win32_operatingsystem).caption + if ($os -like "*Windows 10*") { + set-MpPreference -DisableRealtimeMonitoring $true + } else { + Uninstall-WindowsFeature Windows-Defender-Features + } + + # Optimize Windows Update Write-host Optimize Windows Update . $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1 - #Write-host Disable Windows Update - #Set-Service wuauserv -StartupType Disabled - #Write-Host Remove OneDrive - #. $env:TEMP\Debloat-Windows-10-master\scripts\remove-onedrive.ps1 + Write-host Disable Windows Update + Set-Service wuauserv -StartupType Disabled + + # Turn off shutdown event tracking + if ( -Not (Test-Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability')) + { + New-Item -Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT' -Name Reliability -Force + } + Set-ItemProperty -Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability' -Name ShutdownReasonOn -Value 0 rm $env:TEMP\debloat.zip rm -recurse $env:TEMP\Debloat-Windows-10-master diff --git a/Packer/windows_2016.json b/Packer/windows_2016.json index 355031e..820b2a7 100644 --- a/Packer/windows_2016.json +++ b/Packer/windows_2016.json @@ -32,6 +32,7 @@ "enable_secure_boot":true }, { + "vm_name":"WindowsServer2016", "type": "vmware-iso", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", @@ -70,6 +71,7 @@ } }, { + "vm_name":"WindowsServer2016", "type": "virtualbox-iso", "communicator": "winrm", "iso_url": "{{user `iso_url`}}", diff --git a/build.sh b/build.sh index 962874f..4ae1bbf 100755 --- a/build.sh +++ b/build.sh @@ -8,12 +8,12 @@ # https://github.com/clong/DetectionLab/issues print_usage() { - echo "Usage: ./build.sh " + echo "Usage: ./build.sh <--vagrant-only | --packer-only>" exit 0 } check_packer_path() { -# Check for existence of Packer in PATH + # Check for existence of Packer in PATH if ! which packer >/dev/null; then (echo >&2 "Packer was not found in your PATH.") (echo >&2 "Please correct this before continuing. Quitting.") @@ -23,16 +23,16 @@ check_packer_path() { } check_vagrant_path() { -# Check for existence of Vagrant in PATH -if ! which vagrant >/dev/null; then - (echo >&2 "Vagrant was not found in your PATH.") - (echo >&2 "Please correct this before continuing. Quitting.") - exit 1 -fi -# Ensure Vagrant >= 2.0.0 -if [ "$(vagrant --version | grep -o "[0-9]" | head -1)" -lt 2 ]; then - (echo >&2 "WARNING: It is highly recommended to use Vagrant 2.0.0 or above before continuing") -fi + # Check for existence of Vagrant in PATH + if ! which vagrant >/dev/null; then + (echo >&2 "Vagrant was not found in your PATH.") + (echo >&2 "Please correct this before continuing. Quitting.") + exit 1 + fi + # Ensure Vagrant >= 2.0.0 + if [ "$(vagrant --version | grep -o "[0-9]" | head -1)" -lt 2 ]; then + (echo >&2 "WARNING: It is highly recommended to use Vagrant 2.0.0 or above before continuing") + fi } # Returns 0 if not installed or 1 if installed @@ -64,14 +64,14 @@ check_vmware_desktop_vagrant_plugin_installed() { fi VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')" if [ "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then - (echo >&2 "VMWare Fusion is installed, but the vagrant-vmware-desktop plugin is not.") - (echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.") - (echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it") - (echo >&2 "VMWare Fusion will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.") - echo "0" -else - echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -fi + (echo >&2 "VMWare Fusion is installed, but the vagrant-vmware-desktop plugin is not.") + (echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.") + (echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it") + (echo >&2 "VMWare Fusion will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.") + echo "0" + else + echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" + fi } # List the available Vagrant providers present on the system @@ -298,27 +298,27 @@ parse_cli_arguments() { # TODO: Check to make sure they actually have their provider installed case "$1" in virtualbox) - PROVIDER="$1" - PACKER_PROVIDER="$1" - ;; + PROVIDER="$1" + PACKER_PROVIDER="$1" + ;; vmware_desktop) - PROVIDER="$1" - PACKER_PROVIDER="vmware" - ;; + PROVIDER="$1" + PACKER_PROVIDER="vmware" + ;; *) - echo "\"$1\" is not a valid provider. Listing available providers:" - PROVIDER=$(list_providers) - ;; + echo "\"$1\" is not a valid provider. Listing available providers:" + PROVIDER=$(list_providers) + ;; esac fi if [ $# -eq 2 ]; then case "$2" in --packer-only) - PACKER_ONLY=1 - ;; + PACKER_ONLY=1 + ;; --vagrant-only) - VAGRANT_ONLY=1 - ;; + VAGRANT_ONLY=1 + ;; *) echo -e "\"$2\" is not recognized as an option. Available options are:\\n--packer-only\\n--vagrant-only" exit 1 @@ -331,37 +331,37 @@ build_packer_boxes() { PACKER_BOXES=("windows_2016" "windows_10") if [ "$(hostname)" == "packerwindows10" ]; then # Workaround for CI environment - (echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.") - RET=$(packer_build_box "windows_10") - if [ "$RET" -eq 0 ]; then - (echo >&2 "Good news! The windows_10 box was built with Packer successfully!") - else - (echo >&2 "Something went wrong while attempting to build the windows_10 box.") - (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") - exit 1 - fi - elif [ "$(hostname)" == "packerwindows2016" ]; then # Workaround for CI environment - (echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.") - RET=$(packer_build_box "windows_2016") - if [ "$RET" -eq 0 ]; then - (echo >&2 "Good news! The windows_2016 box was built with Packer successfully!") - else - (echo >&2 "Something went wrong while attempting to build the windows_2016 box.") - (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") - exit 1 - fi + (echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.") + RET=$(packer_build_box "windows_10") + if [ "$RET" -eq 0 ]; then + (echo >&2 "Good news! The windows_10 box was built with Packer successfully!") else - for PACKER_BOX in "${PACKER_BOXES[@]}"; do # Normal user workflow - RET=$(packer_build_box "$PACKER_BOX") - if [ "$RET" -eq 0 ]; then - (echo >&2 "Good news! $PACKER_BOX was built successfully!") - else - (echo >&2 "Something went wrong while attempting to build the $PACKER_BOX box.") - (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") - exit 1 - fi - done + (echo >&2 "Something went wrong while attempting to build the windows_10 box.") + (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") + exit 1 fi +elif [ "$(hostname)" == "packerwindows2016" ]; then # Workaround for CI environment +(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.") +RET=$(packer_build_box "windows_2016") +if [ "$RET" -eq 0 ]; then + (echo >&2 "Good news! The windows_2016 box was built with Packer successfully!") +else + (echo >&2 "Something went wrong while attempting to build the windows_2016 box.") + (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") + exit 1 +fi +else + for PACKER_BOX in "${PACKER_BOXES[@]}"; do # Normal user workflow + RET=$(packer_build_box "$PACKER_BOX") + if [ "$RET" -eq 0 ]; then + (echo >&2 "Good news! $PACKER_BOX was built successfully!") + else + (echo >&2 "Something went wrong while attempting to build the $PACKER_BOX box.") + (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/") + exit 1 + fi +done +fi } choose_md5_tool() { @@ -467,7 +467,7 @@ main() { build_vagrant_hosts post_build_checks fi - } +} main "$@" exit 0 diff --git a/ci/build_machine_bootstrap.sh b/ci/build_machine_bootstrap.sh index eca6399..75f7d5f 100755 --- a/ci/build_machine_bootstrap.sh +++ b/ci/build_machine_bootstrap.sh @@ -51,8 +51,8 @@ if [ "$PACKER_ONLY" -eq 0 ]; then # Install Vagrant mkdir /opt/vagrant cd /opt/vagrant || exit 1 - wget https://releases.hashicorp.com/vagrant/2.1.2/vagrant_2.1.2_x86_64.deb - dpkg -i vagrant_2.1.2_x86_64.deb + wget https://releases.hashicorp.com/vagrant/2.1.4/vagrant_2.1.4_x86_64.deb + dpkg -i vagrant_2.1.4_x86_64.deb vagrant plugin install vagrant-reload # Make the Vagrant instances headless @@ -64,8 +64,8 @@ if [ "$VAGRANT_ONLY" -eq 0 ]; then # Install Packer mkdir /opt/packer cd /opt/packer || exit 1 - wget https://releases.hashicorp.com/packer/1.2.3/packer_1.2.3_linux_amd64.zip - unzip packer_1.2.3_linux_amd64.zip + wget https://releases.hashicorp.com/packer/1.2.5/packer_1.2.5_linux_amd64.zip + unzip packer_1.2.5_linux_amd64.zip cp packer /usr/local/bin/packer # Make the Packer images headless diff --git a/ci/circle_workflows/vagrant_changes.sh b/ci/circle_workflows/vagrant_changes.sh index cf4ff71..27c9d22 100644 --- a/ci/circle_workflows/vagrant_changes.sh +++ b/ci/circle_workflows/vagrant_changes.sh @@ -36,7 +36,7 @@ ssh -i ~/.ssh/id_rsa root@"$IP_ADDRESS" 'bash -s' -- < ci/build_machine_bootstra ## Waiting for Packet server to post build results MINUTES_PAST=0 -while [ "$MINUTES_PAST" -lt 120 ]; do +while [ "$MINUTES_PAST" -lt 180 ]; do STATUS=$(curl $IP_ADDRESS) if [ "$STATUS" == "building" ]; then echo "$STATUS" @@ -44,9 +44,10 @@ while [ "$MINUTES_PAST" -lt 120 ]; do sleep 300 ((MINUTES_PAST += 5)) else + scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present" break fi - if [ "$MINUTES_PAST" -gt 120 ]; then + if [ "$MINUTES_PAST" -gt 180 ]; then echo "Serer timed out. Uptime: $MINUTES_PAST minutes." scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ curl -X DELETE --header 'Accept: application/json' --header 'X-Auth-Token: '"$PACKET_API_TOKEN" 'https://api.packet.net/devices/'"$DEVICE_ID"