trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update CI env, add some packer changes

Browse Source
This commit is contained in:
Chris Long
2018-09-07 18:07:31 -07:00
parent 9a82f140f4
commit 6ad4dcf2b4
5 changed files with 90 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
Packer/scripts/debloat-windows.ps1
View File

@@ -8,21 +8,27 @@ if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv
(New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip") (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip")
Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force
#Write-Host Disable scheduled tasks # Disable Windows Defender
#. $env:TEMP\Debloat-Windows-10-master\utils\disable-scheduled-tasks.ps1
#Write-Host Block telemetry
#. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1
#Write-Host Disable services
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1
Write-host Disable Windows Defender Write-host Disable Windows Defender
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1 $os = (gwmi win32_operatingsystem).caption
Uninstall-WindowsFeature Windows-Defender-Features if ($os -like "*Windows 10*") {
set-MpPreference -DisableRealtimeMonitoring $true
} else {
Uninstall-WindowsFeature Windows-Defender-Features
}
# Optimize Windows Update
Write-host Optimize Windows Update Write-host Optimize Windows Update
. $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1 . $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1
#Write-host Disable Windows Update Write-host Disable Windows Update
#Set-Service wuauserv -StartupType Disabled Set-Service wuauserv -StartupType Disabled
#Write-Host Remove OneDrive
#. $env:TEMP\Debloat-Windows-10-master\scripts\remove-onedrive.ps1 # Turn off shutdown event tracking
if ( -Not (Test-Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability'))
{
New-Item -Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT' -Name Reliability -Force
}
Set-ItemProperty -Path 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability' -Name ShutdownReasonOn -Value 0
rm $env:TEMP\debloat.zip rm $env:TEMP\debloat.zip
rm -recurse $env:TEMP\Debloat-Windows-10-master rm -recurse $env:TEMP\Debloat-Windows-10-master

2
Packer/windows_2016.json
View File

@@ -32,6 +32,7 @@
"enable_secure_boot":true "enable_secure_boot":true
}, },
{ {
"vm_name":"WindowsServer2016",
"type": "vmware-iso", "type": "vmware-iso",
"communicator": "winrm", "communicator": "winrm",
"iso_url": "{{user `iso_url`}}", "iso_url": "{{user `iso_url`}}",
@@ -70,6 +71,7 @@
} }
}, },
{ {
"vm_name":"WindowsServer2016",
"type": "virtualbox-iso", "type": "virtualbox-iso",
"communicator": "winrm", "communicator": "winrm",
"iso_url": "{{user `iso_url`}}", "iso_url": "{{user `iso_url`}}",

126
build.sh
View File

@@ -8,12 +8,12 @@
# https://github.com/clong/DetectionLab/issues # https://github.com/clong/DetectionLab/issues
print_usage() { print_usage() {
echo "Usage: ./build.sh <virtualbox|vmware_desktop>" echo "Usage: ./build.sh <virtualbox | vmware_desktop> <--vagrant-only | --packer-only>"
exit 0 exit 0
} }
check_packer_path() { check_packer_path() {
# Check for existence of Packer in PATH # Check for existence of Packer in PATH
if ! which packer >/dev/null; then if ! which packer >/dev/null; then
(echo >&2 "Packer was not found in your PATH.") (echo >&2 "Packer was not found in your PATH.")
(echo >&2 "Please correct this before continuing. Quitting.") (echo >&2 "Please correct this before continuing. Quitting.")
@@ -23,16 +23,16 @@ check_packer_path() {
} }
check_vagrant_path() { check_vagrant_path() {
# Check for existence of Vagrant in PATH # Check for existence of Vagrant in PATH
if ! which vagrant >/dev/null; then if ! which vagrant >/dev/null; then
(echo >&2 "Vagrant was not found in your PATH.") (echo >&2 "Vagrant was not found in your PATH.")
(echo >&2 "Please correct this before continuing. Quitting.") (echo >&2 "Please correct this before continuing. Quitting.")
exit 1 exit 1
fi fi
# Ensure Vagrant >= 2.0.0 # Ensure Vagrant >= 2.0.0
if [ "$(vagrant --version | grep -o "[0-9]" | head -1)" -lt 2 ]; then if [ "$(vagrant --version | grep -o "[0-9]" | head -1)" -lt 2 ]; then
(echo >&2 "WARNING: It is highly recommended to use Vagrant 2.0.0 or above before continuing") (echo >&2 "WARNING: It is highly recommended to use Vagrant 2.0.0 or above before continuing")
fi fi
} }
# Returns 0 if not installed or 1 if installed # Returns 0 if not installed or 1 if installed
@@ -64,14 +64,14 @@ check_vmware_desktop_vagrant_plugin_installed() {
fi fi
VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')" VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT="$(vagrant plugin list | grep -c 'vagrant-vmware-desktop')"
if [ "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then if [ "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" -eq 0 ]; then
(echo >&2 "VMWare Fusion is installed, but the vagrant-vmware-desktop plugin is not.") (echo >&2 "VMWare Fusion is installed, but the vagrant-vmware-desktop plugin is not.")
(echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.") (echo >&2 "If you are seeing this, you may have the deprecated vagrant-vmware-fusion plugin installed. Please remove it and install the vagrant-vmware-desktop plugin.")
(echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it") (echo >&2 "Visit https://www.hashicorp.com/blog/introducing-the-vagrant-vmware-desktop-plugin for more information on how to purchase and install it")
(echo >&2 "VMWare Fusion will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.") (echo >&2 "VMWare Fusion will not be listed as a provider until the vagrant-vmware-desktop plugin has been installed.")
echo "0" echo "0"
else else
echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT" echo "$VAGRANT_VMWARE_DESKTOP_PLUGIN_PRESENT"
fi fi
} }
# List the available Vagrant providers present on the system # List the available Vagrant providers present on the system
@@ -298,27 +298,27 @@ parse_cli_arguments() {
# TODO: Check to make sure they actually have their provider installed # TODO: Check to make sure they actually have their provider installed
case "$1" in case "$1" in
virtualbox) virtualbox)
PROVIDER="$1" PROVIDER="$1"
PACKER_PROVIDER="$1" PACKER_PROVIDER="$1"
;; ;;
vmware_desktop) vmware_desktop)
PROVIDER="$1" PROVIDER="$1"
PACKER_PROVIDER="vmware" PACKER_PROVIDER="vmware"
;; ;;
*) *)
echo "\"$1\" is not a valid provider. Listing available providers:" echo "\"$1\" is not a valid provider. Listing available providers:"
PROVIDER=$(list_providers) PROVIDER=$(list_providers)
;; ;;
esac esac
fi fi
if [ $# -eq 2 ]; then if [ $# -eq 2 ]; then
case "$2" in case "$2" in
--packer-only) --packer-only)
PACKER_ONLY=1 PACKER_ONLY=1
;; ;;
--vagrant-only) --vagrant-only)
VAGRANT_ONLY=1 VAGRANT_ONLY=1
;; ;;
*) *)
echo -e "\"$2\" is not recognized as an option. Available options are:\\n--packer-only\\n--vagrant-only" echo -e "\"$2\" is not recognized as an option. Available options are:\\n--packer-only\\n--vagrant-only"
exit 1 exit 1
@@ -331,37 +331,37 @@ build_packer_boxes() {
PACKER_BOXES=("windows_2016" "windows_10") PACKER_BOXES=("windows_2016" "windows_10")
if [ "$(hostname)" == "packerwindows10" ]; then # Workaround for CI environment if [ "$(hostname)" == "packerwindows10" ]; then # Workaround for CI environment
(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.") (echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.")
RET=$(packer_build_box "windows_10") RET=$(packer_build_box "windows_10")
if [ "$RET" -eq 0 ]; then if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! The windows_10 box was built with Packer successfully!") (echo >&2 "Good news! The windows_10 box was built with Packer successfully!")
else
(echo >&2 "Something went wrong while attempting to build the windows_10 box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
elif [ "$(hostname)" == "packerwindows2016" ]; then # Workaround for CI environment
(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.")
RET=$(packer_build_box "windows_2016")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! The windows_2016 box was built with Packer successfully!")
else
(echo >&2 "Something went wrong while attempting to build the windows_2016 box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
else else
for PACKER_BOX in "${PACKER_BOXES[@]}"; do # Normal user workflow (echo >&2 "Something went wrong while attempting to build the windows_10 box.")
RET=$(packer_build_box "$PACKER_BOX") (echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
if [ "$RET" -eq 0 ]; then exit 1
(echo >&2 "Good news! $PACKER_BOX was built successfully!")
else
(echo >&2 "Something went wrong while attempting to build the $PACKER_BOX box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
done
fi fi
elif [ "$(hostname)" == "packerwindows2016" ]; then # Workaround for CI environment
(echo >&2 "CI Environment detected. If you are a user and are seeing this, please file an issue on GitHub.")
RET=$(packer_build_box "windows_2016")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! The windows_2016 box was built with Packer successfully!")
else
(echo >&2 "Something went wrong while attempting to build the windows_2016 box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
else
for PACKER_BOX in "${PACKER_BOXES[@]}"; do # Normal user workflow
RET=$(packer_build_box "$PACKER_BOX")
if [ "$RET" -eq 0 ]; then
(echo >&2 "Good news! $PACKER_BOX was built successfully!")
else
(echo >&2 "Something went wrong while attempting to build the $PACKER_BOX box.")
(echo >&2 "To file an issue, please visit https://github.com/clong/DetectionLab/issues/")
exit 1
fi
done
fi
} }
choose_md5_tool() { choose_md5_tool() {
@@ -467,7 +467,7 @@ main() {
build_vagrant_hosts build_vagrant_hosts
post_build_checks post_build_checks
fi fi
} }
main "$@" main "$@"
exit 0 exit 0

8
ci/build_machine_bootstrap.sh
View File

@@ -51,8 +51,8 @@ if [ "$PACKER_ONLY" -eq 0 ]; then
# Install Vagrant # Install Vagrant
mkdir /opt/vagrant mkdir /opt/vagrant
cd /opt/vagrant || exit 1 cd /opt/vagrant || exit 1
wget https://releases.hashicorp.com/vagrant/2.1.2/vagrant_2.1.2_x86_64.deb wget https://releases.hashicorp.com/vagrant/2.1.4/vagrant_2.1.4_x86_64.deb
dpkg -i vagrant_2.1.2_x86_64.deb dpkg -i vagrant_2.1.4_x86_64.deb
vagrant plugin install vagrant-reload vagrant plugin install vagrant-reload
# Make the Vagrant instances headless # Make the Vagrant instances headless
@@ -64,8 +64,8 @@ if [ "$VAGRANT_ONLY" -eq 0 ]; then
# Install Packer # Install Packer
mkdir /opt/packer mkdir /opt/packer
cd /opt/packer || exit 1 cd /opt/packer || exit 1
wget https://releases.hashicorp.com/packer/1.2.3/packer_1.2.3_linux_amd64.zip wget https://releases.hashicorp.com/packer/1.2.5/packer_1.2.5_linux_amd64.zip
unzip packer_1.2.3_linux_amd64.zip unzip packer_1.2.5_linux_amd64.zip
cp packer /usr/local/bin/packer cp packer /usr/local/bin/packer
# Make the Packer images headless # Make the Packer images headless

5
ci/circle_workflows/vagrant_changes.sh
View File

@@ -36,7 +36,7 @@ ssh -i ~/.ssh/id_rsa root@"$IP_ADDRESS" 'bash -s' -- < ci/build_machine_bootstra
## Waiting for Packet server to post build results ## Waiting for Packet server to post build results
MINUTES_PAST=0 MINUTES_PAST=0
while [ "$MINUTES_PAST" -lt 120 ]; do while [ "$MINUTES_PAST" -lt 180 ]; do
STATUS=$(curl $IP_ADDRESS) STATUS=$(curl $IP_ADDRESS)
if [ "$STATUS" == "building" ]; then if [ "$STATUS" == "building" ]; then
echo "$STATUS" echo "$STATUS"
@@ -44,9 +44,10 @@ while [ "$MINUTES_PAST" -lt 120 ]; do
sleep 300 sleep 300
((MINUTES_PAST += 5)) ((MINUTES_PAST += 5))
else else
scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present"
break break
fi fi
if [ "$MINUTES_PAST" -gt 120 ]; then if [ "$MINUTES_PAST" -gt 180 ]; then
echo "Serer timed out. Uptime: $MINUTES_PAST minutes." echo "Serer timed out. Uptime: $MINUTES_PAST minutes."
scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/
curl -X DELETE --header 'Accept: application/json' --header 'X-Auth-Token: '"$PACKET_API_TOKEN" 'https://api.packet.net/devices/'"$DEVICE_ID" curl -X DELETE --header 'Accept: application/json' --header 'X-Auth-Token: '"$PACKET_API_TOKEN" 'https://api.packet.net/devices/'"$DEVICE_ID"