Hardcode caldera config settings
This commit is contained in:
Chris Long
@@ -163,6 +163,7 @@ resource "aws_instance" "logger" {
|
||||
"sudo add-apt-repository universe && sudo apt-get update && sudo apt-get install -y git",
|
||||
"echo 'logger' | sudo tee /etc/hostname && sudo hostnamectl set-hostname logger",
|
||||
"sudo adduser --disabled-password --gecos \"\" vagrant && echo 'vagrant:vagrant' | sudo chpasswd",
|
||||
"sudo mkdir /home/vagrant/.ssh && sudo cp /home/ubuntu/.ssh/authorized_keys /home/vagrant/.ssh/authorized_keys && sudo chown -R vagrant:vagrant /home/vagrant/.ssh",
|
||||
"echo 'vagrant ALL=(ALL:ALL) NOPASSWD:ALL' | sudo tee -a /etc/sudoers",
|
||||
"sudo git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab",
|
||||
"sudo sed -i \"s#sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/g' /etc/apt/sources.list##g\" /opt/DetectionLab/Vagrant/bootstrap.sh",
|
||||
@@ -174,7 +175,7 @@ resource "aws_instance" "logger" {
|
||||
"sudo apt-get update",
|
||||
"sudo /opt/DetectionLab/Vagrant/bootstrap.sh",
|
||||
"sudo pip3.6 install --upgrade --force-reinstall pip==9.0.3 && sudo pip3.6 install -r /home/vagrant/caldera/caldera/requirements.txt && sudo pip3.6 install --upgrade pip",
|
||||
"sudo service caldera stop && sudo service caldera start"
|
||||
"sudo service caldera stop && sudo service caldera start",
|
||||
]
|
||||
connection {
|
||||
type = "ssh"
|
||||
|
||||
@@ -189,6 +189,7 @@ install_caldera() {
|
||||
cd /home/vagrant/caldera || exit
|
||||
mkdir -p dep/crater/crater
|
||||
wget https://github.com/mitre/caldera-crater/releases/download/v0.1.0/CraterMainWin8up.exe -O /home/vagrant/caldera/dep/crater/crater/CraterMain.exe
|
||||
cp /vagrant/resources/caldera/cert.pem /vagrant/resources/caldera/key.pem /vagrant/resources/caldera/settings.yml /home/vagrant/caldera/caldera/conf
|
||||
service caldera start
|
||||
systemctl enable caldera.service
|
||||
fi
|
||||
|
||||
20
Vagrant/resources/caldera/cert.pem
Normal file
20
Vagrant/resources/caldera/cert.pem
Normal file
@@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVTCCAj2gAwIBAgIJAKUxnMnJz4CPMA0GCSqGSIb3DQEBCwUAMEExDzANBgNV
|
||||
BAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2VyMQsw
|
||||
CQYDVQQGEwJVUzAeFw0xOTAzMjcwMzU3NThaFw0yOTAzMjYwMzU3NThaMEExDzAN
|
||||
BgNVBAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2Vy
|
||||
MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL/
|
||||
7cDUXrSac8oILHLN3iKtuhoLttPrVi+GuYsdfKer7D9M9DrkGAvQ+qHLpHgg+omY
|
||||
ZIK4kDjS26eDKP2SGTHjeYwlmcJPnII6YU8vYdzyvi4eLJjI+lMO8BYd2yL2PVJX
|
||||
W8ScY/2MoC8LX31A8maGDW+4E6bu3ItAEchh4EWRj8V4PqCDJH1XnY18A0N0QEDV
|
||||
Osleb2dFWvXtyFmSu0OsqiMxBzlPbf/yl71Q1VjrRUT+alDJNfF3ewctshvx4hV8
|
||||
qDwpATR9GPfPKV6w1lj0a+81Qpwy6vOLve3yCV02lWe1TaCjL2otGbTspujbulkR
|
||||
DGy6MC9/9i1CRkEIBj0CAwEAAaNQME4wHQYDVR0OBBYEFKGWfBB6O2ktq/a4frXy
|
||||
LKxZNjngMB8GA1UdIwQYMBaAFKGWfBB6O2ktq/a4frXyLKxZNjngMAwGA1UdEwQF
|
||||
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIgLaPeFJS/bHzITf62RgDbBEU3zaeOg
|
||||
72xiFHWd6uIA9SCHGHuKhbpzLOqBtoSGZlejI75/QDwAiwpu/cd9BWx9h9S/f0Zf
|
||||
fZnA/ngPojhnaHYFIn8165z/XSJwNvDhVh1oYqMcfTPgeSlbRdPTwAjxdYsJ4nik
|
||||
4xriKHV6WQ9ixFwOk9ROYg1M/OJ2lmOi23NFODKVP0LFPAqZEX7evKJatWQiJ2tF
|
||||
iUAm+4xvkGVJfPd6hShYEsXDjTJC+fVFgsPTWhaHGnLjiLORJLgvd/E6wIGGzvx7
|
||||
fIw1x7LxMmhlWa74yyGZKAMUOlMh4uBAYR3JhsVYl2LNSK9HwZYnfXc=
|
||||
-----END CERTIFICATE-----
|
||||
24
Vagrant/resources/caldera/conf.yml
Normal file
24
Vagrant/resources/caldera/conf.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
url_root: https://logger:8888
|
||||
verify_hostname: false
|
||||
cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVTCCAj2gAwIBAgIJAKUxnMnJz4CPMA0GCSqGSIb3DQEBCwUAMEExDzANBgNV
|
||||
BAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2VyMQsw
|
||||
CQYDVQQGEwJVUzAeFw0xOTAzMjcwMzU3NThaFw0yOTAzMjYwMzU3NThaMEExDzAN
|
||||
BgNVBAMMBmxvZ2dlcjEQMA4GA1UECwwHU2VydmVyczEPMA0GA1UECgwGbG9nZ2Vy
|
||||
MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKL/
|
||||
7cDUXrSac8oILHLN3iKtuhoLttPrVi+GuYsdfKer7D9M9DrkGAvQ+qHLpHgg+omY
|
||||
ZIK4kDjS26eDKP2SGTHjeYwlmcJPnII6YU8vYdzyvi4eLJjI+lMO8BYd2yL2PVJX
|
||||
W8ScY/2MoC8LX31A8maGDW+4E6bu3ItAEchh4EWRj8V4PqCDJH1XnY18A0N0QEDV
|
||||
Osleb2dFWvXtyFmSu0OsqiMxBzlPbf/yl71Q1VjrRUT+alDJNfF3ewctshvx4hV8
|
||||
qDwpATR9GPfPKV6w1lj0a+81Qpwy6vOLve3yCV02lWe1TaCjL2otGbTspujbulkR
|
||||
DGy6MC9/9i1CRkEIBj0CAwEAAaNQME4wHQYDVR0OBBYEFKGWfBB6O2ktq/a4frXy
|
||||
LKxZNjngMB8GA1UdIwQYMBaAFKGWfBB6O2ktq/a4frXyLKxZNjngMAwGA1UdEwQF
|
||||
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIgLaPeFJS/bHzITf62RgDbBEU3zaeOg
|
||||
72xiFHWd6uIA9SCHGHuKhbpzLOqBtoSGZlejI75/QDwAiwpu/cd9BWx9h9S/f0Zf
|
||||
fZnA/ngPojhnaHYFIn8165z/XSJwNvDhVh1oYqMcfTPgeSlbRdPTwAjxdYsJ4nik
|
||||
4xriKHV6WQ9ixFwOk9ROYg1M/OJ2lmOi23NFODKVP0LFPAqZEX7evKJatWQiJ2tF
|
||||
iUAm+4xvkGVJfPd6hShYEsXDjTJC+fVFgsPTWhaHGnLjiLORJLgvd/E6wIGGzvx7
|
||||
fIw1x7LxMmhlWa74yyGZKAMUOlMh4uBAYR3JhsVYl2LNSK9HwZYnfXc=
|
||||
-----END CERTIFICATE-----
|
||||
logging_level: debug
|
||||
28
Vagrant/resources/caldera/key.pem
Normal file
28
Vagrant/resources/caldera/key.pem
Normal file
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCi/+3A1F60mnPK
|
||||
CCxyzd4irboaC7bT61YvhrmLHXynq+w/TPQ65BgL0Pqhy6R4IPqJmGSCuJA40tun
|
||||
gyj9khkx43mMJZnCT5yCOmFPL2Hc8r4uHiyYyPpTDvAWHdsi9j1SV1vEnGP9jKAv
|
||||
C199QPJmhg1vuBOm7tyLQBHIYeBFkY/FeD6ggyR9V52NfANDdEBA1TrJXm9nRVr1
|
||||
7chZkrtDrKojMQc5T23/8pe9UNVY60VE/mpQyTXxd3sHLbIb8eIVfKg8KQE0fRj3
|
||||
zylesNZY9GvvNUKcMurzi73t8gldNpVntU2goy9qLRm07Kbo27pZEQxsujAvf/Yt
|
||||
QkZBCAY9AgMBAAECggEAchAQKyExyMZQgq9nk0r2yGOz2GgcH34OyKFJk80lnxvS
|
||||
7ZUHT3KwVQx/Zttfk2TYjZLjuwo2el0rsrQ46gDjuqKJOwZQ68XUKtl5oPTyUbBY
|
||||
X2NkJ+J0Mc1BOujXoUaZMNbK8/HQkuxmZ6VYxAi/1/i0zFoO/oEmOheymfvL+kG9
|
||||
Yi9o7DR8o8yHT2XAJM3sdRLb19/BdquB8vcXYvHY/X2+2uLU4vDycHZ9bFiRWfMK
|
||||
bpgzH0XRsfz5/9nV42gUhPZWbKJYZnauYI4k603i5uT165chkkv4HJld5mgUMZel
|
||||
U58zFE9LwGOKuQJbYkvKDj4G+vF4i9ONRMg5jNhO4QKBgQDPRALjFSFoTd5wOjef
|
||||
Z2n5P307DPyix+GxbE1VRvsKpWNW/DYmVHrLX9cyZPpVPwcAla11gSoSOQ4AW3F4
|
||||
8uVrL86FTPI3h4nCZje6NvLlzNvI7zmNgCVHLrtp16sub7qxRTuLJuO8V0Penka8
|
||||
dpRI1npaetvwuVjNjw98NdioWQKBgQDJU2hKEbCmX+h9IfuKdOCT5gMYjii1ndC4
|
||||
uUwrUf+Fy9Z0aZIIDa/TKjmVnUEd+2C4AGdWIc0p/ApzKId9o9f0RUTFv0x2fKGt
|
||||
wQUE4BuvHBTQY++N6lYSEVBHOicoITbKfTQyiHimzgg19JjRaxPEoI7zla7euOtz
|
||||
wD8RZisQhQKBgQCoqP14cG95AzSpOpacvnh7/PAZJ15F0EWWLT1Y0aPja+ZEmIQv
|
||||
+Lrb2CezuHwE9n7qOOKoJe1oWslL/R1/gJiz+nkh/BV2nnK5oJhkjeZmnaeUASdi
|
||||
QA8Vt6+GV5vS89SGAIKNn53eW1y9QSrqncvY4b869ZMYdpsO2wWM2/xsMQKBgQCU
|
||||
cgaszrxlAMTJN3xky+cnxmqz+WY0/AeBnUd3jb+OJQ2cypbdj1H8rt7E3a288LSR
|
||||
F+MaFFRVx7zgypqU3nGGcGjUMkir+RuxpWgQ/zoKdPc37OgeyRHrwo5h5pQmt87R
|
||||
oV4SgKQNwk81kYP4ri5mRkkBfHXzTYB22eLm7mGEjQKBgB+WaIOMpgQwrewRkU17
|
||||
S63jjHso3J4S21OHm748vpx3ize4JpnAkRpfpwZ9Rj+TmyOjgitJNWdV77zdiQkN
|
||||
5Dv5ZjsIurrnDXMslBww37mnV7LXyDAAsyaKqSGQuikKusz45FSej82KIfr/zGv+
|
||||
WbNZ+sK8mdVZoUSam+6BO9JH
|
||||
-----END PRIVATE KEY-----
|
||||
27
Vagrant/resources/caldera/settings.yml
Normal file
27
Vagrant/resources/caldera/settings.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
auth:
|
||||
key: !!binary |
|
||||
QfVQNdpJt0br69u4yGYgjJYr8mlKRb8nhkzxd+XkuBt7D/JKeCUmSafJuBFY3w7oXatwSqFYKdWn
|
||||
ZhVklJsZAmoPy3BEr1maTwFFfJtfav6e6JUMfPKP2SXHFW0fsyF3mdxpXtMbRrMTwnQ4TrndAtCs
|
||||
E0jWC9qM/ktTga5UweS3YkDlQpWQHktgPPRC8nLk2dtGkWLuam7lfFCW93mxrNyYAAlbNQPq8/ld
|
||||
DvYD+eWB8tviOh5ZcntmST4tCXXZqk6pGByWV8m7EnBRK4ffIoNmgNV5K7UrWBPEI5ZbNbHx9rSl
|
||||
GNqAiA9T020MJ5qyrCl9mgZTnbmKXiUOcgpr6g==
|
||||
crypto:
|
||||
cert: conf/cert.pem
|
||||
key: conf/key.pem
|
||||
database:
|
||||
host: localhost
|
||||
key: !!binary |
|
||||
UXFoNGMzdU1kYWJzU195ZDEybUItWnBJbEg5UnNqYndmQWJpcC1xNjFNaz0=
|
||||
port: 27017
|
||||
proxy:
|
||||
default:
|
||||
cert: ''
|
||||
http: ''
|
||||
https: ''
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
https: true
|
||||
port: 8888
|
||||
users:
|
||||
- name: admin
|
||||
password: caldera
|
||||
@@ -17,11 +17,10 @@ If (-not (Test-Path 'C:\Program Files\cagent\cagent.exe')) {
|
||||
# GitHub requires TLS 1.2 as of 2/1/2018
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
(New-Object System.Net.WebClient).DownloadFile('https://github.com/mitre/caldera-agent/releases/download/v0.1.0/cagent.exe', $cagentPath)
|
||||
# Ignore SSL warning for conf file download
|
||||
# https://stackoverflow.com/questions/34331206/ignore-ssl-warning-with-powershell-downloadstring
|
||||
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;(New-Object System.Net.WebClient).DownloadFile('https://logger:8888/conf.yml', $cagentConfPath)
|
||||
# Copy hardocded Caldera config from the Vagrant resources folder
|
||||
Copy-Item "C:\vagrant\resources\caldera\conf.yml" $cagentConfPath -Force
|
||||
If (-not (Test-Path "$cagentConfPath" )) {
|
||||
Write-Host "Caldera Agent configuration failed. Unable to retrieve config from logger"
|
||||
Write-Host "Caldera Agent configuration failed. Unable to retrieve config from resources folder."
|
||||
}
|
||||
Start-Process -FilePath $cagentPath -ArgumentList '--startup', 'auto', 'install' -Wait
|
||||
Start-Process -FilePath $cagentPath -ArgumentList 'start' -Wait
|
||||
|
||||
Reference in New Issue
Block a user